A Multi-Valued Simplified Halpern–Shoham–Moszkowski Logic for Gradable Verifiability in Reasoning about Digital Circuits

Abstract

In 1983, B. Moszkowski introduced a first interval-interpreted temporal logic system, the so-called Interval Temporal Logic (ITL), as a system suitable to express mutual relations inside intervals for reasonings about digital circuits. In 1991, Halpern and Shoham proposed a new temporal system (HS) to describe external relations between intervals. This paper is aimed at proposing a basis-type combination of HS and a simplified ITL end extends it towards a multi-valued system—also capable of rendering a gradable justification of agents in a similar contexts of reasoning about digital circuits. This newly introduced system is semantically interpreted in the so-called fibred semantics.

1. Introduction

1.1. The Interval Temporal Logic Systems

The majority of realistic requirements-imposed on different IT-systems (they may refer to their liveness, safety, or activity.) often require temporal logic systems with non-pointwise semantics to be properly represented formally. Different context-oriented analysis and observations, f.e. from [1,2,3], visualized a need to explore interval-based semantics temporal logic systems in many engineering contexts, such as reasoning about digital circuits or specification of the instruction set processors.

The observations seemed to motivate B. Moszkowski to propose a complex frame of the interval-based temporal logic system—recognized as ‘Interval Temporal Logic’ (ITL) and introduced in [4,5]. Its utility manifests itself in its capability of uniformly describing the structure and dynamics of timing-dependent digital circuits. A potential application area of this formal system is determined by various devices, including the delay elements, adders, latches, counters, flip-flops, random-access memories, or a clocked multiplication circuit.

Whereas ITL forms a multi-modal system adaptable to represent temporal (internal) relations between intervals and their subintervals, such as next, begin, fin, halt, keep and yield, its younger sister to be called Halpern–Shoham logic (HS) constitutes a multi-modal logic suitable to represent the so-called Allen’s temporal relations between (mutually external) intervals (see: [6]). It was introduced and described in detail by Halpern and Shoham in [7]. This primary difference between these two formal systems finds its further extensions in mutually different directions of exploring these systems. In fact, whereas HS has been intensively explored in such works as [8,9,10,11]) mainly from a metalogical perspective, ITL is usually discussed in different contexts of programming-applicable specification for such formal features of IT systems (hardware, software, etc.) as liveness or safety. This fact finds its reflection in such works as: [5,12,13,14].

1.2. Verifiability and Provability Logic

Whereas different components of a purely temporal provenance (such as internal temporal relations inside a given interval or external temporal relations between intervals) may be expressed either by ITL or HS and semantically interpreted in their models, the situation makes more complicated if additionally consider some epistemic ‘entities’, such as beliefs or preferences. The same difficulty arises for other epistemic abstract properties, such as provability, verifiability (these properties as some attributes of other features or facts may be reformulated as properties of ‘being provable’ or ‘being verifiable’). Usually, the notion of provability has a purely formal pragmatic meaning and is exploited concerning formal theories, such as Peano Arithmetic, set theory, formal systems of temporal logic: LTL, CTL, etc. Due to Hempel’s and post-Hempel critique of neo-positivistic verificationism in contemporary philosophy of science and general methodology—the notion of confirmation instead of verification is more suitable to all theories interpreted empirically, such as theories of physics or theories in technical sciences. (see: [15]). Slightly against this tradition, we decide to explore the concept of ‘verification’. We make it not because of reverence to neo-positivistic verificationism, but because of some recapitulation of use of the concept in different application-based context by model checking and the so-called formal verification—due to [16,17,18].), observability as some attributes of facts, other properties or—directly—of objects, events, and relations between them. In particular, no formal representation of verifiability, i.e., a formal representation of ‘being verifiable’, has been elaborated. However, a formalization attempt for this concept may be supported by the formalization tradition suitable to the concept of provability. It stems from the ground-breaking K. Gödel’s incompleteness theorems for Peano Arithmetic (PA) from 1931 (see: [19]) and Löb’s modal-based formalization of the so-called Hilbert–Bernays provability conditions for PA from [20]. If $Prov\left(\right)$ is a provability predicate for formulae of PA ($Prov\left(\overline{A}\right)$ stands for ‘A is provable in PA’) and PA⊢ denotes PA-derivability, then the Löb’s conditions may be depicted in the form of axioms:

1. 

If PA $⊢A$, then PA $⊢Prov\left(\overline{A}\right)$,

2. 

PA $⊢Prov\left(\overline{A\to B}\right)\to (Prov\left(\overline{A}\right)\to Prov\left(\overline{B}\right))$,

3. 

PA $⊢Prov\left(\overline{A}\right)\to Prov\left(Prov\left(\overline{A}\right)\right)$,

where $\overline{A}$ denotes the Gödel’s number of $A\in \mathcal{L}$(PA).

These conditions may be naturally reformulated to a modal form and—as such ones—constitute the axioms of provability logic, often called: ‘Gödel–Löb logic’ and denoted by GL.

These conditions may be naturally reformulated to a modal form and—as such ones—constitute the axioms of provability logic, often called: ‘Gödel–Löb logic’ and denoted by GL.

1.3. Paper Motivation and Initial Problem Formulation

Unfortunately, not only the lack of the appropriate formalization pattern for the concept of verifiability constitutes a challenging difficulty. Indeed, formal languages of HS and ITL as taken separately—even built up from a description logic—are insufficient because of various conceptual limitations.

•

Both systems—ITL and HS—are only suitable to express internal and external temporal relations (resp.) and cannot grasp their combinations.

•

Existing types of semantics for these systems usually are not sensitive to different pragmatic aspects of the modeled situations that should be considered from the perspective of the requirement of their adequacy and realism.

•

Even if a piece of pragmatics is considered in these types of semantics—such as in the so-called Fagin’s behavioral one from [21]—they are not suitable to model the combined formulae for a temporal and a non-temporal type.

•

Even combined formal systems, such as epistemic HS from [22], describe some unrealistically idealized epistemic capabilities of agents.

•

Last, but not least—due to author’s best knowledge—no more advanced model checking machinery has been yet elaborated for digital circuit’s properties and behavior—against so sophisticated attempts to adopt bounded model checking for microprocessor architectures—as in [23].

In order to formulate the initial problem for its further representation in our multi-valued HS-based modeled extension of ITL and modeling in its models—one needs to underline the extraordinary suitability of ITL from [4] to grasp the digital circuit’s behavior and properties. Moszkowski’s formalization attempt refers to different types of computational circuits, such as adders (see: [4], pp. 55–64), multipliers (see: [4], pp. 86–88) or the data handling combinational circuits, such as Multiplexer (see: [4], pp. 86–88) and many others. It is noteworthy to see that the monadic predicate version of ITL is exploited to express such entities as bits or signals through some unique model operators ${\square }_A,{\square }_T,{\square }_I$ (We omit a detailed explanation of their semantics.) as a formal representation of the phrases: ‘for all internal subintervals (of a given one),’ ‘for all terminal subintervals’ and ‘for all internal subintervals’ (resp.) For example, two predicates bit and Bit are used to represents bits: the predicate bit checks if a value is either 0 or 1 and the predicate Bit checks that its parameter is always bit-valued —due to the formal depiction in [4], p. 29:

$$Bit\left(V\right){=}^{def}{\square }_{A}bit\left(V\right).$$

Putting aside the whole taxonomy of ITL predicates, one can observe that some of them are especially useful and play the role of technical predicates to be exploited in further formalization attempts. One of them is the ‘LoadPhase’ predicate. Due to [4], p. 107—the predicate ’LoadPhase’ specifics device operation for initially loading the inputs.

Independently of these types of formalization attempts—often arises a need to formally specify and adequately model different integrated systems and complicated scenarios, such as the reasoning of an operating agent (with epistemic capabilities) about processes in the world of digital circuits. An exemplary situation of this type, for which formalization of the ’LoadPhase’ predicate is used, is described in the following Motivating Example.

The Motivating Example 1.

Let us consider an agent-observer i, which supervises some fragment of the ‘loading phase’ action performing and let us assume that it verifies with some degree α a (materialization of its) subprocess ‘after some time (later): initially was H and finally ‘status = 1’ occurred’.

In order to specify the situation described in the Motivating Example—it is convenient to start from the ITL-formula defining the process of loading phase as follows (This ITL-formula delivers a more general scheme of representing some types of actions (similar to ‘LoadPhase’ above) in terms of the appropriately specified atomic formulae (like ‘Load(H)’, ‘Init(H)’, ‘status=1’ above) using a modal-type operator (like: ‘fin’). The Formula (1) constitutes a convenient basis for further extensions and is sensitive to further modifications and combinations. These possibilities seem to justify a paradigmatic nature of the formula, although one could indicate other formulae for this analysis.) (see: [4], p. 108):

$$\mathrm{LoadPhase}\left(\mathrm{H}\right):=\mathrm{Load}\left(\mathrm{H}\right)\to \left[\mathrm{Init}\right(\mathrm{H})\wedge \mathrm{fin}(\mathrm{status}=1\left)\right].$$

(1)

It easy to see that (1) may be reformulated to a new Formula (2) involved in a new HS-modal operator:

$$\mathrm{LoadPhase}\left(\mathrm{H}\right):=\mathrm{Load}\left(\mathrm{H}\right)\wedge \left[L\right]\left[\mathrm{Init}\right(\mathrm{H})\wedge \mathrm{fin}(\mathrm{status}=1\left)\right],$$

(2)

which renders the temporal action sequencing—previously rendered mainly by → in terms of HS-modal operator [L] (for ‘Later’) of the box-type. However—in order to adequately express the scenario from the Motivating Example—we need a new epistemic modal-type operator, say ${\left[V\right]}_i^{\alpha }\varphi$ which expresses the agent i verification of (an event, a process, etc.) $\varphi$ with a degree $\alpha$ (This formula is read ‘An agent i verifies $\varphi$ with a degree $\alpha$.’ Intentionally, we intend to consider a finite set of such possible degrees of agent verification of the given event or processes, etc. They might be dependent on their observability, but we put aside this type of considerations as redundant from the perspective of the paper analysis.).

This fact may be rendered by the following combined formula:

$${\langle V\rangle }_i^{\alpha }\left[L\right][\mathrm{Init}\left(\mathrm{H}\right)\wedge \mathrm{fin}(\mathrm{status}=1)].$$

(3)

The example will constitute a practical component of the main objective of the paper analysis-to find the appropriate semantics suitable to model the formulae of the same sort.

Unfortunately, some further difficulties and limitations of this task should be taken into account. Fortunately, they simultaneously indicate the direction of the task materialization.

• The full ITL is too excessive for the requirements. Thus we restrict ITL to its propositional variant.
• Some fragments (f.e. these of the arithmetic nature) of the propositional ITL—as defined in [4]—seem to be already too heterogeneous to constitute a convenient starting point of the hybrid system construction. Therefore, these arithmetic-based fragments of ITL will be replaced by the corresponding description-logic formulae.
• Finally, Gödel–Löb logic of provability cannot be adapted as an adequate logic for gradable verifiability, but it partially delivers a pattern or a surrogate for it. Therefore, it will be exploited in a role of basis in the hybrid formal system construction process.
• Last, but not least—Gabbay’s frame of the so-called fibred semantics from [24] exists for a point-wise semantics only, but it seems to be adaptable to an interval-based semantics. Thus, it will be used in the paper.

1.4. Objectives of the Paper

Due to the motivation factors-the main objectives of the paper are (in chronological order):

• to propose a multi-valued logic for gradable verifiability (MVer),
• to introduce a new hybrid system MVHSM as a unique combination of Halpern–Shoham Logic, Simplified Interval Temporal Logic of Moszkowski and multi-valued logic for gradable verifiability (MVer) (a specification of the combination will be explained in details later.)
• to elaborate a general frame of the interval counterpart of Gabbay’s fibred semantics,
• to semantically interpret the newly introduced MVHS in the fibred interval semantics,
• to describe a general frame of model checking for MVHSM and its possible extensions.

From a more practical perspective, this paper is aimed at proposing a potentially paradigmatic method of semantic modeling of agent’s reasoning about digital circuits in terms of the combined MVHSM system.

One needs to underline that the paper belongs to the common intersection of research on temporal logic systems and knowledge representation as a part of AI. As such, the paper does not refer to digital circuits themselves in their electronics-based depiction (In fact, we rather consider them in a slightly more idealized perspective, i.e., as unique acyclic directed graphs.), but it refers to their formal properties and pieces of reasoning about them—as expressible in MVHSM and its potential extensions. One should underline that the deceptively purely logical nature of these analyses is essentially oriented for the idea of a combined model checking of both formal properties of digital circuits and pieces of reasoning about them.

Reasoning about them constituted the primary motivating factor for the construction of Moszkowski’s Interval Temporal Logic. Meanwhile, this system forms one of two pillars of the newly constructed MVHSM system.

1.5. Organization of Paper

The rest of the paper is organized as follows. In Section 2, a terminological framework of analysis is put forward. In Section 3, a simplified Halpern–Shoham- Moszkowski Logic (HSM) is introduced syntactically. A Multi-Valued Verifiability Logic (MVer) is presented in Section 4 syntactically and semantically. In Section 5, the hybrid system of Multi-Valued Simplified Halpern–Shoham–Moszkowski Logic for Gradable Verifiability (MVHSM) is introduced and semantically interpreted in the interval fibred semantics. Section 6 explains a broader model checking-orientation of the paper analysis. In Section 7, state of the art is described. Section 8 contains the final remarks and conclusions.

2. Terminological Framework

Before we move to the right part of the paper, a conceptual apparatus —for ITL and HS and their semantic interpretations in the Kripke frame-based models will be put forward. We start its presentation from the so-called Interval-Based Interpreted System (IBIS) as unique transition systems. Although we intend to exploit Kripke frame-based models as a basis for the so-called fibred semantics for the hybrid MVHSM system, it seems reasonable to begin with transition systems. This solution gives an excellent opportunity to grasp deep relationships between them and their corresponding Kripke frames and an internal organization of Kripke frames. Finally, it enables understanding how discrete intervals may be created.

Secondly, a simplified ITL and Halpern-Shoam logic are presented in their syntactic and semantic depictions.

2.1. Kripke Frame-Based Interval Semantics

We begin our interval-based semantics presentation with a definition of a tree-like order (For a terminological background of the analysis, we adopt most of the definitions from [22], modifying some conditions for labeling functions. We also adopt the so-called homogeneity principle w. r. t. these functions—as this principle ensures that the same formula $\varphi$ labels the whole interval I and each internal point of it (see: [25])).

Definition 1.

We say that $\langle S,\le \rangle$ is a tree-like order iff:

• it is strongly discrete, i.e., there are only finitely many points between any two points and the the order contains the least element,
• for any a, b, c ∈ S, if a ≤ c and b ≤ c, then either a ≤ b or b ≤ a.

We also consider a finite set $\mathcal{A}=\{1,\dots ,m\}$ of agents such that each agent i is endowed with a set of global states $L_i,i\in \mathcal{A}$ and a set of local actions which produce a transition relation t. In such a framework, we adopt the following definitions.

Definition 2.

Let $\mathcal{L}$an be a propositional language with a set of propositional variables Prop. An Interval-Based Interpreted System (IBIS) is a tuple $(S,s_0,t,\mathit{Lab})$ such that

• $S\subseteq L_1\times \dots L_m$ is a set of tuples of global states reachable from the initial global state $s_0$ via t,
• $t\subseteq S^2$ is a transition relation between states such that $\langle S,t\rangle$ forms a tree-like order with $s_0$ as its least element,
• Lab: $S\mapsto 2^{\mathrm{Prop}}$ is a labeling function, which for $I=s_1,s_2,\dots ,s_k$ is defined as follows: $\mathit{Lab}\left(I\right)=\varphi \in \mathrm{Prop}$, for $i\le k$ provided that the following homogeneity principle is true: $\varphi \in Lab\left(I\right)$ if and only if $\varphi \in Lab\left(s_1\right),\varphi \in Lab\left(s_2\right),\dots ,\varphi \in Lab\left(s_k\right)$.

IBIS may also be seen as an unraveling of the generalized Kripke frame.

Definition 3.

An interval is a finite path in IBIS , or a sequence $I=s_0{s}_s\dots s_n$ such that $s_{i}t{s}_{i+1}$ for $1\le i\le k-1$, and a transition t. A restriction of an interval I (with a length l) to a sequence of its first k-states (for $k\le l$) will be denoted by ${I|}_k$ and called a k-prefix of I or its k-initial subinterval. The subsequence $s_i\dots ,s_n$ of I for $1<i\le n$ forms its terminal subinterval. Finally each sequence $s_i\dots s_j$, for $0\le i\le j\le n$ forms an intermediate subinterval of I.

We also assume that each global state s from S of IBIS consists of local states. For a global state $s=(l_1,l_2\dots ,l_m)$ the local state $l_i$ in a global state s will be denoted by $l_i\left(s\right)$, for $i\in \mathcal{A}$.

Example 1.

Consider some IBIS-system with an agent 1, which is endowed with a global state $L=\{l_A,l_B,l_C\}$ with three local states and with a 2-elemental set of actions $\{a_1,a_2\}$. As an example of the transition one can consider: $t=\{\langle l_A{a}_1{l}_A\rangle ,\langle l_A{a}_2{l}_B\rangle ,\langle l_B{a}_2{l}_C\rangle \}$.

The mutual relationship between an IBIS-ontology and epistemology of agents can be explained as follows. Intervals states I and $I^{{}^{\prime }}$ with a length k and l (resp.) are indistinguishable by an agent (formally: $I{\sim }_i{I}^{{}^{\prime }})$ if and only if $k=l$ and $l_i\left(s_j\right)=l_i\left(s_j^{{}^{\prime }}\right)$, for all $j\le k$, $s_j\in I$, $s_j^{{}^{\prime }}\in I^{{}^{\prime }}$, i.e., the corresponding local states $s_j$ and $s_j^{{}^{\prime }}$ are identical. This property will be called—due to [21,26]—the behavioral equivalence and it plays a role of our meta-assumption in the paper.

Whereas each Kripke frame may be viewed as a variation of an (unlabeled) transition system, each Kripke frame-based model (briefly: Kripke model) may be seen as a variation of its corresponding labeled transition system, such as IBIS. The main difference between them relies on using another type of a corresponding function between a given formal language, say $\mathcal{L}$ with a subset of its propositional variables Prop and its semantic interpretation in a given universe, say W. There is a valuation— as a function from $2^{\mathrm{Prop}}\to 2^W$ in models and a labeling function as a function from $2^W\to 2^{\mathrm{Prop}}$ in transitions systems. The formal definition of a Kripke frame model is as follows.

Definition 4.

Let $\mathcal{L}$ be a propositional language with a set of its propositional variables Prop. The Kripke frame model over a given ρ-Kripke frame $\mathcal{F}=\langle W,{\left\{R_i\right\}}_{i\in \rho }\rangle$, for $i\in \rho$, is a structure of the form $M=\langle \mathcal{F},V\rangle$, i.e., $M=\langle W,{\left\{R_i\right\}}_{i\in \rho },V\rangle$, where $V:2^{\mathrm{Prop}}\to W$ is a valuation (The definition of valuation function from $2^{Prop}\to 2^W$ may be easily extended for all well-formed formulae of a given language $\mathcal{L}$ with modal operators (of a box- and a diamond-type). That extension may be defined recursively as follows:

1. 

$V(\perp ):=\varnothing$;

2. 

$V({\varphi }_1\to {\varphi }_2):=V{\left({\varphi }_1\right)}^c\cup V\left({\varphi }_2\right)$;

3. 

$V\left(\langle \alpha \rangle \varphi \right):=R_{\alpha }\left(V\left(\varphi \right)\right)$, where $R_{\alpha }\left(X\right)=\{w\in W:w{R}_{\alpha }u$, for some $u\}$.)

If the universe set W from the Kripke model M consists of points, we deal with the point-wise Kripke models. If the model universe contains intervals, we say about the interval-based Kripke models.

Example 2.

Let $\mathcal{L}$ be a propositional language with Prop =$\{\alpha ,\beta \}$.

1. 

The structure $M_1=\langle W_1,R_1,V_1\rangle$, where:

$W_1=\{v_0,v_1,v_2,v_3\}$, $R_1$ is determined by the set $\{v_0{R}_1{v}_1,v_0{R}_1{v}_2,v_1{R}_1{v}_3,v_2{R}_1{v}_3\}$, and $V:\alpha \mapsto \{v_0,v_1\}$ and $\beta \mapsto \{v_2,v_2\}$ forms an example of a (point-wise) Kripke frame-based model over a Kripke frame in Figure 1 (left).

2. 

Simultaneously, the structure $M_2=\langle W_2,R_2,V_2\rangle$, where:

$W_2$= $\{\left\{v_0\right\}$, $\left\{v_0{v}_1\right\}$, $\left\{v_0{v}_2\right\}$, $\left\{v_0{v}_3\right\}$, $\left\{v_0{v}_2{v}_3\right\}$, $\left\{v_0{v}_1{v}_3\right\}\}$,

$R_2$ is determined by the set$\{v_0{R}_2{v}_0{v}_1,v_0{R}_2{v}_0{v}_2,v_0{R}_2{v}_0{v}_3,v_0{v}_1{R}_2{v}_0{v}_1{v}_2,v_0{v}_2{R}_2{v}_0{v}_1{v}_3\}\rangle$, and $V:\alpha \mapsto \left\{v_0\right\}$ and $\beta \mapsto \{v_0{v}_1,v_0{v}_2,v_0{v}_3,v_0{v}_2{v}_3,v_0{v}_1{v}_3\}$ forms an example of an interval-based Kripke frame-based model extracted from IBIS in Figure 1 (right).

The concept of Kripke frames will be initially exploited for establishing a satisfaction relation for both ITL-formulae and HS-formulae in Figure 2. Finally, it will constitute a basis for the fibred models for our hybrid JusHSM.

2.2. Simplified Interval Temporal Logic (SITL) and Halpern–Shoham Logic (HS)

The general remarks on the nature of Kripke frame-based semantics allow us to characterize both SITL and HS now.

I. Simplified Interval Temporal Logic of Moszkowski. ITL—defined in [4]—as a far modification of LTL of A. Pnueli— forms a highly expressive predicate modal-type representations of temporal relations that may be indicated between subintervals of a given interval. The relations next and semicolon constitutes the basis relations. They are used in defining further relations: begin,  finish,  halt,  keep,  yields, always, eventually, next (The full presentation of ITL may be easily found in [4]. Its presentation will be omitted for the brevity of this section and compactness of the analysis.).

In this paper, a simplified propositional variant of ITL of Moszkowski—the so-called Simplified ITL (SITL) is put forward. Introducing SITL we decide for a slight reconstruction modification of the original depiction of ITL from [4,5]. The foundation differences are the following:

• the uni-modal temporal operators of ITL restricted to begin,  finish,  halt,  keep,  always, eventually, next are admitted in syntax of SITL only (It means that we reject i.a. a bi-modal yield operator.),
• slightly against the original Moszkowski’s approach—the mutual relations between intervals and their subintervals are more explicitly given and considered as unique Kripke accessibility relations (Indeed, Moszkowski seems to consider these relations (different types of inclusions) as implicitly presupposed.).

Syntax ofSITL. Let us assume that $p,q$ form propositional variables, $p;q$ stands for ‘p semicolon q’(p followed by q) and let us adopt a couple of unique atomic formulae: true, empty, skip. Then the syntax of SITL-entities is given by the grammar:

$$\begin{array}{r}\varphi :=p,q|\neg p|p\wedge q|p;q|\mathrm{empty}\left|\mathrm{true}\right|\mathrm{skip}|\end{array}$$

(4)

$$\begin{array}{r}\left|X\left(p\right)\right|G_I\left(p\right)|F_I\left(p\right)|G_{\mathrm{A}}\left(p\right)|F_{\mathrm{A}}\left(p\right)|G_T\left(p\right)|F_T\left(p\right)\left|N\left(p\right)\right|\end{array}$$

(5)

where p, q are propositional variables, $G_I\left(p\right)$ stands for: ‘generally in initial subintervals p’, $F_I\left(p\right)$ stands for: ‘eventually in initial subintervals p’, $G_T\left(p\right)$ stands for: ‘generally in terminal subintervals p’, $F_T\left(p\right)$ stands for: ‘eventually in terminal subintervals p’. The pair: $G_{\mathrm{A}}\left(p\right)$, $F_{\mathrm{A}}\left(p\right)$ stands for the intermediate subintervals, $N\left(p\right)$ for: ‘next p’ and $X\left(p\right)$ denotes a modal operator for X-relation, where $X\in \{\mathrm{begin},\mathrm{finish},\mathrm{halt},\mathrm{keep}\}$. Some of the formulae are mutually co-definable. For example:

$$\mathrm{empty}\iff \neg N\left(\mathrm{true}\right),\mathrm{skip}\iff N\left(\mathrm{empty}\right).$$

(6)

Meanwhile, the modal-type operators enable of defining some new operators introducing their co-definability and a piece of creativity inside SITL (see: [4], pp. 16–17) (This fact elucidates the concise presentation of the SITL grammar as given by (4) and (5)):

$$\begin{array}{r}\mathrm{halt}\left(p\right)\iff G_T(p\iff \mathrm{empty}),\end{array}$$

(7)

$$\begin{array}{r}\mathrm{keep}\left(p\right)\iff G_T([\neg \mathrm{empty}]\to p),\end{array}$$

(8)

$$\begin{array}{r}\mathrm{fin}\left(p\right)\iff F_T(\mathrm{empty}\wedge p),\mathrm{beg}\left(p\right)\iff F_I(\mathrm{empty}\wedge p)\end{array}$$

(9)

$$\begin{array}{r}{G}_{*}\left(p\right)\iff \neg F_{*}\neg p,\mathrm{for}*\in \{I,\mathrm{A},T\}.\end{array}$$

(10)

For example, (7) asserts that $=\mathrm{halt}\left(p\right)$ is true for intervals that terminate the first time the formula p is true. Thus ’halt’ can be thought of a forcing an interval to wait until p occurs [4], p. 17. (9) for ‘fin’ asserts that p holds for a terminal subinterval of length 0, i.e., for the interval’s final state. Their semantics will elucidate a more profound sense of the operators.

A deeper sense of the operators will be elucidated by their semantics.

Interval models for Simplified-ITL (SITL). Before we specify the semantic relations associated with the unary-modal SITL operator to deeper specify Kripke model-based semantics for SITL, we will be initially based on the definition of Kripke frame-based models for SITL as a triple: $\langle W,X,V\rangle$, where:

• W is a (non-empty) domain consisting of finite discrete intervals,
• V is a valuation, i.e., $\mathit{V}:2^{\mathcal{L}\left(SITL\right)}\mapsto 2^W$ satisfying the usual conditions imposed on this function, and
• X is a relation between intervals from W and their subintervals to be called ‘Moszkowski’s relation’.

Let us establish now that I$=s_0\dots s_n\in W$, ${I|}_{s_0\dots s_j}=s_0\dots s_j$ denotes a proper subinterval of I consisting of the points $s_0$ up to $s_j$ for some $j<n$, ${I|}_{s_i\dots s_n}=s_i\dots s_n$ denotes a proper subinterval of I consisting of point from $s_i$ up to $s_n$ for some $0<i<n$, etc.

If $\varphi \in \mathcal{L}\left(\mathrm{SITL}\right)$, M is an interval Kripke frame-based model, then—due to [4]—the satisfaction for the ITL-operators is introduced by the appropriate clauses as follows. (This definition collects and slightly reconstructs single conditions for satisfaction scattered over pp. 11—12,15,16 of [4].)

Definition 5.

(Satisfaction for SITL) Let us assume that an interval Kripke model M with a non-empty universe W and a discrete interval $I=s_0\dots s_n\in W$ are given, for some fixed k. The following clauses define satisfaction relation for $\mathcal{L}\left(SITL\right)$:

1. 

${M,I\vDash p;q\iff M,I|}_{s_0\dots s_i}{\vDash p\mathrm{and}M,I|}_{s_{i+1},\dots ,s_n}\vDash q$.

2. 

$M,I\vDash \mathrm{empty}\iff n=0,M,I\vDash \mathrm{skip}\iff n=1.$

3. 

${M,I\vDash \mathrm{beg}\left(p\right)\iff M,I|}_{s_0}\vDash p$,

4. 

$M,I\vDash G_{\mathrm{A}}{\left(p\right)\iff M,I|}_{s_i\dots s_j}\vDash p,\mathrm{for}\mathrm{all}0\le i\le j\le n$,

5. 

$M,I\vDash F_{\mathrm{A}}{\left(p\right)\iff M,I|}_{s_i\dots s_j}\vDash p,\mathrm{for}\mathrm{some}0\le i\le j\le n$.

6. 

$M,I\vDash G_{\mathrm{I}}{\left(p\right)\iff M,I|}_{s_0\dots s_j}\vDash p,\mathrm{for}\mathrm{all}j\le n$,

7. 

$M,I\vDash F_{\mathrm{I}}{\left(p\right)\iff M,I|}_{s_0\dots s_j}\vDash p,\mathrm{for}\mathrm{some}j\le n$,

8. 

$M,I\vDash G_{\mathrm{T}}{\left(p\right)\iff M,I|}_{s_j\dots s_n}\vDash p,\mathrm{for}\mathrm{all}0\le j$,

9. 

$M,I\vDash F_{\mathrm{T}}{\left(p\right)\iff M,I|}_{s_j\dots s_n}\vDash p,\mathrm{for}\mathrm{some}0\le j$,

The satisfaction conditions for other operators may be introduced via their syntactic co-definability with the operators just presented.

It is easy to see that satisfaction conditions from Definition 5 are not explicitly involved in accessibility relations between intervals—as usual in Kripke frame-based semantics. Nevertheless, it is not difficult to see that these relations (inclusions ⊆) may be easily extracted from the conditions. In fact, they are of a (slightly) different sort. The inclusions associated with $G_T\left(F_T\right)$ operators will be denoted as ${\subseteq }_T$ and they connect intervals with their terminal subintervals. By contrast, the inclusions associated to $G_I\left(F_I\right)$ operators will connect intervals with their initial subintervals and denoted by ${\subseteq }_I$. Finally, the inclusions ${\subseteq }_A$ will be associated to $G_A\left(F_A\right)$ and connect intervals with their intermediate intervals—due to the satisfaction condition for these operators. Finally, we can venture to name some chosen relations. Namely, $finish,keep,halt,begin$ will be semantic counterpart of SITL operators: fin, keep, halt, beg (We decide to treat them here as modal operators—as we think about them as about fin(), keep(), halt(), beg(). If a propositional variable is fixed, say p, then the corresponding fin(p), keep(p), halt(p), beg(p) are unary predicates.) (resp.) These arrangements lead to the unitary and generalized satisfaction condition:

$$\begin{array}{cc}\hfill M,I\vDash {\diamond }_{SITL}\varphi & \mathrm{iff}\exists I^{\prime }\mathrm{that}((I^{\prime }\subseteq I\to M,I^{\prime }\vDash \varphi ),\hfill \end{array}$$

for $\subseteq \in \{{\subseteq }_I,{\subseteq }_A,{\subseteq }_T\}$, and ${\diamond }_{SITL}$ being a diamond-type unary operator of $\mathcal{L}$(SITL). The corresponding condition for ${\square }_{SITL}$ operator requires a general quantifier instead of the existential one.

II. Halpern–Shoham logic. Whereas ITL and its simplified version SITL are capable of rendering the internal relations inside a given temporal interval (between its inherits fragments), HS renders external relations between a given interval and other intervals.

Syntax. More precisely, HS constitutes a modal-type representation of temporal relations between intervals, originally defined in [6]: “after” (or “meets”), (“later”), “begins” (or “start”), (“during”), “end” and “overlap”; see also [7]. These relations correspond to the modal HS operators: $\langle A\rangle$ for “after”, $\langle B\rangle$ for “begins”, $\langle L\rangle$ for “later”, etc. The syntax of HS entities $\varphi$ is defined by:

$$\varphi :=p|\neg \varphi |\varphi \wedge \varphi \left|\langle Y\rangle \varphi \right|\langle \overline{Y}\rangle \varphi ,$$

where p is a propositional variable and $\langle \overline{Y}\rangle$ denotes a modal operator for the inverse relation w. r. t. $Y\in \{A,B,D,E,O,L\}$ being a set of Allen’s relations.

Semantics. As earlier mentioned—the appropriate semantics of HS forms a kind of the interval-based semantics. Denoting by $\mathcal{P}\left(\mathbb{N}\right)$ the set of all closed intervals $[i,j]$ for $i,j\in \mathbb{N}\le \omega$, the interval HS-model is defined as n-tuple $M=\langle \mathcal{P}\left(\mathbb{N}\right),Y,V\rangle$, where $Y\in \{A,B,D,E,O,L\}$ and $V:Prop\mapsto \mathcal{P}\left(\mathbb{N}\right)$ is a valuation for propositional letters $Prop$ of $\mathcal{L}\left(HS\right)$.

Sometimes, the interval-based models for HS base on generalized Kripke frames, i.e., on the triples of a more general form $\langle W,Y,V\rangle$, where W is a (non-empty) domain, V is a valuation (Alternatively, we can define the corresponding IBIS-based model provided that we exchange a valuation V for a labeling function.) and $Y\in \{A,B,D,E,O,L\}$. If $\varphi \in \mathcal{L}\left(\mathrm{HS}\right)$, M is a Kripke frame-based model of this type, and $I\in W$, then satisfaction for ⋄-type modal HS operator is given as follows:

$$\begin{array}{cc}\hfill M,I\vDash \langle Y\rangle \varphi & \mathrm{iff}\exists I^{\prime }\mathrm{that}IY{I}^{\prime }\mathrm{and}M,I^{\prime }\vDash \varphi .\hfill \end{array}$$

Exchanging ∃-quantifier for the general one, we can obtain the corresponding condition for □-type modal operator.

Example 3.

Let M be a Kripke model, $I,I^{{}^{\prime }}$ are two interval from the model universe and $LoadPhase\left(H\right)$ forms an exemplary predicate of a given propositional modal language $\mathcal{L}$. Then

$$M,I\vDash \langle D\rangle \mathrm{LoadPhase}\left(\mathrm{H}\right)\iff \exists I^{{}^{\prime }}\mathrm{that}ID{I}^{{}^{\prime }}\mathrm{and}M,I^{{}^{\prime }}\vDash \mathrm{LoadPhase}\left(\mathrm{H}\right).$$

3. A (Simplified) Halpern–Shoham–Moszkowski Logic

Having defined both SITL and HS, we are in a position to propose an integrated temporal logic system to be called Halpern–Shoham–Moszkowski logic (shortly: HSM). In this section, HSM is introduced syntactically only—as a complex presentation of its semantics requires a new combined type of semantics to interpret combined formulae of HSM. It will be elaborated in Section 5 as the so-called fibred semantics, and it will be retrospectively adopted to HSM formulae.

It arises a question how to combine these two systems. It seems that the most simple and (perhaps) the most natural way to do it is to consider their fusion (or an independent sum). Generally, if $Lo{g}_1,Lo{g}_2$ are two modal logics in languages $\mathcal{L}\left(Lo{g}_1\right),\mathcal{L}\left(Lo{g}_1\right)$ (resp.) and they have disjoint sets of modal operators, say ${\square }_1,\dots {\square }_n$ and ${\square }_{n+1},\dots ,{\square }_m$ (resp.), then the fusion

$$Lo{g}_1\otimes Lo{g}_2$$

(11)

of $Lo{g}_1$ and $Lo{g}_2$ is the smallest ($n+m$)-modal logic containing both $Lo{g}_1$ and $Lo{g}_2$.

Therefore, let us assume that a new language ${\mathcal{L}}^{HSM}={\mathcal{L}}^{ITL}\otimes {\mathcal{L}}^{HS}$ being a fusion of ${\mathcal{L}}^{ITL}$ and ${\mathcal{L}}^{HS}$. Nevertheless, we intend to admit some combined formulae of ITL and HS, thus the new HSM should constitute a kind of superset of a usual fusion $ITL\otimes HS$. In other words, a set of well-formed formulae of $ITL\otimes HS$, say $FO{R}^{HSM}$, should contain the set $FO{R}^{ITL\otimes HS}$ =$\{\varphi$: either $\varphi \in$ FOR${}^{SITL}$ or FOR${}^{HS}\}$ as its proper subset.

Nevertheless, not all combinations should be admitted because of a nature of the scenario from the motivating example (see: Introduction), which indicates the admissible order of the modal operators of HMS. Namely, HS operators play the role of the external operators for the ITL’s ones. In fact, the situation should be initially described inside a given interval, and—eventually—its materialization may be moved in time (performed in another interval provided that it remains in the initial one in Allen’s relation).

It allows us to define a set of well-formed formulae FOR${}^{HSM}$ of HSM in ${\mathcal{L}}^{HSM}={\mathcal{L}}^{SITL}\otimes {\mathcal{L}}^{HS}$.

Definition 6.

(Set of well-formed formulae of HSM) A set FOR${}^{HSM}$ of well-formed formulae of HSM is given by the following grammar:

$$\mathrm{formulae}:=\varphi ,\psi |\neg \varphi |\varphi \wedge \psi |\varphi ;\psi |\mathrm{true}\left|\mathrm{empty}\right|\mathrm{skip}|,$$

$$\begin{array}{c}\hfill N\left(\varphi \right)\left|X\left(\varphi \right)\right|F_{*}\left(\varphi \right)|G_{*}\left(\varphi \right)|\langle Y\rangle \varphi ,|\left[Y\right]\varphi \end{array}$$

$$\begin{array}{c}\hfill \left[Y\right]F_{*}\left(\varphi \right)|\left[Y\right]G_{*}\varphi \left|\left[Y\right]X\varphi \right|\langle Y\rangle F_{*}\varphi |\langle Y\rangle G_{*}\varphi ,\end{array}$$

where $\varphi ,\psi$ are propositional variables and $X\in \{finish,begin,keep,halt\}$, $N\left(\varphi \right)$ is ‘next’-operator and $F_{*}\left(\varphi \right)$ and $G_{*}\left(\varphi \right)$ are mutually co-definable temporal operators ’eventually’ and ’always’ for $*\in \{I,T,\mathrm{A}\}$ and $Y\in \{A,B,D,E,O,L\}$ is an Allen’s relation.

Example 4.

The formula: $\left[L\right]$finϕ is a well-formed formula of HSM, but halt$\langle B\rangle \psi$—does not.

Definition 7.

(HSM as a theory) HSM is defined as the smallest theory containing all formulae FOR${}^{HSM}$ and closed on MP, substitution, and the corresponding inference rules for formulae of ITL and HS.

The models and satisfaction relations are introduced for uni-modal formulae of HSM, as depicted in Section 3. The fibred semantics for multi-modal formulae of HSM will be given in Section 4.

4. Multi-Valued Verifiability Logic (MVer)

4.1. Towards a Multi-Valued Logic for Gradable Verifiability

Before we propose the fibred semantics for combined formulae of HSM already introduced, we need to elaborate at first a multi-valued logic for gradable verifiability (MVer) to integrate it with HSM. In this way, the hybrid VerHSM will be introduced.

In this section, the lacking component MVer will be elaborated. In general, we intend to adopt the formalization tradition for the close-related concept of provability in terms of Löb-style modal conditions (see: Introduction). Comments of Ayer, Chisholm, and Gettier regarding the justification as an epistemic capability of agents from [28,29,30] will determine the final exploration direction.

Towards a Basis Verifiability Logic. It remains to decide which modal logic system should be adopted as a basis system for the verifiability logic construction. In order to find the most reasonable solution, we now consider three candidates aspiring to this role.

The first—and potentially the most natural—candidate seems to be the Gödel–Löb logic GL which expresses Löb’s provability conditions for Gödel’s incompleteness theorem in terms of □-modal operators. The following axioms K, 4 and GL determine its axiomatic system—as already mentioned in the Introduction—:

• K      $\square (\varphi \to \psi )\to (\square \varphi \to \square \psi )$,
• 4       $\square \varphi \to \square \square \varphi$,
• GL    $\square (\square \varphi \to \varphi )\to \square \varphi$.

Independently of this concise modal representation of provability in the axiom-based framework of GL logic—it remains some difficulty with the naturality and universality of the third condition. Indeed, one can argue that it has a relatively narrow and technical sense (for the use of the proof of Gödel’s theorem), and it should not be easily extrapolated for a broader spectrum of contexts.

The concurrent solution in the same formalization approach to arithmetic provability oscillates around its representation by formal properties of Prov()-predicate given by the so-called Rosser’s sentence (see: [31,32]), the chronologically second metalogical example of an undecidable Gödel’s sentence.

It asserts—as a self-referential sentence—that if it has proof in PA with a Gödel number k, then its negation has a proof in PA with a Gödel number m smaller than k (In fact, it forms a roundabout method for this sentence to state its own non-provability. The predicate version of the sentence may be found in [31]—due to the original one from [32]. We omit its presentation because it is redundant from our perspective.). In this way, provability was explicitly combined with a time sequence relation in Rosser’s trick for his Gödel sentence construction and his concept of provability in general. On the one hand, an idea to exploit Rosser’s sense of provability in our approach seems to well correspond to our main idea of combining verifiability with time. On the other hand, there is no explicit axiomatic depiction of provability involved in Rosser’s sentence— even against a promising effort of Smullyan to give Rosser’s sentence an epistemic face. He made it in terms of a belief operator B (If $\alpha$ is an atomic, self-referential sentence:’I am provable in PA’, ’<’ is the time sequence relation, then the Rosser’s sentence may be identified with $\alpha \iff \neg ($B$\alpha <$B$\neg \alpha )$ (I am provable only if you cannot believe that I am provable earlier than you believe that I am not provable).). In addition, Smullyan’s approach forms a taxonomy of axiom systems dependently on agent epistemic capabilities established a priori (such as agent-Besserwisser, an epistemically naive agent, etc.) Meanwhile, we rather intend to find an axiom system for describing formal properties of (gradable) verifiability itself, while the agent’s epistemic capabilities may be flexible and context-dependent such as reasoning about digital circuits.

Returning to the formalization approach in terms of GL, it seems to be reasonable to exchange the technical axiom GL for a more general axiom T: ‘if A is justifiable, then it is true’ in our approach. Indeed, this axiom much better materializes an idea of the truth assignment to different logical statements based on an acceptance of their premises. It leads to the exchange of axioms: K, 4, and GL for the conjunction of K, 4, and T. In this way, GL will be exchanged for S4—as a basis for further constructions. It forces some conditions imposed on the semantics of the newly introduced MVer—because S4 is complete w. r. t. the models based on the partially ordered Kripke frames (Obviously, S4 adequately describes (in the sense of completeness) not only partially ordered structures, but also such entities as dense-in-itself metric spaces ([33]), etc. Nevertheless, this “unintended” S4-semantics will not concern us as redundant and inadequate.).

Multi-Valued Logic for Gradable Verifiability. It only remains the question of how to modify the epistemic S4 to make it suitable to represent gradable verifiability in order to define MVer. In order to do it—let us introduce a finite set of different parameters in a role of degrees of ‘being verifiable’. More precisely, we will admit new parametrized modal operators of the type: ${\left[V\right]}_i^{\alpha }\varphi$ (for: ‘$\varphi$ is justifiable by an agent i with a degree $\alpha$), where $\left[U\right]\varphi$ is an ordinary box-type operator read: ‘$\varphi$ is justifiable’). It is convenient to treat the $\alpha$-parameters as normalized, i.e., $\alpha \in [0,1]$. Since a finite set of such $\alpha$’s degrees is usually enough in practice, this new MVer will form a multi-valued logic system (Let us note that even such an extremal case as ${\left[U\right]}_i^0\varphi$ ($\varphi$ is justifiable by i in the degree 0) does not violate our meta-assumption concerning a purely descriptive character of our system, we consider this case as acceptable.). Summing up, we intend to identify MVer with a multi-valued epistemic S4.

4.2. Multi-Valued Epistemic Logic (MVJus)—A Syntactic Depiction

These postulates—just formulated—will find their reflection in syntax of MVer by introducing the following two modal operators:

1.

${\left[V\right]}_i^{\alpha }\varphi$ for: ‘$\varphi$ is (strongly) justifiable by an agent i with a degree $\alpha$’ and

2.

${\langle V\rangle }_i^{\alpha }\varphi$, for: ‘$\varphi$ is (weakly) justifiably by an agent i with a degree $\alpha$’,

for atomic $\varphi$ and an arbitrary, but fixed rational parameter $\alpha \in G\subset [0,1]$—due to [34,35]. It allows us to establish a grammar of MVer as follows.

Language of MVer. Let G be an arbitrary, but fixed finite subset of (parameters from) $[0,1]$. The language of MVer, $\mathcal{L}$(MVer), is given by the following grammar:

$$\varphi :={p|\neg \varphi |\varphi \wedge \psi |\left[V\right]}_i^{\alpha }{\varphi |\langle V\rangle }_i^{\alpha }\varphi ,$$

where $i\in \mathcal{A}$, $\alpha$ is an arbitrary, but fixed rational parameter from G. The following definition establishing a co-definability of modal operators of MVer and the following axioms are incorporated in the syntax of MVer. Def. 1: ${\langle V\rangle }_i^{\alpha }\varphi \iff \neg {\left[U\right]}_i^{\alpha }\neg \varphi$ for each $\alpha \in G$.   

Axioms:

1.

All axioms of Boolean propositional calculus,

2.

${\left[V\right]}_i^{\alpha }(\varphi \to \chi )\to ({\left[V\right]}_i^{\alpha }\varphi \to {\left[V\right]}_i^{\alpha }\chi )$, (axiom K)

3.

${\left[V\right]}_i^{\alpha }\varphi \to {\left[V\right]}_i^{\alpha }{\left[V\right]}_i^{\alpha }\varphi$, (axiom 4)

4.

${\left[V\right]}_i^{\alpha }\varphi \to \varphi$, (axiom T)

for each fixed rational $\alpha \in [0,1]$.

Inference rules: As inference rules we adopt:

1.

Modus Ponens, substitution rule and

2.

a neccessitation rule for the ${\left[V\right]}_i^{\alpha }$-operator:

$$\frac{\varphi }{{\left[V\right]}_i^{\alpha }\varphi },\alpha \in G\subset [0,1]$$

$\alpha$ rational and G finite. It allows us to define MVer as a formal theory in the following manner.

Definition 8.

(MVer as a theory) MVer forms the minor theory in $\mathcal{L}\left(\mathrm{MVer}\right)$, which contains: Definition 1, axioms (1)—(4) and closed under the inference rules, mentioned above.

Example 5.

Let us consider an atomic formula $\varphi :=skip\left(p\right)$ of an atomic ITL-formulae and consider an agent $i_0\in \mathcal{A}$, and $\alpha =\frac{3}{4}$. Then:

1. 

${\left[V\right]}_{i_0}^{\frac{3}{4}}skip\left(p\right)\to skip\left(p\right)$ is well-formed exemplification of axiom T, but—for $\alpha \in \{\frac{3}{4},\frac{1}{2}\}:$

2. 

${\left[V\right]}_{i_0}^{\frac{3}{4}}{\left[V\right]}_{i_0}^{\frac{1}{2}}skip\left(p\right)$ does not because we admit α as fixed during for the whole formula construction only.

4.3. Interval-Based Semantics for MVer

In this paragraph, MVer will be interpreted in Kripke interval-based semantics. As usual, a “core” of its construction is a two-stage construction the appropriate accessibility relation between intervals ${\precsim }_i$ (for $i\in \mathcal{A}$). This relation is intended to constitute a non-symmetric similarity relation (Let us note that a usual similarity (as a purely qualitative) relation is an equivalence relation. Indeed, it is reflexive, symmetric, and transitive. Nevertheless, if we are interested in a numeric scale of similarity—this relation violates symmetry. This fact suggests us a research direction. Indeed, we will specify ${\precsim }_i^{\alpha }$ numerically.) and partially have a pragmatic nature (as agents index it) to introduce a piece of behavioral semantics. Additionally, this relation will be specified later by $\alpha$’s in the construction’s next-stage – due to some ideas previously eleborated in [27,36].

Accessibility relation ${\precsim }_i$. For defining this accessibility relation let S be an initial (reservoir) set of finite intervals (Pedantically, S might be defined as a power set of all finite sequences of points taken from a non-empty W. For simplicity of current analysis we omit this initial stage of the construction.), and let the intervals $I=s_1{s}_2\dots s_k\in S$, and $I^{{}^{\prime }}=s_1^{{}^{\prime }}{s}_2^{{}^{\prime }}\dots s_l^{{}^{\prime }}\in S$, for some $k,l$. Let us also establish an agent $i\in \mathcal{A}$ and let us define a new accessibility relation ${\precsim }_i\subseteq S\times S$ between intervals I and $I^{{}^{\prime }}$ as follows:

$$I{\precsim }_i{I}^{{}^{\prime }}\iff \mathrm{length}\left(k\right)\le \mathrm{length}\left(l\right)\mathrm{and}{l}_i\left(s_j\right)=l_i\left(s_j^{{}^{\prime }}\right)\mathrm{for}\mathrm{all}j<k,$$

(12)

i.e., an agent i cannot distinguish between the corresponding states of I and $I^{{}^{\prime }}$ up to j state, between j-prefixes of both intervals. In other words,

$$I{\precsim }_i{I}^{{}^{\prime }}\iff I{{|}_j{\sim }_i{I}^{{}^{\prime }}|}_j,$$

or if and only if the behavioral equivalence condition (see: Section 2) holds for j-prefixes of these two intervals.

It is not easy to show that ${\precsim }_i$ forms a partial order, i.e., it is reflexive, anti-symmetric, and transitive, for each $in\in \mathcal{A}$. Thus, it forms an adequate relation for Kripke models for S4.

Theorem 1.

The relation ${\precsim }_i\subseteq S\times S$ defined by (12) forms a partial order, for each $i\in \mathcal{A}$.

Proof. 

Let us establish an agent $i_0\in \mathcal{A}$. It is clear that $I{\precsim }_{i_0}I$, so the relation is reflexive.

If assume that two I and $I^{{}^{\prime }}$ are arbitrarily chosen and such that length(I) = k, length($I^{{}^{\prime }})=l$ and $I{\precsim }_{i_0}{I}^{{}^{\prime }}$, then $k\le l$ and it is not true that $l\le k$ (for all such pairs). Thus, it cannot hold $I^{{}^{\prime }}{\precsim }_{i_0}I$—due to (12) in a general case. Obviously, if symmetry holds, then $I=I^{{}^{\prime }}$. Hence, ${\precsim }_i$ is anti-symmetric.

If $I,I^{{}^{\prime }}$ and $I^{{}^{\prime \prime }}$ are such that length($I^{"})=m$, and $I{\precsim }_{i_0}{I}^{{}^{\prime }}$ and $I^{{}^{\prime }}{\precsim }_{i_0}{I}^{{}^{\prime \prime }}$, then also-due to (12) — $k\le l$ and $l\le m$ and $l_i\left(s_j\right)=l_i\left(s_j^{"}\right)$, for all $j<k$. It exactly means that $I{\precsim }_i{I}^{"}$, i.e., ${\precsim }_i$ is also transitive for the fixed $i_0\in \mathcal{A}$. The thesis of Theorem follows from the fact that $i_0$ was chosen arbitrarily.    □

Accessibility relation ${\precsim }_i^{\alpha }$. Obviously, ${\precsim }_i$ relation is not suitable to grasp gradable verifiability by agents. In order to empower ${\precsim }_i$ for this task, we should modify this relation. Therefore, let us establish a finite $G\subset [0,1]$ and let us consider some technical function $\parallel •\parallel :S\times S\times \mathcal{A}\mapsto \mathcal{G}$ defined as:

$$\parallel I{\precsim }_i{I}^{{}^{\prime }}\parallel =\alpha ,\mathrm{for}\alpha \in G.$$

Intuitively, this new function associates the earlier relation ${\precsim }_i$ between I and $I^{{}^{\prime }}$ to some rational $\alpha$ from $[0,1]$ (The appropriate methods of achieving of $\alpha$ will be discussed later.). We are in a position to introduce a new relation in the product $S\times S\times G\times \mathcal{A}$ as a unique enhancement of the previous ${\precsim }_i$ as follows:

$$I{\precsim }_i^{\alpha }{I}^{{}^{\prime }}\iff \mathrm{length}\left(I\right)\le \mathrm{length}\left(I^{{}^{\prime }}\right)\mathrm{and}\parallel I{\precsim }_i{I}^{{}^{\prime }}\parallel =\alpha \in [0,1].$$

(13)

Obviously, this general way of defining ${\precsim }_i^{\alpha }$ does not determine its nature precisely. Its algebraic properties depends on a method how $\alpha$ is defined. However, this way of introducing ${\precsim }_i^{\alpha }$ allows us to preserve some crucial properties of ${\precsim }_i$ such as anti-symmetry. It follows from the condition length($I)\le$ length ($I^{{}^{\prime }}$) for a given pair of intervals I and $I^{{}^{\prime }}$ (In fact, if $I{\precsim }_i^{\alpha }{I}^{{}^{\prime }}$ for intervals I and $I^{{}^{\prime }}$ and some $i\in \mathcal{A}$, then length($I)\le$ length ($I^{{}^{\prime }}$) and the inverse inequality does not hold (in a general case), thus it is not true that also $I^{{}^{\prime }}{\precsim }_{i}I$. It already disconfirms symmetry.).

The following example (Figure 3) illustrates now how a way of defining $\alpha$ influences an algebraic nature of ${\precsim }_i^{\alpha }$.

Example 6.

Consider a pair of discrete intervals $(I_1,I_2):I_1{\precsim }_i{I}_2$ having $j=10$ common points and define $\alpha =\parallel I_1{\precsim }_i{I}_2\parallel =\frac{j(I_1,I_2)}{K}$ for some $\mathcal{K}=200>$ length of each interval and each $i\in \mathcal{A}$. Thus, their similarity $\alpha =\parallel I_1{\precsim }_i{I}_2)\parallel =\frac{10}{200}=\frac{1}{20}$. Assuming that $I_2{\precsim }_i{I}_3$ we always obtain $\parallel I_1{\precsim }_i{I}_3\parallel \in [0,1]$ by this way of establishing α. In fact, we always find an α value no greater than 1 (because of a denominator = 200) and $\alpha \ge 0$. (It there is no common point we obtain 0). Obviously, $length\left(I_1\right)\le length\left(I_3\right)$, thus this way of defining α also preserves transitivity.

Having defined ${\precsim }_i^{\alpha }$, we are in a position to define a Kripke interval model for $MVer$.

Definition 9.

(Kripke model for MVer) Let $\mathcal{A}$ be a non-empty set of agents. A Kripke interval model for MVer associated to $\mathcal{A}$ is each structure M of the form:

$$M=\langle S,{\precsim }_i^{\alpha },h\rangle ,$$

(14)

where $S\ne \varnothing$, ${\precsim }_i^{\alpha }$ is an accessibility relation on $S\times S\times \mathcal{A}$ and $h:\mathcal{L}\left(MVer\right)\to 2^S$ is a truth assignment function (As usual, we treat the assignment function as an extension of a valuation function running from a set of propositional variables to a a family of subsets of S. We decide for such a slight modification because of further analysis around fibred semantics, where usually assignments are considered instead of valuation functions.).

It allows us to introduce the following inductive definition of satisfaction for MVer-formulae.

Definition 10.

(Satisfaction) Let $M=\langle S,{\precsim }_i^{\alpha },h\rangle$ be a Kripke interval model associated to a non-empty set $\mathcal{A}$ for $\mathcal{L}\left(MVer\right)$ with a set of propositions $\mathrm{Prop}$. Given a formula $\varphi \in \mathcal{L}$(MVer), an interval $I\in S$ and a finite set $G\subset [0,1]$ we inductively define the fact that ϕ is satisfied in M, in an interval I (symb.$I\vDash \varphi$) as follows (It is easy to reformulate this definition for satisfaction in the corresponding IBIS system. In fact, it is enough to exchange the initial condition for atomic formulae from Prop for the condition: for all $p\in \mathrm{Prop}$, we have IBIS, $I\vDash p$ iff $p\in \mathit{Lab}\left(I\right)$.):

1. 

For all $p\in \mathrm{Prop}$, we have $M,I\vDash p$ iff $I\in \mathit{h}\left(p\right)$.

2. 

$M,I\vDash \neg \varphi$ iff it is not such that $M,I\vDash \varphi$.

3. 

$M,I\vDash \varphi \wedge \psi$ iff $M,I\vDash \varphi$ and $M,I\vDash \psi$.

4. 

$M,I\vDash {\left[V\right]}_i^{\alpha }\varphi$, where $i\in A$, iff for all $I{\precsim }_i^{\alpha }{I}^{\prime }$ we have $M,I^{\prime }\vDash \varphi$ for each $\alpha \in G$.

5. 

$M,I\vDash {\langle V\rangle }_i^{\alpha }\varphi$, where $i\in A$, iff there is $I^{\prime }$ such that $I{\precsim }_i^{\alpha }{I}^{\prime }$ and $M,I^{\prime }\vDash \varphi$ for each $\alpha \in G$.

The key clauses in this definition are that one referring to the modal operators ${\left[U\right]}_i^{\alpha }\varphi$ and ${\langle V\rangle }_i^{\alpha }\varphi$. These conditions assert that these formulas are satisfied in I of M iff the atomic formula $\varphi$ holds in all intervals (at least one interval) accessible from this I via ${\precsim }_i^{\alpha }$-relation (resp.).

It remains to reconcile syntax of MVer with its semantics given by Kripke interval models as defined in (14)—at least in the form of soundness (The proof of completeness would require more detailed analysis and the construction of the appropriate canonical models.). It means that all formulae MVer are satisfied in Kripke models of this type.

Theorem 2.

(Soundness of MVer) Theory MVer is sound with respect to all Kripke interval models with accessibility relation ${\precsim }_i^{\alpha }$ defined by (13), for each $i\in \mathcal{A}$ and fixed rational $\alpha \in [0,1]$.

Proof. 

For the established $i_0\in \mathcal{A}$ and the parameter ${\alpha }_0\in [0,1]$ the proof runs as in a standard way for classical model logic systems. One needs to show that all axioms K, 4, and T are satisfied in Kripke models defined by (14). In order to illustrate, we consider axiom T only.

Therefore, let us assume that $M=\langle S,{\precsim }_i^{\alpha },h\rangle$ is such a Kripke model associated to $\mathcal{A}$ and $\alpha \in [0,1]$ and $\varphi \in$ Prop${}^{\mathcal{L}\left(MVer\right)}$. Let us establish an agent $i_0$ and ${\alpha }_0\in \mathcal{A}$ and assume that $M,I\vDash {\left[U\right]}_{i_0}^{{\alpha }_0}\varphi$. Then—for all $I{\precsim }_{i_0}^{{\alpha }_0}$ we have $M,I^{{}^{\prime }}\vDash \varphi$. In particular, $I{\precsim }_{i_0}^{{\alpha }_0}I$—because ${\precsim }_{i_0}^{{\alpha }_0}$ is reflexive, thus $M,I\vDash \varphi$. It exactly means that $M,I\vDash {\left[U\right]}_{i_0}^{{\alpha }_0}\varphi \to \varphi$, i.e., $M,I\vDash T$ for the fixed ${\alpha }_0$ and $i_0$. Since both ${\alpha }_0$ and $i_0$ were chosen arbitrarily, $M,I\vDash T$ for all $\alpha$’s and i’s.    □

In this way, a Kripke frame-based interval semantics was determined for MVer. It will be exploited as a component of the fibred semantics for the hybrid MVHSM.

5. Multi-Valued Simplified Interval Temporal Logic (MVHSM)

Having elaborated the appropriate conceptual apparatus to combine MVer with HSM, we are in a position to introduce the hybrid MVHSM. It will be suitable to grasp not only the gradable verifiability (like MVer), but also temporal relations between intervals of the external nature (like HS) and the internal one (as ITL). One needs to underline that MVHSM constitutes more a reservoir of its possible subsystems than a complete axiomatic formal system. In this sense, its construction preserves the nature of both HS and ITL, which should be viewed in a similar way.

5.1. Syntax of MVHSM

As previously, a usual fusion cannot constitute a construction basis for MVHSM. It follows from the requirements to admit different combinations of MVer-formulae with HSM-formulae. Meanwhile, the nature of Formula (3) from the motivating example delivers a coupe of potentially useful guidelines on how to combine these two systems.

*

modal operators of MVer should be the most external in the combined formulae of MVHSM,

**

modal-temporal operators of HS should be internal with respect to the MVer operators but external with respect to modal-temporal operators of ITL.

To cut a long story short, ITL-operators should be the most internal, MVer-operators should be the most external.

We will define a set of well-formed formulae of MVHSM, say $FO{R}^{MVHSM}$, in a language $\mathcal{L}\left(MVHSM\right)$ being a fusion language, i.e.,

$${\mathcal{L}}^{MVHSM}:={\mathcal{L}}^{MVer}\otimes {\mathcal{L}}^{HSM}.$$

(15)

Before of a variety of temporal and epistemic components in ${\mathcal{L}}^{MVHSM}$—it is reasonable to briefly specify a taxonomy of possible subformulae of $FO{R}^{MVHSM}$. Starting from the less complicated ones, one can indicate the following classes of them:

atomic: 

all atomic formulae of each subsystem: HS, ITL and MVer taken cumulatively,

unimodal: 

all unimodal formulae of HS, of ITL and of MVer taken cumulatively,

bimodal: 

all formulae with two modal operators in different configurations: MVer-modal formulae combined with ITL-modal formulae, MVer-modal formulae combined with HS modal formulae and HS-modal formulae combined with ITL formulae—due to combination principles * and **.

trimodal: 

all formulae with three modal operators of MVer, HS, and ITL combined due to combination principles * and **.

It leads to the following definition of $FO{R}^{MVHSM}$ (Although the unimodal ITL-operators keep(p), halt(p), beg(p), fin(p) are not distinguished in the grammar of SITL explicitly—we treat them as explicit unimodal operators in the definition of $FO{R}^{MVHSM}$ because of their practical importance. In addition, they are definable by unimodal operators $G_{*}$ and $F_{*}$, for $*\in \{T,I\}$.).

Definition 11.

($FO{R}^{MVHSM}$) Let α’s and $G\subset [0,1]$ and let ${\mathcal{L}}^{MVHSM}$ be defined as in (15). Then a set FOR${}^{MVHSM}$ of well-formed formulae of ${\mathcal{L}}^{MVHSM}$ is given by the following grammar based on the following taxonomy of types of formulae:

$$\mathrm{atomic}:=\varphi ,\psi |\neg \varphi |\varphi \wedge \psi |\varphi ;\psi |\mathrm{true}\left|\mathrm{empty}\right|\mathrm{skip}|,$$

$$\begin{array}{c}\hfill \mathrm{unimodal}:={\langle V\rangle }_i^{\alpha }{\varphi |\left[V\right]}_i^{\alpha }\varphi \left|N\left(\varphi \right)\right|X\left(\varphi \right)|F_{*}\left(\varphi \right)|G_{*}\left(\varphi \right)\left|\langle Y\rangle \varphi \right|\left[Y\right]\varphi ,\end{array}$$

$${\mathrm{bimodal}}_{\mathrm{VerITL}}:={\left[V\right]}_i^{\alpha }{X\left(\varphi \right)|\left[V\right]}_i^{\alpha }N\left(\varphi \right)\left|{\langle V\rangle }_i^{\alpha }X\left(\varphi \right)\right|{\langle V\rangle }_i^{\alpha }N\left(\varphi \right),$$

$$\begin{array}{c}\hfill {\left[V\right]}_i^{\alpha }{F}_{*}{\left(\varphi \right)|\left[V\right]}_i^{\alpha }{G}_{*}\left(\varphi \right)\left|{\langle V\rangle }_i^{\alpha }{F}_{*}\left(\varphi \right)\right|{\langle V\rangle }_i^{\alpha }{G}_{*}\left(\varphi \right),\end{array}$$

$$\begin{array}{c}\hfill {\mathrm{bimodal}}_{\mathrm{VerHS}}:={\left[V\right]}_i^{\alpha }\left[Y\right]\left(\varphi \right)\left|{\left[V\right]}_i^{\alpha }\langle Y\rangle \left(\varphi \right)\right|{\langle V\rangle }_i^{\alpha }\left[Y\right]\left(\varphi \right),{\langle V\rangle }_i^{\alpha }\langle Y\rangle \left(\varphi \right),\end{array}$$

$$\begin{array}{c}\hfill {\mathrm{bimodal}}_{\mathrm{HSM}}:\left[Y\right]F_{*}\left(\varphi \right)|\left[Y\right]G_{*}\left(\varphi \right)\left[Y\right]X\left(\varphi \right)\left|\left[Y\right]N\left(\varphi \right)\right|\end{array}$$

$$\begin{array}{c}\hfill \langle Y\rangle F_{*}\left(\varphi \right)|\langle Y\rangle G_{*}\left(\varphi \right)\left|\langle Y\rangle X\left(\varphi \right)\right|\langle Y\rangle N\left(\varphi \right),\end{array}$$

$$\mathrm{trimodal}:{\left[V\right]}_i^{\alpha }\left[Y\right]F_{*}{\left(\varphi \right)|\left[V\right]}_i^{\alpha }\left[Y\right]G_{*}\left(\varphi \right)\left|{\left[V\right]}_i^{\alpha }\left[Y\right]X\left(\varphi \right)\right|{\left[V\right]}_i^{\alpha }\left[Y\right]N\left(\varphi \right)$$

$$\begin{array}{c}\hfill {\langle V\rangle }_i^{\alpha }\langle Y\rangle F_{*}{\left(\varphi \right)|\langle V\rangle }_i^{\alpha }\langle Y\rangle G_{*}\left(\varphi \right)\left|{\langle V\rangle }_i^{\alpha }\langle Y\rangle X\left(\varphi \right)\right|{\langle V\rangle }_i^{\alpha }\langle Y\rangle N\left(\varphi \right),\end{array}$$

where $\varphi ,\psi$ are a propositional variable, $i\in \mathcal{A}$, where $\mathcal{A}$ is a set of agents, $\alpha \in \mathcal{G}$ and $X\in \{fin,beg,keep,halt\}$, $N\left(\varphi \right)$ is ‘next’-operator and $F_{*}\left(\varphi \right)$ and $G_{*}\left(\varphi \right)$ are mutually co-definable temporal operators ‘eventually’ and ‘always’ for $*\in \{I,T,\mathrm{A}\}$. Finally, $Y\in \{A,B,D,E,O,L\}$ is an Allen’s relation.

By analogy, MVHSM is defined as the most minor theory in containing all formulae FOR${}^{MVHSM}$ and closed on Modus Ponens, substitution and the corresponding inference rules for formulae of MVer and HSM.

Example 7.

1. 

The formula ${\langle V\rangle }_i^{\alpha }\left[L\right]$fin(ϕ) belongs to FOR${}^{MVHSM}$ for $\alpha \in [0,1]$, $i\in \mathcal{A}$, but

2. 

${\left[V\right]}_i^{\alpha }N\langle B\rangle \varphi$ does not, for $\alpha \in [0,1]$ and $i\in \mathcal{A}$ because the order $N\langle B\rangle$ is prohibited by the syntax of MVHSM.

5.2. Semantics for Uni-Modal Formulae of MVHSM

Having defined the syntax of MVHSM, we will propose a complex frame of a semantic interpretation of this formal hybrid system. Due to previous establishments—we will make staring from uni-modal formulae of $\mathcal{L}\left(\mathrm{MVHSM}\right)$. Indeed, the semantic interpretation of uni-modal formulae of $\mathcal{L}\left(\mathrm{MVHSM}\right)$ has already been introduced when each of the components of MVHSM was characterized. Therefore, the role of this subsection is to propose a slight generalization of previous analysis concerning semantics for these components. It is especially crucial for SITL in order to elaborate a coherent facon de parler before introducing the so-called fibred semantics for combined formulae of MVHSM.

In order to elaborate this general glance into semantics for uni-modal SITL-formulae, let us return to satisfaction conditions for HS logic. If a Kripke frame $M=\langle S,Y\rangle$, for $Y\in \{A,B,D,E,O,L\}$ being an Allen’s relation, is given and $I\in S$, then

(1) 

$M,I\vDash \langle Y\rangle \varphi$ iff there is such an interval $I^{\prime }$ that ($I^{\prime }YI$ and $M,I^{\prime }\vDash \varphi$) and

(2) 

$M,I\vDash \left[Y\right]\varphi$ iff for all intervals $I^{\prime }$ that ($I^{\prime }YI$ and $M,I^{\prime }\vDash \varphi$).

The corresponding generalized conditions for satisfaction relation for SITL-formulae should be sensitive to the nature of interval relations described by SITL. It is easy to observed that we deal with the same scheme of an initial interval and its subintervals independently of the type of relation. We can also put aside the nature of these intervals (In fact, it is no matter whether they are discrete or continuous. They should only form subintervals of the initial one.). However, we can venture to divide all SITL relations into two classes.

The first class contains explicit ⋄- and □-type operators $G_{*}\left(F_{*}\right)$, for $*\in \{A,T,I\}$. Let us denote them collectively for the use of this section’s analysis by ${\diamond }_{SITL}^{*}$ and ${\square }_{SITL}^{*}$. The second class contains a couple of distinguished relations $\{finish,begin,keep,halt\}$ of an implicitly modal nature (because of conditions (7)–(9)). As observed previously in Section 2, different semantic conditions determine satisfaction for these two classes of SITL modal formulae. This fact finds its reflection in the following generalized satisfaction conditions for SITL-formulae.

Let us assume that a similar Kripke frame $M^{*}=\langle S^{*},X,{\subseteq }_{*}\rangle$, for $X\in \{finish,begin,keep,halt,\}$, and $\mathcal{I}\in S^{*}$, then

1.

$M^{*},\mathcal{I}\vDash \langle X\rangle \varphi$ iff there is such an interval ${\mathcal{I}}^{\prime }$ that (${\mathcal{I}}^{\prime }{\subseteq }_{*}\mathcal{I}$ and ${\mathcal{I}}^{\prime }X\mathcal{I}$ and $M^{*},{\mathcal{I}}^{\prime }\vDash \varphi$ and

2.

$M^{*},\mathcal{I}\vDash \left[X\right]\varphi$ iff for all intervals ${\mathcal{I}}^{\prime }$ that (${\mathcal{I}}^{\prime }{\subseteq }_{*}\mathcal{I}$ and ${\mathcal{I}}^{\prime }X\mathcal{I}$ and $M^{*},{\mathcal{I}}^{\prime }\vDash \varphi$,

where * is either T or I.

Obviously, dependently on the relation, ⊆ is a unique type. For ’halt’—because of its representation in terms of $G_T$ operator—we deal with ${\subseteq }_T$. ‘Finish’ is referred to (1) because fin is defined by $F_T$ operator (see: condition (9)).

Let us assume now that a Kripke frame $M^{*}=\langle S^{*},{\subseteq }_{*}\rangle$, for $*\in \{A,I,T\}$, and $\mathcal{I}\in S^{*}$, then

1.

$M^{*},\mathcal{I}\vDash {\diamond }_{SITL}^{*}\varphi$ iff there is such an interval ${\mathcal{I}}^{\prime }$ that ($I^{\prime }{\subseteq }_{*}\mathcal{I}$ and $M^{*},{\mathcal{I}}^{\prime }\vDash \varphi$ and

2.

$M^{*},\mathcal{I}\vDash {\square }_{SITL}^{*}\varphi$ iff for all intervals ${\mathcal{I}}^{\prime }$ that (${\mathcal{I}}^{\prime }{\subseteq }_{*}\mathcal{I}$ and $M^{*},{\mathcal{I}}^{\prime }\vDash \varphi$,

where $*\in \{A,I,T\}$.

For establishing a corresponding more general Kripke interval model for the fusion MVer⊗HSM (Let us repeat that the fusion does not contain combined formulae.)—it remains to define the appropriate assignment function $h:\mathcal{L}$(MVer⊗ ITL)$\mapsto 2^S$ for each modal operator (of this fusion language). It is convenient to define h inductively as follows.

Definition 12.

(A truth assignment for $\mathcal{L}(MVer\otimes ITL)$) Let $M=\langle S,{\precsim }_i^{\alpha },X,{\subseteq }_{*},Y\rangle$ be a Kripke frame with accessibility relations: ${\subseteq }_{*}$, for $*\in \{A,I,T\}$, ${\precsim }_i^{\alpha }$ defined as earlier, X as a SITL-relation and Y—an Allen’s relation, for $i\in \mathcal{A},\alpha \in [0,1]$. Then the function $h:\mathcal{L}$(MVer⊗ ITL)$\mapsto 2^S$ satisfying the following condition:

1. 

$h\left(\varphi \right)=:\{J\in S:J\vDash \varphi \}$, for ϕ atomic,

2. 

$h\left({\left[U\right]}_i^{\alpha }\varphi \right)=\{J\in S:\forall J_1\left(J{\precsim }_i^{\alpha }{J}_1\right)\to J_1\in h\left(\varphi \right)\}$,

3. 

$h\left(\left[X\right]\left(\varphi \right)\right)=\{\mathcal{I}\in S:\forall {\mathcal{I}}_1(({\mathcal{I}}_1{\subseteq }_{*}\mathcal{I}\wedge {\mathcal{I}}_{1}X\mathcal{I})\to {\mathcal{I}}_1\in h\left(\varphi \right)\}$, for * is either I or T.

4. 

$h\left({\square }_{SITL}^{*}\right)=\{\mathcal{I}\in S:\forall {\mathcal{I}}_1\left({\mathcal{I}}_1{\subseteq }_{*}\mathcal{I}\right)\to {\mathcal{I}}_1\in h\left(\varphi \right)\}$, for $*\in \{A,I,T\}$,

5. 

$h\left(\left[Y\right]\left(\varphi \right)\right)=\{I\in S:\forall I_1(\left(I_{1}YI\right)\to I_1\in h\left(\varphi \right)\}$.

(For the diamond operators, we exchange general quantifiers for the existential ones.) is said to be an assignment for the fusion language $\mathcal{L}(MVer\otimes ITL)$.

It allows us to define Kripke interval models for the fusion language $\mathcal{L}(MVer\otimes ITL)$. For simplicity of further analysis, let us establish a single symbol $X^{*}$ for an arbitrary SITL relation (Moszkowski’s relation) being either X relation ($begin,finish,keep,halt$) or an accessibility relation ${\subseteq }_{*},for*\in \{A,I,T\}$. They will be simply called ’SITL relations’.

Definition 13.

(Kripke interval model for $\mathcal{L}(MVer\otimes ITL)$) A Kripke interval model associated to $\mathcal{A}$ for $\mathcal{L}(MVer\otimes ITL)$ is each structure of the form:

$$M=\langle S,{\precsim }_i^{\alpha },X^{*},Y,h\rangle ,$$

(16)

where, for each $i\in \mathcal{A},\alpha \in [0,1]$:

• $S\ne \varnothing$ is a model universe consisting of finite intervals (Let us note that we do not specify how the intervals are obtained and what is their nature (discrete or continuous). Paradoxically, it allows us to simplify the definition by considering a common model universe S as a reservoir of all integrals, so we decided for such a solution. It may be problematic for fibred models, where combined formulae are interpreted.),
• ${\precsim }_i^{\alpha }$ is defined by (13), $X^{*}$ is a SITL-relation, Y—an Allen’s relation,
• h is a truth assignment function defined as in Definition 12.

Obviously, all the relations ${\precsim }_i^{\alpha }$, relations $X^{*}$’s and Y’s relations of Allen are accessibility relations between intervals. If a Kripke frame, say $\mathcal{F}$, is given, then a Kripke interval model (over $\mathcal{F}$) forms a pair $\langle \mathcal{F},h\rangle$, where h is a truth assignment defined as previously.

Finally, one could also distinguish Kripke interval models for the components $MVer$ and $HSM$ taken separately. Thus, let us assume that ${\mathcal{F}}_1$ and ${\mathcal{F}}_2$ and ${\mathcal{F}}_3$ are Kripke frames for MVer, SITL and HS (resp.), i.e., ${\mathcal{F}}_1=\langle S,{\precsim }_i^{\alpha }\rangle$, for $i\in \mathcal{A}$ and $\alpha$ as previously, ${\mathcal{F}}_2=\langle S,X^{*}\rangle$, where $X^{*}$ is a SITL relation, and ${\mathcal{F}}_3=\langle S,Y\rangle$, where Y is an Allen’s relation. In order to create Kripke models from them, it is enough to establish the corresponding assignments: $h_1{=h|}_{MVer},h_2=h{{|}_{SITL},h_3=h|}_{HS}$ (resp.) — each of them obtained from h assignment restricted to the appropriate sets of formulae. Hence, ${\mathcal{M}}_1=\langle {\mathcal{F}}_1,h_1\rangle$, ${\mathcal{M}}_2=\langle {\mathcal{F}}_2,h_2\rangle$, and ${\mathcal{M}}_3=\langle {\mathcal{F}}_3,h_3\rangle$.

5.3. Fibred Semantics for Combined Formulae of MVHSM

It is easy to see that Kripke interval models, such as ${\mathcal{M}}_1$, ${\mathcal{M}}_2$ or ${\mathcal{M}}_3$ above, are not suitable for combined formulae. In fact, they are adapted to interpret uni-modal formulae of the MVHSM system only. One can expect that a remedy for this difficulty might be the appropriate form of the so-called fibred semantics (The fibred semantics is alternatively called ‘fibring semantics.’)—recently described for a point-wise semantics by D. Gabbay and V. Shehtman in [24]. The founding idea of fibred semantics itself may be informally expressed as follows. If you cannot interpret a combined multi-modal formula $\varphi$ of a given language in a model, say $\mathcal{M}$ (i.e., $\mathcal{M}$ cannot properly ‘recognize’ this formula), then:

• find models, in which $\varphi$ may be interpreted (they can properly recognize this formula) and
• built a connection between these models and the initial model $\mathcal{M}$ and
• accept that if $\varphi$ is satisfied in all these models, it is also satisfied in $\mathcal{M}$ itself.

In this subsection, we shall demonstrate how the mechanism of the fibred semantics works for combined modalities of MVHSM, which cannot single models cannot model. Hence, we intend to propose an extrapolation reconstruction of Gabbay’s fibred semantics for the interval-based semantics. In more formal terms, the main idea of fibred semantics for interval-based semantics will be as follows.   

I. The frame of fibred semantics for interval-based semantics. Let us assume that a modal-language $\mathcal{L}$ (Let us note that we do not impose any restriction on $\mathcal{L}$ to be a multi-modal language.), and let $M_1$ be a Kripke interval model for $\mathcal{L}$ with a universe S. Let also assume that we intend to evaluate a modal-type formula $\square \varphi$ (dually: $\diamond \varphi$) of another modal language, say ${\mathcal{L}}^{*}$. Let us assume that $\square \varphi \notin \mathcal{L}$, i.e., $M_1$ cannot usually interpret $\square \varphi$ as it cannot properly ‘recognize’ it (as the modal formula with □-operator).

In order to make the problem $M_1\vDash \square \varphi$ decidable-we empower the model $M_1$ to be capable of interpreting $\square \varphi$ as follows.

1.

Establish an interval, say $I_1$, from ${\mathcal{M}}_1$’s universe S,

2.

Associate $I_1$ to a new pair $({\mathcal{M}}_2^{I_1},I_2)$, for $I_2\in {\mathcal{M}}_2^{I_1}$ (${\mathcal{M}}_2^{I_1}$ is parametrized by $I_1$).

3.

If it is possible—associate $I_1$ to each such pair $({\mathcal{M}}_i,I_i)$ that $({\mathcal{M}}_i,I_i)\vDash \varphi$, for $i\in \{2,\dots ,k\}$. In other words, for a given interval $I_1$ from a model ${\mathcal{M}}_1$, establish a fibring mapping F: $I_1\to {\bigcup }_{i=2}^k({\mathcal{M}}_i,I_i$), for some natural k.

4.

Establish finally a new (conditional) satisfiability for $\square \varphi$ in ${\mathcal{M}}_1$ as follows:

$$({\mathcal{M}}_1,I_1)\vDash \square \psi \iff \forall i\le k(\mathbf{F}\left(I_1\right)\vDash \square \psi )$$

(17)

for $I_i\in {\mathcal{M}}_i$ as above.

Since F: $I_1\to {\bigcup }_{i=2}^k({\mathcal{M}}_i,I_i$), one can reformulate condition (17) to the following one:

$$({\mathcal{M}}_1,I_1)\vDash \square \psi \iff \forall i\le k({\mathcal{M}}_i^{I_1},I_i\vDash \square \psi )$$

(18)

for $I_i\in {\mathcal{M}}_i$ as previously.

Being equipped with the new formal machinery to interpret combined formulae, we can return to our motivating example, where an agent’s epistemic behavior during its supervision of the loading phase in digital circuits was described by Formula (3).

We intend to interpret the combined multi-modal components of this formula semantically.

The Motivating Example 1.

Let us return to the situation of our agent supervising some fragment of ‘loading phase’ action. It has been established that the statement: “An agent i verifies with a degree α that always later (the situation): ‘initially was H and finally’ status=1” occurred” may be rendered by the combined multi-modal Formula (3):

$${\langle V\rangle }_i^{\alpha }\left[L\right](Init\left(H\right)\wedge \mathrm{fin}(status=1)).$$

(19)

Illustrate how to semantically model the combined multi-modal formula:

$${\langle V\rangle }_i^{\alpha }\left[L\right]\left(\mathrm{fin}(status=1)\right)$$

(For simplicity of explanation, we decide to avoid the second internal atomic subformula $Init\left(H\right)$. Obviously, it does not change the interpretation approach.).

Solution.0.Pre-processing: Let us consider a (slightly more general) formula $\psi ={\langle V\rangle }_i^{\alpha }\left[Y\right]$fin($\varphi )$, where $\left[Y\right]$ is an arbitrary HS-modal operator. Obviously, $\varphi \in \mathcal{L}\left(MVHSM\right)$—due to Definition 11. We should establish the initial modeling situation as coherent with the procedure of the fibred semantics construction now. Thus, let ${\mathcal{M}}_1$ be a model (of a universe S) not capable of recognizing $\varphi$ as a tri-modal formula of $\mathcal{L}\left(MVHSM\right)$. In other words, $M_1$ interprets $\varphi$ not as ${\langle V\rangle }_i^{\alpha }\left[Y\right]$fin($\varphi )$ (with $\varphi$ atomic), but as a unimodal ${\langle V\rangle }_i^{\alpha }p$ (with $p=\left[Y\right]$fin($\psi$ as atomic).

Because of the complexity of $\varphi$ further construction of fibred semantics must be two-stage. In the first stage, we empower $M_1$ to correctly recognize the next external modal HS-operator $\left[Y\right]$. In the second one, we deliver the model a capability to recognize ITL-operator fin. 1. Stage. Due to points (2) of the construction algorithm—we need to establish a fibring mapping F between ${\mathcal{M}}_1$ and a new model ${\mathcal{M}}_2$ (of a universe $S^{*}$) to overcome the incapability of $M_1$ to properly interpret(evaluate) $\left[Y\right]$ fin$\varphi$ as bi-model formula. It allows us to ‘transfer’ the validity checking from ${\mathcal{M}}_1$ to the validity checking within the second one. We do it for the most external HS-operator $\left[Y\right]$ of this subformula (For simplicity of considerations, let us consider a single model $M_2$ only.).

Thus, let us establish an interval $I_1\in S$ and associate $I_1$ to a new pair $({\mathcal{M}}_2^{I_1},I_2)$, for $I_2\in S^{*}$ via the fibring mapping F such that: F$\left(I_1\right)=({\mathcal{M}}_2^{I_1},I_2)$.

Due to point (4) of the construction algorithm—let us establish the (conditional) satisfiability for $\left[Y\right]\psi$ in model ${\mathcal{M}}_1$, for $\psi$-as atomic for this model, as follows:

$$({\mathcal{M}}_1,I_1)\vDash \left[Y\right]\psi \iff ({\mathcal{M}}_2^{I_1},I_2)\vDash \left[Y\right]\psi .$$

(20)

2. Stage. Although ${\mathcal{M}}_2$ can evaluate HS-formulae (${\mathcal{M}}_1$ can already do it, too), it may not recognize $\left[Y\right]$fin$\left(\varphi \right)$ as bi-modal formula. In other words, it may ‘see’ $\left[Y\right]$fin($\varphi$) as a formula of the form $\left[Y\right]q$ only, where q is atomic. Hence, we should repeat the same reasoning for ${\mathcal{M}}_2$ and associate a new class of models, which are in a position to normally evaluate SITL-formulae. For simplicity—as previously—let us consider a single model only, say ${\mathcal{M}}_3$, and establish the following new satisfaction condition in ${\mathcal{M}}_2$ for fin$\left(\varphi \right)$:

$$({\mathcal{M}}_2,F\left(I_1\right))\vDash \mathrm{fin}\left(\mathbf{\psi }\right)\iff ({\mathcal{M}}_3^{F\left(I_1\right)},F\left(\mathbf{F}\left(I_1\right)\right)\vDash \mathrm{fin}\left(\mathbf{\psi }\right).$$

(21)

(Note that F(F$\left(I_1\right))$ is a new interval in ${\mathcal{M}}_3$ associated to $I_2$ via F —as ${\mathbf{I}}_{\mathbf{2}}$ was associated to ${\mathbf{I}}_{\mathbf{1}}$ via F. Thus, we need a doubleF.)

Summing up: the tri-modal formula $\varphi$ may be evaluated in ${\mathcal{M}}_1$ because of supporting models ${\mathcal{M}}_2$ (where HS-subformula is evaluated) and $M_3$ (where SITL-subformula may be evaluated) and their connections with ${\mathcal{M}}_1$ by means of fibred mapping F (Here and in each place later, we will understand the fibring mapping F as a mapping completely determined by conditions (3) and (4) of the fibred semantics construction. Therefore, we do not impose any restrictive limitations on it. However, it is sometimes convenient to adopt the “switching condition” for F: for each $I\in {\mathcal{M}}_1$, it holds F$\left(I\right)\in {\mathcal{M}}_2$ and for each $I\in {\mathcal{M}}_2$: F$\left(I\right)\in {\mathcal{M}}_1$. Finally, if $I_1\ne I_2$, than also F$\left(I_1\right)\ne \mathbf{F}\left(I_2\right)$—due to [24]. Let us note that F must not necessarily be a function.).

Establishing this condition finishes the procedure. In many cases. II. The fibred Kripke models.

Having described a construction frame of interval fibred semantics, we can venture to introduce a detailed definition of fibred Kripke models for MVHSM on a base of the models earlier introduced. All components of this logic system should be considered. Since we want to preserve information about the initial provenance of all components in the new model (about domains, relations, and assignment functions), we venture to exploit an algebraic concept of a simple sum in its definition. Because of the unique role of fibring mappings in the evaluation process, they will be singled out as separate components of the fibred Kripke models.

It leads to the following definition of the fibred Kripke model.

Definition 14.

(fibred Kripke model) Let us assume that ${\mathcal{M}}_1=\langle S_1,X^{*},h_1,\mathbf{F}\rangle$, ${\mathcal{M}}_2=\langle S_2,Y,h_2,\mathbf{F}\rangle$ and ${\mathcal{M}}_3=\langle S_3,{\precsim }_{agent}^{\alpha },h_3,\mathbf{F}\rangle$ are the interval-based Kripke models for HS-componant, SITL-component and MVer-component of MVHSM (resp.). More precisely, let us assume that:

1. 

$S_1=\{I_1,I_2\dots ,I_k\}$, $S_2=\{I_1^{{}^{\prime }}\dots I_l^{{}^{\prime }}\}$, $S_3=\{I_1^{"},\dots I_m^{"}\}$ for some fixed $k,l,m$ (In general, $k\ne l\ne m$, but we can also accept $k=l$ or $l=m$ or even $k=l=m$. Finally, it is also acceptable to take $S_1$, $S_2$ and $S_3$ as denumerable sets of finite sequences (intervals). We decide for their finite cardinalities for clarity of their presentation.).

2. 

$X^{*}$ is a SITL relation, Y is an Allen’s relation and ${\precsim }_i^{\alpha }$ is a similarity relation as defined by (13), for $i\in \mathcal{A},\alpha \in [0,1]$, and

3. 

$h_1$, $h_2$, $h_3$ form assignment functions in ${\mathcal{M}}_1$ and ${\mathcal{M}}_2$ (resp.),

4. 

Fis a fibring mapping.

Then a fibred models $\mathcal{M}$ for MVHSM is the following tuple:

$$\mathcal{M}=\langle S_1\otimes S_2\otimes S_3,X^{*}\otimes Y\otimes {\precsim }_i^{\alpha },h_1\otimes h_2\otimes h_3,\mathbf{F}\rangle ,$$

(22)

where ⊗ denotes a simple sum the appropriate components.

5.4. The Scenario from Motivating Example in the Fibred Kripke Models

Having explored principles of fibred semantics for different components of MVHSM, let us illustrate its mechanism for the tri-modal formula from the motivating example:

$${\langle V\rangle }_i^{\alpha }\left[L\right]\mathrm{fin}(status=1)$$

(23)

It is reasonable to start with Kripke models for uni-modal subformulae of (22) to propose a fibred Kripke model for the whole formula. Model for epistemic MVer-component of the formula. In order to find a model for the epistemic (outer) component for (22)—let us assume that $\mathcal{I}$ and ${\mathcal{I}}^{Holds}$ are two intervals interpreting the verification capability of agenti such that:

• $\mathcal{I}$ is an interval where this capability to verify the situation that ‘$\left[L\right]$fin$(status=1)$’ is expressed and
• ${\mathcal{I}}^{\mathit{Holds}}$ is the interval, in which the situation described by $\left[L\right]$fin$(status=1)$ holds.

Formally: ${\mathcal{I}}^{\mathit{Holds}}\vDash \left[L\right]\mathrm{fin}(status=1)$ (Note that ${\mathcal{M}}_1,{\mathcal{I}}^{\mathit{Holds}}$ may not recognize the formula properly. It illustrates a need to consider a fibring mapping in the hybrid model.). Assume also that ${\precsim }_{agent}$ is an accessibility relation between them, i.e., it holds $\mathcal{I}{\precsim }_i{\mathcal{I}}^{\mathit{Holds}}$. Thus, a model for the epistemic component is given as follows:

$${\mathcal{M}}_1=\langle \{\mathcal{I},{\mathcal{I}}^{\mathit{Holds}}\},{\precsim }_i,h_1\rangle$$

for some valuation $h_1$ for epistemic MVer-formulae. Model for the HS-temporal component. Our task is to find a model for HS-temporal component now. Therefore, let us consider two temporal intervals:

• $I_1$ for representation of “now” (it may be a singleton) and,
• $I_2$ for representation of ”sometimes in a future”.

As previously,

1.

$I_1$ is the interval, where the situation described by $\left[L\right]$fin$(status=1)$ is expressed,

2.

$I_2$ is that interval, in which the simplified situation ’fin$(status=1)$ holds.

Formally: $I_2\vDash$ fin$(status=1)$ (Note that $({\mathcal{M}}_2,I_2)$ may not recognize the ‘fin’ operator, so it forces a need to consider a fibring mapping and a new supporting model, which is already capable of doing it.).Thus—if L represents Allen’s ‘later’-relation—the appropriate model for HS-component of (22) is given by the tuple:

$${\mathcal{M}}_2=\langle \{\mathrm{now},\mathrm{sometimes}\mathrm{in}\mathrm{a}\mathrm{future}\},L,h_2\rangle$$

for some assignment $h_2$ for HS-formulae. Model for the SITL-temporal component. In the similar way, we are in a position to find a model for SITL-temporal component. Because the situation described by ‘fin$(status=1)$’ we need the following pair of intervals:

• J, where ‘fin$(status=1)$ is expressed and
• $J^{*}$ as a final subinterval of J, where ‘status = 1’ holds

The appropriate model for SITL-component of (22) is the tuple:

$${\mathcal{M}}_3=\langle \{J,J^{*}\},finish,h_3\rangle$$

for some assignment $h_3$ for SITL-formulae.

The previous constructions of the fibred model components lead to the depiction of whole fibred model for the Formula (19) as the following tuple:

$$\mathcal{M}=〈S,R^{*},h,\mathbf{F}〉,$$

(24)

where:

• $S=\{\mathcal{I},{\mathcal{I}}^{Holds}\}\otimes \{I_1,I_2\}\otimes \{J,J^{*}\}$,
• $R^{*}={\left\{{\precsim }_i\right\}}^{\alpha }\otimes \left\{L\right\}\otimes \left\{finish\right\}$,
• $h=h_1\otimes h_2\otimes h_3$
• F is a fibring mapping (By default, F connects ${\mathcal{M}}_1$ with ${\mathcal{M}}_2$, and ${\mathcal{M}}_2$ with ${\mathcal{M}}_3$.).

In this way, the Formula (19) describing a piece of agent reasoning about digital circuits found is a semantic reflection in fibred Kripke semantics for the MVHSM system.

6. In a Broader Context of the Model Checking Problem

Although the logical approach to reasoning about digital circuits has a prototype character, it seems reasonable to locate it from a broader perspective.

6.1. The Paper Ideas and Research on Digital Circuits

It has been already said that ITL from [4] found its application in a formal representation of different digital circuits of the arithmetic and combinational type, such as adders (see: [4], pp. 55–64) or multipliers (see: [4], pp. 86–88). The formal apparatus of ITL may also be exploited for the use of formal representing the data handling combinational circuits, such as Multiplexer (see: [4], pp. 86–88) and many others. Obviously, the ITL formulae describing the behavior and properties of these computational circuits—as unique formulae of (an appropriate description-logic based extension of MVHSM)—may be interpreted in the Kripke interval models just proposed. It is noteworthy that the unary specific predicate $LoadPhase\left(\right)$—exploited in our motivating example—supports a formal representation of the behavior of other types of data-handling computational circuits, such as Implementation (close related to Multiplier)—due to definition ($LoadPhase\left(H\right)$ is defined as previously in the paper body, and $MultiPhase\left(H\right)$ is defined in the following way.

$$\begin{array}{c}\hfill MultiPhase\left(H\right){=}^{def}Ld=0\wedge {\left(SingleCycle\left(H\right)\right)}^2\wedge beg(status=1)]\\ \hfill \to \left[L\right]\left[fin\right(Status=1\left)\right].\end{array}$$

Due to—[4], p. 109—a behaviour of ’MultiPhase’ may be explained as follows. When the load signal is inactive at 0 ($Ld\approx 0$) and the device has Status=1 (is steady), the circuit can be clocked to perform a single iteration. The algorithm’s predicate runs over two clock cycles. Afterwards, the device is always again steady with Status equaling 1 ([4] p. 109)):

$$\begin{array}{c}\hfill Implementation\left(H\right){=}^{def}ImpStructure\left(H\right)\wedge {\square }_A(LoadPhase\left(H\right)\\ \hfill \wedge MultiPhase\left(H\right)).\end{array}$$

Its behaviour should be understood as follows. The device’s fields are shown by lmpStructure. The predicate LoadPhase specifics device operation for initially loading the inputs. Once this is achieved, the predicate MultiPhase indicates how to perform the individual multiplication steps (see: [4], p. 107.) Obviously, one can also imagine the situation of much more complicated formulae of (an appropriate extension of MVHSM) to be capable of rendering the constitutive behavioral properties of many other digital circuits. The fibred semantics-just elaborated—delivers us a general frame for their semantic interpretation.

A natural question arises: how to refer the ideas to the newest types of digital circuits. They are usually represented by a broad spectrum of processors, microprocessors, or sophisticated flip-flop-based registers and designed due to limitations and deeply explored capabilities of VHDL specification. They form a far enhancement of the classical and basic digital circuits as adders, counters, or single flip-flops. (See: [37].) It seems that its sophisticated nature might elude the formalization efforts, such as in terms of MVHSM and its appropriate extensions. Meanwhile, a deeper look at the development tendencies in research on digital circuits delivers a piece of optimism in this matter. Indeed, they include such research trends as estimating and reducing resource usage, producing faster circuits, improving processor performance, etc. It seems that these deeply engineering problems and issues do not essentially impose any new restrictions on our formalization attempt concerning the initial Moszkowski’s ones from [4,5] for (at least two reasons). First, they have another semantic field, and they require another non-logic-based methodology to be solved. Secondly, our approach suggests how to move from formal modeling of basic circuits (such as single flip-flops) to modeling their multi-collections (such as processors). We need a mapping-based connection between our transition systems (of Kripke models for verification of circuit’s properties), which preserve the appropriate portion of information moving between the transition systems. Obviously, the small outline of the fibred semantics should be complemented by purely engineering requirements (f.e. imposed on the fibred mappings) to aspire to be a realistic fibred transition system (as a model) for some of the more advanced circuits. Indeed, the transitions system seems to be even more convenient in this role than interval Kripke models. It follows from the fact that they better grasp the internal dynamism of the devices. In addition, they seem to be a convenient semantic ‘mediator’ between a purely logical system of temporal logic such as $LTL,CTL$, $\mu$-calculus, ITL, HS, MVHSM, etc., and the purely declarative description languages such as HDS or VHDL.

Nevertheless, one needs to underline that no of these formal languages (even some extensions of MVHSM) can aspire to exchange the specification languages. Indeed, they play slightly another role. The main predestination of the specification languages is a synthesis-based creation of electronic systems. Meanwhile, temporal logic systems—due [4,7,16,17,18,38]—should be rather suitable (in the context of digital circuits analysis) for a formal description of different (external or internal) properties of them (such as liveness, lack of deadlock, the appropriate action sequencing). Models of these systems—even if they form transition systems and try to model digital circuits themselves—introduce a piece of an idealization and are more suitable for being well-founded in a mathematical sense. Thanks to this, they potentially form a convenient bridgehead for incorporating a piece of model checking machinery. It seems that some reference to these models (such as fibred models for MVHSM) is necessary if we intend to formally verify some properties of the modern digital circuits (such as processors) even if they have better ‘operative’ and algorithm-based depiction in terms of VHDL/Python interpreter. Some illustration how the model-checking machinery may be incorporated into the pipelined processor model—expressed in DLX assembly code—may be found in [23].

6.2. A Potential Benefit: Combined Model Checking

Indeed, this model-theoretic perspective of our (deceptively pure) logical approach is the model checking-oriented. Namely, in a conceptual frame of our combined logic-based approach, the model checking machinery for digital circuit’s behaviour and description may be integrated with model checking for pieces of reasoning about them. Even though our combined Formula (22) forms a simplified case of many other combined formulae for a description of many realistic scenarios of reasoning about digital circuits, its fibred semantics-based modeling illustrates some new possibilities of formal verification for many other similarly combined formulae. It seems to constitute a piece of novelty of the paper in the model checking immersed in electronics-based application contexts—even if the digital circuit properties’s and behaviour’s description—f.e. against the bounded model checking for microprocessors as in [23]—does not form a leading tendency in model checking speculations for electronics-determined application contexts.

Meanwhile, the general scheme of the model-checking procedures for MVHSM (and its potential extensions) may be given by the following algorithm.

The core of the algorithm is VERIFY function, which returns Boolean (true or false) for a given Kripke model (transition system), an interval and a given formula $\varphi$ of MVHSM. For combined formulae, VERIFY also depends on fibring function F. It enables of verifying these formulae, which cannot be evaluated in initial models. This algorithm ellucidates at least tow benefits from incorporating the interval fibred semantics to model checking for properties of digital circuits. First, we can integrate a machinery of model checking for properties of digital circuits themselves with model checking for (formally depicted) pieces of reasoning about them (lines 22–25 of Algorithm 1). It draws some new perspectives—also in the area of automated model checking. Secondly, fibred semantics makes the whole model checking for MVHSM formulae decidable as it ensures the required connections between models. Meanwhile, the number of the procedure steps is finite (there is always a finite number of intervals to check, a set G of $\alpha$’s is also finite).

Algorithm 1:Model checking for MVHSM.

1: procedureVERIFY($M,I,\varphi ,\mathbf{F}$) 2:     if $\varphi =\neg {\varphi }^{{}^{\prime }}$then return ¬ VERIFY($\mathbf{M},\mathbf{I},\mathbf{\varphi },\mathbf{F}$) 3:     end if 4:     if $\mathbf{\varphi }={\mathbf{\varphi }}_{\mathbf{1}}\wedge {\mathbf{\varphi }}_{\mathbf{2}}$ then return 5:         VERIFY($\mathbf{M},\mathbf{I},{\mathbf{\varphi }}^{{}^{\prime }},\mathbf{F})\wedge$ VERIFY($\mathbf{M},\mathbf{I},{\mathbf{\varphi }}_{\mathbf{2}},\mathbf{F}$) 6:     end if 7:     if $\mathbf{\varphi }=\left[\mathbf{Y}\right]{\mathbf{\varphi }}^{{}^{\prime }}$, where $\mathbf{Y}$ is Allen then 8:         $\mathbf{for}\mathbf{all}\mathbf{J}$  s.t.  $\mathbf{I}\mathbf{Y}\mathbf{J}$ do; 9:         if VERIFY($\mathbf{M},\mathbf{J},{\mathbf{\varphi }}^{{}^{\prime }}$, F) then true 10:         end if 11:     end if 12:     if $\mathbf{\varphi }={\left[\mathbf{U}\right]}_{\mathbf{i}}^{\mathbf{\alpha }}{\mathbf{\varphi }}^{{}^{\prime }}$, for $\mathbf{i}\in \mathcal{A},\mathbf{\alpha }\in \left[\mathbf{G}\right]$ then 13:         $\mathbf{for}\mathbf{all}\mathbf{J}$  s.t.  $\mathbf{I}{⪯}_{\mathbf{i}}^{\mathbf{\alpha }}\mathbf{J}$ do; 14:         if VERIFY($\mathbf{M},\mathbf{J},{\mathbf{\varphi }}^{{}^{\prime }}$, F) then true 15:         end if 16:     end if 17:     if $\mathbf{\varphi }={\square }_{\mathbf{SITL}}^{*}{\mathbf{\varphi }}^{{}^{\prime }}$, for $*\in \{\mathbf{A},\mathbf{T},\mathbf{I}\}$ then 18:         $\mathbf{for}\mathbf{all}\mathbf{J}$  s.t.  $\mathbf{I}{\subseteq }_{*}\mathbf{J}$ do; 19:         if VERIFY($\mathbf{M},\mathbf{J},{\mathbf{\varphi }}^{{}^{\prime }}$, F) then true 20:         end if 21:     end if 22:     if $\mathbf{\varphi }={\left[\mathbf{U}\right]}_{\mathbf{i}}^{\mathbf{\alpha }}\left[\mathbf{Y}\right]{\square }_{\mathbf{SITL}}^{*}{\mathbf{\varphi }}^{{}^{\prime }}$, for $*\in \{\mathbf{A},\mathbf{T},\mathbf{I}\}$ then 23:         $\mathbf{for}\mathbf{all}{\mathbf{J}}^{***}$  s.t.  ${\mathbf{J}}^{**}{\mathbf{X}}_{*}{\mathbf{J}}^{***}$, for all such ${\mathbf{J}}^{**}$ that ${\mathbf{J}}^{*}\mathbf{Y}{\mathbf{J}}^{**}$, for all such $\mathbf{J}$ that 24:         $\mathbf{J}{⪯}_{\mathbf{i}}^{\mathbf{\alpha }}{\mathbf{J}}^{*}$ do; 25:         if VERIFY(${\mathbf{F}}^{\mathbf{3}}(\mathbf{M},\mathbf{J}),{\mathbf{J}}^{***},{\mathbf{\varphi }}^{{}^{\prime }}$, F) then true 26:         end if 27:     end if 28: end procedure

7. The Results between Other Concepts

The paper analysis stems from research on interval temporal logic-both its theoretic and application-based aspects. The chronologically first and complex formalization approach to interval temporal logic found its reflection in Interval Temporal Logic of B. Moszkowski from [4,5] as a synthetic depiction of previous and context-dependent attempts from [1,2,3]. In this sense, Moszkowski’s system plays a role similar to the so-called Linear Temporal Logic—as a tense logic initially adopted to the area of computer science by A. Pnueli [16]. In this paper, a simplified version of propositional ITL is considered and forms a basis for further synergy construction of the hybrid MVHSM.

The second temporal pillar of the MVHSM system’s construction, i.e., Halpern–Shoham Logic, was invented by J. Halpern and Y. Shoham in [7] as a modal-temporal system for the description of Allen’s relations between intervals. This system and a variety of its subsystems have been deeply explored in many works, such as [8,9,10,11]). It was made mainly from a perspective of theoretical problems of their satisfiability and model checking complexity. Although the author of the paper shares with the authors of these works the same general philosophy of thinking about HS logic as about a reservoir of the formal system instead of a concrete axiom system, these works did not significantly influence the paper analysis because of their purely metalogical orientation. In addition, a piece of a conceptual tissue of HS depiction was also borrowed from these works.

By contrast, an idea of an epistemic extension of HS from [22] and ideas of Fagin’s behavioral semantics from [21] found its reflection in the construction of MVHSM and semantics for its epistemic component MVer for gradable verifiability. Different pre-Gettier’s and Gettier’s philosophical debates around a concept of knowledge and justification from [28,29,30] delivered a conceptual foundation and added a philosophical gravity to the formalization attempt of gradable verifiability logic MVer. The erudite Smullyan’s position ([39]) explained the author’s profound connections between Löb’s provability conditions for PA arithmetic and epistemic logic.

This paper analysis may be viewed as a continuation of ideas from [40], where the first epistemic simplified ITL of Moszkowski for justification was introduced, and from [27], where a deontic Halpern–Shoham logic was proposed. These two systems were interpreted in Gabbay’s style fibred semantics—initially elaborated in a point-wise variant in [24]. Against common tendencies to built an algebraic semantics for multi-valued and fuzzy systems—as shown in [35]—a relational semantics-based approach dominates in all these hybrid systems.

Finally, one needs to underline that the solution to combined fuzziness (or multi-valency) with temporal relations indirectly (via the appropriate multi-valued system) seems to be somehow orthogonal to a current tendency to combine fuzzified temporal relations as made in [41,42,43,44].

8. Conclusions

In this paper, a unique Multi-Valued Simplified Halpern–Shoham–Moszkowski Logic for Gradable Verifiability has been introduced both syntactically and semantically. In particular, a fibred semantics has been proposed for combined formulae for this system. The analysis has been exemplified by some situations of an agent’s reasoning about processes in digital circuits. It was made in some coherence with the initial motivation of Moszkowski from his ‘Reasoning about digital circuits.’ However, a formal representation of the epistemic excerpt of the agent’s situation was put forward for a cost of some simplification of the original ITL of Moszkowski and by some generalization of its interval semantics. It found its reflection in the form of the proposed fibred semantics. Meanwhile, it is reasonable to expect the development of fibred semantics to use another possible (alethic, deontic, or dynamic) extension of Interval Temporal Logic and Knowledge Representation. Perhaps, fibred semantics may be enriched by some epistemic capabilities of agents—considered in behavioral semantics of Fagin. Last but not least, a general conceptual frame of a combined model checking machinery was put forward for both formal properties of digital circuits and fragments of reasoning about them. It seems to be reasonable to develop the machinery of combined model checking to be adaptable to VHDL-based specifications of the newer types of digital circuits.

It seems that further research may be developed not only from a logical and metalogical point of view (in the perspective of problems of complexity, satisfiability, or model checking). Indeed, a quick and still increasing development of different checkers and interpreters (such as Tempura, C-Tempura and Anatempura for running verification of systems using ITL gives a chance to support the purely theoretic researches.