(original) (raw)

%!PS-Adobe-2.0 %%Creator: dvips(k) 5.95a Copyright 2005 Radical Eye Software %%Title: journal.dvi %%Pages: 30 %%PageOrder: Ascend %%BoundingBox: 0 0 612 792 %%DocumentFonts: Helvetica Times-Bold Times-Roman Times-Italic %%+ Helvetica-Bold Times-BoldItalic Courier XYATIP10 XYBTIP10 XYCIRC10 %%+ XYDASH10 %%DocumentPaperSizes: Letter %%EndComments %DVIPSWebPage: (www.radicaleye.com) %DVIPSCommandLine: dvips -z -R -K1 journal.dvi -o %DVIPSParameters: dpi=600, compressed, comments removed %DVIPSSource: TeX output 2009.05.29:0120 %%BeginProcSet: texc.pro 0 0 /TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72 mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{ landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[ matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{ statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0] N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin /FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array /BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2 array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get }B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub} B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr 1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3 1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx 0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{ rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B /chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{ /cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{ A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse} ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17 {2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{ 1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop} forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put }if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{ bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{ SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{ userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X 1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4 index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N /p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{ /Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT) (LaserWriter 16/600)]{A length product length le{A length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot} imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M} B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{ p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end %%EndProcSet %%BeginProcSet: 8r.enc 0 0 % File 8r.enc TeX Base 1 Encoding Revision 2.0 2002-10-30 % % @@psencodingfile@{ % author = "S. Rahtz, P. MacKay, Alan Jeffrey, B. Horn, K. Berry, % W. Schmidt, P. Lehman", % version = "2.0", % date = "30 October 2002", % filename = "8r.enc", % email = "tex-fonts@@tug.org", % docstring = "This is the encoding vector for Type1 and TrueType % fonts to be used with TeX. This file is part of the % PSNFSS bundle, version 9" % @} % % The idea is to have all the characters normally included in Type 1 fonts % available for typesetting. This is effectively the characters in Adobe % Standard encoding, ISO Latin 1, Windows ANSI including the euro symbol, % MacRoman, and some extra characters from Lucida. % % Character code assignments were made as follows: % % (1) the Windows ANSI characters are almost all in their Windows ANSI % positions, because some Windows users cannot easily reencode the % fonts, and it makes no difference on other systems. The only Windows % ANSI characters not available are those that make no sense for % typesetting -- rubout (127 decimal), nobreakspace (160), softhyphen % (173). quotesingle and grave are moved just because it's such an % irritation not having them in TeX positions. % % (2) Remaining characters are assigned arbitrarily to the lower part % of the range, avoiding 0, 10 and 13 in case we meet dumb software. % % (3) Y&Y Lucida Bright includes some extra text characters; in the % hopes that other PostScript fonts, perhaps created for public % consumption, will include them, they are included starting at 0x12. % These are /dotlessj /ff /ffi /ffl. % % (4) hyphen appears twice for compatibility with both ASCII and Windows. % % (5) /Euro was assigned to 128, as in Windows ANSI % % (6) Missing characters from MacRoman encoding incorporated as follows: % % PostScript MacRoman TeXBase1 % -------------- -------------- -------------- % /notequal 173 0x16 % /infinity 176 0x17 % /lessequal 178 0x18 % /greaterequal 179 0x19 % /partialdiff 182 0x1A % /summation 183 0x1B % /product 184 0x1C % /pi 185 0x1D % /integral 186 0x81 % /Omega 189 0x8D % /radical 195 0x8E % /approxequal 197 0x8F % /Delta 198 0x9D % /lozenge 215 0x9E % /TeXBase1Encoding [ % 0x00 /.notdef /dotaccent /fi /fl /fraction /hungarumlaut /Lslash /lslash /ogonek /ring /.notdef /breve /minus /.notdef /Zcaron /zcaron % 0x10 /caron /dotlessi /dotlessj /ff /ffi /ffl /notequal /infinity /lessequal /greaterequal /partialdiff /summation /product /pi /grave /quotesingle % 0x20 /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash % 0x30 /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question % 0x40 /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O % 0x50 /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore % 0x60 /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o % 0x70 /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef % 0x80 /Euro /integral /quotesinglbase /florin /quotedblbase /ellipsis /dagger /daggerdbl /circumflex /perthousand /Scaron /guilsinglleft /OE /Omega /radical /approxequal % 0x90 /.notdef /.notdef /.notdef /quotedblleft /quotedblright /bullet /endash /emdash /tilde /trademark /scaron /guilsinglright /oe /Delta /lozenge /Ydieresis % 0xA0 /.notdef /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron % 0xD0 /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown % 0xC0 /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis % 0xD0 /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls % 0xE0 /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis % 0xF0 /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis ] def %%EndProcSet %%BeginProcSet: texps.pro 0 0 TeXDict begin/rf{findfont dup length 1 add dict begin{1 index/FID ne 2 index/UniqueID ne and{def}{pop pop}ifelse}forall[1 index 0 6 -1 roll exec 0 exch 5 -1 roll VResolution Resolution div mul neg 0 0]FontType 0 ne{/Metrics exch def dict begin Encoding{exch dup type/integertype ne{ pop pop 1 sub dup 0 le{pop}{[}ifelse}{FontMatrix 0 get div Metrics 0 get div def}ifelse}forall Metrics/Metrics currentdict end def}{{1 index type /nametype eq{exit}if exch pop}loop}ifelse[2 index currentdict end definefont 3 -1 roll makefont/setfont cvx]cvx def}def/ObliqueSlant{dup sin S cos div neg}B/SlantFont{4 index mul add}def/ExtendFont{3 -1 roll mul exch}def/ReEncodeFont{CharStrings rcheck{/Encoding false def dup[ exch{dup CharStrings exch known not{pop/.notdef/Encoding true def}if} forall Encoding{]exch pop}{cleartomark}ifelse}if/Encoding exch def}def end %%EndProcSet %%BeginProcSet: special.pro 0 0 TeXDict begin/SDict 200 dict N SDict begin/@SpecialDefaults{/hs 612 N /vs 792 N/ho 0 N/vo 0 N/hsc 1 N/vsc 1 N/ang 0 N/CLIP 0 N/rwiSeen false N /rhiSeen false N/letter{}N/note{}N/a4{}N/legal{}N}B/@scaleunit 100 N /@hscale{@scaleunit div/hsc X}B/@vscale{@scaleunit div/vsc X}B/@hsize{ /hs X/CLIP 1 N}B/@vsize{/vs X/CLIP 1 N}B/@clip{/CLIP 2 N}B/@hoffset{/ho X}B/@voffset{/vo X}B/@angle{/ang X}B/@rwi{10 div/rwi X/rwiSeen true N}B /@rhi{10 div/rhi X/rhiSeen true N}B/@llx{/llx X}B/@lly{/lly X}B/@urx{ /urx X}B/@ury{/ury X}B/magscale true def end/@MacSetUp{userdict/md known {userdict/md get type/dicttype eq{userdict begin md length 10 add md maxlength ge{/md md dup length 20 add dict copy def}if end md begin /letter{}N/note{}N/legal{}N/od{txpose 1 0 mtx defaultmatrix dtransform S atan/pa X newpath clippath mark{transform{itransform moveto}}{transform{ itransform lineto}}{6 -2 roll transform 6 -2 roll transform 6 -2 roll transform{itransform 6 2 roll itransform 6 2 roll itransform 6 2 roll curveto}}{{closepath}}pathforall newpath counttomark array astore/gc xdf pop ct 39 0 put 10 fz 0 fs 2 F/|______Courier fnt invertflag{PaintBlack} if}N/txpose{pxs pys scale ppr aload pop por{noflips{pop S neg S TR pop 1 -1 scale}if xflip yflip and{pop S neg S TR 180 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip not and{pop S neg S TR pop 180 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if yflip xflip not and{ppr 1 get neg ppr 0 get neg TR}if}{ noflips{TR pop pop 270 rotate 1 -1 scale}if xflip yflip and{TR pop pop 90 rotate 1 -1 scale ppr 3 get ppr 1 get neg sub neg ppr 2 get ppr 0 get neg sub neg TR}if xflip yflip not and{TR pop pop 90 rotate ppr 3 get ppr 1 get neg sub neg 0 TR}if yflip xflip not and{TR pop pop 270 rotate ppr 2 get ppr 0 get neg sub neg 0 S TR}if}ifelse scaleby96{ppr aload pop 4 -1 roll add 2 div 3 1 roll add 2 div 2 copy TR .96 dup scale neg S neg S TR}if}N/cp{pop pop showpage pm restore}N end}if}if}N/normalscale{ Resolution 72 div VResolution 72 div neg scale magscale{DVImag dup scale }if 0 setgray}N/psfts{S 65781.76 div N}N/startTexFig{/psf$SavedState save N userdict maxlength dict begin/magscale true def normalscale currentpoint TR/psf$ury psfts/psf$urx psfts/psf$lly psfts/psf$llx psfts /psf$y psfts/psf$x psfts currentpoint/psf$cy X/psf$cx X/psf$sx psf$x psf$urx psf$llx sub div N/psf$sy psf$y psf$ury psf$lly sub div N psf$sx psf$sy scale psf$cx psf$sx div psf$llx sub psf$cy psf$sy div psf$ury sub TR/showpage{}N/erasepage{}N/setpagedevice{pop}N/copypage{}N/p 3 def @MacSetUp}N/doclip{psf$llx psf$lly psf$urx psf$ury currentpoint 6 2 roll newpath 4 copy 4 2 roll moveto 6 -1 roll S lineto S lineto S lineto closepath clip newpath moveto}N/endTexFig{end psf$SavedState restore}N /@beginspecial{SDict begin/SpecialSave save N gsave normalscale currentpoint TR @SpecialDefaults count/ocount X/dcount countdictstack N} N/@setspecial{CLIP 1 eq{newpath 0 0 moveto hs 0 rlineto 0 vs rlineto hs neg 0 rlineto closepath clip}if ho vo TR hsc vsc scale ang rotate rwiSeen{rwi urx llx sub div rhiSeen{rhi ury lly sub div}{dup}ifelse scale llx neg lly neg TR}{rhiSeen{rhi ury lly sub div dup scale llx neg lly neg TR}if}ifelse CLIP 2 eq{newpath llx lly moveto urx lly lineto urx ury lineto llx ury lineto closepath clip}if/showpage{}N/erasepage{}N /setpagedevice{pop}N/copypage{}N newpath}N/@endspecial{count ocount sub{ pop}repeat countdictstack dcount sub{end}repeat grestore SpecialSave restore end}N/@defspecial{SDict begin}N/@fedspecial{end}B/li{lineto}B /rl{rlineto}B/rc{rcurveto}B/np{/SaveX currentpoint/SaveY X N 1 setlinecap newpath}N/st{stroke SaveX SaveY moveto}N/fil{fill SaveX SaveY moveto}N/ellipse{/endangle X/startangle X/yrad X/xrad X/savematrix matrix currentmatrix N TR xrad yrad scale 0 0 1 startangle endangle arc savematrix setmatrix}N end %%EndProcSet %%BeginProcSet: hps.pro 0 0 /HPSdict 20 dict dup begin/braindeaddistill 50 def/rfch{dup length 1 sub 1 exch getinterval}bind def/splituri{dup(#)search{exch pop}{()exch} ifelse dup(file:)anchorsearch{pop exch pop 3 -1 roll pop false}{pop 3 -1 roll exch pop true}ifelse}bind def/lookuptarget{exch rfch dup /TargetAnchors where{pop TargetAnchors dup 3 -1 roll known{exch get true }{pop(target unknown:)print == false}ifelse}{pop pop (target dictionary unknown\012)print false}ifelse}bind def/savecount 0 def/stackstopped{count counttomark sub/savecount exch store stopped count savecount sub 1 sub dup 0 gt{{exch pop}repeat}{pop}ifelse}bind def /tempstring 256 string def/targetvalidate{1 index dup length 255 gt exch dup(/)search{pop pop pop exch pop true exch}{pop}ifelse cvn tempstring cvs token pop pop length 0 ne or not}bind def/targetdump-hook where{pop} {/targetdump-hook{dup mark exch gsave initmat setmatrix{{mark/Dest 4 2 roll targetvalidate{aload pop exch pop/Page 3 1 roll/View exch[exch /FitH exch]/DEST pdfmark}{cleartomark}ifelse}forall}stackstopped pop grestore}bind def}ifelse/baseurl{mark exch 1 dict dup 3 -1 roll/Base exch put/URI exch/DOCVIEW{pdfmark}stackstopped pop}bind def /externalhack systemdict/PDF known def/oldstyle true def/initmat matrix currentmatrix def/actiondict 2 dict dup/Subtype/URI put def /weblinkhandler{dup 3 1 roll mark 4 1 roll/Title 4 1 roll splituri 3 -1 roll dup length 0 gt{cvn/Dest exch 4 2 roll}{pop}ifelse{externalhack{ /HTTPFile exch}{actiondict dup 3 -1 roll/URI exch put/Action exch} ifelse}{externalhack{/HTTPFile exch}{/File exch/Action/GoToR}ifelse} ifelse counttomark 2 sub -1 roll aload pop/Rect 4 1 roll/Border 3 1 roll /Color exch oldstyle{/LNK}{/Subtype/Link/ANN}ifelse gsave initmat setmatrix{pdfmark}stackstopped grestore}bind def/externalhandler where{ pop}{/externalhandler{2 copy{weblinkhandler}exec{/externalhack externalhack not store 2 copy{weblinkhandler}exec{/externalhack externalhack not store/oldstyle false store 2 copy{weblinkhandler}exec{ (WARNING: external refs disabled\012)print/externalhandler{pop pop}bind store externalhandler}{pop pop}ifelse}{pop pop/externalhack externalhack not store}ifelse}{pop pop/externalhandler{weblinkhandler pop}bind store} ifelse}bind def}ifelse/pdfmnew{dup type/stringtype eq{externalhandler}{ exch dup rfch exch 3 -1 roll lookuptarget{mark 4 1 roll/Title 4 1 roll aload pop exch pop/Page 3 1 roll/View exch[exch/FitH exch]5 -1 roll aload pop/Rect 4 1 roll/Border 3 1 roll/Color exch/LNK gsave initmat setmatrix pdfmark grestore}{pop pop}ifelse}ifelse}bind def/pdfmold{dup type/stringtype eq{externalhandler}{exch dup rfch exch 3 -1 roll lookuptarget{mark 4 1 roll/Title 4 1 roll aload pop exch pop/Page 3 1 roll/View exch[exch/FitH exch]5 -1 roll aload pop pop 0 3 getinterval /Rect 3 1 roll/Border exch/LNK gsave initmat setmatrix pdfmark grestore} {pop pop}ifelse}ifelse}bind def/pdfm where{pop}{/pdfm /currentdistillerparams where{pop currentdistillerparams dup /CoreDistVersion known{/CoreDistVersion get}{0}ifelse dup braindeaddistill le{(WARNING: switching to old pdfm because version =) print ==/pdfmold}{pop/pdfmnew}ifelse load}{/pdfmark where{pop{dup type /stringtype eq{externalhandler}{2 copy mark 3 1 roll{pdfmnew} stackstopped{2 copy mark 3 1 roll{pdfmold}stackstopped{ (WARNING: pdfm disabled\012)print/pdfm{pop pop}store}{ (WARNING: new pdfm failed, switching to old pdfm\012)print/pdfm/pdfmold load store}ifelse}{/pdfm/pdfmnew load store}ifelse pop pop}ifelse}}{{ pop pop}}ifelse}ifelse bind def}ifelse end def %%EndProcSet TeXDict begin @defspecial /DvipsToPDF{72.27 mul Resolution div} def/PDFToDvips{72.27 div Resolution mul} def/BPToDvips{72 div Resolution mul}def/BorderArrayPatch{[exch{dup dup type/integertype eq exch type/realtype eq or{BPToDvips}if}forall]}def/HyperBorder {1 PDFToDvips} def/H.V {pdf@hoff pdf@voff null} def/H.B {/Rect[pdf@llx pdf@lly pdf@urx pdf@ury]} def/H.S {currentpoint HyperBorder add /pdf@lly exch def dup DvipsToPDF 72 add /pdf@hoff exch def HyperBorder sub /pdf@llx exch def} def/H.L {2 sub dup/HyperBasePt exch def PDFToDvips /HyperBaseDvips exch def currentpoint HyperBaseDvips sub /pdf@ury exch def/pdf@urx exch def} def/H.A {H.L currentpoint exch pop vsize 72 sub exch DvipsToPDF HyperBasePt sub sub /pdf@voff exch def} def/H.R {currentpoint HyperBorder sub /pdf@ury exch def HyperBorder add /pdf@urx exch def currentpoint exch pop vsize 72 sub exch DvipsToPDF sub /pdf@voff exch def} def systemdict /pdfmark known{userdict /?pdfmark systemdict /exec get put}{userdict /?pdfmark systemdict /pop get put userdict /pdfmark systemdict /cleartomark get put}ifelse @fedspecial end %%BeginFont: XYDASH10 %!PS-AdobeFont-1.1: XYDASH10 001.104 %%CreationDate: 1997 Jul 20 21:19:18 %%RevisionDate: 1997 Aug 28 05:34:12 %%RevisionDate: 1997 Sep 18 10:23:31 % % XYDASH10: line segments for Xy-pic at 10 point % % Original Metafont design Copyright (C) 1991-1997 Kristoffer H. Rose. % PostScript adaptation Copyright (C) 1994-1997 Ross Moore. % Hinting and ATM compatibility Copyright (C) 1997 Y&Y, Inc. % % This file is part of the Xy-pic macro package. % Xy-pic Copyright (c) 1991-1997 Kristoffer H. Rose krisrose@brics.dk % % The Xy-pic macro package is free software; you can redistribute it % and/or modify it under the terms of the GNU General Public License % as published by the Free Software Foundation; either version 2 % of the License, or (at your option) any later version. % % The Xy-pic macro package is distributed in the hope that it will % be useful, but WITHOUT ANY WARRANTY; without even the implied % warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. % See the GNU General Public License for more details. % % You should have received a copy of the GNU General Public License % along with this macro package; if not, write to the % Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 11 dict begin /FontInfo 9 dict dup begin /version (001.104) readonly def /Notice (Copyright (C) 1996, 1997 Ross Moore and Y&Y, Inc.) readonly def /FullName (XYDASH10) readonly def /FamilyName (XYDASH) readonly def /Weight (Medium) readonly def /ItalicAngle 0 def /isFixedPitch false def /UnderlinePosition -300 def /UnderlineThickness 150 def end readonly def /FontName /XYDASH10 def /PaintType 0 def /FontType 1 def /FontMatrix [0.001 0 0 0.001 0 0] readonly def /Encoding 256 array 0 1 255 {1 index exch /.notdef put} for dup 75 /d75 put dup 115 /d115 put readonly def /FontBBox{-40 -520 503 520}readonly def currentdict end currentfile eexec D9D66F633B846A97B686A97E45A3D0AA052F09F9C8ADE9D907C058B87E9B6964 7D53359E51216774A4EAA1E2B58EC3176BD1184A633B951372B4198D4E8C5EF4 A213ACB58AA0A658908035BF2ED8531779838A960DFE2B27EA49C37156989C85 E21B3ABF72E39A89232CD9F4237FC80C9E64E8425AA3BEF7DED60B122A529226 454434A66FB600391E72DBCB27066ACC4F037CF32BDBE1D3FEDB2F47ED471216 614265A890F90F735C48E50F819CB3328DEF7288798EC4F2C110FC584615DA50 CB3270F8E3CFDCF89F6D8F4A766AE1BE4D71002FDE064A5DB86C717534590905 8FB00A60B579BEB0FBC24E561A610384F50BA13268295F448B37D49AE5E5897F FD7C4D05E340C9755AAB4B78EA191EB05FB2034AEB8CD021AB4B51CD01485AD2 8AA14D2B090A404B50F59937CFC161701277096CCD53099455F93A77100130DB A0B39A41D94D3F74E74346A26CB6EDD5F02B6729626573DCD63FF968811D58D1 CE45190B7FA7048F1367FF403A4CF44C1480C0E7BCFCA19619DD9A374FA2475D BB2A58D516495D45DBD6A54A9B4ADC34B278AAF73F01B3E9D7455C43E9B3FB7A AA3381CCFAA9D3F4E3B7AEAF882963AC861E51A3B452D40F03B5E592EC2EF0DC E7A1254D7EB78D1EBD1D409AF44B404E38592D1553CD733CDAD08B49B70B2A11 A371A3994E296C03AB25BE2E449A6E1D313B5F345C3BEF75AE9D099FFB43E6B1 91EF1F1FE223BBA42230DCFF7E85B1A33528FE191AFE53F889992A0C3ED9BA8B C777541201141183BAF645C336C01F37701A461DCD34DFEB41B909DB0E603F07 0730D8E62D9C931C372B31D1A810B12386ECE812FED18F006FAD29D28EA30D94 D5164361F11238EADD1CF8CC21BFCA167D9D03AC61818DCDDD6A2AD7306C420F 53B8DEB01E309F3F6DD0451836FFA20A22DCAD65D0026672F7EAE8C1DEB4FC3B 1023B53F919693D926C30EE0E764D5F0718E1E6FF21E3D07317475204EE14229 4797741D9FB42E00309D711168F30AEDF1347642EEAE3A866E02AA0FFCEBAB5F CF2E296516DC0EB376C103C25E630745B7AF73F237D960C8FBD13C4B67A1FB70 83FEED2DC347CE9A7B336E065831265D5A127802D3DA146D784A575E6CF21728 950FEDB9C47B2E142F73196F34D42690EC17234766C72D8B3A54294DA64AF358 D9C1DC6B857DCDD7341FA6DDFCA0108B54B96F6FF9602A2DFF751AEB5F1239D1 6D67A90F2757DE7A5AB42B53EA00D6F9CB1A8F134952469FBA21A16792DACD10 2550982B5DEA63A938E0C790F244860213AA06A9D8FBAF674F254B96971DE8CD 4785DBCD244F356DF8274A05D4C3BEEDA75F72EF72909B2570BCC05E2D148DC0 FDA8E0F6A0BC31534483DA6DBF6B86023EE8043CA00340389BB8CF2638C1A118 2AAEB55C581E14C33A13B28A7D171D9A011A5FEC947F9E461D29A405267D8952 C06579A24A51BEAEAD19A6D83E24BEEB4F57DB4406 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 cleartomark %%EndFont %%BeginFont: XYCIRC10 %!PS-AdobeFont-1.1: XYCIRC10 001.104 %%CreationDate: 1997 Jul 20 21:33:32 %%RevisionDate: 1997 Aug 28 06:54:22 %%RevisionDate: 1997 Sep 18 09:00:57 % % XYCIRC10: eighth circle segments for Xy-pic at 10 point % % Original Metafont design Copyright (C) 1991-1997 Kristoffer H. Rose. % PostScript adaptation Copyright (C) 1994-1997 Ross Moore. % Hinting and ATM compatibility Copyright (C) 1997 Y&Y, Inc. % % This file is part of the Xy-pic macro package. % Xy-pic Copyright (c) 1991-1997 Kristoffer H. Rose krisrose@brics.dk % % The Xy-pic macro package is free software; you can redistribute it % and/or modify it under the terms of the GNU General Public License % as published by the Free Software Foundation; either version 2 % of the License, or (at your option) any later version. % % The Xy-pic macro package is distributed in the hope that it will % be useful, but WITHOUT ANY WARRANTY; without even the implied % warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. % See the GNU General Public License for more details. % % You should have received a copy of the GNU General Public License % along with this macro package; if not, write to the % Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 11 dict begin /FontInfo 9 dict dup begin /version (001.104) readonly def /Notice (Copyright (C) 1996, 1997 Ross Moore and Y&Y, Inc.) readonly def /FullName (XYCIRC10) readonly def /FamilyName (XYCIRC) readonly def /Weight (Medium) readonly def /ItalicAngle 0 def /isFixedPitch false def /UnderlinePosition -1800 def /UnderlineThickness 900 def end readonly def /FontName /XYCIRC10 def /PaintType 0 def /FontType 1 def /FontMatrix [0.002 0 0 0.002 0 0] readonly def /Encoding 256 array 0 1 255 {1 index exch /.notdef put} for dup 64 /d64 put dup 65 /d65 put dup 66 /d66 put dup 67 /d67 put dup 68 /d68 put dup 69 /d69 put dup 70 /d70 put dup 71 /d71 put readonly def /FontBBox{-11 -1610 1143 1610}readonly def currentdict end currentfile eexec D9D66F633B846A97B686A97E45A3D0AA052F09F9C8ADE9D907C058B87E9B6964 7D53359E51216774A4EAA1E2B58EC3176BD1184A633B951372B4198D4E8C5EF4 A213ACB58AA0A658908035BF2ED8531779838A960DFE2B27EA49C37156989C85 E21B3ABF72E39A89232CD9F4237FC80C9E64E8425AA3BEF7DED60B122A529226 454434A66FB600391E72DBCB27066ACC4F037CF32BDBE1D3FEDB2F47ED471216 614265A890F90F735C48E50F819CB3328DEF7288798EC4F2C110FC584615DA50 CB3270F8E3CFDCF89F6D8F4A766AE1BE4D71002FDE064A5DB86C717534590905 8FB00A60B579BEB0FBC24E561A610384F50BA13268295F448B37D49AE5E5897F FD7C4D05E340C9755AAB4B78EA191EB05FB2034AEB8CD021AB4B51CD01485AD2 8AA14D2B090A404B50F59937CFC161701277096CCD53099455F93A7710063852 352AF92F334C5C193D88A6B0E880DECB3A1697355435900212AD3E43F69E63BD DC514516B467E97CFB522F957F47A43A2628546BE8EF063C422CD3472F1C7E64 30CF8A3E60D90C46407351A2AC7478CD93D5D011D18CA8BE1C13FDC215159509 4C797E67AE32E5539951B31EA47B7905DC47DD675A6E063292406D336F12413B 81712252F7C846CE856ECC8B340556B31EEE74DE617EEADF962642BE832E88BA FE9467E7D4BC6CCE482EF2CA556E54E1367127414B139B187B252460B088CC2C A9CB8149C0F3D5BF1CBB240BFFF5C8A4CAC835A9398E7E60E6FDA1CED7AE3E03 48B99E7D4DE533E3CF0AEBD0A2AC3882B46AC29ECD03B11361D12BC50AC05D7F 665952CC4DF5CB6DD2FDFF508ADD661CFBB31A5807A2451B9ED249ABE28871B4 9AAF2BE963A21B47A2E48396D81CE7436BDDA88E25C03D370D6CBE3F3111EEA2 A342957E78995ACC7817D7D09ED923234FD2A50165D6FE43CBE9B718BEE74292 DA91B1040BE8F9B55299BF613F11DA4268F182541278129119D2C113FCF5FA68 1F1BF5739DE0D3AD1B5F7B310E41B650D4163FBAA321ABCC15AEB41F9DE1C716 3F621A7BF6AB2CB8FDEC153E94BC5971FC097A9E9ED0F4854B2CB85B3D8B64DD 97A57B2645C8C4C164C64F9E0EDDEBAEE67CD9D495FECCE703A54AC708ACB8E6 4B0C586DB30762138605571912765DD80279BDF422BCCBB864C2C83240BA6303 DAFB7D037757D750BEC8EAA0FD7B4479FA3AD43B204EDD48268858CD48D3B4C8 AFF377373110D3323EE2218481F940CEFBB891357A896D3B38EE624D4861593D 24B0D39670CED4304AD1EB878C33A77C5E0A25565921F747EC9963930130B996 0140A3B09CF02089B4BAE2341473BEEBEB2653203B73B5BF8570893ECBA7A13A 88CDC4B226528AFDD627FC66B80E25D22B78E95896D5012F67E85E3F3D4E8B20 E4F4BBF4249E30C9D0BDE0296B46601FCCEF11BFE5666856592682BC5610111E 3947413B8A2DFBB45B66847AF1E3DA62FA4339ABF06D5EAA5580CFFEC0635708 263688EF2626A29384127BFAF4BDF5FB8D26B057D4DD09193F01D7B80001165A D7C87C5351694A6F5623E8C0534086A0678E4DE5DC4F70AD2D79632F0EBFBB41 8B9FBF23BF0AE2DB345866A76A062AEF70B20AAD684200E2EDE63BB90EC105A1 9822F0E9DB68ACD62E801AFB5F178F7AC9C054A152852AA71BAA72A7C2CEB840 FBA617747B425A9807F293EEBF6DD54AFBA25FA716170EC50CDE7BD9D8FE5CCA D975F2E8C6CB97C33AA5C953B805FE415931104ACFC094BB65A8D073D4201C80 3859A791DBC47FBADDFBC93ADF5DA773882F88C22EA911B29550C15C53E2F27A 7C31483CA714B815BA835A7EC96161007FB599D53EA8756054709A9DD3E5E67A FF19610363E80C134D553CE9E4E27089000D0094806D720287AA3AC701F05B4F 6123BA3A2B652B9A38E8E97FD5B47B8463E1FDB90B2AAFF9FA7C75DA14635313 E7A9B18826952905DCC33DD36980EF799C1B6F7737697518B9B3AB511E2893EE 323452913857B6B23BFA55C630E34FCD1FFF5CD26B030D4D20585356E8121707 AAFD7FD279BE440D66CEDF10B18014E9D25DEEA66C65EB88EED3F13294CE5777 ADDB47F0FEF734701DC4744B1406410E6AE81C8B43139EB1B04EDDCFA86E8CFA 269AFCE54595378226D02B2225513D48F336A74C135A64B8706A236D25D5A8BE 7F01E580D0BC501F90252A94A1DC815E8F1030BC4B0BAB2C9C7EC13DF7B98632 E923087B5CF5D486489524A3D2F0F15A95B359B238C85F5E8D5C110248362A90 814508D2296D8F11A63F59046560EBB660AD570F8A3A1B090338 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 cleartomark %%EndFont %%BeginFont: XYBTIP10 %!PS-AdobeFont-1.1: XYBTIP10 001.104 %%CreationDate: 1997 Jul 20 21:19:18 %%RevisionDate: 1997 Sep 14 19:58:47 % % XYBTIP10: lower arrow tips for Xy-pic at 10 point "technical style". % % Original Metafont design Copyright (C) 1991-1997 Kristoffer H. Rose. % PostScript adaptation Copyright (C) 1994-1997 Ross Moore. % Hinting and ATM compatibility Copyright (C) 1997 Y&Y, Inc. % % This file is part of the Xy-pic macro package. % Xy-pic Copyright (c) 1991-1997 Kristoffer H. Rose krisrose@brics.dk % % The Xy-pic macro package is free software; you can redistribute it % and/or modify it under the terms of the GNU General Public License % as published by the Free Software Foundation; either version 2 % of the License, or (at your option) any later version. % % The Xy-pic macro package is distributed in the hope that it will % be useful, but WITHOUT ANY WARRANTY; without even the implied % warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. % See the GNU General Public License for more details. % % You should have received a copy of the GNU General Public License % along with this macro package; if not, write to the % Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 11 dict begin /FontInfo 9 dict dup begin /version (001.104) readonly def /Notice (Copyright (C) 1996, 1997 Ross Moore and Y&Y, Inc.) readonly def /FullName (XYBTIP10) readonly def /FamilyName (XYBTIP) readonly def /Weight (Medium) readonly def /ItalicAngle 0 def /isFixedPitch false def /UnderlinePosition -276 def /UnderlineThickness 138 def end readonly def /FontName /XYBTIP10 def /PaintType 0 def /FontType 1 def /FontMatrix [0.001 0 0 0.001 0 0] readonly def /Encoding 256 array 0 1 255 {1 index exch /.notdef put} for dup 37 /d37 put dup 47 /d47 put dup 105 /d105 put dup 111 /d111 put dup 121 /d121 put dup 123 /d123 put readonly def /FontBBox{-542 -542 542 542}readonly def currentdict end currentfile eexec D9D66F633B846A97B686A97E45A3D0AA0529731C99A784CCBE85B4993B2EEBDE 3B12D472B7CF54651EF21185116A69AB1096ED4BAD2F646635E019B6417CC77B 532F85D811C70D1429A19A5307EF63EB5C5E02C89FC6C20F6D9D89E7D91FE470 B72BEFDA23F5DF76BE05AF4CE93137A219ED8A04A9D7D6FDF37E6B7FCDE0D90B 986423E5960A5D9FBB4C956556E8DF90CBFAEC476FA36FD9A5C8175C9AF513FE D919C2DDD26BDC0D99398B9F409B932A74D078F654BDC704DE35B7CC455A4DC3 FED12AD5A138F12D1F36AB94792D7CBBABAB576094BB3DACD5249F299F6A44E5 D55493440B9008DAD1724D1025FF4C1B847BE604D73EB4978213D57EEAD8A8D1 5A86CA35DD6601510434BA8FFED4C13D902896B29BB9785C3082D736BA9823D5 7E64CA23FEA7F44B2124E5F67CEC97E9DE58B6FA5B980B36AE286B081C98D7BD 9879B11A89E194E2DC14674A18FDD0A8E717A0A56E3FC56D5D6D655F4A9249DB 156F3F9E90103C2B60AC987D0264913C3968879B4C420AD75F215263391DA687 FF58D5E85224C89D255EE2D1CE35F12658D97B5447970E044DECC9770B3E1D15 08A427888A7583890516C231E025873CB1971633D6A13245461D4F18E3169505 5D4C5AEFEDE1C6F5F1CE254FB5302704D8ED60058E645FF630B23D25D6C70C44 330963D29CA7058CCD18114B4EF9C9AB72AD444484D7CBCD2EE82742C558B477 0182F1B77892DF07F2189550DFD355042347E288EE60AAC93A4A8F364DCD7582 63569E845E521F361A8E0AE4CDB4A73DE296E8D0D99CBC0E2407F01C465D6201 5492CBC3309FF112E164B5182ACD1BCC7616E1577A23FA086C7191A986041E13 967F12567DA35A9F58F59C298C9D8BB023B1AC9F705CA45B31A132C3BD2BF793 71B1A4373E71606C132C05A88474875C3E3E963660814FC12497D7A39ABAD71E 6F08A07F236B72277178119C9011DBE677E6F550F9392455C07518C027D23C5C 1344CE300AAF4404A774D4A1F7768E8EEB045857C99020FB4524C1E566C2A564 7B6BB9865BE6A1D2189A4C8891A3081076444F56B847C02DD6D3BB3C1BC7154D 3F0F96EE5C773C7FAA686E5F1BA7CD05F05185D82B5B2FD028E8F5E69DD4C013 E1CB458570B1857986A9F632E816F6AA00CEB21DADEE88045EDC9AF7FCC6D144 C8408C12DBFAE6FD7641E705CC16A78B9DA90994C17A6E89714923715701F87A D92A14419B12DAEE838199E300B2EC1331611F3055E3F40B56E1AB7D238B2355 49CED9E82E22E3001A74035A63491A967D68A835CE1DAD03934EEE45470096A4 667D147943D291FF6349FFEC87B24344797720BD948E7F03E027E96A13DF5DB8 DEDA9B12743949B4397211672866A7F790D2F50E8164FA2983E0E717D2EA3413 12D47DD014F5B76258C79784BCCAE6B85A4E6BBDE0D81D03A08B0EB587DA6B21 AF214747533F0A93932CE5390B69E99318739068BBF232B973C164A750B2C75F 2081B29F4B64641B51D42588F7C41FE4FC1F17A4C2C2623EB5D67E8FC156518B 70527BBCEED279622E9E4F986242185960FA7FABED4181380C18859A8DED2A29 C60FC9260839E1DB0365CCCAFBC601977CCD438AE9EAA67AB1F8D01273580D6F 1D5C232E0A4FE4FAC2927EB5594B9ACB92E63D40AF3BE999CBA997CF2ADE4E0C AB7FA2541ABE553CFAA96E3339E6FBCBEEAE9866E99AC44A9489A5E5521C9000 57A57BEE18E3186C1EB0DC9410CA30A4707129E814F63F98E287AAE02E10069A 7C9A16630E5ECD484E1BD75D6B9D16DFE9C003BEC6F551B57EB3653C10075A91 E30489EA07F8833E7562AD9A9FE84F00CA066B5F427FD795382D119006CAEA3A 393662FEF4CBFC901070145646ACF5A56679CA96D3DB72DC45B05FC73C86013A 46D64D73E5C91C49CEEE6977F440E3BCE1888635828D6ACADF12548CAB0EE703 2932CC602DFB89A3862D8FC0DD8A9B39F3C1BF620E0A68DD9084C3396CECA753 233490D212BF369714B7D584A6688F50CA1F5C8D8DE891E7ECC45F5D221F8114 CF3FB06E4F14F0B6AAFC77DCAA209C785EB317B6D212B5015319087600DF0641 A82B40A22027AFEDDDA47BBA399C0806855A09 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 cleartomark %%EndFont %%BeginFont: XYATIP10 %!PS-AdobeFont-1.1: XYATIP10 001.104 %%CreationDate: 1997 Jul 20 21:19:17 %%RevisionDate: 1997 Sep 14 19:58:47 % % XYATIP10: upper arrow tips for Xy-pic at 10 point "technical style". % % Original Metafont design Copyright (C) 1991-1997 Kristoffer H. Rose. % PostScript adaptation Copyright (C) 1994-1997 Ross Moore. % Hinting and ATM compatibility Copyright (C) 1997 Y&Y, Inc. % % This file is part of the Xy-pic macro package. % Xy-pic Copyright (c) 1991-1997 Kristoffer H. Rose krisrose@brics.dk % % The Xy-pic macro package is free software; you can redistribute it % and/or modify it under the terms of the GNU General Public License % as published by the Free Software Foundation; either version 2 % of the License, or (at your option) any later version. % % The Xy-pic macro package is distributed in the hope that it will % be useful, but WITHOUT ANY WARRANTY; without even the implied % warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. % See the GNU General Public License for more details. % % You should have received a copy of the GNU General Public License % along with this macro package; if not, write to the % Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 11 dict begin /FontInfo 9 dict dup begin /version (001.104) readonly def /Notice (Copyright (C) 1996, 1997 Ross Moore and Y&Y, Inc.) readonly def /FullName (XYATIP10) readonly def /FamilyName (XYATIP) readonly def /Weight (Medium) readonly def /ItalicAngle 0 def /isFixedPitch false def /UnderlinePosition -276 def /UnderlineThickness 138 def end readonly def /FontName /XYATIP10 def /PaintType 0 def /FontType 1 def /FontMatrix [0.001 0 0 0.001 0 0] readonly def /Encoding 256 array 0 1 255 {1 index exch /.notdef put} for dup 37 /d37 put dup 47 /d47 put dup 105 /d105 put dup 111 /d111 put dup 121 /d121 put dup 123 /d123 put readonly def /FontBBox{-542 -542 542 542}readonly def currentdict end currentfile eexec D9D66F633B846A97B686A97E45A3D0AA0529731C99A784CCBE85B4993B2EEBDE 3B12D472B7CF54651EF21185116A69AB1096ED4BAD2F646635E019B6417CC77B 532F85D811C70D1429A19A5307EF63EB5C5E02C89FC6C20F6D9D89E7D91FE470 B72BEFDA23F5DF76BE05AF4CE93137A219ED8A04A9D7D6FDF37E6B7FCDE0D90B 986423E5960A5D9FBB4C956556E8DF90CBFAEC476FA36FD9A5C8175C9AF513FE D919C2DDD26BDC0D99398B9F409B932A74D078F654BDC704DE35B7CC455A4DC3 FED12AD5A138F12D1F36AB94792D7CBBABAB576094BB3DACD5249F299F6A44E5 D55493440B9008DAD1724D1025FF4C1B847BE604D73EB4978213D57EEAD8A8D1 5A86CA35DD6601510434BA8FFED4C13D902896B29BB9785C3082D736BA9823D5 7E64CA23FEA7F44B2124E5F67CEC97E9DE58B6FA5B980B36AE286B081C98D7BD 9879B11A89E194E2DC14674A18FDD0A8E717A0A56E3FC56D5D6D655F4A9249DB 156E71D55EC88A3532CAF855B82F85C3FE0C25A537A2341021AA624B24285243 57E0798D7E161B1C6A1E32284BA3B1236B5DA8B4FE1D35D1AC64134E2B952218 C5836BAEF2006F9DB675F519EDE9E4E20A825B8EF4636BDF1EF1BB5190CA66B0 ED8EA86545CD3632AA51A0C38C7F92B5E2538B6AC6EF9F0BD8E9C8BBE5EDB6B5 0736FC8D8A23288D93BBF0F7B3805B44B1B50985086DDF1A3CB7DEA6DBDC7ECA CCD106F227EDEAF63D6C4CA37A6C3B32A2F582D2B33B366DD1C792DF5DCA71EA 92BEFEE11AB37472A18AAB07603E1B5658C76374281BF234D7D745458CCADABA 52685316908C9754A1FEC267FE4CF913253A16A8AC5D43E907F8DB74802C834D 861B250DC3AC668CCAA5ECD8E58D2AF9499A5B822304FA2BEBA54D325363ED21 814D5132E07D93D23D68F7366459D13762BD680FF9F4CD0F8361837F4FF9CE08 477704DF03F1C879247FA5A3FFBAFD383F35D1033E400FA06EB43DE3BE149728 E98DC609E89DC430440ACA19DF6660529E603C1F436D50169264DD4C1D4E9D41 AE15255B1BAB0E740925D2EADFB8DD9F53A8F26043DD853A15638A8B3ED0EF4F EB37C28E65251184F52502BBA5B0985C414B55690EC59317A708D13539C7EBA5 7D8CE5CE8657C26D5F2D6C7AD4CDB8E4440731F5CE357BEED2487CA89717CB14 C650893965AA3DB9ECAE62892119CA5C74D3E4DC6288FF5A4CB1A65A33D56654 C59F16A32DD28BD9226612BCBDB6E2832603D0D5915178146D182AD9B806C8C5 7C06B19BCF24BF3C9E01A0A1F1ACC3F61CB1302ED29216743B8FDA69F8169C35 398F4EFC4E4C10471C149BA27D161E06FB0AA2E4CDD76522EB9D228234672371 0D0BA81F63587FCB0A930F97561110D46F8FE627D8BA673F299198644A47A4EF E114F24CB487369035C1AD6FE17121F8518C1E5723CE6827B48702615F5F38A2 DD58ADD1B45F143846F19F7071898BD3AF7801293B4B15AFB1AC81B3B32AB89C AE3D55942CC95418D1540CA83062BC7AFBBD651DE4581D6D7FE26DDB50098C5B 2415F6D7DC45451B29E22AD92D8E217E2A2A55E632F2498A3A6E55B5B6A7D699 AA1BF813606D325DC01932270157B01DB0CFDE3A92B85FD57295BEEF22D2ED09 E37C792357043559682B6AEE8AC334CB61EABC0F3C77D96B0628C42A2A22A11C 0B0D961FF8E282583920418221B319B5C456CB9173B28FF971507C07523DC954 9B4EF47E92B84542990DD41A70BE7A06586F0E3F087C4BFE270C5577C1A43430 798BFC8B0BBD2DE12064816FB64869C066072C15273ECC0A777B43E82E342769 90D6DB41B915FFE7B4382F5C6CA0B92CEFD686D0C798E3DC38021181F8BCEAFA 8A506B7A27360E61B924ED95DB25976645F39E7AE5C7CCEADFE4077ACAEC75F8 1CF9BA347E3085BF5043415B9E5B62400E055F904A1C34039BD2194EE93DC585 53CFF635DD6BCBB2D843DEA5F7FC3E405E5ADAC98B2B2DBEE8102D43C404280E 46D81EEAC16DCA49D88575C23D46279EF784D79C20656901B6D84EEA76FE15D6 D22541E76B7499AAED3DD6B852544DABA12DDE448D2A8EFD56D65BA372AFB573 7B7713D836874886B19336140FD76DDC16 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 cleartomark %%EndFont TeXDict begin 40258431 52099146 1000 600 600 (journal.dvi) @start /Fa 134[30 2[30 1[30 30 30 1[30 30 30 30 30 2[30 30 30 1[30 30 30 30 30 38[30 7[30 1[30 30 30 30 45[{ TeXBase1Encoding ReEncodeFont}24 49.8132 /Courier rf %DVIPSBitmapFont: Fb cmr7 7 2 /Fb 2 51 df<13381378EA01F8121F12FE12E01200B3AB487EB512F8A215267BA521>49 D<13FF000313E0380E03F0381800F848137C48137E00787F12FC6CEB1F80A4127CC7FC15 005C143E147E147C5C495A495A5C495A010EC7FC5B5B903870018013E0EA018039030003 0012065A001FB5FC5A485BB5FCA219267DA521>I E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fc cmr10 10 9 /Fc 9 94 df6 D<146014E0EB01C0EB0380EB0700130E131E5B5BA25B485AA2485AA212075B120F90C7FC A25A121EA2123EA35AA65AB2127CA67EA3121EA2121F7EA27F12077F1203A26C7EA26C7E 1378A27F7F130E7FEB0380EB01C0EB00E01460135278BD20>40 D<12C07E12707E7E7E12 0F6C7E6C7EA26C7E6C7EA21378A2137C133C133E131EA2131F7FA21480A3EB07C0A6EB03 E0B2EB07C0A6EB0F80A31400A25B131EA2133E133C137C1378A25BA2485A485AA2485A48 C7FC120E5A5A5A5A5A13527CBD20>I<15301578B3A6007FB812F8B912FCA26C17F8C800 78C8FCB3A6153036367BAF41>43 D49 D<121C127FEAFF80A5EA7F00121CC7FCB2121C127F EAFF80A5EA7F00121C092479A317>58 D<007FB812F8B912FCA26C17F8CCFCAE007FB812 F8B912FCA26C17F836167B9F41>61 D91 D93 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fd cmsy10 10 9 /Fd 9 107 df<181EA4181F84A285180785727EA2727E727E85197E85F11F80F10FC0F1 07F0007FBA12FCBCFCA26C19FCCCEA07F0F10FC0F11F80F13F00197E61614E5A4E5AA24E 5A61180F96C7FCA260181EA4482C7BAA53>33 D<91381FFFFE91B6FC1303010F14FED91F F0C7FCEB7F8001FEC8FCEA01F8485A485A485A5B48C9FCA2123EA25AA2127812F8A25AA2 B712FE16FFA216FE00F0C9FCA27EA21278127CA27EA27EA26C7E7F6C7E6C7E6C7EEA00FE EB7F80EB1FF06DB512FE010314FF1300021F13FE283279AD37>50 D54 D<0060161800F0163CB3B26C167CA2007C16 F8A26CED01F0003F15036C6CEC07E06C6CEC0FC0D807F0EC3F80D803FE903801FF003A00 FFC00FFC6DB55A011F14E0010391C7FC9038007FF82E347CB137>91 D<14034A7E4A7EA24A7EA34A7EA2EC7CF8A2ECF87CA2ECF03C0101133EA249487EA24948 6C7EA249486C7EA2EC00034980A2013E6D7EA2496D7EA20178147801F8147CA2484880A2 484880A24848EC0F80A2491407000F16C0A248C8EA03E0A2003EED01F0A2003C1500007C 16F8A248167CA248163C006016182E347CB137>94 D<126012F0B3A8B712FE16FFA216FE 00F0C9FCB3A81260283A7BB933>96 D102 D<12FCEAFFC0EA07F0EA01FCEA007E7F80131F80130FB3A7801307806D7E6D7EEB007EEC 1FF0EC07F8EC1FF0EC7E00495A495A495A5C130F5CB3A7131F5C133F91C7FC137E485AEA 07F0EAFFC000FCC8FC1D537ABD2A>I<126012F0B3B3B3B3A91260045377BD17>106 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fe cmmi10 10 23 /Fe 23 119 df31 D<160C161C1618A316381630A316701660A316E05EA315015EA301F80103130FD803FE91 38001F80D8070F153F000E018015C0001C5C001814060038161F0030160FD8701F010E13 070060140C1703D8E03F168000C0EB001C491318EA007E180001FE13384913305F000116 064913700360130E5F000316184901E013384B133017705F0201495AD801F849485A4CC7 FC160E2600FC035B017EEB0078013FEB01E090390FE30F80902603FFFEC8FC9038003FF0 0206C9FCA2140E140CA3141C1418A314381430A314701460324B7EB936>I39 D<121C127FEAFF80A213C0A3127F121C1200A412011380A2120313005A1206120E5A 5A5A12600A19798817>59 D<0103B77E4916F018FC903B0007F80003FE4BEB00FFF07F80 020FED3FC0181F4B15E0A2141FA25DA2143F19C04B143F1980027F157F190092C812FE4D 5A4A4A5AEF0FF04AEC1FC005FFC7FC49B612FC5F02FCC7B4FCEF3FC00103ED0FE0717E5C 717E1307844A1401A2130F17035CA2131F4D5A5C4D5A133F4D5A4A4A5A4D5A017F4BC7FC 4C5A91C7EA07FC49EC3FF0B812C094C8FC16F83B397DB83F>66 D<9339FF8001C0030F13 E0037F9038F80380913A01FF807E07913A07F8000F0FDA1FE0EB079FDA3F80903803BF00 02FFC76CB4FCD901FC80495A4948157E495A495A4948153E017F163C49C9FC5B12014848 16385B1207485A1830121F4993C7FCA2485AA3127F5BA312FF90CCFCA41703A25F1706A2 6C160E170C171C5F6C7E5F001F5E6D4A5A6C6C4A5A16076C6C020EC8FC6C6C143C6C6C5C 6CB4495A90393FE00FC0010FB5C9FC010313FC9038007FC03A3D7CBA3B>I<0103B812E0 5BA290260007F8C7123F4B140FF003C0140F18015DA2141FA25D1980143FA25D1760027F 14E095C7FC92C75AA24A1301A24A495A16070101141F91B6FC94C8FCA2903903FC001F82 4A130EA21307A24A130CA2010F141CA24A90C9FCA2131FA25CA2133FA25CA2137FA291CB FC497EB612C0A33B397DB835>70 D<0107B512FCA216F890390007F8005DA2140FA25DA2 141FA25DA2143FA25DA2147FA292C7FCA25CA25CA21301A25CA21303A25CA21307A25CA2 130FA25CA2131FA25CA2133FA25CA2137FA291C8FC497EB6FCA326397DB824>73 D<0103B7FC4916E018F8903B0007F80007FC4BEB00FE187F020FED3F80F01FC05DA2021F 16E0A25DA2143FF03FC05DA2027FED7F80A292C8130018FE4A4A5A604AEC07F04D5A0101 ED3FC04CB4C7FC91B612FC17E0D903FCCAFCA25CA21307A25CA2130FA25CA2131FA25CA2 133FA25CA2137FA291CBFC497EB6FCA33B397DB835>80 D<92391FE00380DBFFFC130002 036D5A91390FE01F8F91393F0007DF027EEB01FE02F81300495A4948147E177C4948143C 495AA2011F153891C8FCA3491530A28094C7FC80806D7E14FEECFFE06D13FE6DEBFFC06D 14F06D806D80021F7F02037FEC003F03037F1500167F163F161FA3120C160FA2001C151F 94C7FCA3003C153EA25E003E5D127E007F4A5A6D495A6DEB0FC0D8F9F0495AD8F0FE01FE C8FC39E03FFFF8010F13E0D8C00190C9FC313D7CBA33>83 D<0003B812FEA25A903AF800 3FC00101C0913880007E4848163C90C7007F141C121E001C92C7FCA2485CA200305C0070 17180060130112E0485CA21403C716005DA21407A25DA2140FA25DA2141FA25DA2143FA2 5DA2147FA292C9FCA25CA25CA21301A25CA21303A25CEB0FFC003FB6FC5AA237397EB831 >I99 D<163FED1FFFA3ED007F167EA216FEA216FCA21501A216F8A21503A216F0A21507 A2027E13E0903803FF8790380FC1CF90381F00EF017EEB7FC049133F485A4848131F0007 15805B000F143F485A1600485A5D127F90C7127EA215FE5A485CA21401A248ECF80CA214 03161CEDF0181407007C1538007E010F1330003E131F027B13706C01E113E03A0F83C0F9 C03A03FF007F80D800FCEB1F00283B7DB92B>II<16F8ED03FEED0F8792381F0F 80ED3E3F167F157CA215FC1700161C4A48C7FCA414035DA414075DA20107B512F0A39026 000FE0C7FC5DA4141F5DA4143F92C8FCA45C147EA514FE5CA413015CA4495AA45C1307A2 5C121E123F387F8F80A200FF90C9FC131E12FEEA7C3CEA7878EA1FF0EA07C0294C7CBA29 >II<14E0EB03F8A21307A314F0EB01C090C7 FCAB13F8EA03FEEA070F000E1380121C121812381230EA701F1260133F00E0130012C05B EA007EA213FE5B1201A25B12035BA20007131813E01438000F133013C01470EB806014E0 14C01381EB838038078700EA03FEEA00F815397EB71D>105 D109 DII<3903E001F83907F807FE390E3C1E07391C3E38 1F3A183F703F800038EBE07F0030EBC0FF00705B00601500EC007E153CD8E07F90C7FCEA C07EA2120013FE5BA312015BA312035BA312075BA3120F5BA3121F5B0007C9FC21267EA4 25>114 D116 D<01F8EB03C0D803FEEB07E0D8070F130F000E018013F0121C12180038140700301403D8 701F130112601500D8E03F14E000C090C7FC5BEA007E16C013FE5B1501000115805B1503 16001203495B1506150E150C151C151815385D00015C6D485A6C6C485AD97E0FC7FCEB1F FEEB07F024267EA428>118 D E %EndDVIPSBitmapFont /Ff 135[50 1[50 50 50 50 50 1[50 50 50 1[50 2[50 50 1[50 50 1[50 1[50 11[50 1[50 2[50 3[50 6[50 1[50 15[50 50 50 1[50 2[50 2[50 50 40[{TeXBase1Encoding ReEncodeFont}29 83.022 /Courier rf /Fg 140[42 39[42 75[{}2 83.022 /XYDASH10 rf /Fh 184[24 59 59 24 24 59 59 24 64[{}8 83.022 /XYCIRC10 rf /Fi 132[0 1[0 9[0 5[0 57[0 9[0 37[{}6 83.022 /XYBTIP10 rf /Fj 132[0 1[0 9[0 5[0 57[0 9[0 37[{}6 83.022 /XYATIP10 rf /Fk 153[19 26 29 100[{TeXBase1Encoding ReEncodeFont}3 58.1154 /Times-Roman rf /Fl 135[42 60 1[46 28 32 37 2[42 46 4[23 3[37 46 2[42 12[55 46 3[65 60 6[65 1[55 69[{ TeXBase1Encoding ReEncodeFont}18 83.022 /Times-Bold rf /Fm 134[55 55 55 55 55 55 55 55 1[55 55 55 55 55 55 1[55 55 55 55 55 55 55 1[55 3[55 1[55 7[55 55 1[55 1[55 8[55 3[55 3[55 1[55 1[55 55 55 55 55 55 55 55 55 55 1[55 1[55 2[55 55 1[55 4[55 33[{TeXBase1Encoding ReEncodeFont}48 90.9091 /Courier rf %DVIPSBitmapFont: Fn cmr6 6 6 /Fn 6 117 df<1438B2B712FEA3C70038C7FCB227277C9F2F>43 D<13FF000313C0380781E0380F00F0001E137848133CA248131EA400F8131FAD0078131E A2007C133E003C133CA26C13786C13F0380781E03803FFC0C6130018227DA01E>48 D<13E01201120712FF12F91201B3A7487EB512C0A212217AA01E>II<137F3803FFE03807C0F0380F0078001E13F85AA2007C13700078 130012F8A7127C1418123C6C13306C13603807C0E03803FF8038007E0015187D961B>99 D<487EA41203A21207A2120F123FB51280A238078000AA14C0A63803C180EBE300EA01FE EA007C12207E9E18>116 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fo cmsy7 7 2 /Fo 2 49 df<176017F01770A217781738173C171C171E83717E717E717EEF00F8BAFC19 801900CB12F8EF01E04D5A4D5A4DC7FC171E171C173C173817781770A217F01760391F7C 9D42>33 D<13E0EA01F0EA03F8A3EA07F0A313E0A2120F13C0A3EA1F80A21300A25A123E A35AA3127812F8A25A12100D1E7D9F13>48 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fp cmmi7 7 8 /Fp 8 121 df<1238127C12FE12FFA2127F123B1203A31206A3120C1218123812701220 08127A8614>59 D99 D101 DI<130E131F5BA2133E131C90C7FCA7EA03E0487EEA0C78EA187C1230A212605B12C0A2 EA01F0A3485AA2485AA2EBC180EA0F81A2381F0300A213066C5A131CEA07F06C5A11287D A617>105 D<1407EC0F80141FA21500140E91C7FCA7EB03E0EB07F8EB0C3C1318EB303E 136013C0A248485AA2C7FCA25CA4495AA4495AA4495AA4495AA21238D87C1FC7FC12FC13 3E485AEA70F8EA7FE0EA1F80193380A61B>I115 D<90387C03C03901FF0FF03907079C30390E03B078000CEBF0F8001813E1123015F03960 07C0E015001200A2495AA449C7FC15301238007C1460EAFC3E15C0EAF87E39F06F038039 70C70700383F83FE381F01F81D1B7D9926>120 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fq cmex10 10.95 7 /Fq 7 99 df16 D<12F07E127C7E7E6C7E6C7E7F6C7E6C7E12007F137E7FA26D7E6D7E A26D7EA26D7E6D7EA26D7EA280147E147F80A26E7EA281140FA281140781A21403A281A2 140181A3140081A4157E157FA5811680A9ED1FC0B3A9ED3F80A916005DA5157E15FEA45D 1401A35D1403A25DA21407A25D140F5DA2141F5DA24AC7FCA25C147E14FE5CA2495AA249 5A495AA2495AA2495A49C8FCA2137E5B5B1201485A485A5B485A48C9FC123E5A5A5A22A3 7D8336>I86 D<007C180F6100FEF03F80A26C187FA26C19006D5FA2003F606D1601A2001F606D1603A2 000F606D1607A26C6C4C5AA20003606D161FA20001606D163FA20000606D167FA26D94C7 FC6E5DA2013F5E6E1401A2011F5E6E1403A2010F5E6E1407A201075E6E140FA201035E6E 141FA26D6C4A5AA201005E6E147FA26E92C8FC6F5BA2023F5CEDC001A2021F5CEDE003A2 020F5CEDF007A202075CEDF80FA202035CEDFC1FA202015CEDFE3FA26E6C485AA2037F90 C9FC5EA26F5AA36F5AA36F5AA36F5AA26F5A1501415B7B7F4C>I<171E173F4D7EA34D7E A34C7FA34C7FA34C7FA34C7F17F3041F7FA217E1043F7F17C0A2047F80EF807FA204FF80 EF003FA24B814C131FA20303814C130FA20307814C1307A2030F814C1303A2031F814C13 01A2033F814C7F037F82A24C147F03FF8293C8123FA24A834B151FA20203834B150FA202 07834B1507A2020F834B1503A2021F834B1501A2023F834B81A2027F844B167FA202FF84 92CA123F4985A24A171F0103854A170FA20107854A1707A2010F854A1703A2011F854A17 01A2013F854A83A2017F864A187FA201FF8691CC123FA2488749191FA200038749190F00 0787A2491907000F87491903A2001F87491901A2003F874985A2007F1C80491A7FA200FF 1CC090CE123FA3007EF31F80003CF30F005A7F7B7F65>94 D<003C1B0F007EF31F80B4F3 3FC0A36D1A7F007F1C80A26D1AFF003F1C00A26D61001F63A26D1903000F63A26D190700 07636D190FA20003636D191F000163A26D193F6C63A26E187F017F62A26E18FF013F97C7 FCA26E5F011F61A26E1703010F61A26E1707010761A26E170F010361A26E171F0101616E 173FA26D616F167F027F60A26F16FF023F95C8FCA26F5D021F5FA26F1503020F5FA26F15 0702075FA26F150F02035FA26F151F02015FA26F153F6E5FA270147F037F5E7014FFA203 3F93C9FC705B031F5DA2701303030F5DA270130703075DA270130F03035DA270131F0301 5DA270133F6F5DA2EF807F047F5CA2EFC0FF043F91CAFCA217E1041F5B17F3A2040F5B17 FF705BA3705BA3705BA3705BA3715AA371CBFC171E5A7F7B7F65>I<1560EC01F84A7EEC 0FFF023F13C091B512F049EB0FF8903907FC03FE903A1FF000FF80D97FC0EB3FE04848C7 EA0FF8D803FCEC03FCD80FF0EC00FFD83F80ED1FC000FEC9EA07F00078EE01E00060EE00 60341181C333>98 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fr cmmi8 8 33 /Fr 33 123 df14 D<0103B512F0131F137F90B612E03A 01FC1F80003903F00FC03807C00748486C7E121F1300123EA25AA2140700FC5C5AA2140F 5D141F92C7FC143E0078133C147C007C5B383C01E0381F07C0D807FFC8FCEA01F8241E7D 9C28>27 D<90B6128012035A481500261E00E0C7FC5A00705B130112E012C0EA0003A25C A21307A349C8FCA35BA2131E133EA45BA21338211E7E9C1F>I<1506A3150E150CA3151C 1518A315381530A31570D801E0EB6007D807F8EC1F80EA0E3CD81C3E01E013C0003814C0 0030150F0070150726607E011480D8E07CEB800312C013FC3880F8030000020013001201 13F04A5B00030106130601E0140E160C020E131C020C131801C0143801E05C021C5B9138 1801C0D801F0495A030FC7FC3900FC381C90383F30F890380FFFE0010190C8FCEB007014 60A314E05CA313015CA42A3C7EAD2E>32 D39 D<123C127E12FFA4127E123C08087A8714>58 D<123C127EB4FCA21380A2127F123D1201A312031300A25A1206120E5A5A5A126009157A 8714>I<15C0140114031580A214071500A25C140EA2141E141CA2143C143814781470A2 14F05CA213015CA213035C130791C7FCA25B130EA2131E131CA2133C1338A21378137013 F05BA212015BA212035BA2120790C8FC5A120EA2121E121CA2123C1238A212781270A212 F05AA21A437CB123>61 D<14C0A5497EA700F0EC03C039FF83F07F003FB61200000F14FC 000114E06C6C1380D91FFEC7FCEB07F8497EA2497EEB3F3FEB3E1F496C7EEB7807496C7E A248486C7E48486C7E49137090C71230222180A023>63 D<1670A216F01501A24B7EA215 07150DA2151915391531ED61FC156015C0EC0180A2EC03005C14064A7F167E5C5CA25C14 E05C4948137F91B6FC5B0106C7123FA25B131C1318491580161F5B5B120112031207000F ED3FC0D8FFF8903807FFFEA22F2F7DAE35>65 D<013FB7FCA2D900FEC7127F171F4A140F A20101150717065CA21303A25C16300107147017004A136016E0130F15019138C007C091 B5FC5BECC0074A6C5AA2133FA2020090C7FCA25B92C8FC137EA213FEA25BA21201A25BA2 1203B512F0A2302D7DAC2D>70 D<91383FFFF8A29138007F00A2157EA215FE5DA314015D A314035DA314075DA3140F5DA3141F5DA3143FA292C7FCA2003C5B127E00FE137E14FE5C EAFC0100F05B48485A386007E038781F80D81FFEC8FCEA07F0252E7BAC27>74 D<013FB6FC17E0903A00FE0007F0EE01FC4AEB007EA2010181A25C1880010316005F5CA2 010715FEA24A5C4C5A010F4A5A4C5A4AEB1F8004FFC7FC91B512F84914C00280C9FCA313 3F91CAFCA35B137EA313FE5BA312015BA21203B512E0A2312D7DAC2D>80 D<913807F00691383FFE0E9138F80F9E903903E001FE903807800049C7127C131E49143C A2491438A313F81630A26D1400A27FEB7F8014F86DB47E15F06D13FC01077F01007F141F 02011380EC003F151F150FA215071218A3150F00381500A2151EA2007C5C007E5C007F5C 397B8003E039F1F00F8026E07FFEC7FC38C00FF0272F7CAD2B>83 D97 D101 D<157C4AB4FC913807C380EC0F87150FEC1F1FA391383E0E0092C7FCA3147E147CA414FC 90383FFFF8A2D900F8C7FCA313015CA413035CA413075CA5130F5CA4131F91C8FCA4133E A3EA383C12FC5BA25B12F0EAE1E0EA7FC0001FC9FC213D7CAE22>I<1307EB0F80EB1FC0 A2EB0F80EB070090C7FCA9EA01E0EA07F8EA0E3CEA1C3E123812301270EA607EEAE07C12 C013FC485A120012015B12035BA21207EBC04014C0120F13801381381F01801303EB0700 EA0F06131EEA07F8EA01F0122E7EAC18>105 D<15E0EC01F01403A3EC01C091C7FCA914 7CEB03FE9038078F80EB0E07131C013813C01330EB700F0160138013E013C0EB801F1300 1500A25CA2143EA2147EA2147CA214FCA25CA21301A25CA21303A25CA2130700385BEAFC 0F5C49C7FCEAF83EEAF0F8EA7FF0EA1F801C3B81AC1D>I<131FEA03FFA2EA003FA2133E A2137EA2137CA213FCA25BA2120115F89038F003FCEC0F0E0003EB1C1EEC387EEBE07014 E03807E1C09038E3803849C7FC13CEEA0FDC13F8A2EBFF80381F9FE0EB83F0EB01F81300 481404150C123EA2007E141C1518007CEBF038ECF83000FC1470EC78E048EB3FC00070EB 0F801F2F7DAD25>I<137CEA0FFCA21200A213F8A21201A213F0A21203A213E0A21207A2 13C0A2120FA21380A2121FA21300A25AA2123EA2127EA2127CA2EAFC08131812F8A21338 133012F01370EAF860EA78E0EA3FC0EA0F000E2F7DAD15>I<27078007F0137E3C1FE01F FC03FF803C18F0781F0783E03B3878E00F1E01263079C001B87F26707F8013B000600100 13F001FE14E000E015C0485A4914800081021F130300015F491400A200034A1307604913 3E170F0007027EEC8080188149017C131F1801000F02FCEB3F03053E130049495C180E00 1F0101EC1E0C183C010049EB0FF0000E6D48EB03E0391F7E9D3E>I<3907C007E0391FE0 3FF83918F8783E393879E01E39307B801F38707F00126013FEEAE0FC12C05B00815C0001 143E5BA20003147E157C5B15FC0007ECF8081618EBC00115F0000F1538913803E0300180 147016E0001F010113C015E390C7EAFF00000E143E251F7E9D2B>II<90387C01F89038FE07FE3901CF8E0F3A0387 9C0780D907B813C0000713F000069038E003E0EB0FC0000E1380120CA2D8081F13071200 1400A249130F16C0133EA2017EEB1F80A2017C14005D01FC133E5D15FC6D485A3901FF03 E09038FB87C0D9F1FFC7FCEBF0FC000390C8FCA25BA21207A25BA2120FA2EAFFFCA2232B 829D24>I<903807E03090381FF87090387C1CF0EBF80D3801F00F3903E007E0EA07C000 0F1303381F800715C0EA3F00A248130F007E1480A300FE131F481400A35C143E5A147E00 7C13FE5C1301EA3E07EA1F0E380FFCF8EA03F0C7FC13015CA313035CA21307A2EBFFFEA2 1C2B7D9D20>I<3807C01F390FF07FC0391CF8E0E0383879C138307B8738707F07EA607E 13FC00E0EB03804848C7FCA2128112015BA21203A25BA21207A25BA2120FA25BA2121FA2 90C8FC120E1B1F7E9D20>II<13 0E131FA25BA2133EA2137EA2137CA213FCA2B512F8A23801F800A25BA21203A25BA21207 A25BA2120FA25BA2001F1310143013001470146014E0381E01C0EB0380381F0700EA0F0E EA07FCEA01F0152B7EA919>I119 D<013F137C9038FFC1FF3A01C1E383803A0380F703C0390700F60F000E 13FE4813FC12180038EC0700003049C7FCA2EA200100005BA313035CA301075B5D14C000 385CD87C0F130600FC140E011F130C011B131C39F03BE038D8707113F0393FE0FFC0260F 803FC7FC221F7E9D28>II<011E1330EB3F809038FFC07048EBE0E0ECF1C03803C0FF9038803F8090 3800070048130EC75A5C5C5C495A495A49C7FC131E13385B491340484813C0485A380700 01000EEB0380380FE007391FF81F0038387FFF486C5A38601FFC38E00FF038C003C01C1F 7D9D21>I E %EndDVIPSBitmapFont /Fs 172[40 2[44 14[53 65[{TeXBase1Encoding ReEncodeFont}3 72.7272 /Times-Bold rf /Ft 134[40 45 1[40 51 25 35 35 1[45 45 51 71 25 2[25 51 45 30 40 45 40 1[45 55[30 30 40[{TeXBase1Encoding ReEncodeFont}22 90.9091 /Times-BoldItalic rf %DVIPSBitmapFont: Fu cmr10 10.95 18 /Fu 18 94 df0 D6 D<010FB612E0A3D900030180C7FCDA00FEC8FCA8913807FFC0027F13FC903A03FCFE 7F80D90FE0EB0FE0D93F80EB03F8D9FE00EB00FE4848157F4848ED3F804848ED1FC0000F 17E04848ED0FF0003F17F8A24848ED07FCA200FF17FEA8007F17FCA26C6CED0FF8A2001F 17F06C6CED1FE0000717C06C6CED3F806C6CED7F006C6C15FED93F80EB03F8D90FE0EB0F E0D903FCEB7F809027007FFFFCC7FC020713C0DA00FEC8FCA8913803FF80010FB612E0A3 373E7BBD42>8 D<1430147014E0EB01C0EB03801307EB0F00131E133E133C5B13F85B12 015B1203A2485AA2120F5BA2121F90C7FCA25AA3123E127EA6127C12FCB2127C127EA612 3E123FA37EA27F120FA27F1207A26C7EA212017F12007F13787F133E131E7FEB07801303 EB01C0EB00E014701430145A77C323>40 D<12C07E12707E7E121E7E6C7E7F12036C7E7F 12007F1378137CA27FA2133F7FA21480130FA214C0A3130714E0A6130314F0B214E01307 A614C0130FA31480A2131F1400A25B133EA25BA2137813F85B12015B485A12075B48C7FC 121E121C5A5A5A5A145A7BC323>I<1506150FB3A9007FB912E0BA12F0A26C18E0C8000F C9FCB3A915063C3C7BB447>43 D48 DIII<150E15 1E153EA2157EA215FE1401A21403EC077E1406140E141CA214381470A214E0EB01C0A2EB 0380EB0700A2130E5BA25B5BA25B5B1201485A90C7FC5A120E120C121C5AA25A5AB8FCA3 C8EAFE00AC4A7E49B6FCA3283E7EBD2D>I<121EEA7F80A2EAFFC0A4EA7F80A2EA1E00C7 FCB3121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A2779A619>58 D<121EEA7F80A2EAFFC0 A4EA7F80A2EA1E00C7FCB3121E127FEAFF80A213C0A4127F121E1200A412011380A31203 13005A1206120E120C121C5A1230A20A3979A619>I<007FB912E0BA12F0A26C18E0CDFC AE007FB912E0BA12F0A26C18E03C167BA147>61 D67 D<003FB91280A3903AF0007FE001018090393FC0003F48C7ED1FC0007E1707 127C00781703A300701701A548EF00E0A5C81600B3B14B7E4B7E0107B612FEA33B3D7DBC 42>84 D91 D93 D E %EndDVIPSBitmapFont /Fv 133[35 40 40 61 40 45 25 35 35 1[45 45 45 66 25 40 1[25 45 45 25 40 45 40 45 45 12[51 45 2[56 1[61 1[51 61 1[30 2[56 56 66 61 56 56 6[30 11[23 30 23 2[30 30 30 36[45 2[{TeXBase1Encoding ReEncodeFont}45 90.9091 /Times-Italic rf %DVIPSBitmapFont: Fw cmr8 8 14 /Fw 14 117 df6 D<13031307130E131C1338137013F0EA 01E013C01203EA0780A2EA0F00A2121EA35AA45AA512F8A25AAB7EA21278A57EA47EA37E A2EA0780A2EA03C0120113E0EA00F013701338131C130E1307130310437AB11B>40 D<12C07E12707E7E7E120FEA0780120313C0EA01E0A2EA00F0A21378A3133CA4131EA513 1FA2130FAB131FA2131EA5133CA41378A313F0A2EA01E0A2EA03C013801207EA0F00120E 5A5A5A5A5A10437CB11B>I43 D48 D<130C133C137CEA03FC12FFEAFC7C1200B3B113FE387F FFFEA2172C7AAB23>III<140EA2141E143EA2 147E14FEA2EB01BE1303143E1306130E130C131813381330136013E013C0EA0180120313 001206120E120C5A123812305A12E0B612FCA2C7EA3E00A9147F90381FFFFCA21E2D7EAC 23>I61 D91 D93 D99 D<1360A413E0A312011203A21207121FB512F0A23803E000AF 1418A714383801F03014703800F860EB3FE0EB0F80152A7FA81B>116 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fx cmmi10 10.95 55 /Fx 55 123 df13 DII<020FB512FE027F14FF49B7FC1307011F15FE903A3FE03FE000 90387F000F01FE6D7E4848130348488048481301485A5B121F5B123F90C7FC5A127EA215 0300FE5D5AA24B5AA2150F5E4B5AA2007C4AC7FC157E157C6C5C001E495A001FEB07E039 0F800F802603E07EC8FC3800FFF8EB3FC030287DA634>27 D<011FB612C090B7FC5A5A48 1680260FC007C8FC48C65A123E003C130E48131E5A5AA2C75AA3147CA2147814F8A4495A A31303A25CA21307A3495AA3131FA25C6DC9FC2A287DA628>I<13FE2603FF8015702607 8FE015F0260F07F01401000E6D15E00103ED03C0000C6DEC0780D80001ED0F006E141E01 005D5F027F5C4C5A91383F80035F4C5A6E6C48C7FC161E5E6E6C5A5EEDE1E0913807E3C0 15F75E6EB4C8FC5D5D5D6E7EA2140314074A7EA2141EEC3C7F147814F049486C7EEB03C0 EB078049486C7EA2131E496D7E5B498048481307485A48486D7E48C7FC48EDFC03001E02 01EB07804803FE1300486E6C5A48ED7F1E0060ED1FFCC9EA03F0343B7EA739>31 DI39 D<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A798919>58 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A312011380120313005A 120E5A1218123812300B1C798919>I<183818FC1703EF0FF8EF3FE0EFFF80933803FE00 EE0FF8EE3FE0EEFF80DB03FEC7FCED0FF8ED3FE0EDFF80DA03FEC8FCEC0FF8EC3FE0ECFF 80D903FEC9FCEB0FF8EB3FE0EBFF80D803FECAFCEA0FF8EA3FE0EA7F8000FECBFCA2EA7F 80EA3FE0EA0FF8EA03FEC66C7EEB3FE0EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE 913800FF80ED3FE0ED0FF8ED03FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0 EF0FF8EF03FC17001838363678B147>I<17075F84171FA2173F177FA217FFA25E5EA24C 6C7EA2EE0E3F161E161C1638A21670A216E0ED01C084ED0380171FED07005D150E5DA25D 157815705D844A5A170F4A5A4AC7FC92B6FC5CA2021CC7120F143C14384A81A24A140713 015C495AA249C8FC5B130E131E4982137C13FED807FFED1FFEB500F00107B512FCA219F8 3E417DC044>65 D<49B712F818FF19E090260001FEC7EA3FF0F007F84B6E7E727E850203 815D1A80A20207167F4B15FFA3020F17004B5C611803021F5E4B4A5A180FF01FE0023F4B 5A4B4A5ADD01FEC7FCEF07F8027FEC7FE092B6C8FC18E092C7EA07F84AEC01FE4A6E7E72 7E727E13014A82181FA213034A82A301075F4A153FA261010F167F4A5E18FF4D90C7FC01 1F5E4A14034D5A013FED1FF04D5A4AECFFC0017F020790C8FCB812FC17F094C9FC413E7D BD45>II<49B712F818FF19C0D9 000190C7EA3FF0F00FF84BEC03FCF000FE197F0203EE3F805DF11FC0A20207EE0FE05D1A F0A2020F16075DA21AF8141F5DA2190F143F5DA21AF0147F4B151FA302FF17E092C9123F A21AC049177F5C1A8019FF010318005C4E5A61010716034A5E4E5A180F010F4C5A4A5E4E 5A4EC7FC011F16FE4A4A5AEF07F8013FED0FE0EF3FC04A49B4C8FC017FEC0FFCB812F017 C004FCC9FC453E7DBD4B>I<49B912C0A3D9000190C71201F0003F4B151F190F1A800203 16075DA314075D1A00A2140F4B1307A24D5B021F020E130E4B92C7FC171EA2023F5C5D17 7CEE01FC4AB55AA3ED800302FF6D5A92C7FCA3495D5C19380401147801034B13704A16F0 93C85AA2010716014A5E180361010F16074A4BC7FCA260011F163E4A157E60013F15014D 5A4A140F017F15FFB95AA260423E7DBD43>I<49B9FCA3D9000190C7120718004B157F19 3F191E14035DA314075D191CA2140F5D17074D133C021F020E13384B1500A2171E023F14 1C4B133C177C17FC027FEB03F892B5FCA39139FF8003F0ED00011600A2495D5CA2160101 035D5CA293C9FC13075CA3130F5CA3131F5CA2133FA25C497EB612F8A3403E7DBD3A>I< DC3FF0130E923803FFFE031F9038FF801C923A7FF00FC03C913B01FF0001E07CDA07FC90 3800F0FCDA0FF0EC79F8DA3FC0143F4A48141F4AC8120FD903FC16F0495A49481507495A 013F17E04A1503495A49C9FC4818C05B1203485A1980485AA2485A95C7FC123F5BA2127F 5BA312FF5BA3043FB512E0A290C8FC9339001FF800170F60A2171F60A36C6C153F60A26C 7E177F001F5F7F6C6C15FF00075D6C6C4A90C7FC6C6CEC07BF6CB4EC1F1FD97FC0EB7E0F 903A1FF803F80E0107B5EAE00601010280C8FC9026001FF8C9FC3F427BBF47>I<49B612 C05BA2D90001EB800093C7FC5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3147F 5DA314FF92C8FCA35B5CA313035CA313075CA3130F5CA3131F5CA2133FA25CEBFFE0B612 E0A32A3E7DBD28>73 D<92B612E0A39239003FF000161F5FA2163F5FA3167F5FA316FF94 C7FCA35D5EA315035EA315075EA3150F5EA3151FA25EA2153FA25EA2157FA25EA2D80F80 13FFEA3FC0486C91C8FCA25CD8FFC05B140301805B49485A00FC5C0070495A0078495A00 38495A001E017EC9FC380F81FC3803FFE0C690CAFC33407ABD32>I<49B612F0A3D90001 0180C7FC93C8FC5DA314035DA314075DA3140F5DA3141F5DA3143F5DA3147F5DA314FF92 C9FCA35B5C180C181E0103161C5C183C183813074A1578187018F0130F4AEC01E0A21703 011FED07C04A140F171F013FED3F8017FF4A1303017F021F1300B9FCA25F373E7DBD3E> 76 D<49B56C93B512C050148062D90001F18000704B90C7FC03DF5F1A0E1A1D1403039F EE39FC1A711A739126078FE015E3030F5FF101C3F10387140F020E93380707F0A2F10E0F 021E161C91261C07F05E1938F1701F143C023804E05BA2953801C03F0278ED0380912670 03F85EF00700060E137F14F002E04B91C8FCA24E5B01015E4A6C6C5D60943801C0011303 0280DA03805BA294380700030107150E91C700FE5D5F1907495D010E4B5CA24D130F011E 6E5A011C60705A013C171F017C92C7FC01FE027E5DD803FF4D7EB500FC017C017FB512E0 167804385E5A3E7CBD58>I<49B712F018FF19C0D9000190C76C7EF00FF84BEC03FC1801 020382727E5DA214071A805DA2140F4E13005DA2021F5E18034B5D1807023F5E4E5A4B4A 5A4E5A027F4B5A06FEC7FC4BEB03FCEF3FF091B712C005FCC8FC92CBFCA25BA25CA21303 A25CA21307A25CA2130FA25CA2131FA25CA2133FA25C497EB612E0A3413E7DBD3A>80 DI<49B77E18F818FFD90001D900017F9438003F E04BEC0FF0727E727E14034B6E7EA30207825DA3020F4B5A5DA24E5A141F4B4A5A614E5A 023F4B5A4B4A5A06FEC7FCEF03FC027FEC0FF04BEBFF8092B500FCC8FC5F9139FF8001FE 92C7EA7F80EF1FC084496F7E4A1407A28413035CA2170F13075C60171F130F5CA3011F03 3F5B4AEE038018E0013F17071A004A021F5B496C160EB600E090380FF01E05075B716C5A CBEAFFE0F03F8041407DBD45>II<48B912FCA25A913A 0003FE000F01F84A1301D807E0EE00F8491307491778000F5D90C7FC001E140FA2001C4B 1470123C0038141FA200785D1270033F15F000F018E0485DC81600157FA25EA215FFA293 C9FCA25CA25DA21403A25DA21407A25DA2140FA25DA2141FA25DA2143FA25DA2147FA214 FF497F001FB612FCA25E3E3D7FBC35>I86 D<027FB712F0A3DAFFFCC7EA3FE003E0EC7FC092C8EAFF8049484A13004A4A 5A5C4A4A5A49484A5A4A4A5A4D5A49484A5A4D5A91C74890C7FC5B010E4A5A4C5A4C5A01 1E4A5A90C8485A4C5A4C5A4B90C8FCA24B5A4B5A4B5A4B5A4B5A4B5A4B5AA24A90C9FC4A 5A4A5A4A5A4A4814704A4814F04A485C14FF5D4990C7120149485D49481403495A49485D 49481407495A4DC7FC49485C4890C8FC48485D4848157E484815FE484814034848EC0FFC 16FF48B7FCB8FC5F3C3E7BBD3E>90 D97 DIIII<163EEEFF C0923803E1E0923807C0F0ED0F811687ED1F8F160F153FA217E092387E038093C7FCA45D A514015DA30103B512FCA390260003F0C7FCA314075DA4140F5DA5141F5DA4143F92C8FC A45C147EA414FE5CA413015CA4495AA35CEA1E07127F5C12FF495AA200FE90C9FCEAF81E EA703EEA7878EA1FF0EA07C02C537CBF2D>III<143C14FEA21301A314FCEB00701400AD137E 3801FF803803C7C0EA0703000F13E0120E121C13071238A2EA780F007013C0A2EAF01F14 801200133F14005B137EA213FE5BA212015B0003130E13F0A20007131EEBE01CA2143CEB C0381478147014E013C13803E3C03801FF00EA007C173E7EBC1F>IIII<01F8D907F0 EB07F8D803FED93FFEEB1FFE28078F80F81FEB781F3E0F0F81C00F81E00F803E0E07C780 07C3C007C0001CD9CF00EBC78002FEDAEF007F003C4914FE0038495C49485C1278007049 5CA200F0494948130F011F600000495CA2041F141F013F6091C75B193F043F92C7FC5B01 7E92C75A197E5E01FE9438FE01C049027E14FCA204FE01011303000106F81380495CF207 00030115F00003190E494A151E1A1C03035E0007943800F8F0494AEC7FE0D801C0D900E0 EC1F804A297EA750>I<01F8EB0FF0D803FEEB3FFC3A078F80F03E3A0F0F83C01F3B0E07 C7800F80001CEBCF0002FE80003C5B00385B495A127800705BA200F049131F011F5D0000 5BA2163F013F92C7FC91C7FC5E167E5B017E14FE5EA201FE0101EB03804914F8A2030313 07000103F013005B170E16E000035E49153C17385F0007913801F1E0496DB45AD801C002 3FC7FC31297EA737>II< D907C013FE903A0FF003FF80903A1C7C0F07E0903A383C1C03F0903A783E7801F80170EB F0009026F03FE013FC01E05B4B13FE0001017F147E01C090C7FC147E17FF000313FEA2C7 5AA201015C17FE5CA20103140317FC5CA20107EC07F8A24A14F0160F010F15E0161F17C0 EE3F80011F15006E137E5E9138B801F890393FBC03E091389E0FC0DA07FFC7FCEC01F849 C9FCA2137EA213FEA25BA21201A25BA21203A2B512E0A3303A84A72E>I<91381F800C91 38FFE01C903903F0707C90390FC0387890391F801CF890383F000F137E4914F000011407 485A485A16E0485A121F150F484814C0A3007F141F491480A300FF143F90C71300A35D48 147EA315FE007E495A1403A26C13074A5A381F801D000F13793807C1F33901FFC3F03800 7F03130014075DA3140F5DA3141F5DA2143F147F90381FFFFE5BA2263A7DA729>III<147014FC1301A25CA21303A25CA21307A25CA2130FA25CA2 007FB512F0B6FC15E039001F8000133FA291C7FCA25BA2137EA213FEA25BA21201A25BA2 1203A25BA21207EC01C013E01403000F1480A2EBC0071500140E141E5C000713385C3803 E1E03801FF80D8003EC7FC1C3A7EB821>I<137C48B4EC03802603C7C0EB0FC0EA070300 0F7F000E151F121C010715801238163FEA780F0070491400A2D8F01F5C5C0000157E133F 91C712FEA2495C137E150113FE495CA215030001161C4914F0A21507173CEEE038150F03 1F1378000016706D133F017C017313F0017E01E313E0903A3F03C1F1C0903A0FFF007F80 D901FCEB1F002E297EA734>I<017E147848B4EB01FC2603C7C013FED807031303000F13 E0120E121C0107130100381400167ED8780F143E00705B161EEAF01F4A131C1200133F91 C7123C16385B137E167801FE14705B16F016E0120149EB01C0A2ED0380A2ED0700A20000 140E5D6D133C017C5B6D5B90381F03C0903807FF80D901FCC7FC27297EA72C>I<013EEE 0380D9FF800107EB0FE02601C3E090381F801FD8038117F0380701F0000E153F001E1600 D81C03160F003C170700384BEB03E0D87807147E00705B1801D8F00F14FE4A4914C01200 131FDA800114034C1480133F140003031407494A1400137EA26001FE0107140E495C60A3 60150F017C5E017E011F14F0705B6D0139495A6D903970F8038090280FC0E07C0FC7FC90 3A03FFC01FFC903A007F0007F03C297EA741>II<137C48B4EC03802603 C7C0EB0FC0EA0703000F7F000E151F001C168013071238163FD8780F150000705BA2D8F0 1F5C4A137E1200133F91C712FE5E5B137E150113FE495CA2150300015D5BA215075EA215 0F151F00005D6D133F017C137F017E13FF90393F03DF8090380FFF1FEB01FC90C7123F93 C7FCA25DD80380137ED80FE013FE001F5C4A5AA24848485A4A5A6CC6485A001C495A001E 49C8FC000E137C380781F03803FFC0C648C9FC2A3B7EA72D>I<02F8130ED903FE131ED9 0FFF131C49EB803C49EBC0784914F090397E07F1E09038F800FF49EB1FC049EB07800001 EC0F006C48131E90C75A5D5D4A5A4A5A4A5A4AC7FC143E14785C495A495A495A49C8FC01 1E14E05B5B4913014848EB03C0485AD807F8EB078048B4131F3A1F87E07F00391E03FFFE 486C5B00785CD870005B00F0EB7FC048011FC7FC27297DA72A>I E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fy cmsy10 10.95 32 /Fy 32 119 df<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A799B19>1 D<0060166000F816F06C1501007E15036CED07E06C6CEC0FC06C6CEC1F806C6CEC3F006C 6C147E6C6C5C6C6C495A017E495A6D495A6D6C485A6D6C485A6D6C48C7FC903803F07E6D 6C5A903800FDF8EC7FF06E5A6E5AA24A7E4A7EECFDF8903801F8FC903803F07E49487E49 486C7E49486C7E49486C7E017E6D7E496D7E48486D7E4848147E4848804848EC1F804848 EC0FC048C8EA07E0007EED03F0481501481500006016602C2C73AC47>I15 D<007FB912E0BA12F0A26C18E0 CDFCAE007FB912E0BA12F0A26C18E0CDFCAE007FB912E0BA12F0A26C18E03C287BAA47> 17 D<1818187CEF01FCEF07F8EF1FF0EF7FC0933801FF00EE07FCEE1FF0EE7FC04B48C7 FCED07FCED1FF0ED7FC04A48C8FCEC07FCEC1FF0EC7FC04948C9FCEB07FCEB1FF0EB7FC0 4848CAFCEA07FCEA1FF0EA7FC048CBFC5AEA7F80EA3FE0EA0FF8EA03FEC66C7EEB3FE0EB 0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE913800FF80ED3FE0ED0FF8ED03FE923800 FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0EF0FF8EF03FC170018381800AE007FB812 F8B912FCA26C17F8364878B947>20 D<140C141EA2143E143CA2147C1478A214F8495AA2 495A495AA2495A49CDFC133E137EEA01F8485AEA0FE0003FBB12FEBDFCA2003F1AFED80F E0CDFCEA03F06C7EEA007E133E7F6D7E6D7EA26D7E6D7EA26D7E1478A2147C143CA2143E 141EA2140C50307BAE5B>32 D<19301978A2197C193CA2193E191EA2191F737EA2737E73 7EA2737E737E1A7C1A7EF21F80F20FC0F207F0007FBB12FCBDFCA26C1AFCCDEA07F0F20F C0F21F80F27E001A7C624F5A4F5AA24F5A4F5AA24FC7FC191EA2193E193CA2197C1978A2 193050307BAE5B>I<020C1630021E1678A2023E167C023C163CA2027C163E0278161EA2 02F8161F4948707EA24948707E4948707EA24948707E49CB7E013E187C017E187ED801F8 F01F804848F00FC0D80FE0F007F0003FBB12FCBDFCA2003F1AFCD80FE0CBEA07F0D803F0 F00FC06C6CF01F80D8007EF07E00013E187C6D606D6C4C5A6D6C4C5AA26D6C4C5A6D6C4C 5AA26D6C4CC7FC0278161EA2027C163E023C163CA2023E167C021E1678A2020C16305030 7BAE5B>36 D<03F015F0A20201824B15780203167C4B153C0207163E4A488192C97E4A83 023E707E023C1603027C834A707E49B97E498449844984013FCBEA0FC0017E727E49727E D803F8F001FCD80FE0F0007FD83FC0F13FC0B4CDEA0FF0A2D83FC0F13FC0D80FE0F17F00 D803F8F001FCC66CF003F0017E4E5A6D4E5A010FBAC7FC6D606D606D60D900F8C9EA01F0 027C4C5A023C5F023E16076E4C5A6E94C8FC6F5D6E6C153E0203163C6F157C020116786F 15F802005EA254327DAF5B>44 D49 D<0207B512E0023F14F049B6FC49 15E0D90FFCC8FCEB1FE0017FC9FC13FEEA01F8485A485A5B485A121F90CAFC123EA25AA2 1278A212F8A25AA2B812E017F0A217E000F0CAFCA27EA21278A2127CA27EA27E7F120F6C 7E7F6C7E6C7EEA00FE137FEB1FE0EB0FFC0103B612E06D15F0EB003F020714E02C3678B1 3D>I<176017F01601A2EE03E0A2EE07C0A2EE0F80A2EE1F00A2163EA25EA25EA24B5AA2 4B5AA24B5AA24B5AA24BC7FCA2153EA25DA25DA24A5AA24A5AA24A5AA24A5AA24AC8FCA2 143EA25CA25CA2495AA2495AA2495AA2495AA249C9FCA2133EA25BA25BA2485AA2485AA2 485AA2485AA248CAFCA2123EA25AA25AA25A12602C5473C000>54 D<0060EE018000F0EE03C06C1607A200781780007C160FA2003C1700003E5EA26C163EA2 6C163C6D157CA2000716786D15F8A26C6C4A5AA200015E6D140390B7FC6C5EA3017CC7EA 0F80A2013C92C7FC013E5CA2011E141E011F143EA26D6C5BA2010714786E13F8A26D6C48 5AA201015CECF003A201005CECF807A291387C0F80A2023C90C8FCEC3E1FA2EC1E1EEC1F 3EA2EC0FFCA26E5AA36E5AA36E5A6E5A324180BE33>56 D<007FB612FEB8FCA27EC9120F B3A7001FB7FC127FA3C9120FB3A8007FB7FCB8FCA26C15FE283F7BBE33>I<007FB81280 B912C0A27ECA1203B3A232187B9F3D>I<1518153CA2157CA2903803FC7890380FFFF8EB 3E0790387801F0EBF0004848487ED803C07FD807807FA2390F0003EFA248ECCF80001EEB 07C7003E15C01587A2140F007E15E0007C1403A2141FA2141E00FC013E13F0A2143CA214 7CA21478A214F8A214F01301A214E0A21303A214C0A21307A21480D87C0F14E0A2140000 7E14075BA2D83E1E14C0A2133E001FEC0F80133CD80F7C1400A2495B0007141E00035C00 015C4913F83900F801E03901FE07C090B5C7FCEBE3FCD803E0C8FCA25BA26C5A244D7CC5 2D>I<4E7EF007C0180F181F183F187FA218FFA25FA25F18BF1707183F170F170E171E17 1C173C17381778177017F0EE01E0A2EE03C0A2EE0780A2EE0F00161EA25EA25E16F85E4B 5A854B5A15075E4BC7121F5D151E033FB6FC5DA292B7FC4A82DA03E0C7121FA24A5A4A48 140F0010131F003091C87F143E00785B007C13FC26FE01F86F7E38FF87F0D9FFE0171CF1 FE7C4A923803FFF86C4917E091C914C06C487013006C48EE00FCD80FF094C7FCEA03C046 477EC149>65 D<020EEC7FC0023E903803FFF802FE011F7F0103027F7F010F49B6FC011F 903803F81F013F90260FC0031380903A79FC1F00010101013E7F5D4B147F903803FDF002 FF16005D5D187E4B14FE4990C85A604A4A5A4D5A4A4A5AEF1F80010F037EC7FC4A495AEE 0FF04AEB7FC0DB03FFC8FC011F011F13E04A4813F84B13FE92B6FC4AC66C7F013F020F7F 04037F4A1300717E173F49C86C7EA2170FA201FE1507A448485EA3495E0003160F605B00 074C5A4993C7FCD9E180143E260FE7C05CD9DFE05C48B46CEB03F0D9BFFCEB0FC09139FF 80FF80D83F1FD9FFFEC8FC6D14F8D87E0714E0D8780191C9FC39E0003FF039427DBF3C> I<173F933803FFC0040F7F043F7F93B5FC4B80ED03E092380FC03F92381F801FED3F004B 130F15FE4A5A604A485C020715804B91C7FC020F91C8FC5D141FA24A5AA34A5AA34ACAFC A3495AA313035CA3495AA3130F5CA3131F5CA25C133FA2495AF0078091C9121F01FEEE3F 0018FF2601FFFE5D48D9FFE0130103FE5C489139FFE003F804FE5B4892B55AD81F811680 263F001F92C7FC007E010114FC00F8D9001F13F000E00201138039427DBF3F>76 D<0438198004F81801030119030303190770180F1D1FF53F00A2030761706064525A1C07 A24B6C170F1C1F525A030E187F7017FD031E6DED01F91CFB031CEF03F3983807E3F89226 3C3FC0ED0FC3F31F830338EF3F03F37E079238781FE009FC5B0370EE01F8F203F09226F0 0FF0EC07E003E093380FC00FF21F800201173F4B6C6C03005B1A7E02035F03806D495A04 034A48131F02074C5A03004B5A706C131F020E4C5A4FC75B021E6E13FE021C6D495AF083 F84ADB87F0143F94387FCFE00278EDDFC002706EB45A96C8FC4A6E5A6001016F5A49485D 0030705A267C07805DD87F0F6F5AB5C890C9EBE1C094CA13E749F3FF80491C00F41FFC49 1BF06C48F20FC0D81FE097C8FCEA078062457DBF6D>II<0060EE018000F0EE03C0B3B3A36C1607A200781780007C160FA26CEE 1F00003F5E6C6C157E6C6C5DD807F0EC03F8D803FCEC0FF06CB4EC3FE03B007FF003FF80 011FB548C7FC010714F8010114E09026001FFEC8FC32397BB63D>91 DI<15C04A7E4A7EA24A7EA34A7EA2EC1F3EA2EC3E 1FA2EC3C0F027C7FA24A6C7EA249486C7EA2ECE001010380A249486C7EA24948137CA249 C77EA2011E141E013E141FA2496E7EA2496E7EA2491403000182A248486E7EA248486E7E A2491578000F167CA248C97EA2003E82A2003C82007C1780A248EE07C0A24816030060EE 018032397BB63D>94 D<0060EE018000F0EE03C06C1607A2007CEE0F80A2003C1700003E 5EA26C163EA26C6C5DA2000716786D15F8A26C6C4A5AA26C6C4A5AA200005E6D1407A201 7C4A5AA26D4AC7FCA2011E141E011F143EA26D6C5BA26D6C5BA26D6C485AA201015CECF0 03A26D6C485AA291387C0F80A2023C90C8FCEC3E1FA2EC1F3EA2EC0FFCA26E5AA36E5AA2 6E5A6E5A32397BB63D>I<126012F0B3AAB812F017F8A300F0CAFCB3AB12602D3F7BBE38> I<153FEC03FFEC0FE0EC3F80EC7E00495A5C495AA2495AB3AA130F5C131F495A91C7FC13 FEEA03F8EA7FE048C8FCEA7FE0EA03F8EA00FE133F806D7E130F801307B3AA6D7EA26D7E 80EB007EEC3F80EC0FE0EC03FFEC003F205B7AC32D>102 D<12FCEAFFC0EA07F0EA01FC EA007E6D7E131F6D7EA26D7EB3AA801303806D7E1300147FEC1FC0EC07FEEC00FFEC07FE EC1FC0EC7F0014FC1301495A5C13075CB3AA495AA2495A133F017EC7FC485AEA07F0EAFF C000FCC8FC205B7AC32D>I<146014F01301A214E01303A214C01307A2EB0F80A214005B A2131E133EA25BA2137813F8A25B1201A25B1203A2485AA25B120FA290C7FC5AA2123EA2 123C127CA2127812F8A41278127CA2123C123EA27EA27E7FA212077FA26C7EA212017FA2 12007FA21378137CA27FA2131E131FA27F1480A2EB07C0A2130314E0A2130114F0A21300 1460145A77C323>I<126012F07EA21278127CA2123C123EA27EA27E7FA212077FA26C7E A212017FA212007FA21378137CA27FA2131E131FA27F1480A2EB07C0A2130314E0A21301 14F0A414E01303A214C01307A2EB0F80A214005BA2131E133EA25BA2137813F8A25B1201 A25B1203A2485AA25B120FA290C7FC5AA2123EA2123C127CA2127812F8A25A1260145A7B C323>I<126012F0B3B3B3B3B11260045B76C319>I<003FB812FE4817FFA218FE0078CBFC B3B3AA007FB812FE18FFA26C17FECCFCAE007FB812FEBAFCA26C17FE384878B947>118 D E %EndDVIPSBitmapFont /Fz 166[48 2[48 48 41 37 44 1[37 48 48 59 41 2[22 48 48 37 41 48 44 44 48 7[33 33 33 33 33 33 33 33 33 33 1[17 22 17 44[{TeXBase1Encoding ReEncodeFont}33 66.4176 /Times-Roman rf %DVIPSBitmapFont: FA cmbsy6 6 1 /FA 1 14 df<913803FFF0023F13FF49B612E0010715F8903A1FFE001FFED93FE0EB01FF 01FFC8EA3FC0D801FCED0FE0D803F0ED03F048486F7E48486F7E4848167E90CA123E003E 83A248EF0F80A20078170700F818C0A2481703A76C1707A200781880007C170FA26CEF1F 00A26C173E6D167E6C6C5E6C6C4B5A6C6C4B5AD801FCED0FE06CB4ED3FC0D93FE049B4C7 FCD91FFEEB1FFE0107B612F8010115E0D9003F91C8FC020313F03A2F7BA345>13 D E %EndDVIPSBitmapFont /FB 188[18 67[{TeXBase1Encoding ReEncodeFont}1 24.9066 /Helvetica-Bold rf %DVIPSBitmapFont: FC LMCS-logo 128 1 /FC 1 109 df[174 174 128 301 174 108 D E %EndDVIPSBitmapFont /FD 134[25 1[36 25 28 14 25 17 1[28 28 28 41 11 25 1[11 28 28 14 28 28 25 28 28 7[33 3[36 30 33 36 1[33 39 36 41 28 2[14 36 39 30 33 36 36 33 33 6[14 28 28 28 28 28 28 28 28 28 28 14 14 17 14 2[17 17 40[{TeXBase1Encoding ReEncodeFont}58 49.8132 /Helvetica rf %DVIPSBitmapFont: FE cmsy6 6 3 /FE 3 49 df<136013701360A20040132000E0137038F861F0387E67E0381FFF803807FE 00EA00F0EA07FE381FFF80387E67E038F861F038E060700040132000001300A213701360 14157B9620>3 D13 D48 D E %EndDVIPSBitmapFont /FF 165[44 53 53 1[53 53 44 40 49 1[40 53 53 65 44 53 1[24 53 53 40 44 53 49 49 53 65[{TeXBase1Encoding ReEncodeFont}23 72.7272 /Times-Roman rf /FG 104[91 45 1[40 40 24[40 45 45 66 45 45 25 35 30 45 45 45 45 71 25 45 25 25 45 45 30 40 45 40 45 40 3[30 1[30 1[66 66 86 66 66 56 51 61 66 51 66 66 81 56 66 35 30 66 66 51 56 66 61 61 66 1[40 3[25 25 45 45 45 45 45 45 45 45 45 45 25 23 30 23 2[30 30 30 35[51 51 2[{TeXBase1Encoding ReEncodeFont}79 90.9091 /Times-Roman rf /FH 171[37 33 40 14[40 40 43 65[{ TeXBase1Encoding ReEncodeFont}6 59.7758 /Times-Roman rf %DVIPSBitmapFont: FI cmsy9 9 2 /FI 2 104 df102 D<12FCEAFFC0EA07F0EA01FC6C7E137F7F80131FB3A580 130F6D7E6D7EEB01FC9038007FC0EC1FE0EC7FC0903801FC00EB03F0495A495A131F5CB3 A5133F91C7FC5B13FE485AEA07F0EAFFC000FCC8FC1B4B7BB726>I E %EndDVIPSBitmapFont /FJ 133[29 33 33 50 33 37 21 29 29 1[37 37 37 54 21 1[21 21 37 37 21 33 37 33 37 37 7[42 2[46 1[42 37 46 1[46 54 50 62 42 50 33 25 1[54 46 46 54 50 1[46 6[25 37 37 37 2[37 37 37 37 37 1[19 25 5[25 58 35[37 2[{ TeXBase1Encoding ReEncodeFont}57 74.7198 /Times-Italic rf %DVIPSBitmapFont: FK cmmi6 6 11 /FK 11 107 df<90381FFFFC90B5FC5A4814F83907C07C00380F003C001E131C48131E12 381278A2485BA35C1470007013F0495A6C485AD81C0FC7FCEA0FFEEA03F01E167E9424> 27 D39 D<127812FCA212FEA2127E1206A3120CA2121C121812301260124007107A8513>59 D<131FEBFF8C3801E0DE3803807E3807007C48133C121E123E003C5B127CA3485BA21540 1560903801E0C012781303393807E180391C1CF300380FF87F3807E03C1B177E9522>97 DIIII<140FEC3FC0EC71E014E3A2010113C0ECE1 80ECE000495AA5495AA2EBFFFEA2EB0780A249C7FCA5131EA65BA55BA31370A2EA38F0EA 78E012F8EAF9C0EA7180007FC8FC121E1B2F7CA31E>I<1338137CA2137813701300A7EA 0780EA1FC0EA38E01230EA60F0EAC1E0A3EA03C0A3EA0780A2EA0F0013041306EA1E0CA2 1318121CEA1E70EA0FE0EA07800F237DA116>105 D<1418143C147CA214381400A7EB07 80EB1FE01338EB60F013C0A2EA0180A2380001E0A4EB03C0A4EB0780A4EB0F00A4131EA2 1238EA783CEAF8381378EA70F0EA7FC0001FC7FC162D81A119>I E %EndDVIPSBitmapFont /FL 7[37 79[25 16[75 37 27[33 37 37 54 37 37 21 29 25 37 37 37 37 58 21 37 21 21 37 37 25 33 37 33 37 33 3[25 1[25 46 54 1[71 54 54 46 42 50 54 42 54 54 66 46 54 29 25 54 54 42 46 54 50 50 54 69 5[21 37 37 37 37 37 37 37 37 37 37 21 19 25 19 2[25 25 1[58 34[42 42 2[{ TeXBase1Encoding ReEncodeFont}78 74.7198 /Times-Roman rf %DVIPSBitmapFont: FM cmsy8 8 14 /FM 14 106 df0 D<130C131EA50060EB01800078130739FC0C 0FC0007FEB3F80393F8C7F003807CCF83801FFE038007F80011EC7FCEB7F803801FFE038 07CCF8383F8C7F397F0C3F8000FCEB0FC039781E078000601301000090C7FCA5130C1A1D 7C9E23>3 D32 D<137813FE1201A3120313FCA3EA07F8A313F0A2EA0FE0A313C0121F13 80A3EA3F00A3123E127E127CA35AA35A0F227EA413>48 DI<91B512C01307131FD97F80C7FC01FCC8FCEA01F0EA03C0485A48C9FC120E121E5A1238 12781270A212F05AA3B712C0A300E0C9FCA37E1270A212781238123C7E120E120F6C7E6C 7EEA01F0EA00FCEB7F80011FB512C013071300222B7AA52F>I54 D57 DI<173017F0160116031607A2160FA2161F161B 163B1633167316E3A2ED01C316831503EE03F81507150EA2ED1C011538A2157015E0A2EC 01C0EC0380A2DA07007F140E92B5FC141F5C5C0270C7FC4A801301382003C038700780D8 780FC8127FEAFE3FD8FFFE160449169C49ED3FF86C4816E06C4816C06C48ED1F000007CB FC36337EAF38>65 D<0378172003F81760020118E01A01A26FEE03C01A071A0F0203171F 1A3F037E167FF2FF80A2DA073EED01EFDA063FED03DFF1079FF10F1FDA0E1F151E020C6D 023E1300197C19F84A6C6C49485A19E0F003C0DA3007EC078070EB0F00181E02604B133E 6F6C137C02E05D02C04A48137E6F6C485AD901804A5A70485A0103010049C7FC91C7EAFE 3E49EC7EFC0106EC7FF8010E6E5A010C5DD8301C6E5AD83C385DD87FF86EC8EA7F084902 0C16F8484891C913E01BC06C48F03E006C4895C7FC000FCEFC4D317FAD54>77 D<14301478A214FCA2497E14CEA2EB03CF148701077F1403010F7FEB0E01011E7FEB1C00 013C7F013813700178137801701338A201F0133C49131C0001141E49130E0003140F497F 0007158090C712034815C0000E1401001E15E0001C1400A2003C15F00038157000781578 0070153800F0153C48151C160C26297CA72F>94 D<13031307130F130EA2131E131C133C 1338A21378137013F013E0A2120113C01203138012071300A25A120E121E121CA2123C12 3812781270A212F05A7E1270A212781238123C121CA2121E120E120F7EA21380120313C0 120113E01200A213F0137013781338A2133C131C131E130EA2130F1307130310437AB11B >104 D<12E0A27E1270A212781238123C121CA2121E120E120F7EA21380120313C01201 13E01200A213F0137013781338A2133C131C131E130EA2130F1307130F130EA2131E131C 133C1338A21378137013F013E0A2120113C01203138012071300A25A120E121E121CA212 3C123812781270A212F05AA210437CB11B>I E %EndDVIPSBitmapFont /FN 133[40 45 45 66 45 51 30 35 40 1[51 45 51 76 25 51 1[25 51 45 30 40 51 40 51 45 7[66 1[91 66 66 61 51 66 1[56 71 66 86 61 71 1[35 71 71 56 61 66 66 61 66 6[30 45 45 45 45 45 45 45 45 45 45 1[23 30 5[30 36[51 2[{ TeXBase1Encoding ReEncodeFont}61 90.9091 /Times-Bold rf /FO 105[37 28[33 1[48 1[37 18 33 22 1[37 37 37 55 15 2[15 37 37 1[37 37 33 37 37 10[44 2[44 2[44 2[55 37 8[48 1[44 6[18 37 37 1[37 37 1[37 37 37 37 1[18 22 18 2[22 22 40[{TeXBase1Encoding ReEncodeFont}41 66.4176 /Helvetica rf end %%EndProlog %%BeginSetup %%Feature: *Resolution 600dpi TeXDict begin end HPSdict begin /TargetAnchors 0 dict dup begin end targetdump-hook def end TeXDict begin %%EndSetup %%Page: 1 1 TeXDict begin HPSdict begin 1 0 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 0 420 a SDict begin [ /Producer (dvips + Distiller) /Title () /Subject () /Creator (LaTeX with hyperref package) /Author () /Keywords () /DOCINFO pdfmark end 0 420 a 150 282 a SDict begin H.S end 150 282 a 150 282 a SDict begin H.R end 150 282 a 150 282 a SDict begin [ /View [/XYZ H.V] /Dest (page.1) cvn /DEST pdfmark end 150 282 a -200 x FO(Logical)18 b(Methods)h(in)f(Computer)h (Science)150 165 y(V)-5 b(ol.)19 b(5)f(\(2:12\))h(2009,)g(pp)n(.)f (1\22630)150 248 y(www)l(.lmcs-online)o(.org)p 150 334 3600 4 v 2970 166 a(Submitted)87 b(Apr)m(.)55 b(2,)19 b(2006)2970 249 y(Pub)o(lished)70 b(Ma)n(y)38 b(28,)18 b(2009)150 348 y SDict begin [ /Count -0 /Dest (section.1) cvn /Title (1. Introduction) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -2 /Dest (section.2) cvn /Title (2. Preliminaries) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.2.1) cvn /Title (2.1. Notation) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.2.2) cvn /Title (2.2. Setting) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -2 /Dest (section.3) cvn /Title (3. Axiomatization of Transitive Closure) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.3.1) cvn /Title (3.1. Some TC-Sound Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.3.2) cvn /Title (3.2. Coloring Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -3 /Dest (section.4) cvn /Title (4. On TC-Completeness) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.4.1) cvn /Title (4.1. More About TC-Completeness) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.4.2) cvn /Title (4.2. Nelson's Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.4.3) cvn /Title (4.3. TC-Completeness for Words) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -6 /Dest (section.5) cvn /Title (5. Heuristics for Using the Coloring Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.1) cvn /Title (5.1. Reverse Specification) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.2) cvn /Title (5.2. Proving Formulas using the Coloring Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.3) cvn /Title (5.3. The Search Space of Possible Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.4) cvn /Title (5.4. Exploring the Search Space) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.5) cvn /Title (5.5. Implementation) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.5.6) cvn /Title (5.6. Further Examples) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -1 /Dest (section.6) cvn /Title (6. Applicability of the Coloring Axioms) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (subsection.6.1) cvn /Title (6.1. Precise Update) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (section.7) cvn /Title (7. Related Work) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -1 /Dest (section.8) cvn /Title (8. Conclusion) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (section*.1) cvn /Title (Acknowledgements) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Count -0 /Dest (section*.2) cvn /Title (References) /OUT pdfmark end 150 348 a 150 348 a SDict begin [ /Page 1 /View [ /Fit ] /PageMode /UseOutlines /DOCVIEW pdfmark end 150 348 a 150 348 a SDict begin [ {Catalog}<<>> /PUT pdfmark end 150 348 a 150 348 a SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (Doc-Start) cvn /DEST pdfmark end 150 348 a 496 697 a FN(SIMULA)-9 b(TING)28 b(REA)-5 b(CHABILITY)26 b(USING)j(FIRST)-8 b(-ORDER)26 b(LOGIC)j(WITH)428 813 y(APPLICA)-9 b(TIONS)27 b(T)n(O)i(VERIFICA)-9 b(TION)28 b(OF)h(LINKED)f(D)m(A)-9 b(T)h(A)28 b(STR)m(UCTURES)3436 780 y FM(\003)205 1062 y FL(T)-7 b(AL)18 b(LEV)-7 b(-AMI)683 1030 y FK(a)720 1062 y FL(,)19 b(NEIL)f(IMMERMAN)1387 1030 y FK(b)1418 1062 y FL(,)h(THOMAS)f(W)-7 b(.)18 b(REPS)2082 1030 y FK(c)2114 1062 y FL(,)h(MOOL)-7 b(Y)18 b(SA)m(GIV)2675 1030 y FK(d)2711 1062 y FL(,)g(SIDDHAR)l(TH)f(SRIV)-10 b(AST)j(A)d(V)g(A)3643 1030 y FK(e)3676 1062 y FL(,)1578 1153 y(AND)18 b(GRET)-7 b(A)18 b(Y)n(ORSH)2283 1121 y FK(f)156 1296 y(a;d;f)318 1327 y FL(School)h(of)g(Computer)h(Science,)f (T)-5 b(el)18 b(A)-6 b(vi)n(v)19 b(Uni)n(v)o(ersity)316 1419 y FJ(e-mail)g(addr)m(ess)p FL(:)24 b(tal.le)n(v)n (ami@cs.tau.ac.il,)18 b FI(f)p FL(msagi)n(v)-5 b(,gretay)p FI(g)p FL(@post.tau.ac.il)220 1544 y FK(b;e)318 1576 y FL(Department)20 b(of)e(Computer)i(Science,)f(Uni)n(v)o(ersity)g(of)g (Massachusetts,)h(Amherst)316 1667 y FJ(e-mail)f(addr)m(ess)p FL(:)24 b FI(f)p FL(immerman,siddharth)p FI(g)p FL(@cs.umass.edu)267 1791 y FK(c)318 1823 y FL(Computer)c(Science)f(Department,)g(Uni)n(v)o (ersity)g(of)g(W)m(isconsin,)g(Madison)316 1914 y FJ(e-mail)g(addr)m (ess)p FL(:)24 b(reps@cs.wisc.edu)p 150 2051 3600 4 v 451 2214 a(A)t FH(B)t(S)t(T)t(R)t(A)r(C)t(T)o FL(.)39 b(This)24 b(paper)g(sho)n(ws)h(ho)n(w)g(to)f(harness)g(e)o(xisting)h (theorem)f(pro)o(v)o(ers)h(for)f(\002rst-order)g(logic)g(to)g(au-)449 2305 y(tomatically)d(v)o(erify)g(safety)h(properties)f(of)g(imperati)n (v)o(e)h(programs)g(that)f(perform)h(dynamic)g(storage)f(allocation)449 2397 y(and)j(destructi)n(v)o(e)f(updating)h(of)g(pointer)o(-v)n(alued)g (structure)f(\002elds.)35 b(One)23 b(of)g(the)g(main)h(obstacles)f(is)g (specifying)449 2488 y(and)c(pro)o(ving)h(the)f(\(absence\))h(of)f (reachability)h(properties)f(among)h(dynamically)g(allocated)g(cells.) 549 2579 y(The)k(main)g(technical)h(contrib)o(utions)f(are)g(methods)i (for)e(simulating)g(reachability)h(in)f(a)g(conserv)n(ati)n(v)o(e)h(w)o (ay)449 2671 y(using)d(\002rst-order)g(formulas\227the)g(formulas)g (describe)g(a)g(superset)g(of)g(the)g(set)g(of)f(program)i(states)e (that)h(w)o(ould)449 2762 y(be)d(speci\002ed)f(if)g(one)h(had)g(a)g (precise)f(w)o(ay)h(to)g(e)o(xpress)g(reachability)-5 b(.)46 b(These)19 b(methods)g(are)g(emplo)o(yed)h(for)e(semi-)449 2853 y(automatic)24 b(program)g(v)o(eri\002cation)f(\(i.e.,)g(using)h (programmer)o(-supplied)h(loop)f(in)m(v)n(ariants\))f(on)h(programs)g (such)449 2945 y(as)16 b(mark-and-sweep)j(garbage)e(collection)g(and)g (destructi)n(v)o(e)h(re)n(v)o(ersal)f(of)f(a)h(singly)g(link)o(ed)g (list.)22 b(\(The)16 b(mark-and-)449 3036 y(sweep)j(e)o(xample)h(has)f (been)h(pre)n(viously)g(reported)g(as)f(being)h(be)o(yond)g(the)f (capabilities)g(of)g(ESC/Ja)o(v)n(a.\))150 3318 y SDict begin H.S end 150 3318 a 150 3318 a SDict begin 13 H.A end 150 3318 a 150 3318 a SDict begin [ /View [/XYZ H.V] /Dest (section.1) cvn /DEST pdfmark end 150 3318 a 1590 3426 a FG(1.)48 b(I)t FF(N)t(T)t(R)q(O)t(D)t(U)t(C)t(T)t(I)t(O)t(N)316 3588 y FG(This)19 b(paper)h(e)o(xplores)i(ho)n(w)c(to)h(harness)j(e)o (xisting)f(theorem)f(pro)o(v)o(ers)g(for)g(\002rst-order)h(logic)f(to)f (pro)o(v)o(e)h(reach-)150 3696 y(ability)26 b(properties)h(of)d (programs)i(that)f(manipulate)h(dynamically)h(allocated)g(data)d (structures.)34 b(The)24 b(approach)150 3804 y(that)i(we)f(use)h(in)l (v)n(olv)o(es)i(simulating)g(reachability)h(in)d(a)f(conserv)n(ati)n(v) o(e)j(w)o(ay)e(using)h(\002rst-order)g(formulas\227i.e.,)150 3912 y(the)h(formulas)g(describe)h(a)e(superset)i(of)f(the)f(set)h(of)f (program)h(states)g(that)g(w)o(ould)g(be)f(speci\002ed)i(if)e(one)g (had)h(an)150 4020 y(accurate)e(w)o(ay)d(to)g(e)o(xpress)i (reachability)-6 b(.)p 150 4097 499 4 v 250 4189 a FJ(1998)20 b(A)n(CM)e(Subject)i(Classi\002cation:)38 b FL(F)-6 b(.3.1,)18 b(F)-6 b(.4.1,)18 b(F)-6 b(.3.2.)250 4280 y FJ(K)m(e)n(y)34 b(wor)m(ds)i(and)f(phr)o(ases:)k FL(First)33 b(Order)i(Logic,)j(T)m (ransiti)n(v)o(e)c(Closure,)39 b(Approximation,)g(Program)c(V)-8 b(eri\002cation,)38 b(Program)150 4371 y(Analysis.)198 4431 y FE(\003)252 4463 y FL(A)19 b(preliminary)h(v)o(ersion)g(of)g (this)f(paper)h(appeared)h(in)f(Automated)g(Deduction)g(-)f(CADE-20,)h (20th)g(International)g(Conference)g(on)150 4554 y(Automated)g (Deduction,)f(T)-6 b(allinn,)19 b(Estonia,)f(July)h(22-27,)h(2005.)195 4613 y FK(a)252 4645 y FL(This)e(research)i(w)o(as)f(supported)h(by)g (an)f(Adams)g(Fello)n(wship)g(through)h(the)f(Israel)g(Academy)h(of)f (Sciences)g(and)h(Humanities.)153 4705 y FK(b;e)252 4736 y FL(Supported)g(by)f(NSF)f(grants)h(CCF-0514621,0541018,0830174.)201 4796 y FK(c)252 4828 y FL(Supported)h(by)f(ONR)f(under)i(contracts)g (N00014-01-1-)p FI(f)p FL(0796,0708)p FI(g)p FL(.)193 4889 y FK(f)252 4921 y FL(P)o(artially)d(supported)k(by)e(the)g (Israeli)g(Academy)h(of)f(Science.)328 5279 y FD(LOGICAL)13 b(METHODS)150 5328 y FC(l)t FD(IN)h(COMPUTER)h(SCIENCE)1087 5329 y(DOI:10.2168/LMCS-5)c(\(2:12\))h(2009)2044 5270 y(c)2026 5272 y FE(\015)50 b FD(T)-6 b(.)14 b(Le)o(v-Ami,)f(N.)h(Immer) q(man,)f(T)-6 b(.)15 b(Reps,)e(M.)h(Sagiv,)f(S)o(.)h(Sr)q(iv)o(asta)o (v)o(a,)d(and)i(G.)h(Y)-7 b(orsh)2040 5323 y FB(CC)2023 5328 y FA(\015)2134 5329 y SDict begin H.S end 2134 5329 a -1 x FD(Creativ)o(e)12 b(Commons)2559 5292 y SDict begin H.R end 2559 5292 a 2559 5328 a SDict begin [ /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Color [0 1 1] /Action << /Subtype /URI /URI (http://creativecommons.org/about/licenses) >> /Subtype /Link H.B /ANN pdfmark end 2559 5328 a eop end end %%Page: 2 2 TeXDict begin HPSdict begin 2 1 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.2) cvn /DEST pdfmark end 150 82 a Fz(2)561 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)316 448 y FG(Automatically)39 b(establishing)i (safety)d(and)g(li)n(v)o(eness)g(properties)i(of)d(sequential)j(and)e (concurrent)i(pro-)150 555 y(grams)30 b(that)h(permit)f(dynamic)i (storage)f(allocation)i(and)e(lo)n(w-le)n(v)o(el)f(pointer)i (manipulations)h(is)d(challenging.)150 663 y(Dynamic)22 b(allocation)i(causes)f(the)f(state)g(space)h(to)e(be)h(in\002nite;)h (moreo)o(v)o(er)l(,)g(a)e(program)i(is)e(permitted)i(to)f(mutate)150 771 y(a)d(data)i(structure)h(by)e(destructi)n(v)o(ely)j(updating)g (pointer)n(-v)n(alued)h(\002elds)c(of)g(nodes.)28 b(These)21 b(features)g(remain)g(e)n(v)o(en)150 879 y(if)j(a)f(programming)j (language)g(has)f(good)f(capabilities)k(for)c(data)g(abstraction.)33 b(Abstract-datatype)28 b(operations)150 987 y(are)j(implemented)i (using)f(loops,)h(procedure)h(calls,)f(and)e(sequences)j(of)d(lo)n (w-le)n(v)o(el)g(pointer)i(manipulations;)150 1095 y(consequently)-6 b(,)33 b(it)27 b(is)h(hard)g(to)g(pro)o(v)o(e)g(that)h(a)e (data-structure)32 b(in)l(v)n(ariant)e(is)e(reestablished)j(once)e(a)e (sequence)j(of)150 1203 y(operations)25 b(is)c(\002nished)i([)970 1204 y SDict begin H.S end 970 1204 a -1 x FG(Hoa75)1212 1141 y SDict begin H.R end 1212 1141 a 1212 1203 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.kn:Hoare75) cvn H.B /ANN pdfmark end 1212 1203 a FG(].)28 b(In)22 b(languages)i(such)e(as)g (Ja)n(v)n(a,)g(concurrenc)o(y)j(poses)e(yet)f(another)h(challenge:)150 1311 y(establishing)31 b(the)c(absence)i(of)e(deadlock)i(requires)g (establishing)h(the)e(absence)g(of)f(an)o(y)g(c)o(ycle)h(of)f(threads)i (that)150 1419 y(are)24 b(w)o(aiting)g(for)g(locks)h(held)f(by)g(other) g(threads.)316 1527 y(Reachability)36 b(is)d(crucial)i(for)e(reasoning) j(about)f(link)o(ed)f(data)g(structures.)61 b(F)o(or)32 b(instance,)38 b(to)33 b(establish)150 1635 y(that)h(a)e(memory)h (con\002guration)j(contains)f(no)f(garbage)g(elements,)i(we)d(must)g (sho)n(w)f(that)i(e)n(v)o(ery)f(element)h(is)150 1743 y(reachable)26 b(from)d(some)h(program)h(v)n(ariable.)30 b(Other)24 b(cases)h(where)e(reachability)k(is)d(a)f(useful)i(notion)g (include)150 1781 y SDict begin H.S end 150 1781 a 150 1781 a SDict begin 13 H.A end 150 1781 a 150 1781 a SDict begin [ /View [/XYZ H.V] /Dest (Item.1) cvn /DEST pdfmark end 150 1781 a 89 x Fy(\017)42 b FG(Specifying)31 b(ac)o(yclicity)f(of)f(data-structure)j(fragments,)f(i.e.,)e(from)f(e)n (v)o(ery)h(element)h(reachable)h(from)d(node)237 1977 y Fx(n)p FG(,)22 b(one)i(cannot)h(reach)g Fx(n)150 1990 y SDict begin H.S end 150 1990 a 150 1990 a SDict begin 13 H.A end 150 1990 a 150 1990 a SDict begin [ /View [/XYZ H.V] /Dest (Item.2) cvn /DEST pdfmark end 150 1990 a 95 x Fy(\017)42 b FG(Specifying)26 b(the)f(ef)n(fect)g(of)f (procedure)j(calls)e(when)f(references)j(are)e(passed)h(as)e(ar)n (guments:)33 b(only)25 b(elements)237 2193 y(that)f(are)g(reachable)i (from)d(a)g(formal)h(parameter)i(can)d(be)h(modi\002ed)150 2213 y SDict begin H.S end 150 2213 a 150 2213 a SDict begin 13 H.A end 150 2213 a 150 2213 a SDict begin [ /View [/XYZ H.V] /Dest (Item.3) cvn /DEST pdfmark end 150 2213 a 88 x Fy(\017)42 b FG(Specifying)26 b(the)d(absence)j(of)d (deadlocks)150 2321 y SDict begin H.S end 150 2321 a 150 2321 a SDict begin 13 H.A end 150 2321 a 150 2321 a SDict begin [ /View [/XYZ H.V] /Dest (Item.4) cvn /DEST pdfmark end 150 2321 a 88 x Fy(\017)42 b FG(Specifying)22 b(safety)f(conditions)i(that)e(allo)n(w)e(establishing)24 b(that)c(a)g(data-structure)k(tra)n(v)o(ersal)e(terminates,)g(e.g.,)237 2517 y(there)i(is)g(a)f(path)h(from)g(a)f(node)h(to)g(a)f(sink-node)j (of)d(the)h(data)g(structure.)150 2644 y(The)i(v)o(eri\002cation)i(of)e (such)i(properties)h(presents)f(a)e(challenge.)40 b(Ev)o(en)26 b(simple)h(decidable)i(fragments)f(of)e(\002rst-)150 2752 y(order)33 b(logic)h(become)f(undecidable)j(when)d(reachability)j (is)c(added)i([)2433 2754 y SDict begin H.S end 2433 2754 a -2 x FG(GME99)2726 2690 y SDict begin H.R end 2726 2690 a 2726 2752 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.GOR99) cvn H.B /ANN pdfmark end 2726 2752 a FG(,)2780 2753 y SDict begin H.S end 2780 2753 a -1 x FG(IRR)2932 2719 y Fw(+)2991 2752 y FG(04a)3122 2679 y SDict begin H.R end 3122 2679 a 3122 2752 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.eadtc) cvn H.B /ANN pdfmark end 3122 2752 a FG(].)55 b(Moreo)o(v)o(er)l(,)36 b(the)150 2860 y(utility)20 b(of)e(monadic)h(second-order)j(logic)d(on)g(trees)g(is)f (rather)h(limited)g(because)h(\(i\))e(man)o(y)g(programs)i(allo)n(w)e (non-)150 2968 y(tree)24 b(data)g(structures,)i(\(ii\))e(e)o(xpressing) i(the)d(postcondition)28 b(of)23 b(a)g(procedure)j(\(which)e(is)g (essential)h(for)f(modular)150 3076 y(reasoning\))30 b(usually)f(requires)g(referring)h(to)d(the)g(pre-state)j(that)d(holds) i(before)f(the)g(procedure)h(e)o(x)o(ecutes,)h(and)150 3184 y(thus)c(cannot,)g(in)f(general,)h(be)f(e)o(xpressed)i(in)e (monadic)h(second-order)j(logic)d(on)f(trees\227e)n(v)o(en)h(for)f (procedures)150 3291 y(that)31 b(manipulate)h(only)f(singly-link)o(ed)j (lists,)f(such)e(as)f(the)g(in-situ)i(list-re)n(v)o(ersal)h(program)e (sho)n(wn)f(in)g(Fig.)3682 3292 y SDict begin H.S end 3682 3292 a -1 x FG(6)3727 3229 y SDict begin H.R end 3727 3229 a 3727 3291 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.6) cvn H.B /ANN pdfmark end 3727 3291 a FG(,)150 3399 y(and)24 b(\(iii\))g(the)g(comple)o(xity)h(is)f(prohibiti)n(v)o(e.)316 3507 y(While)k(our)f(w)o(ork)h(w)o(as)f(actually)i(moti)n(v)n(ated)f (by)g(our)f(e)o(xperience)j(using)f(abstract)g(interpretation)i(\226)c (and,)150 3615 y(in)k(particular)l(,)36 b(the)c(TVLA)d(system)j([)1379 3616 y SDict begin H.S end 1379 3616 a -1 x FG(LAS00)1642 3553 y SDict begin H.R end 1642 3553 a 1642 3615 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.SAS:LS00) cvn H.B /ANN pdfmark end 1642 3615 a FG(,)1695 3616 y SDict begin H.S end 1695 3616 a -1 x FG(SR)-5 b(W02)1978 3553 y SDict begin H.R end 1978 3553 a 1978 3615 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.TOPLAS:SRW02) cvn H.B /ANN pdfmark end 1978 3615 a FG(,)2031 3616 y SDict begin H.S end 2031 3616 a -1 x FG(RSW04)2319 3553 y SDict begin H.R end 2319 3553 a 2319 3615 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CAV:RSW04) cvn H.B /ANN pdfmark end 2319 3615 a FG(])31 b(\226)g(to)g (establish)j(properties)g(of)e(programs)150 3723 y(that)c(manipulate)h (heap-allocated)i(data)d(structures,)i(in)d(this)h(paper)l(,)h(we)d (consider)k(the)d(problem)h(of)f(v)o(erifying)150 3831 y(data-structure)34 b(operations,)h(assuming)d(that)f(we)e(ha)n(v)o(e)i (user)n(-supplied)j(loop)d(in)l(v)n(ariants.)52 b(This)30 b(is)g(similar)h(to)150 3939 y(the)24 b(approach)i(tak)o(en)e(in)g (systems)h(lik)o(e)f(ESC/Ja)n(v)n(a)f([)1823 3940 y SDict begin H.S end 1823 3940 a -1 x FG(FLL)1986 3906 y Fw(+)2044 3939 y FG(02)2135 3866 y SDict begin H.R end 2135 3866 a 2135 3939 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.PLDI:FLLNSS02) cvn H.B /ANN pdfmark end 2135 3939 a FG(],)f(and)i(P)o(ale)f([) 2572 3940 y SDict begin H.S end 2572 3940 a -1 x FG(MS01)2795 3877 y SDict begin H.R end 2795 3877 a 2795 3939 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.PLDI:MS01) cvn H.B /ANN pdfmark end 2795 3939 a FG(].)316 4047 y(The)g(contrib)n(utions) 28 b(of)23 b(the)h(paper)h(can)f(be)f(summarized)i(as)f(follo)n(ws:)316 4174 y FN(Handling)i FG(FO\(TC\))e FN(f)n(ormulas)j(using)f FG(FO)f FN(theor)n(em)i(pr)n(o)o(v)o(ers.)40 b FG(W)-7 b(e)26 b(w)o(ant)g(to)h(use)g(\002rst-order)h(theorem)150 4282 y(pro)o(v)o(ers)36 b(and)g(we)e(need)h(to)g(discuss)i(the)e (transiti)n(v)o(e)i(closure)g(of)e(certain)h(binary)h(predicates,)j Fx(f)10 b FG(.)62 b(Ho)n(we)n(v)o(er)l(,)150 4390 y(\002rst-order)32 b(theorem)f(pro)o(v)o(ers)g(cannot)h(handle)g(transiti)n(v)o(e)g (closure.)50 b(W)-7 b(e)29 b(solv)o(e)i(this)g(conundrum)h(by)f(adding) 150 4498 y(a)e(ne)n(w)g(relation)i(symbol)f Fx(f)1044 4512 y Fw(tc)1135 4498 y FG(for)g(each)g(such)g Fx(f)10 b FG(,)30 b(together)h(with)e(\002rst-order)i(axioms)g(that)f(assure)g (that)g Fx(f)3598 4512 y Fw(tc)3689 4498 y FG(is)150 4605 y(interpreted)k(correctly)-6 b(.)53 b(The)31 b(theoretical)j (details)e(of)f(ho)n(w)f(this)i(is)f(done)h(are)f(presented)i(in)e (Section)3490 4606 y SDict begin H.S end 3490 4606 a -1 x FG(3)3535 4544 y SDict begin H.R end 3535 4544 a 3535 4605 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.3) cvn H.B /ANN pdfmark end 3535 4605 a FG(.)51 b(The)150 4713 y(f)o(act)30 b(that)g(we)f(are)h(able)h(to)e(handle)i(transiti)n (v)o(e)h(closure)f(ef)n(fecti)n(v)o(ely)h(and)e(reasonably)j (automatically)g(is)c(quite)150 4821 y(surprising.)316 4929 y(As)d(e)o(xplained)j(in)e(Section)1217 4930 y SDict begin H.S end 1217 4930 a -1 x FG(3)1263 4867 y SDict begin H.R end 1263 4867 a 1263 4929 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.3) cvn H.B /ANN pdfmark end 1263 4929 a FG(,)f(the)i(axioms)f(that)h(we)e(add)h(to)g(control)i(the) e(beha)n(vior)j(of)c(the)i(added)g(predi-)150 5037 y(cates,)h Fx(f)427 5051 y Fw(tc)489 5037 y FG(,)e(must)g(be)g(sound)i(b)n(ut)f (not)f(necessarily)j(complete.)41 b(One)27 b(w)o(ay)g(to)g(think)h (about)g(this)g(is)f(that)h(we)e(are)150 5145 y(simulating)d(a)e (formula,)i Fx(\037)p FG(,)d(in)h(which)h(transiti)n(v)o(e)h(closure)g (occurs,)g(with)e(a)g(pure)h(\002rst-order)h(formula)f Fx(\037)3474 5112 y FM(0)3498 5145 y FG(.)27 b(If)21 b(our)150 5253 y(axioms)28 b(are)e(not)i(complete)g(then)f(we)f(are)h (allo)n(wing)h Fx(\037)1927 5220 y FM(0)1976 5253 y FG(to)f(denote)h (more)f(stores)h(than)f Fx(\037)f FG(does.)39 b(The)26 b(study)i(of)150 5361 y(methods)e(that)g(are)g(sound)g(b)n(ut)g (potentially)i(incomplete)f(is)e(moti)n(v)n(ated)i(by)e(the)h(f)o(act)f (that)h Fv(abstr)o(action)i FG([)3507 5362 y SDict begin H.S end 3507 5362 a -1 x FG(CC77)3720 5299 y SDict begin H.R end 3720 5299 a 3720 5361 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.POPL:CC77) cvn H.B /ANN pdfmark end 3720 5361 a FG(])p eop end end %%Page: 3 3 TeXDict begin HPSdict begin 3 2 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.3) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)863 b(3)150 448 y FG(can)29 b(be)g(an)g(aid)g(in)g (the)g(v)o(eri\002cation)i(of)e(man)o(y)g(properties.)47 b(In)29 b(terms)g(of)g(logic,)i(abstraction)h(corresponds)g(to)150 555 y(using)22 b(formulas)g(that)f(describe)i(a)d(superset)j(of)e(the)g (set)g(of)f(program)i(states)g(that)f(can)g(actually)i(arise.)29 b(A)19 b(de\002nite)150 663 y(answer)28 b(about)g(whether)h(a)d (property)k(al)o(w)o(ays)e(holds)g(can)g(sometimes)g(be)f(obtained)j(e) n(v)o(en)d(when)h(information)150 771 y(has)c(been)g(lost)g(because)i (of)d(abstraction.)316 879 y(If)f Fx(\037)455 846 y FM(0)499 879 y FG(is)g(pro)o(v)o(en)h(v)n(alid)g(in)f(FO)e(then)j Fx(\037)e FG(is)h(also)h(v)n(alid)f(in)g(FO\(TC\);)f(ho)n(we)n(v)o(er)l (,)h(if)g(we)f(f)o(ail)i(to)f(pro)o(v)o(e)g(that)h Fx(\037)3645 846 y FM(0)3689 879 y FG(is)150 987 y(v)n(alid,)f(it)e(is)h(still)h (possible)h(that)e Fx(\037)f FG(is)h(v)n(alid:)28 b(the)21 b(f)o(ailure)i(w)o(ould)e(be)g(due)g(to)g(the)g(incompleteness)k(of)c (the)g(axioms,)150 1095 y(or)i(the)h(lack)g(of)g(time)f(or)h(space)g (for)g(the)g(theorem)h(pro)o(v)o(er)f(to)f(complete)i(the)f(proof.)316 1203 y(As)h(we)h(will)f(see)i(in)f(Section)1276 1204 y SDict begin H.S end 1276 1204 a -1 x FG(3)1321 1141 y SDict begin H.R end 1321 1141 a 1321 1203 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.3) cvn H.B /ANN pdfmark end 1321 1203 a FG(,)g(it)f(is)h(easy)h(to)f(write)g(a)g(sound)h (axiom,)g Fx(T)2663 1217 y Fw(1)2703 1203 y Fu([)p Fx(f)10 b Fu(])p FG(,)25 b(that)i(is)f(\223complete\224)i(in)e(the)150 1311 y(v)o(ery)21 b(limited)g(sense)g(that)g(e)n(v)o(ery)f(\002nite,)h (ac)o(yclic)h(model)e(satisfying)j Fx(T)2374 1325 y Fw(1)2414 1311 y Fu([)p Fx(f)10 b Fu(])19 b FG(must)h(interpret)j Fx(f)3107 1325 y Fw(tc)3189 1311 y FG(as)d(the)g(re\003e)o(xi)n(v)o(e,) 150 1419 y(transiti)n(v)o(e)26 b(closure)h(of)d(its)h(interpretation)j (of)c Fx(f)10 b FG(.)30 b(Ho)n(we)n(v)o(er)l(,)25 b(in)f(practice)i (this)f(is)g(not)f(w)o(orth)h(much)g(because,)h(as)150 1527 y(is)e(well-kno)n(wn,)g(\002niteness)i(is)d(not)h(e)o(xpressible)j (in)d(\002rst-order)h(logic.)30 b(Thus,)24 b(the)g(properties)i(that)f (we)e(w)o(ant)g(to)150 1635 y(pro)o(v)o(e)k(do)g(not)g(follo)n(w)f (from)h Fx(T)1155 1649 y Fw(1)1194 1635 y Fu([)p Fx(f)10 b Fu(])p FG(.)37 b(W)-7 b(e)26 b(do)g(pro)o(v)o(e)h(that)g Fx(T)2065 1649 y Fw(1)2105 1635 y Fu([)p Fx(f)10 b Fu(])25 b FG(is)i(complete)h(for)e(positi)n(v)o(e)i(transiti)n(v)o(e-closure) 150 1743 y(properties)g(\(Proposition)1012 1744 y SDict begin H.S end 1012 1744 a -1 x FG(3.2)1126 1681 y SDict begin H.R end 1126 1681 a 1126 1743 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.3.2) cvn H.B /ANN pdfmark end 1126 1743 a FG(\).)34 b(The)24 b(real)i(dif)n(\002culty)h(lies)f(in)f (pro)o(ving)i(properties)h(in)l(v)n(olving)h(the)c(ne)o(gation)i(of)150 1851 y Fx(f)195 1865 y Fw(tc)257 1851 y FG(,)c(i.e.,)f(that)j(a)e (certain)i Fx(f)10 b FG(-path)24 b(does)g(not)g(e)o(xist.)316 1959 y FN(Induction)k(axiom)i(scheme.)46 b FG(T)-7 b(o)28 b(solv)o(e)i(the)f(abo)o(v)o(e)h(problem,)i(we)c(add)i(an)f(induction)j (axiom)e(scheme.)150 2066 y(Although)c(in)e(general,)i(there)g(is)e(no) g(complete,)i(recursi)n(v)o(ely-enumerable)k(axiomatization)e(of)c (transiti)n(v)o(e)j(clo-)150 2174 y(sure)e(\(Proposition)798 2175 y SDict begin H.S end 798 2175 a -1 x FG(4.1)912 2112 y SDict begin H.R end 912 2112 a 912 2174 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.1) cvn H.B /ANN pdfmark end 912 2174 a FG(\),)f(we)f(ha)n(v)o(e)i(found,)h(on)e(the)h (practical)i(side,)e(that)g(on)f(the)h(e)o(xamples)h(we)d(ha)n(v)o(e)i (tried,)g Fx(T)3710 2188 y Fw(1)150 2282 y FG(plus)d(induction)h(allo)n (ws)e(us)g(to)g(automatically)j(pro)o(v)o(e)d(all)g(of)g(our)g(desired) h(properties.)31 b(On)20 b(the)h(theoretical)j(side,)150 2390 y(we)f(pro)o(v)o(e)h(that)g(our)g(axiomatization)j(is)c(complete)i (for)f(w)o(ord)g(models)g(\(Theorem)2815 2391 y SDict begin H.S end 2815 2391 a -1 x FG(4.8)2929 2328 y SDict begin H.R end 2929 2328 a 2929 2390 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.8) cvn H.B /ANN pdfmark end 2929 2390 a FG(\).)316 2498 y(W)-7 b(e)25 b(think)i(of)f(the)g (axioms)g(that)h(we)e(use)h(as)g(aides)h(for)f(the)g(\002rst-order)h (theorem)g(pro)o(v)o(er)g(that)f(we)f(emplo)o(y)150 2606 y(\()r(S)t FF(P)m(A)t(S)t(S)i FG([)472 2608 y SDict begin H.S end 472 2608 a -2 x FG(WGR96)775 2544 y SDict begin H.R end 775 2544 a 775 2606 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CADE:SPASS96) cvn H.B /ANN pdfmark end 775 2606 a FG(]\))22 b(to)g(pro)o(v)o(e)h(the)f(properties)j(in)d (question.)31 b(Rather)23 b(than)g(gi)n(ving)i(S)t FF(P)m(A)t(S)t(S)i FG(man)o(y)22 b(instances)i(of)150 2714 y(the)e(induction)j(scheme,)e (our)g(e)o(xperience)i(is)d(that)g(it)g(\002nds)h(the)f(proof)h(f)o (aster)h(if)e(we)f(gi)n(v)o(e)h(it)g(se)n(v)o(eral)i(axioms)f(that)150 2822 y(are)i(simpler)h(to)e(use)i(than)f(induction.)35 b(As)24 b(already)j(mentioned,)g(the)e(hard)g(part)g(is)g(to)g(sho)n(w) f(that)i(certain)g(paths)150 2930 y(do)e(not)g(e)o(xist.)316 3038 y FN(Coloring)k(axiom)g(schemes.)41 b FG(In)27 b(particular)l(,)32 b(we)26 b(use)i(three)h(axiom)e(schemes,)j(ha)n(ving)f(to)f(do)f(with)g (par)n(-)150 3146 y(titioning)g(memory)e(into)g(a)f(small)h(set)g(of)g (colors.)33 b(W)-7 b(e)24 b(call)h(instances)i(of)e(these)g(schemes)h (\223coloring)h(axioms\224.)150 3254 y(Our)h(coloring)i(axioms)f(are)f (simple,)i(and)e(are)h Ft(easily)g(pro)o(v)o(ed)g(using)h FN(S)t Fs(P)o(A)t(S)t(S)h Ft(\(in)d(under)f(ten)h(seconds\))h(from)150 3362 y(the)c(induction)g(axioms)p FG(.)35 b(F)o(or)25 b(e)o(xample,)h(the)f(\002rst)g(coloring)j(axiom)e(scheme,)g FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])p FG(,)25 b(says)h(that)g(if) f(no)150 3470 y Fx(f)10 b FG(-edges)28 b(lea)n(v)o(e)g(color)h(class,)f Fx(A)p FG(,)g(then)g(no)f Fx(f)10 b FG(-paths)28 b(lea)n(v)o(e)g Fx(A)p FG(.)40 b(It)27 b(turns)h(out)g(that)g(the)f FN(NoExit)h FG(axiom)f(scheme)150 3577 y(implies)32 b(\226)f(and)h(thus)g(is)f (equi)n(v)n(alent)j(to)d(\226)g(the)h(induction)i(scheme.)53 b(Ho)n(we)n(v)o(er)l(,)33 b(we)d(ha)n(v)o(e)i(found)h(in)e(practice)150 3685 y(that)24 b(e)o(xplicitly)i(adding)f(other)g(coloring)h(axioms)e (\(which)g(are)g(consequences)k(of)23 b FN(NoExit)q FG(\))g(enables)k (S)t FF(P)m(A)t(S)t(S)h FG(to)150 3793 y(pro)o(v)o(e)c(properties)i (that)e(it)g(otherwise)h(f)o(ails)f(at.)316 3901 y(W)-7 b(e)23 b(\002rst)g(assume)h(that)g(the)g(programmer)h(pro)o(vides)g (the)f(colors)h(by)e(means)h(of)f(\002rst-order)j(formulas)e(with)150 4009 y(transiti)n(v)o(e)k(closure.)38 b(Our)26 b(initial)i(e)o (xperience)g(indicates)h(that)e(the)f(generated)j(coloring)f(axioms)f (are)g(useful)g(to)152 4117 y(S)t FF(P)m(A)t(S)t(S)r FG(.)40 b(In)26 b(particular)l(,)k(it)d(pro)o(vides)h(the)f(ability)h (to)e(v)o(erify)i(programs)g(lik)o(e)f(the)g(mark)f(phase)i(of)e(a)g (mark-and-)150 4225 y(sweep)19 b(garbage)g(collector)-5 b(.)29 b(This)18 b(e)o(xample)h(has)g(been)g(pre)n(viously)i(reported)f (as)e(being)i(be)o(yond)f(the)g(capabilities)150 4333 y(of)g(ESC/Ja)n(v)n(a.)27 b(TVLA)17 b(also)j(succeeds)i(on)d(this)h(e)o (xample;)i(ho)n(we)n(v)o(er)e(our)g(ne)n(w)e(approach)k(pro)o(vides)f (v)o(eri\002cation)150 4441 y(methods)k(that)f(can)g(in)f(some)h (instances)i(be)d(more)h(precise)h(than)f(TVLA.)316 4549 y FN(Pr)n(ototype)32 b(implementation.)52 b FG(Perhaps)32 b(most)f(e)o(xciting,)j(we)c(ha)n(v)o(e)i(implemented)h(the)e (heuristics)j(for)150 4657 y(selecting)h(colors)f(and)f(their)h (corresponding)i(axioms)e(in)e(a)h(prototype)i(using)h(S)t FF(P)m(A)t(S)t(S)r FG(.)58 b(W)-7 b(e)32 b(ha)n(v)o(e)h(used)h(this)150 4765 y(to)e(automatically)j(choose)f(useful)f(color)g(axioms)g(and)f (then)h(v)o(erify)g(a)e(series)i(of)f(small)g(heap-manipulating)150 4873 y(programs.)53 b(W)-7 b(e)30 b(belie)n(v)o(e)i(that)g(the)f (detailed)i(e)o(xamples)f(presented)i(here)d(gi)n(v)o(e)g(con)l (vincing)k(e)n(vidence)e(of)e(the)150 4981 y(promise)25 b(of)e(our)h(methodology)-6 b(.)32 b(Of)22 b(course)j(much)f(further)h (study)g(is)e(needed.)316 5088 y FN(Str)n(engthening)d(Nelson')m(s)g(r) n(esults.)29 b FG(Gre)o(g)19 b(Nelson)i(considered)i(a)d(set)g(of)g (axiom)g(schemes)h(for)g(reasoning)150 5196 y(about)27 b(reachability)h(in)d(function)j(graphs,)f(i.e.,)e(graphs)i(in)e(which) g(there)i(is)e(at)g(most)g(one)h Fx(f)10 b FG(-edge)26 b(lea)n(ving)h(an)o(y)150 5304 y(node)f([)381 5305 y SDict begin H.S end 381 5305 a -1 x FG(Nel83)603 5242 y SDict begin H.R end 603 5242 a 603 5304 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Nelson) cvn H.B /ANN pdfmark end 603 5304 a FG(].)32 b(He)24 b(left)h(open)g(the)g(question)i(of)e (whether)g(his)g(axiom)h(schemes)f(were)g(complete)h(for)f(function)p eop end end %%Page: 4 4 TeXDict begin HPSdict begin 4 3 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.4) cvn /DEST pdfmark end 150 82 a Fz(4)561 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 448 y FG(graphs.)45 b(W)-7 b(e)28 b(sho)n(w)g(that)i(Nelson')-5 b(s)30 b(axioms)f(are)g(pro)o(v)n (able)h(from)e Fx(T)2361 462 y Fw(1)2429 448 y FG(plus)h(our)g (induction)i(axioms.)45 b(W)-7 b(e)28 b(also)150 555 y(sho)n(w)23 b(that)h(Nelson')-5 b(s)25 b(axioms)g(are)e(not)h (complete:)31 b(in)24 b(f)o(act,)f(the)o(y)h(do)g(not)g(imply)g FN(NoExit)p FG(.)316 663 y FN(Outline.)39 b FG(The)27 b(remainder)i(of)e(the)h(paper)g(is)f(or)n(ganized)j(as)d(follo)n(ws:) 37 b(Section)28 b(2)f(e)o(xplains)i(our)f(notation)150 771 y(and)j(the)h(setting;)k(Section)c(3)e(\002lls)h(in)g(our)g(formal) g(frame)n(w)o(ork,)j(introduces)g(the)d(induction)i(axiom)f(scheme,)150 879 y(and)d(presents)i(the)e(coloring)i(axiom)f(schemes;)j(Section)d(4) e(pro)o(vides)j(more)e(detail)h(about)g(TC-completeness)150 987 y(including)24 b(a)d(description)k(of)c(Nelson')-5 b(s)23 b(axioms,)g(a)e(proof)i(that)f(the)o(y)g(are)f(not)h (TC-complete)h(for)f(the)f(functional)150 1095 y(case,)26 b(and)g(a)f(proof)i(that)f(our)g(axiomatization)j(is)c(TC-complete)i (for)e(w)o(ords;)j(Section)e(5)f(presents)j(our)e(heuris-)150 1203 y(tics)j(including)j(the)d(details)i(of)e(their)g(successful)j (use)d(on)g(a)g(v)n(ariety)h(of)f(e)o(xamples;)k(Section)d(6)f (describes)i(the)150 1311 y(applicability)f(of)d(our)g(methodology)-6 b(,)31 b(relating)d(it)f(to)f(the)h(reasoning)j(done)e(in)e(the)h(TVLA) e(system;)k(Section)f(7)150 1419 y(describes)e(some)e(related)h(w)o (ork;)f(and)g(Section)g(8)f(describes)j(some)e(conclusions)j(and)d (future)h(directions.)150 1583 y SDict begin H.S end 150 1583 a 150 1583 a SDict begin 13 H.A end 150 1583 a 150 1583 a SDict begin [ /View [/XYZ H.V] /Dest (section.2) cvn /DEST pdfmark end 150 1583 a 1583 1678 a FG(2.)48 b(P)t FF(R)t(E)t(L)t(I)t(M)t(I)t(N)r(A)t(R)t(I)t(E)t(S)316 1840 y FG(This)23 b(section)j(de\002nes)e(the)g(basic)g(notations)i (used)f(in)e(this)h(paper)h(and)f(the)g(setting.)150 1989 y SDict begin H.S end 150 1989 a 150 1989 a SDict begin 13 H.A end 150 1989 a 150 1989 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.2.1) cvn /DEST pdfmark end 150 1989 a 88 x FG(2.1.)46 b FN(Notation.)g Fv(Syntax)p FG(:)35 b(A)24 b(relational)k FN(v)o(ocab)n(ulary)f Fx(\034)39 b Fu(=)28 b Fy(f)p Fx(p)2221 2091 y Fw(1)2260 2077 y Fx(;)15 b(p)2346 2091 y Fw(2)2386 2077 y Fx(;)g(:)g(:)g(:)i(;)e(p)2634 2092 y Fr(k)2676 2077 y Fy(g)25 b FG(is)g(a)g(set)h(of)f(relation)i (symbols,)150 2185 y(each)h(of)e(\002x)o(ed)h(arity)-6 b(.)39 b(W)-7 b(e)26 b(use)h(the)g(letters)i Fx(u)p FG(,)d Fx(v)s FG(,)h(and)g Fx(w)i FG(\(possibly)g(with)e(numeric)h (subscript\))h(for)e(\002rst-order)150 2293 y(v)n(ariables.)62 b(W)-7 b(e)33 b(write)h(\002rst-order)i(formulas)f(o)o(v)o(er)f Fx(\034)43 b FG(with)34 b(quanti\002ers)i Fy(8)d FG(and)h Fy(9)p FG(,)h(logical)h(connecti)n(v)o(es)h Fy(^)p FG(,)150 2401 y Fy(_)p FG(,)29 b Fy(!)p FG(,)h Fy($)p FG(,)g(and)g Fy(:)p FG(,)f(where)h(atomic)g(formulas)g(include:)43 b(equality)-6 b(,)33 b Fx(p)2421 2415 y Fr(i)2449 2401 y Fu(\()p Fx(v)2528 2415 y Fw(1)2568 2401 y Fx(;)15 b(v)2652 2415 y Fw(2)2691 2401 y Fx(;)g(:)g(:)g(:)i(v)2897 2415 y Fr(a)2934 2425 y FK(i)2965 2401 y Fu(\))p FG(,)30 b(and)g Fu(TC)o([)p Fx(f)10 b Fu(]\()p Fx(v)3528 2415 y Fw(1)3568 2401 y Fx(;)15 b(v)3652 2415 y Fw(2)3692 2401 y Fu(\))p FG(,)150 2509 y(where)24 b Fx(p)441 2523 y Fr(i)494 2509 y Fy(2)h Fx(\034)32 b FG(is)23 b(of)g(arity)h Fx(a)1070 2523 y Fr(i)1121 2509 y FG(and)g Fx(f)34 b Fy(2)25 b Fx(\034)33 b FG(is)23 b(binary)-6 b(.)30 b(Here)23 b Fu(TC[)p Fx(f)10 b Fu(]\()p Fx(v)2388 2523 y Fw(1)2427 2509 y Fx(;)15 b(v)2511 2523 y Fw(2)2551 2509 y Fu(\))23 b FG(denotes)i(the)f(e)o(xistence)h(of)e(a)g(\002nite)150 2617 y(path)h(of)g(0)f(or)g(more)h Fx(f)32 b FG(edges)25 b(from)e Fx(v)1354 2631 y Fw(1)1416 2617 y FG(to)h Fx(v)1554 2631 y Fw(2)1593 2617 y FG(.)k(A)23 b(formula)h(without)h Fu(TC)d FG(is)h(called)i(a)e FN(\002rst-order)i FG(formula.)316 2725 y(W)-7 b(e)26 b(use)h(the)g(follo)n(wing)i(precedence)h(of)c (logical)j(operators:)38 b Fy(:)26 b FG(has)h(highest)i(precedence,)h (follo)n(wed)e(by)150 2833 y Fy(^)22 b FG(and)i Fy(_)p FG(,)e(follo)n(wed)j(by)f Fy(!)e FG(and)i Fy($)p FG(,)f(and)h Fy(8)e FG(and)i Fy(9)e FG(ha)n(v)o(e)i(lo)n(west)g(precedence.)316 2941 y Fv(Semantics)p FG(:)32 b(A)22 b FN(model)p FG(,)h Fy(A)p FG(,)g(of)g(v)n(ocab)n(ulary)k Fx(\034)10 b FG(,)23 b(consists)j(of)e(a)f(non-empty)j(uni)n(v)o(erse,)f Fy(jAj)p FG(,)e(and)h(a)f(relation)150 3050 y Fx(p)196 3017 y FM(A)284 3050 y FG(o)o(v)o(er)29 b(the)g(uni)n(v)o(erse)h(interpreting) i(each)d(relation)h(symbol)g Fx(p)k Fy(2)g Fx(\034)10 b FG(.)44 b(W)-7 b(e)27 b(write)i Fy(A)34 b(j)-15 b Fu(=)34 b Fx(')29 b FG(to)f(mean)h(that)g(the)150 3158 y(formula)24 b Fx(')e FG(is)g(true)h(in)g(the)g(model)g Fy(A)p FG(.)k(F)o(or)22 b Fu(\006)f FG(a)h(set)h(of)g(formulas,)h(we)d(write)i Fu(\006)i Fy(j)-15 b Fu(=)25 b Fx(')d FG(\()p Fu(\006)g FG(semantically)j(implies)150 3266 y Fx(')p FG(\))e(to)h(mean)g(that)g (all)f(models)i(of)e Fu(\006)f FG(satisfy)k Fx(')p FG(.)150 3415 y SDict begin H.S end 150 3415 a 150 3415 a SDict begin 13 H.A end 150 3415 a 150 3415 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.2.2) cvn /DEST pdfmark end 150 3415 a 88 x FG(2.2.)46 b FN(Setting.)g FG(W)-7 b(e)31 b(are)h(primarily)i(interested)g(in)e(formulas)i(that)e(arise)h(while)f (pro)o(ving)i(the)e(correctness)j(of)150 3611 y(programs.)55 b(W)-7 b(e)31 b(assume)h(that)h(the)f(programmer)h(speci\002es)g(pre)f (and)g(post-conditions)37 b(for)32 b(procedures)j(and)150 3719 y(loop)19 b(in)l(v)n(ariants)i(using)f(\002rst-order)g(formulas)f (with)f(transiti)n(v)o(e)j(closure)f(on)e(binary)i(relations.)29 b(The)18 b(transformer)150 3827 y(for)24 b(a)f(loop)h(body)h(can)f(be)f (produced)j(automatically)h(from)c(the)h(program)h(code.)316 3935 y(F)o(or)e(instance,)i(to)e(establish)j(the)e(partial)g (correctness)j(with)c(respect)i(to)f(a)f(user)n(-supplied)k (speci\002cation)f(of)150 4043 y(a)c(program)i(that)f(contains)i(a)d (single)i(loop,)f(we)f(need)h(to)f(establish)j(three)f(properties:)31 b(First,)23 b(the)f(loop)i(in)l(v)n(ariant)150 4151 y(must)k(hold)h(at) e(the)h(be)o(ginning)j(of)c(the)i(\002rst)e(iteration;)33 b(i.e.,)27 b(we)g(must)h(sho)n(w)g(that)g(the)h(loop)f(in)l(v)n(ariant) j(follo)n(ws)150 4259 y(from)25 b(the)h(precondition)j(and)c(the)h (code)g(leading)h(to)e(the)h(loop.)35 b(Second,)26 b(the)f(loop)i(in)l (v)n(ariant)g(pro)o(vided)h(by)d(the)150 4367 y(user)i(must)g(be)g (maintained;)k(i.e.,)c(we)f(must)h(sho)n(w)f(that)i(if)e(the)h(loop)h (in)l(v)n(ariant)h(holds)f(at)f(the)g(be)o(ginning)i(of)e(an)150 4475 y(iteration)i(and)e(the)f(loop)i(condition)h(also)e(holds,)h(the)f (transformer)i(causes)f(the)f(loop)g(in)l(v)n(ariant)i(to)d(hold)i(at)e (the)150 4583 y(end)c(of)e(the)i(iteration.)30 b(Finally)-6 b(,)22 b(the)f(postcondition)26 b(must)21 b(follo)n(w)g(from)g(the)g (loop)h(in)l(v)n(ariant)i(and)d(the)h(condition)150 4691 y(for)i(e)o(xiting)h(the)e(loop.)316 4799 y(In)g(general,)i(these)g (formulas)g(are)f(of)f(the)h(form)1459 4944 y Fx( )1518 4958 y Fw(1)1557 4944 y Fu([)p Fx(\034)10 b Fu(])21 b Fy(^)f Fx(T)13 b(r)s Fu([)p Fx(\034)5 b(;)15 b(\034)2029 4907 y FM(0)2052 4944 y Fu(])26 b Fy(!)f Fx( )2278 4958 y Fw(2)2317 4944 y Fu([)p Fx(\034)2392 4907 y FM(0)2416 4944 y Fu(])p eop end end %%Page: 5 5 TeXDict begin HPSdict begin 5 4 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.5) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)863 b(5)150 448 y FG(where)34 b Fx(\034)42 b FG(is)34 b(the)f(v)n(ocab)n(ulary)k(of)d(the)f(before)i(state,)i Fx(\034)1949 415 y FM(0)2005 448 y FG(is)c(the)h(v)n(ocab)n(ulary)j(of) c(the)h(after)g(state,)3314 448 y SDict begin H.S end 3314 448 a -37 x Fz(1)3348 448 y SDict begin 13 H.L end 3348 448 a 3348 448 a SDict begin [ /Subtype /Link /Dest (Hfootnote.1) cvn /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Color [1 0 0] H.B /ANN pdfmark end 3348 448 a 36 w FG(and)f Fx(T)13 b(r)35 b FG(is)150 555 y(the)25 b(transformer)l(,)j(which)e (may)f(use)g(both)h(the)g(before)g(and)g(after)g(predicates)i(to)d (describe)i(the)e(meaning)i(of)e(the)150 663 y(module)j(to)g(be)f(e)o (x)o(ecuted.)43 b(If)27 b(symbol)h Fx(f)36 b FG(denotes)30 b(the)e(v)n(alue)g(of)g(a)f(predicate)j(before)f(the)e(operation,)k (then)d Fx(f)3727 630 y FM(0)150 771 y FG(denotes)d(the)f(v)n(alue)h (of)e(the)h(same)f(predicate)j(after)f(the)e(operation.)316 879 y(An)29 b(interesting)j(special)g(case)e(is)f(the)h(proof)g(of)g (the)g(maintenance)i(formula)e(of)g(a)f(loop)h(in)l(v)n(ariant.)49 b(This)150 987 y(has)24 b(the)g(form:)1281 1095 y Fx(LC)7 b Fu([)p Fx(\034)j Fu(])20 b Fy(^)g Fx(LI)7 b Fu([)p Fx(\034)j Fu(])21 b Fy(^)e Fx(T)13 b(r)s Fu([)p Fx(\034)5 b(;)15 b(\034)2196 1058 y FM(0)2220 1095 y Fu(])25 b Fy(!)g Fx(LI)7 b Fu([)p Fx(\034)2570 1058 y FM(0)2594 1095 y Fu(])150 1222 y FG(Here)21 b Fx(LC)28 b FG(is)21 b(the)h(condition)i(for)e(entering)i(the)e(loop)g(and)g Fx(LI)28 b FG(is)21 b(the)h(loop)h(in)l(v)n(ariant.)30 b Fx(LI)7 b Fu([)p Fx(\034)3068 1189 y FM(0)3092 1222 y Fu(])21 b FG(indicates)j(that)e(the)150 1330 y(loop)i(in)l(v)n (ariant)i(remains)f(true)f(after)g(the)g(body)h(of)e(the)h(loop)g(is)g (e)o(x)o(ecuted.)316 1438 y(The)32 b(challenge)i(is)e(that)g(the)h (formulas)g(of)f(interest)i(contain)g(transiti)n(v)o(e)g(closure;)k (thus,)c(the)f(v)n(alidity)g(of)150 1546 y(these)25 b(formulas)f (cannot)i(be)d(directly)j(pro)o(v)o(en)e(using)h(a)e(theorem)h(pro)o(v) o(er)h(for)e(\002rst-order)j(logic.)150 1717 y SDict begin H.S end 150 1717 a 150 1717 a SDict begin 13 H.A end 150 1717 a 150 1717 a SDict begin [ /View [/XYZ H.V] /Dest (section.3) cvn /DEST pdfmark end 150 1717 a 1030 1805 a FG(3.)47 b(A)t FF(X)t(I)t(O)t(M)t(A)l(T)t(I)t(Z)t(A)l(T)t(I)t(O)t(N) 32 b(O)t(F)c FG(T)t FF(R)t(A)t(N)t(S)t(I)t(T)t(I)t(V)t(E)j FG(C)t FF(L)t(O)t(S)t(U)t(R)t(E)316 1967 y FG(The)h(original)i(formula) g(that)f(we)f(w)o(ant)g(to)g(pro)o(v)o(e,)j Fx(\037)p FG(,)f(contains)g(transiti)n(v)o(e)h(closure,)h(which)c(\002rst-order) 150 2075 y(theorem)24 b(pro)o(v)o(ers)g(cannot)h(handle.)30 b(T)-7 b(o)21 b(address)k(this)f(problem,)g(we)e(replace)i Fx(\037)e FG(by)h(a)g(ne)n(w)f(formula,)i Fx(\037)3460 2042 y FM(0)3483 2075 y FG(,)e(where)150 2183 y(all)i(appearances)j(of) c Fu(TC)o([)p Fx(f)10 b Fu(])23 b FG(ha)n(v)o(e)h(been)g(replaced)i(by) e(the)f(ne)n(w)g(binary)i(relation)h(symbol,)e Fx(f)3137 2197 y Fw(tc)3199 2183 y FG(.)316 2290 y(W)-7 b(e)27 b(sho)n(w)h(in)g(this)h(paper)h(that)e(from)g Fx(\037)1590 2257 y FM(0)1614 2290 y FG(,)g(we)f(can)i(often)g(automatically)i (generate)g(an)d(appropriate)j(\002rst-)150 2398 y(order)25 b(axiom,)e Fx(\033)s FG(,)g(with)g(the)h(follo)n(wing)h(tw)o(o)e (properties:)150 2437 y SDict begin H.S end 150 2437 a 150 2437 a SDict begin 13 H.A end 150 2437 a 150 2437 a SDict begin [ /View [/XYZ H.V] /Dest (Item.5) cvn /DEST pdfmark end 150 2437 a 88 x FG(\(1\))43 b(if)23 b Fx(\033)28 b Fy(!)d Fx(\037)629 2492 y FM(0)675 2525 y FG(is)f(v)n(alid)g(in)f (FO,)f(then)i Fx(\037)f FG(is)g(v)n(alid)i(in)e(FO\(TC\).)150 2543 y SDict begin H.S end 150 2543 a 150 2543 a SDict begin 13 H.A end 150 2543 a 150 2543 a SDict begin [ /View [/XYZ H.V] /Dest (Item.6) cvn /DEST pdfmark end 150 2543 a 90 x FG(\(2\))43 b(A)22 b(theorem)j(pro)o(v)o(er)f(successfully) j(pro)o(v)o(es)d(that)g Fx(\033)29 b Fy(!)c Fx(\037)2106 2600 y FM(0)2152 2633 y FG(is)e(v)n(alid)h(in)g(FO)o(.)316 2760 y(W)-7 b(e)24 b(no)n(w)g(e)o(xplain)h(the)g(theory)h(behind)g (this)f(process.)34 b(A)23 b FN(TC)g(model)p FG(,)h Fy(A)p FG(,)f(is)h(a)g(model)h(such)h(that)f(if)f Fx(f)33 b FG(and)150 2868 y Fx(f)195 2882 y Fw(tc)279 2868 y FG(are)23 b(in)f(the)h(v)n(ocab)n(ulary)j(of)c Fy(A)p FG(,)f(then)i Fu(\()p Fx(f)1531 2882 y Fw(tc)1594 2868 y Fu(\))1629 2835 y FM(A)1715 2868 y Fu(=)i(\()p Fx(f)1901 2835 y FM(A)1962 2868 y Fu(\))1997 2835 y Fr(?)2036 2868 y FG(;)e(i.e.,)e Fy(A)g FG(interprets)k Fx(f)2743 2882 y Fw(tc)2828 2868 y FG(as)d(the)h(re\003e)o(xi)n(v)o(e,)f(transiti)n(v)o(e)150 2976 y(closure)j(of)f(its)f(interpretation)28 b(of)23 b Fx(f)10 b FG(.)316 3084 y(A)18 b(\002rst-order)j(formula)f Fx(')e FG(is)h FN(TC)f(v)o(alid)h FG(if)n(f)g(it)g(is)g(true)g(in)g (all)g(TC)f(models.)28 b(W)-7 b(e)18 b(say)h(that)h(an)f (axiomatization,)150 3192 y Fu(\006)p FG(,)32 b(is)f FN(TC)f(sound)g FG(if)h(e)n(v)o(ery)h(formula)g(that)g(follo)n(ws)g (from)g Fu(\006)e FG(is)h(TC)f(v)n(alid.)53 b(Since)31 b(\002rst-order)i(reasoning)h(is)150 3300 y(sound,)25 b Fu(\006)d FG(is)h(TC)f(sound)j(if)n(f)e(e)n(v)o(ery)h Fx(\033)29 b Fy(2)c Fu(\006)d FG(is)i(TC)d(v)n(alid.)316 3407 y(W)-7 b(e)26 b(say)i(that)f Fu(\006)f FG(is)h FN(TC)f(complete)h FG(if)g(for)g(e)n(v)o(ery)h(TC-v)n(alid)f Fx(')p FG(,)h Fu(\006)j Fy(j)-15 b Fu(=)32 b Fx(')p FG(.)39 b(If)26 b Fu(\006)g FG(is)h(TC)f(complete)i(and)g(TC)150 3515 y(sound,)d(then)f(for)g(all)f(\002rst-order)j Fx(')p FG(,)1327 3661 y Fu(\006)f Fy(j)-15 b Fu(=)25 b Fx(')117 b Fy(,)f Fx(')182 b FG(is)24 b(TC)d(v)n(alid)316 3807 y(Thus)33 b(a)f(TC-complete)i(set)f(of)g(axioms)h(pro)o(v)o(es)g(e)o (xactly)g(the)f(\002rst-order)i(formulas,)h Fx(\037)3191 3774 y FM(0)3214 3807 y FG(,)f(such)e(that)h(the)150 3915 y(corresponding)28 b(FO\(TC\))21 b(formula,)k Fx(\037)p FG(,)d(is)h(v)n(alid.)316 4023 y(All)e(the)h(axioms)g(that)g(we)f (consider)j(are)d(TC)f(v)n(alid.)29 b(There)22 b(is)f(no)h(recursi)n(v) o(ely)h(enumerable)h(TC-complete)150 4131 y(axiom)33 b(system)g(\(Proposition)1174 4132 y SDict begin H.S end 1174 4132 a -1 x FG(4.1)1287 4069 y SDict begin H.R end 1287 4069 a 1287 4131 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.1) cvn H.B /ANN pdfmark end 1287 4131 a FG(\).)55 b(Ho)n(we)n(v)o(er)l(,)34 b(the)e(axiomatization)k(that)d (we)e(gi)n(v)o(e)h(does)i(allo)n(w)g(S)t FF(P)m(A)t(S)t(S)i FG(to)150 4239 y(pro)o(v)o(e)25 b(all)f(the)g(desired)i(properties)h (on)d(the)h(e)o(xamples)g(that)g(we)e(ha)n(v)o(e)i(tried.)31 b(W)-7 b(e)23 b(do)i(pro)o(v)o(e)f(that)h(our)g(axiomati-)150 4346 y(zation)g(is)e(TC)f(complete)j(for)f(w)o(ord)g(models)g (\(Theorem)1977 4347 y SDict begin H.S end 1977 4347 a -1 x FG(4.8)2091 4284 y SDict begin H.R end 2091 4284 a 2091 4346 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.8) cvn H.B /ANN pdfmark end 2091 4346 a FG(\).)p 150 4500 499 4 v 250 4573 a Fz(1)283 4603 y SDict begin H.S end 283 4603 a 283 4603 a SDict begin H.R end 283 4603 a 283 4603 a SDict begin [ /View [/XYZ H.V] /Dest (Hfootnote.1) cvn /DEST pdfmark end 283 4603 a FL(In)h(some)i(cases)f(it)f(is)g (useful)h(for)f(the)h(postcondition)h(formula)f(to)g(refer)f(to)h(the)g (original)g(v)o(ocab)o(ulary)g(as)g(well.)42 b(This)26 b(w)o(ay)g(the)150 4694 y(postcondition)16 b(can)f(summarize)h(some)f (of)f(the)h(beha)o(vior)g(of)g(the)g(transformer)m(,)g(e.g.,)g (summarize)g(the)g(beha)o(vior)g(of)g(an)g(entire)g(procedure.)p eop end end %%Page: 6 6 TeXDict begin HPSdict begin 6 5 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.6) cvn /DEST pdfmark end 150 82 a Fz(6)561 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 348 y SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.1) cvn /DEST pdfmark end 150 348 a 100 x FG(3.1.)46 b FN(Some)22 b(TC-Sound)e(Axioms.)46 b FG(W)-7 b(e)22 b(be)o(gin)i(with)f(our)g (\002rst)g(TC)e(axiom)i(scheme.)30 b(F)o(or)22 b(an)o(y)h(binary)h (relation)150 555 y(symbol,)g Fx(f)10 b FG(,)22 b(let,)679 701 y Fx(T)732 715 y Fw(1)772 701 y Fu([)p Fx(f)10 b Fu(])116 b Fy(\021)g(8)p Fx(u;)15 b(v)j(:)d(f)1470 715 y Fw(tc)1533 701 y Fu(\()p Fx(u;)g(v)s Fu(\))52 b Fy($)e Fu(\()p Fx(u)26 b Fu(=)f Fx(v)s Fu(\))c Fy(_)f(9)p Fx(w)d(:)e(f)10 b Fu(\()p Fx(u;)15 b(w)r Fu(\))21 b Fy(^)f Fx(f)2932 715 y Fw(tc)2995 701 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))316 847 y FG(W)-7 b(e)27 b(\002rst)g(observ)o(e)j(that)e Fx(T)1155 861 y Fw(1)1195 847 y Fu([)p Fx(f)10 b Fu(])26 b FG(is)i(\223complete\224)i(in)e(a)f(v)o(ery)h(limited)h(w)o(ay)e(for) h(\002nite,)h(ac)o(yclic)g(graphs,)h(i.e.,)150 955 y Fx(T)203 969 y Fw(1)243 955 y Fu([)p Fx(f)10 b Fu(])23 b FG(e)o(xactly)j(characterizes)j(the)c(meaning)g(of)g Fx(f)1771 969 y Fw(tc)1857 955 y FG(for)g(all)g(\002nite,)g(ac)o(yclic) h(graphs.)33 b(The)25 b(reason)h(that)f(we)f(say)150 1063 y(this)f(is)g(limited)g(is)f(that)i(it)e(does)h(not)g(gi)n(v)o(e)g (us)g(a)f(complete)i(set)f(of)f(\002rst-order)i(axioms:)30 b(as)23 b(is)f(well)g(kno)n(wn,)h(there)150 1171 y(is)g(no)h (\002rst-order)h(axiomatization)i(of)d(\223\002nite\224.)150 1172 y SDict begin H.S end 150 1172 a 150 1172 a SDict begin 13 H.A end 150 1172 a 150 1172 a SDict begin [ /View [/XYZ H.V] /Dest (thm.3.1) cvn /DEST pdfmark end 150 1172 a 161 x FN(Pr)n(oposition)h(3.1.)42 b Fv(Any)23 b(\002nite)h(and)g(acyclic)h(model)f(of)g Fx(T)1998 1347 y Fw(1)2037 1333 y Fu([)p Fx(f)10 b Fu(])23 b Fv(is)g(a)g(TC)f(model.) 150 1494 y(Pr)l(oof)o(.)42 b FG(Let)20 b Fy(A)25 b(j)-15 b Fu(=)25 b Fx(T)814 1508 y Fw(1)854 1494 y Fu([)p Fx(f)10 b Fu(])19 b FG(where)j Fy(A)d FG(is)i(\002nite)g(and)g(ac)o(yclic.)30 b(Let)20 b Fx(a)2248 1508 y Fw(0)2287 1494 y Fx(;)15 b(b)26 b Fy(2)f(jAj)p FG(.)i(Assume)21 b(that)g(there)h(is)f(an)g Fx(f)10 b FG(-path)150 1602 y(from)31 b Fx(a)405 1616 y Fw(0)475 1602 y FG(to)g Fx(b)p FG(.)50 b(Since)32 b Fy(A)38 b(j)-15 b Fu(=)39 b Fx(T)1205 1616 y Fw(1)1245 1602 y Fu([)p Fx(f)10 b Fu(])p FG(,)32 b(it)e(is)h(easy)h(to)f(see)g (that)h Fy(A)39 b(j)-15 b Fu(=)39 b Fx(f)2459 1616 y Fw(tc)2521 1602 y Fu(\()p Fx(a)2604 1616 y Fw(0)2644 1602 y Fx(;)15 b(b)p Fu(\))p FG(.)51 b(Con)l(v)o(ersely)-6 b(,)35 b(suppose)f(that)150 1710 y Fy(A)28 b(j)-15 b Fu(=)28 b Fx(f)405 1724 y Fw(tc)467 1710 y Fu(\()p Fx(a)550 1724 y Fw(0)590 1710 y Fx(;)15 b(b)p Fu(\))p FG(.)33 b(If)25 b Fx(a)893 1724 y Fw(0)961 1710 y Fu(=)j Fx(b)p FG(,)c(then)i(there)g(is)f(a)g(path)g(of)g(length)i(0)e(from)g Fx(a)2534 1724 y Fw(0)2598 1710 y FG(to)g Fx(b)p FG(.)32 b(Otherwise,)26 b(by)g Fx(T)3377 1724 y Fw(1)3416 1710 y Fu([)p Fx(f)10 b Fu(])p FG(,)24 b(there)150 1818 y(e)o(xists)k(an)e Fx(a)541 1832 y Fw(1)612 1818 y Fy(2)31 b(jAj)26 b FG(such)i(that)f Fy(A)k(j)-15 b Fu(=)31 b Fx(f)10 b Fu(\()p Fx(a)1562 1832 y Fw(0)1601 1818 y Fx(;)15 b(a)1689 1832 y Fw(1)1729 1818 y Fu(\))23 b Fy(^)f Fx(f)1915 1832 y Fw(tc)1978 1818 y Fu(\()p Fx(a)2061 1832 y Fw(1)2100 1818 y Fx(;)15 b(b)p Fu(\))p FG(.)39 b(Note)26 b(that)i Fx(a)2689 1832 y Fw(1)2759 1818 y Fy(6)p Fu(=)j Fx(a)2909 1832 y Fw(0)2975 1818 y FG(since)d Fy(A)d FG(is)i(ac)o(yclic.)39 b(If)150 1926 y Fx(a)198 1940 y Fw(1)263 1926 y Fu(=)26 b Fx(b)d FG(then)h(there)h(is)e(an)h Fx(f)10 b FG(-path)24 b(of)g(length)h(1)f (from)f Fx(a)g FG(to)h Fx(b)p FG(.)29 b(Otherwise)24 b(there)h(must)f(e)o(xist)g(an)g Fx(a)3286 1940 y Fw(2)3351 1926 y Fy(2)h(jAj)e FG(such)150 2034 y(that)31 b Fy(A)38 b(j)-15 b Fu(=)38 b Fx(f)10 b Fu(\()p Fx(a)684 2048 y Fw(1)723 2034 y Fx(;)15 b(a)811 2048 y Fw(2)851 2034 y Fu(\))26 b Fy(^)f Fx(f)1043 2048 y Fw(tc)1106 2034 y Fu(\()p Fx(a)1189 2048 y Fw(2)1228 2034 y Fx(;)15 b(b)p Fu(\))31 b FG(and)g(so)g(on,)h(generating)h(a)d(set)h Fy(f)p Fx(a)2497 2048 y Fw(1)2537 2034 y Fx(;)15 b(a)2625 2048 y Fw(2)2665 2034 y Fx(;)g(:)g(:)g(:)r Fy(g)p FG(.)49 b(None)31 b(of)f(the)h Fx(a)3450 2048 y Fr(i)3508 2034 y FG(can)g(be)150 2142 y(equal)25 b(to)e Fx(a)511 2156 y Fr(j)548 2142 y FG(,)f(for)i Fx(j)31 b(<)25 b(i)p FG(,)d(by)i(ac)o (yclicity)-6 b(.)31 b(Thus,)23 b(by)h(\002niteness,)h(some)f Fx(a)2466 2156 y Fr(i)2519 2142 y Fu(=)h Fx(b)p FG(.)j(Hence)c Fy(A)e FG(is)i(a)f(TC)f(model.)p 3677 2081 74 4 v 3677 2147 4 67 v 3747 2147 V 3677 2150 74 4 v 316 2300 a(Let)h Fx(T)526 2267 y FM(0)513 2324 y Fw(1)553 2300 y Fu([)p Fx(f)10 b Fu(])22 b FG(be)i(the)f Fy( )g FG(direction)j(of)d Fx(T)1533 2314 y Fw(1)1573 2300 y Fu([)p Fx(f)10 b Fu(])p FG(:)679 2445 y Fx(T)745 2408 y FM(0)732 2468 y Fw(1)772 2445 y Fu([)p Fx(f)g Fu(])116 b Fy(\021)g(8)p Fx(u;)15 b(v)j(:)d(f)1470 2459 y Fw(tc)1533 2445 y Fu(\()p Fx(u;)g(v)s Fu(\))52 b Fy( )e Fu(\()p Fx(u)26 b Fu(=)f Fx(v)s Fu(\))c Fy(_)f(9)p Fx(w)d(:)e(f)10 b Fu(\()p Fx(u;)15 b(w)r Fu(\))21 b Fy(^)f Fx(f)2932 2459 y Fw(tc)2995 2445 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))150 2506 y SDict begin H.S end 150 2506 a 150 2506 a SDict begin 13 H.A end 150 2506 a 150 2506 a SDict begin [ /View [/XYZ H.V] /Dest (thm.3.2) cvn /DEST pdfmark end 150 2506 a 101 x FN(Pr)n(oposition)25 b(3.2.)42 b Fv(Let)22 b Fx(f)982 2621 y Fw(tc)1068 2607 y Fv(occur)i(only)h (positively)h(in)d Fx(')p Fv(.)29 b(If)23 b Fx(')g Fv(is)g(TC)f(valid,) j(then)f Fx(T)2902 2574 y FM(0)2889 2632 y Fw(1)2928 2607 y Fu([)p Fx(f)10 b Fu(])25 b Fy(j)-15 b Fu(=)26 b Fx(')p Fv(.)150 2769 y(Pr)l(oof)o(.)42 b FG(Suppose)33 b(that)f Fx(T)988 2736 y FM(0)975 2794 y Fw(1)1014 2769 y Fu([)p Fx(f)10 b Fu(])40 b Fy(6j)-15 b Fu(=)39 b Fx(')p FG(.)52 b(Let)31 b Fy(A)40 b(j)-15 b Fu(=)39 b Fx(T)1864 2736 y FM(0)1851 2794 y Fw(1)1891 2769 y Fu([)p Fx(f)10 b Fu(])26 b Fy(^)f(:)p Fx(')p FG(.)52 b(Note)31 b(that)h Fx(f)2722 2783 y Fw(tc)2815 2769 y FG(occurs)h(only)f(ne)o(gati)n(v)o (ely)h(in)150 2877 y Fy(:)p Fx(')p FG(.)38 b(Furthermore,)29 b(since)f Fy(A)j(j)-15 b Fu(=)31 b Fx(T)1330 2844 y FM(0)1317 2902 y Fw(1)1357 2877 y Fu([)p Fx(f)10 b Fu(])p FG(,)26 b(it)h(is)f(easy)i(to)f(sho)n(w)g(by)g(induction)i(on)e(the)g(length)i (of)d(the)h(path,)i(that)150 2985 y(if)c(there)i(is)e(an)h Fx(f)10 b FG(-path)26 b(from)f Fx(a)g FG(to)h Fx(b)e FG(in)i Fy(A)p FG(,)f(then)h Fy(A)j(j)-15 b Fu(=)28 b Fx(f)1986 2999 y Fw(tc)2049 2985 y Fu(\()p Fx(a;)15 b(b)p Fu(\))p FG(.)35 b(De\002ne)25 b Fy(A)2644 2952 y FM(0)2692 2985 y FG(to)g(be)h(the)g(model)g(formed)g(from)150 3095 y Fy(A)d FG(by)i(interpreting)j Fx(f)854 3109 y Fw(tc)940 3095 y FG(in)c Fy(A)1107 3062 y FM(0)1154 3095 y FG(as)g Fu(\()p Fx(f)1343 3062 y FM(A)1403 3095 y Fu(\))1438 3062 y Fr(?)1478 3095 y FG(.)31 b(Thus)24 b Fy(A)1810 3062 y FM(0)1857 3095 y FG(is)g(a)g(TC)f(model)i(and)g(it)f(only)h(dif) n(fers)h(from)e Fy(A)f FG(by)i(the)g(f)o(act)150 3210 y(that)k(we)e(ha)n(v)o(e)h(remo)o(v)o(ed)h(zero)g(or)e(more)h(pairs)h (from)f Fu(\()p Fx(f)1973 3224 y Fw(tc)2036 3210 y Fu(\))2071 3177 y FM(A)2159 3210 y FG(to)g(form)g Fu(\()p Fx(f)2541 3224 y Fw(tc)2604 3210 y Fu(\))2639 3177 y FM(A)2695 3153 y FE(0)2722 3210 y FG(.)41 b(Because)29 b Fy(A)34 b(j)-15 b Fu(=)33 b Fy(:)p Fx(')27 b FG(and)i Fx(f)3688 3224 y Fw(tc)150 3318 y FG(occurs)e(only)g(ne)o(gati)n(v)o(ely)g(in)f Fy(:)p Fx(')p FG(,)f(it)h(follo)n(ws)g(that)g Fy(A)1866 3285 y FM(0)1919 3318 y Fy(j)-15 b Fu(=)29 b Fy(:)p Fx(')p FG(,)c(which)h(contradicts)j(the)d(assumption)j(that)d Fx(')f FG(is)150 3426 y(TC)d(v)n(alid.)p 3677 3364 74 4 v 3677 3430 4 67 v 3747 3430 V 3677 3433 74 4 v 316 3583 a(Proposition)761 3584 y SDict begin H.S end 761 3584 a -1 x FG(3.2)874 3521 y SDict begin H.R end 874 3521 a 874 3583 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.3.2) cvn H.B /ANN pdfmark end 874 3583 a 25 w FG(sho)n(ws)27 b(that)f(pro)o(ving)i(positi)n(v)o(e)f(f)o(acts)g(of)f(the)g(form)g Fx(f)2607 3597 y Fw(tc)2670 3583 y Fu(\()p Fx(u;)15 b(v)s Fu(\))27 b FG(is)e(easy;)k(it)c(is)h(the)h(task)f(of)150 3691 y(pro)o(ving)f(that)f(paths)h(do)f(not)f(e)o(xist)i(that)f(is)f (more)h(subtle.)316 3799 y(Proposition)761 3800 y SDict begin H.S end 761 3800 a -1 x FG(3.1)874 3737 y SDict begin H.R end 874 3737 a 874 3799 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.3.1) cvn H.B /ANN pdfmark end 874 3799 a 26 w FG(sho)n(ws)j(that)f(what)h(we)e(are)i(missing,)h(at)e (least)h(in)f(the)h(ac)o(yclic)g(case,)h(is)e(that)h(there)g(is)f(no) 150 3907 y(\002rst-order)32 b(axiomatization)i(of)c(\002niteness.)50 b(T)m(raditionally)-6 b(,)34 b(when)d(reasoning)i(about)e(the)f (natural)i(numbers,)150 4015 y(this)24 b(problem)g(is)f(mitigated)h(by) f(adding)h(induction)i(axioms.)j(W)-7 b(e)23 b(ne)o(xt)g(introduce)i (an)e(induction)j(scheme)e(that,)150 4123 y(together)i(with)d Fx(T)708 4137 y Fw(1)748 4123 y FG(,)f(seems)i(to)f(be)h(suf)n (\002cient)h(to)e(pro)o(v)o(e)h(an)o(y)g(property)i(we)c(need)j (concerning)h(TC.)316 4231 y Fv(Notation)p FG(:)44 b(In)30 b(general,)j(we)c(will)h(use)g Fx(F)42 b FG(to)30 b(denote)i(the)e(set) g(of)g(all)g(binary)i(relation)g(symbols,)h Fx(f)10 b FG(,)29 b(such)150 4339 y(that)34 b Fu(TC)o([)p Fx(f)10 b Fu(])33 b FG(occurs)i(in)e(a)g(formula)i(we)d(are)i(considering.)62 b(If)33 b Fx(')p Fu([)p Fx(f)10 b Fu(])33 b FG(is)g(a)g(formula)i(in)e (which)h Fx(f)42 b FG(occurs,)37 b(let)150 4447 y Fx(')p Fu([)p Fx(F)13 b Fu(])30 b(=)459 4379 y Fq(V)535 4474 y Fr(f)7 b FM(2)p Fr(F)712 4447 y Fx(')p Fu([)p Fx(f)j Fu(])p FG(.)34 b(Thus,)26 b(for)f(e)o(xample,)i Fx(T)1701 4461 y Fw(1)1740 4447 y Fu([)p Fx(F)13 b Fu(])26 b FG(is)f(the)h (conjunction)j(of)c(the)h(axiom)g Fx(T)3103 4461 y Fw(1)3142 4447 y Fu([)p Fx(f)10 b Fu(])25 b FG(for)g(all)h(binary)150 4558 y(relation)f(symbols,)g Fx(f)10 b FG(,)22 b(under)i (consideration.)150 4578 y SDict begin H.S end 150 4578 a 150 4578 a SDict begin 13 H.A end 150 4578 a 150 4578 a SDict begin [ /View [/XYZ H.V] /Dest (thm.3.3) cvn /DEST pdfmark end 150 4578 a 142 x FN(De\002nition)35 b(3.3.)49 b FG(F)o(or)35 b(an)o(y)h(\002rst-order)i(formulas)f Fx(Z)7 b Fu(\()p Fx(u)p Fu(\))p Fx(;)15 b(P)e Fu(\()p Fx(u)p Fu(\))p FG(,)40 b(and)c(binary)h(relation)h(symbol,)i Fx(f)10 b FG(,)37 b(let)f(the)150 4828 y FN(induction)23 b(principle)p FG(,)g FN(IND)o Fu([)p Fx(Z)q(;)15 b(P)s(;)g(f)10 b Fu(])p FG(,)24 b(be)f(the)h(follo)n(wing)h(\002rst-order)g(formula:) 797 4973 y Fu(\()p Fy(8)p Fx(w)18 b(:)d(Z)7 b Fu(\()p Fx(w)r Fu(\))26 b Fy(!)f Fx(P)13 b Fu(\()p Fx(w)r Fu(\)\))100 b Fy(^)e Fu(\()p Fy(8)p Fx(u;)15 b(v)k(:)c(P)e Fu(\()p Fx(u)p Fu(\))21 b Fy(^)f Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\))26 b Fy(!)f Fx(P)13 b Fu(\()p Fx(v)s Fu(\)\))1682 5108 y Fy(!)83 b(8)p Fx(u;)15 b(w)i(:)e(Z)7 b Fu(\()p Fx(w)r Fu(\))22 b Fy(^)e Fx(f)2475 5122 y Fw(tc)2537 5108 y Fu(\()p Fx(w)r(;)15 b(u)p Fu(\))27 b Fy(!)e Fx(P)13 b Fu(\()p Fx(u)p Fu(\))316 5270 y FG(In)26 b(order)i(to)e(e)o(xplain)i (the)f(meaning)h(of)e FN(IND)f FG(and)i(other)h(axioms)f(it)f(is)g (important)i(to)f(remember)g(that)g(we)150 5378 y(are)d(trying)h(to)e (write)h(axioms,)g Fu(\006)p FG(,)e(that)i(are,)p eop end end %%Page: 7 7 TeXDict begin HPSdict begin 7 6 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.7) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)863 b(7)150 348 y SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (Item.7) cvn /DEST pdfmark end 150 348 a 100 x Fy(\017)42 b FN(TC)22 b(v)o(alid)p FG(,)i(i.e.,)e(true)i(in)g(all)f(TC)f(models,)i(and)150 461 y SDict begin H.S end 150 461 a 150 461 a SDict begin 13 H.A end 150 461 a 150 461 a SDict begin [ /View [/XYZ H.V] /Dest (Item.8) cvn /DEST pdfmark end 150 461 a 94 x Fy(\017)42 b FN(useful)p FG(,)23 b(i.e.,)g(all)g(models)i(of)e Fu(\006)g FG(are)h(suf)n(\002ciently)h(lik)o(e)g(TC)d(models)i(that)g (the)o(y)g(satisfy)i(the)d(TC-v)n(alid)h(proper)n(-)237 663 y(ties)g(we)f(w)o(ant)g(to)h(pro)o(v)o(e.)150 790 y(T)-7 b(o)26 b(mak)o(e)h(the)g(meaning)h(of)e(our)i(axioms)f(intuiti)n (v)o(ely)i(clear)l(,)g(in)e(this)g(section)h(we)e(will)h(say)-6 b(,)28 b(for)f(e)o(xample,)h(that)150 898 y(\223)p Fx(y)g FG(is)d Fx(f)393 912 y Fw(tc)456 898 y FG(-reachable)j(from)e Fx(x)p FG(\224)f(to)h(mean)f(that)i Fx(f)1702 912 y Fw(tc)1764 898 y Fu(\()p Fx(x;)15 b(y)s Fu(\))26 b FG(holds.)36 b(Later)l(,)26 b(we)f(will)g(assume)i(that)f(the)g(reader)h(has)150 1006 y(the)d(idea)g(and)g(just)g(say)g(\223reachable\224)j(instead)e (of)e(\223)p Fx(f)1825 1020 y Fw(tc)1888 1006 y FG(-reachable\224.)316 1114 y(The)28 b(intuiti)n(v)o(e)j(meaning)f(of)e(the)i(induction)h (principle)g(is)e(that)g(if)f(e)n(v)o(ery)i(zero)f(point)h(satis\002es) g Fx(P)13 b FG(,)29 b(and)g Fx(P)150 1222 y FG(is)d(preserv)o(ed)i (when)e(follo)n(wing)i Fx(f)10 b FG(-edges,)27 b(then)g(e)n(v)o(ery)g (point)g Fx(f)2215 1236 y Fw(tc)2277 1222 y FG(-reachable)i(from)d(a)g (zero)h(point)g(satis\002es)g Fx(P)13 b FG(.)150 1330 y(Ob)o(viously)25 b(this)f(principle)i(is)e(TC)d(v)n(alid,)j(i.e.,)f (it)g(is)h(true)g(for)f(all)h(structures)i(such)f(that)f Fx(f)2987 1344 y Fw(tc)3074 1330 y Fu(=)h Fx(f)3225 1297 y Fr(?)3264 1330 y FG(.)316 1438 y(As)e(an)g(easy)i(application)h(of)e (the)g(induction)i(principle,)f(consider)h(the)e(follo)n(wing)h(cousin) g(of)e Fx(T)3376 1452 y Fw(1)3416 1438 y Fu([)p Fx(f)10 b Fu(])p FG(,)679 1583 y Fx(T)732 1597 y Fw(2)772 1583 y Fu([)p Fx(f)g Fu(])116 b Fy(\021)g(8)p Fx(u;)15 b(v)j(:)d(f)1470 1597 y Fw(tc)1533 1583 y Fu(\()p Fx(u;)g(v)s Fu(\))52 b Fy($)e Fu(\()p Fx(u)26 b Fu(=)f Fx(v)s Fu(\))c Fy(_)f(9)p Fx(w)d(:)e(f)2546 1597 y Fw(tc)2609 1583 y Fu(\()p Fx(u;)g(w)r Fu(\))22 b Fy(^)d Fx(f)10 b Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))150 1729 y FG(The)27 b(dif)n(ference)k(between)e Fx(T)1095 1743 y Fw(1)1161 1729 y FG(and)g Fx(T)1373 1743 y Fw(2)1439 1729 y FG(is)f(that)h Fx(T)1744 1743 y Fw(1)1810 1729 y FG(requires)h(that)e(each)h(path)g(represented)i(by) d Fx(f)3280 1743 y Fw(tc)3369 1729 y FG(starts)h(with)150 1837 y(an)h Fx(f)38 b FG(edge)31 b(and)f Fx(T)762 1851 y Fw(2)831 1837 y FG(requires)i(the)e(path)g(to)g(end)g(with)g(an)g Fx(f)38 b FG(edge.)49 b(It)29 b(is)h(easy)g(to)g(see)g(that)h(neither)g (of)f Fx(T)3583 1851 y Fw(1)3622 1837 y Fu([)p Fx(f)10 b Fu(])p FG(,)150 1945 y Fx(T)203 1959 y Fw(2)243 1945 y Fu([)p Fx(f)g Fu(])31 b FG(implies)i(the)f(other)-5 b(.)56 b(Ho)n(we)n(v)o(er)l(,)34 b(in)e(the)g(presence)i(of)e(the)h (induction)i(principle)f(the)o(y)f(do)f(imply)g(each)150 2053 y(other)-5 b(.)39 b(F)o(or)26 b(e)o(xample,)i(it)e(is)h(easy)g(to) g(pro)o(v)o(e)g Fx(T)1629 2067 y Fw(2)1669 2053 y Fu([)p Fx(f)10 b Fu(])25 b FG(from)i Fx(T)2055 2067 y Fw(1)2094 2053 y Fu([)p Fx(f)10 b Fu(])26 b FG(using)i FN(IND)p Fu([)p Fx(Z)q(;)15 b(P)s(;)g(f)10 b Fu(])26 b FG(where)h Fx(Z)7 b Fu(\()p Fx(v)s Fu(\))32 b Fy(\021)f Fx(v)j Fu(=)d Fx(u)150 2161 y FG(and)c Fx(P)13 b Fu(\()p Fx(v)s Fu(\))32 b Fy(\021)f Fx(u)g Fu(=)f Fx(v)c Fy(_)c(9)p Fx(w)17 b(:)e(f)1184 2175 y Fw(tc)1247 2161 y Fu(\()p Fx(u;)g(w)r Fu(\))24 b Fy(^)e Fx(f)10 b Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))p FG(.)39 b(Here,)26 b(for)h(each)h Fx(u)d FG(we)h(use)h FN(IND)p Fu([)p Fx(Z)q(;)15 b(P)s(;)g(f)10 b Fu(])27 b FG(to)f(pro)o(v)o(e)h(by)150 2269 y(induction)f(that)e(e)n(v)o(ery)g Fx(v)i FG(reachable)g(from)e Fx(u)f FG(satis\002es)h(the)g(right-hand)i (side)f(of)e Fx(T)2778 2283 y Fw(2)2818 2269 y Fu([)p Fx(f)10 b Fu(])p FG(.)316 2377 y(Another)25 b(useful)g(axiom)f(scheme)g (pro)o(v)n(able)h(from)f Fx(T)2017 2391 y Fw(1)2079 2377 y FG(plus)g FN(IND)e FG(is)i(the)g(transiti)n(vity)i(of)e (reachability:)906 2522 y FN(T)-7 b(rans)q Fu([)p Fx(f)10 b Fu(])50 b Fy(\021)g(8)p Fx(u;)15 b(v)s(;)g(w)k(:)c(f)1807 2536 y Fw(tc)1869 2522 y Fu(\()p Fx(u;)g(w)r Fu(\))22 b Fy(^)e Fx(f)2246 2536 y Fw(tc)2309 2522 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))27 b Fy(!)e Fx(f)2721 2536 y Fw(tc)2783 2522 y Fu(\()p Fx(u;)15 b(v)s Fu(\))150 2712 y SDict begin H.S end 150 2712 a 150 2712 a SDict begin 13 H.A end 150 2712 a 150 2712 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.3.2) cvn /DEST pdfmark end 150 2712 a 86 x FG(3.2.)46 b FN(Coloring)25 b(Axioms.)46 b FG(W)-7 b(e)24 b(ne)o(xt)i(describe)g (three)g(TC-sound)g(axioms)g(schemes)g(that)f(are)g(not)g(implied)h(by) 150 2906 y Fx(T)203 2920 y Fw(1)243 2906 y Fu([)p Fx(F)13 b Fu(])22 b Fy(^)g Fx(T)522 2920 y Fw(2)562 2906 y Fu([)p Fx(F)13 b Fu(])p FG(,)27 b(and)g(are)f(pro)o(v)n(able)i(from)f(the)f (induction)j(principle.)40 b(W)-7 b(e)26 b(will)g(see)g(in)h(the)f (sequel)i(that)f(these)150 3014 y(coloring)h(axioms)e(are)g(v)o(ery)g (useful)h(in)f(pro)o(ving)h(that)g(paths)f(do)g(not)g(e)o(xist,)h (permitting)h(us)d(to)h(v)o(erify)h(a)e(v)n(ariety)150 3121 y(of)j(algorithms.)44 b(In)28 b(Section)1109 3122 y SDict begin H.S end 1109 3122 a -1 x FG(5)1154 3059 y SDict begin H.R end 1154 3059 a 1154 3121 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.5) cvn H.B /ANN pdfmark end 1154 3121 a FG(,)g(we)f(will)h(present)h(some)f(heuristics)j (for)d(automatically)j(choosing)g(particular)150 3229 y(instances)26 b(of)d(the)h(coloring)i(axiom)e(schemes)h(that)f(enable) h(us)e(to)h(pro)o(v)o(e)g(our)g(goal)g(formulas.)316 3337 y(The)f(\002rst)g(coloring)j(axiom)e(scheme)g(is)g(the)g(NoExit)f (axiom)h(scheme:)541 3483 y Fu(\()p Fy(8)p Fx(u;)15 b(v)j(:)d(A)p Fu(\()p Fx(u)p Fu(\))22 b Fy(^)e(:)p Fx(A)p Fu(\()p Fx(v)s Fu(\))26 b Fy(!)f(:)p Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\)\))51 b Fy(!)g(8)p Fx(u;)15 b(v)j(:)d(A)p Fu(\()p Fx(u)p Fu(\))22 b Fy(^)d(:)p Fx(A)p Fu(\()p Fx(v)s Fu(\))27 b Fy(!)e(:)p Fx(f)3087 3497 y Fw(tc)3149 3483 y Fu(\()p Fx(u;)15 b(v)s Fu(\))150 3629 y FG(for)21 b(an)o(y)h(\002rst-order)h (formula)f Fx(A)p Fu(\()p Fx(u)p Fu(\))p FG(,)g(and)g(binary)g (relation)i(symbol,)e Fx(f)10 b FG(,)20 b FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])20 b FG(says)j(that)e(if)g(no)h Fx(f)10 b FG(-edge)150 3737 y(lea)n(v)o(es)25 b(color)f(class)h Fx(A)p FG(,)d(then)j(no)e(point)i(outside)g(of)f Fx(A)f FG(is)g Fx(f)2025 3751 y Fw(tc)2087 3737 y FG(-reachable)k(from)c Fx(A)p FG(.)316 3845 y(Observ)o(e)37 b(that)f(although)i(it)e(is)g(v)o (ery)g(simple,)j FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])35 b FG(does)i(not)f(follo)n(w)g(from)g Fx(T)3266 3859 y Fw(1)3306 3845 y Fu([)p Fx(f)10 b Fu(])29 b Fy(^)g Fx(T)3583 3859 y Fw(2)3622 3845 y Fu([)p Fx(f)10 b Fu(])p FG(.)150 3953 y(Let)37 b Fx(G)379 3967 y Fw(1)470 3953 y Fu(=)50 b(\()p Fx(V)5 b(;)15 b(f)5 b(;)15 b(f)859 3967 y Fw(tc)922 3953 y Fx(;)g(A)p Fu(\))38 b FG(be)f(a)g(model)h (consisting)i(of)d(tw)o(o)g(disjoint)j(c)o(ycles:)58 b Fx(V)71 b Fu(=)50 b Fy(f)p Fu(1)p Fx(;)15 b Fu(2)p Fx(;)g Fu(3)p Fx(;)g Fu(4)p Fy(g)p FG(,)44 b Fx(f)60 b Fu(=)150 4060 y Fy(fh)p Fu(1)p Fx(;)15 b Fu(2)p Fy(i)p Fx(;)g Fy(h)p Fu(2)p Fx(;)g Fu(1)p Fy(i)p Fx(;)g Fy(h)p Fu(3)p Fx(;)h Fu(4)p Fy(i)p Fx(;)g Fy(h)p Fu(4)q Fx(;)f Fu(3)p Fy(i)q(g)p FG(,)42 b(and)34 b Fx(A)45 b Fu(=)f Fy(f)p Fu(1)p Fx(;)15 b Fu(2)p Fy(g)p FG(.)61 b(Let)34 b Fx(f)2125 4074 y Fw(tc)2220 4060 y FG(ha)n(v)o(e)h(all)f(16)g (possible)i(pairs.)61 b(Thus)34 b Fx(G)3546 4074 y Fw(1)3619 4060 y FG(sat-)150 4168 y(is\002es)g Fx(T)423 4182 y Fw(1)463 4168 y Fu([)p Fx(f)10 b Fu(])27 b Fy(^)h Fx(T)737 4182 y Fw(2)777 4168 y Fu([)p Fx(f)10 b Fu(])33 b FG(b)n(ut)h(violates) i FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])p FG(.)59 b(Ev)o(en)34 b(for)g(ac)o(yclic)i(models,)h FN(NoExit)p Fu([)p Fx(A;)15 b(f)10 b Fu(])34 b FG(does)h(not)150 4276 y(follo)n(w)25 b(from)f Fx(T)662 4290 y Fw(1)701 4276 y Fu([)p Fx(f)10 b Fu(])21 b Fy(^)f Fx(T)961 4290 y Fw(2)1001 4276 y Fu([)p Fx(f)10 b Fu(])23 b FG(because)j(there)f(are) g(in\002nite)g(models)g(in)f(which)h(the)f(implication)j(does)e(not)f (hold)150 4384 y(\(Proposition)622 4385 y SDict begin H.S end 622 4385 a -1 x FG(4.7)736 4322 y SDict begin H.R end 736 4322 a 736 4384 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.7) cvn H.B /ANN pdfmark end 736 4384 a FG(\).)316 4492 y FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])20 b FG(follo)n(ws)i(easily)g(from)f(the)g(induction)i (principle:)31 b(if)20 b(no)h Fx(f)10 b FG(-edges)22 b(lea)n(v)o(e)f Fx(A)p FG(,)g(then)h(induction)150 4600 y(tells)j(us)f(that)g(e)n(v)o(erything)i Fx(f)1041 4614 y Fw(tc)1104 4600 y FG(-reachable)g(from)e(a)g(point)g(in)g Fx(A)g FG(satis\002es)h Fx(A)p FG(.)k(Similarly)-6 b(,)24 b FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])23 b FG(implies)150 4708 y(the)h(induction)i(axiom,)e FN(IND)o Fu([)p Fx(Z)q(;)15 b(A;)g(f)10 b Fu(])p FG(,)24 b(for)g(an)o(y)f(formula)i Fx(Z)7 b FG(.)316 4835 y(The)18 b(second)h(coloring)i(axiom)d(scheme)h (is)f(the)g(GoOut)g(axiom:)27 b(for)18 b(an)o(y)h(\002rst-order)g (formulas)h Fx(A)p Fu(\()p Fx(u)p Fu(\))p Fx(;)15 b(B)5 b Fu(\()p Fx(u)p Fu(\))p FG(,)150 4943 y(and)27 b(binary)h(relation)g (symbol,)g Fx(f)10 b FG(,)25 b FN(GoOut)p Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])26 b FG(says)h(that)g(if)f(the)h(only)g Fx(f)10 b FG(-edges)28 b(lea)n(ving)g(color)f(class)h Fx(A)150 5051 y FG(are)c(to)f Fx(B)5 b FG(,)22 b(then)i(an)o(y)g Fx(f)873 5065 y Fw(tc)936 5051 y FG(-path)g(from)g(a)f(point)h(in)g Fx(A)f FG(to)g(a)g(point)i(not)f(in)f Fx(A)g FG(must)h(pass)g(through)h Fx(B)5 b FG(.)415 5192 y Fu(\()p Fy(8)p Fx(u;)15 b(v)k(:)c(A)p Fu(\()p Fx(u)p Fu(\))21 b Fy(^)f(:)p Fx(A)p Fu(\()p Fx(v)s Fu(\))h Fy(^)f Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\))26 b Fy(!)f Fx(B)5 b Fu(\()p Fx(v)s Fu(\)\))84 b Fy(!)766 5300 y(8)p Fx(u;)15 b(v)j(:)d(A)p Fu(\()p Fx(u)p Fu(\))21 b Fy(^)f(:)p Fx(A)p Fu(\()p Fx(v)s Fu(\))h Fy(^)f Fx(f)1696 5314 y Fw(tc)1759 5300 y Fu(\()p Fx(u;)15 b(v)s Fu(\))84 b Fy(!)f(9)p Fx(w)17 b(:)e(B)5 b Fu(\()p Fx(w)r Fu(\))22 b Fy(^)d Fx(f)2757 5314 y Fw(tc)2820 5300 y Fu(\()p Fx(u;)c(w)r Fu(\))22 b Fy(^)e Fx(f)3197 5314 y Fw(tc)3259 5300 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))p eop end end %%Page: 8 8 TeXDict begin HPSdict begin 8 7 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.8) cvn /DEST pdfmark end 150 82 a Fz(8)561 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 448 y FG(T)-7 b(o)23 b(see)h(that)h FN(GoOut)p Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])24 b FG(follo)n(ws)g(from)g(the)h(induction)i(principle,)f(assume)f(that)g (the)f(only)h Fx(f)10 b FG(-edges)25 b(out)150 555 y(of)g Fx(A)f FG(enter)h Fx(B)5 b FG(.)31 b(F)o(or)24 b(an)o(y)g(\002x)o(ed)h Fx(u)f FG(in)g Fx(A)p FG(,)g(we)g(pro)o(v)o(e)h(by)g(induction)i(that)e (an)o(y)g(point)h Fx(v)h(f)2948 569 y Fw(tc)3011 555 y FG(-reachable)g(from)d Fx(u)g FG(is)150 663 y(either)h(in)e Fx(A)g FG(or)h(has)f(a)h(predecessor)l(,)i Fx(b)d FG(in)h Fx(B)5 b FG(,)22 b(that)i(is)f Fx(f)1902 677 y Fw(tc)1965 663 y FG(-reachable)j(from)d Fx(u)p FG(.)316 790 y(The)33 b(third)i(coloring)h(axiom)f(scheme)f(is)g(the)g FN(NewStart)g FG(axiom,)j(which)d(is)g(useful)h(in)f(the)g(conte)o(xt)h(of)150 898 y(dynamically)27 b(changing)h(graphs:)33 b(for)25 b(an)o(y)g(\002rst-order)h(formula)g Fx(A)p Fu(\()p Fx(u)p Fu(\))p FG(,)f(and)g(binary)i(relation)f(symbols)g Fx(f)34 b FG(and)150 1006 y Fx(g)s FG(,)21 b(think)h(of)f Fx(f)30 b FG(as)21 b(the)g(pre)n(vious)i(edge)f(relation)h(and)f Fx(g)i FG(as)d(the)g(current)i(edge)e(relation.)30 b FN(NewStart)q Fu([)p Fx(A;)15 b(f)5 b(;)15 b(g)s Fu(])21 b FG(says)150 1114 y(that)g(if)g(there)h(are)f(no)g(ne)n(w)g(edges)h (between)g Fx(A)e FG(nodes,)i(then)g(an)o(y)f(ne)n(w)g(path,)g(i.e.,)g Fx(g)2783 1128 y Fw(tc)2866 1114 y FG(b)n(ut)h(not)f Fx(f)3182 1128 y Fw(tc)3245 1114 y FG(,)f(from)h Fx(A)f FG(must)150 1222 y(lea)n(v)o(e)k Fx(A)f FG(to)h(mak)o(e)f(its)h (change:)386 1363 y Fu(\()p Fy(8)p Fx(u;)15 b(v)k(:)c(A)p Fu(\()p Fx(u)p Fu(\))21 b Fy(^)f Fx(A)p Fu(\()p Fx(v)s Fu(\))i Fy(^)d Fx(g)s Fu(\()p Fx(u;)c(v)s Fu(\))28 b Fy(!)d Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\)\))84 b Fy(!)903 1471 y(8)p Fx(u;)15 b(v)j(:)d(g)1191 1485 y Fw(tc)1255 1471 y Fu(\()p Fx(u;)g(v)s Fu(\))22 b Fy(^)e(:)p Fx(f)1673 1485 y Fw(tc)1735 1471 y Fu(\()p Fx(u;)15 b(v)s Fu(\))84 b Fy(!)f(9)p Fx(w)17 b(:)e Fy(:)p Fx(A)p Fu(\()p Fx(w)r Fu(\))22 b Fy(^)e Fx(g)2787 1485 y Fw(tc)2850 1471 y Fu(\()p Fx(u;)15 b(w)r Fu(\))22 b Fy(^)e Fx(g)3225 1485 y Fw(tc)3288 1471 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))150 1618 y FN(NewStart)q Fu([)p Fx(A;)g(f)5 b(;)15 b(g)s Fu(])33 b FG(follo)n(ws)g(from)g(the)g(induction)i(principle)g(by)e(a)g (proof)g(that)h(is)e(similar)i(to)e(the)h(proof)h(of)150 1726 y FN(GoOut)p Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])p FG(.)150 1878 y SDict begin H.S end 150 1878 a 150 1878 a SDict begin 13 H.A end 150 1878 a 150 1878 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.2.1) cvn /DEST pdfmark end 150 1878 a 85 x FG(3.2.1.)46 b Fv(Link)o(ed)33 b(Lists.)46 b FG(The)31 b(spirit)i(behind)h(our)e(consideration)k(of)c (the)g(coloring)i(axioms)e(is)g(similar)h(to)f(that)150 2071 y(found)d(in)f(a)f(paper)i(of)f(Gre)o(g)f(Nelson')-5 b(s)29 b(in)f(which)g(he)g(introduced)j(a)c(set)h(of)g(reachability)j (axioms)e(for)f(a)f(func-)150 2179 y(tional)21 b(predicate,)i Fx(f)10 b FG(,)20 b(i.e.,)f(there)j(is)e(at)g(most)g(one)h Fx(f)28 b FG(edge)21 b(lea)n(ving)i(an)o(y)d(point)h([)2652 2180 y SDict begin H.S end 2652 2180 a -1 x FG(Nel83)2875 2117 y SDict begin H.R end 2875 2117 a 2875 2179 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Nelson) cvn H.B /ANN pdfmark end 2875 2179 a FG(].)27 b(Nelson)21 b(ask)o(ed)g(whether)150 2287 y(his)h(axiom)g(schemes)h(are)e(complete)i(for)f(the)g(functional) i(setting.)30 b(W)-7 b(e)21 b(remark)h(that)g(Nelson')-5 b(s)23 b(axiom)f(schemes)150 2395 y(are)i(pro)o(v)n(able)i(from)d Fx(T)874 2409 y Fw(1)937 2395 y FG(plus)i(our)f(induction)i(principle.) 33 b(Ho)n(we)n(v)o(er)l(,)23 b(Nelson')-5 b(s)25 b(axiom)g(schemes)g (are)f(not)g(com-)150 2503 y(plete:)44 b(we)30 b(constructed)k(a)c (functional)j(graph)f(that)f(satis\002es)g(Nelson')-5 b(s)32 b(axioms)f(b)n(ut)g(violates)i FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])150 2611 y FG(\(Proposition)622 2612 y SDict begin H.S end 622 2612 a -1 x FG(4.7)736 2549 y SDict begin H.R end 736 2549 a 736 2611 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.7) cvn H.B /ANN pdfmark end 736 2611 a FG(\).)316 2719 y(At)32 b(least)j(one)e(of)g(Nelson') -5 b(s)35 b(axiom)f(schemes)g(seems)g(orthogonal)i(to)e(our)f(coloring) j(axioms)e(and)f(may)150 2827 y(be)g(useful)i(in)e(certain)i(proofs.)59 b(Nelson')-5 b(s)35 b(\002fth)e(axiom)h(scheme)g(states)h(that)e(the)h (points)h(reachable)g(from)f(a)150 2935 y(gi)n(v)o(en)e(point)g(are)f (linearly)i(ordered.)53 b(The)30 b(soundness)k(of)d(the)g(axiom)h (scheme)f(is)g(due)h(to)f(the)g(f)o(act)g(that)h Fx(f)39 b FG(is)150 3042 y(functional.)30 b(W)-7 b(e)19 b(mak)o(e)h(use)g(of)g (a)f(simpli\002ed)i(v)o(ersion)g(of)f(Nelson')-5 b(s)21 b(ordering)h(axiom)e(scheme:)28 b(Let)19 b FN(Func)o Fu([)p Fx(f)10 b Fu(])25 b Fy(\021)150 3150 y(8)p Fx(u;)15 b(v)s(;)g(w)j(:)d(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\))22 b Fy(^)e Fx(f)10 b Fu(\()p Fx(u;)15 b(w)r Fu(\))26 b Fy(!)f Fx(v)k Fu(=)24 b Fx(w)r FG(;)g(then,)434 3296 y FN(Order)p Fu([)p Fx(f)10 b Fu(])50 b Fy(\021)g FN(Func)o Fu([)p Fx(f)10 b Fu(])26 b Fy(!)f(8)p Fx(u;)15 b(v)s(;)g(w)j(:)d(f)1794 3310 y Fw(tc)1857 3296 y Fu(\()p Fx(u;)g(v)s Fu(\))22 b Fy(^)d Fx(f)2213 3310 y Fw(tc)2276 3296 y Fu(\()p Fx(u;)c(w)r Fu(\))52 b Fy(!)e Fx(f)2743 3310 y Fw(tc)2806 3296 y Fu(\()p Fx(v)s(;)15 b(w)r Fu(\))22 b Fy(_)e Fx(f)3178 3310 y Fw(tc)3240 3296 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))150 3486 y SDict begin H.S end 150 3486 a 150 3486 a SDict begin 13 H.A end 150 3486 a 150 3486 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.3.2.2) cvn /DEST pdfmark end 150 3486 a 85 x FG(3.2.2.)46 b Fv(T)-5 b(r)m(ees.)46 b FG(When)21 b(w)o(orking)i(with)e(programs)i(manipulating)i(trees,)d(we)e(ha)n(v)o (e)i(a)f(\002x)o(ed)g(set)h(of)f(selectors)j Fx(S)5 b(el)150 3679 y FG(and)24 b(transiti)n(v)o(e)h(closure)h(is)d(performed)i(on)f (the)g Fx(dow)r(n)f FG(relation,)i(de\002ned)g(as)1193 3840 y Fy(8)p Fx(v)1288 3854 y Fw(1)1327 3840 y Fx(;)15 b(v)1411 3854 y Fw(2)1466 3840 y Fx(:)g(dow)r(n)p Fu(\()p Fx(v)1798 3854 y Fw(1)1839 3840 y Fx(;)g(v)1923 3854 y Fw(2)1963 3840 y Fu(\))51 b Fy($)2230 3754 y Fq(_)2190 3952 y Fr(s)p FM(2)p Fr(S)t(el)2386 3840 y Fx(s)p Fu(\()p Fx(v)2508 3854 y Fw(1)2548 3840 y Fx(;)15 b(v)2632 3854 y Fw(2)2672 3840 y Fu(\))150 4079 y FG(T)m(rees)21 b(ha)n(v)o(e)g(no)g (sharing)i(\(i.e.,)e(the)g Fx(dow)r(n)g FG(relation)h(is)f(injecti)n(v) o(e\),)i(thus)f(a)e(similar)i(axiom)f(to)g FN(Order)p Fu([)p Fx(f)10 b Fu(])20 b FG(is)h(used:)577 4225 y Fy(8)p Fx(u;)15 b(v)s(;)g(w)j(:)d(dow)r(n)1143 4239 y Fw(tc)1207 4225 y Fu(\()p Fx(v)s(;)g(u)p Fu(\))22 b Fy(^)d Fx(dow)r(n)1731 4239 y Fw(tc)1795 4225 y Fu(\()p Fx(w)r(;)c(u)p Fu(\))52 b Fy(!)e Fx(dow)r(n)2430 4239 y Fw(tc)2494 4225 y Fu(\()p Fx(v)s(;)15 b(w)r Fu(\))22 b Fy(_)e Fx(dow)r(n)3034 4239 y Fw(tc)3097 4225 y Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))150 4371 y FG(Another)21 b(important)g(property)h(of)e(trees)g(is)g(that)g (the)g(subtrees)i(belo)n(w)e(distinct)h(children)h(of)e(a)f(node)i(are) e(disjoint.)150 4479 y(W)-7 b(e)23 b(use)h(the)f(follo)n(wing)i(axioms) g(to)e(capture)i(this,)f(where)g Fx(s)2077 4493 y Fw(1)2141 4479 y Fy(6)p Fu(=)h Fx(s)2280 4493 y Fw(2)2345 4479 y Fy(2)f Fx(S)5 b(el)r FG(:)616 4624 y Fy(8)p Fx(v)s(;)15 b(v)798 4638 y Fw(1)837 4624 y Fx(;)g(v)921 4638 y Fw(2)961 4624 y Fx(;)g(w)j(:)d Fy(:)p Fu(\()p Fx(s)1263 4638 y Fw(1)1303 4624 y Fu(\()p Fx(v)s(;)g(v)1469 4638 y Fw(1)1509 4624 y Fu(\))21 b Fy(^)f Fx(s)1689 4638 y Fw(2)1728 4624 y Fu(\()p Fx(v)s(;)15 b(v)1894 4638 y Fw(2)1934 4624 y Fu(\))21 b Fy(^)f Fx(dow)r(n)2284 4638 y Fw(tc)2347 4624 y Fu(\()p Fx(v)2426 4638 y Fw(1)2466 4624 y Fx(;)15 b(w)r Fu(\))22 b Fy(^)d Fx(dow)r(n)2923 4638 y Fw(tc)2987 4624 y Fu(\()p Fx(v)3066 4638 y Fw(2)3106 4624 y Fx(;)c(w)r Fu(\)\))p eop end end %%Page: 9 9 TeXDict begin HPSdict begin 9 8 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.9) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)863 b(9)150 348 y SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (section.4) cvn /DEST pdfmark end 150 348 a 1424 448 a FG(4.)48 b(O)t FF(N)27 b FG(T)t(C)t(-)t(C)t FF(O)t(M)t(P)t(L)t(E)t(T)t(E)t(N)t(E)5 b(S)g(S)316 609 y FG(In)29 b(this)h(section)g(we)f(consider)i(the)e (concept)i(of)e(TC-Completeness)i(in)e(detail.)46 b(The)29 b(reader)h(anxious)h(to)150 717 y(see)24 b(ho)n(w)f(we)g(use)g(our)h (methodology)j(is)c(encouraged)k(to)c(skim)h(or)f(skip)i(this)f (section.)316 825 y(W)-7 b(e)23 b(\002rst)g(sho)n(w)g(that)h(there)h (is)e(no)h(recursi)n(v)o(ely)i(enumerable)g(TC-complete)e(set)g(of)f (axioms.)150 845 y SDict begin H.S end 150 845 a 150 845 a SDict begin 13 H.A end 150 845 a 150 845 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.1) cvn /DEST pdfmark end 150 845 a 142 x FN(Pr)n(oposition)i(4.1.)42 b Fv(Let)22 b Fu(\000)h Fv(be)h(an)f(r)-10 b(.e)o(.)23 b(set)g(of)h(TC-valid)g (\002r)o(st-or)m(der)i(sentences.)31 b(Then)24 b Fu(\000)e Fv(is)i(not)g(TC-complete)o(.)150 1149 y(Pr)l(oof)o(.)42 b FG(By)21 b(the)g(proof)i(of)e(Corollary)i(9,)e(page)i(11)e(of)h([) 1877 1150 y SDict begin H.S end 1877 1150 a -1 x FG(IRR)2029 1116 y Fw(+)2087 1149 y FG(04a)2219 1076 y SDict begin H.R end 2219 1076 a 2219 1149 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.eadtc) cvn H.B /ANN pdfmark end 2219 1149 a FG(],)f(there)h(is)f(a)g(recursi)n(v)o(e)i(procedure)i(that,)d (gi)n(v)o(en)150 1257 y(an)o(y)28 b(T)l(uring)h(machine)h Fx(M)1002 1271 y Fr(n)1077 1257 y FG(as)e(input,)59 b(produces)31 b(a)d(\002rst-order)i(formula)f Fx(')2636 1271 y Fr(n)2711 1257 y FG(in)f(a)g(v)n(ocab)n(ulary)k Fx(\034)3345 1271 y Fr(n)3419 1257 y FG(such)e(that)150 1365 y Fx(')209 1379 y Fr(n)283 1365 y FG(is)e(TC-v)n(alid)g(if)n(f)f(T)l(uring)h (machine,)i Fx(M)1551 1379 y Fr(n)1598 1365 y FG(,)e(on)f(input)i Fu(0)e FG(ne)n(v)o(er)i(halts.)42 b(The)27 b(v)n(ocab)n(ulary)k Fx(\034)3148 1379 y Fr(n)3222 1365 y FG(consists)e(of)f(the)150 1473 y(tw)o(o)h(binary)h(relation)h(symbols,)g Fx(E)5 b(;)15 b(E)1414 1487 y Fw(tc)1478 1473 y FG(,)29 b(constant)i(symbols,) g Fx(a;)15 b(d)p FG(,)30 b(and)g(some)e(unary)j(relation)f(symbols.)46 b(It)150 1581 y(follo)n(ws)22 b(that)g(if)f Fu(\000)f FG(were)h(TC-complete,)i(then)f(it)f(w)o(ould)h(pro)o(v)o(e)g(all)f (true)h(instances)i(of)d Fx(')2974 1595 y Fr(n)3042 1581 y FG(and)h(thus)g(the)f(halting)150 1689 y(problem)k(w)o(ould)f(be)f (solv)n(able.)p 3677 1627 74 4 v 3677 1694 4 67 v 3747 1694 V 3677 1697 74 4 v 316 1846 a(Proposition)758 1847 y SDict begin H.S end 758 1847 a -1 x FG(4.1)872 1784 y SDict begin H.R end 872 1784 a 872 1846 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.1) cvn H.B /ANN pdfmark end 872 1846 a 23 w FG(sho)n(ws)h(that)h(e)n(v)o(en)f(in)g(the)g (presence)i(of)e(only)g(one)h(binary)g(relation)h(symbol,)f(there)f(is) g(no)150 1954 y(r)-5 b(.e.)23 b(TC-complete)h(axiomatization.)316 2062 y(In)e([)443 2063 y SDict begin H.S end 443 2063 a -1 x FG(A)-7 b(vr03)669 2000 y SDict begin H.R end 669 2000 a 669 2062 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Avron) cvn H.B /ANN pdfmark end 669 2062 a FG(],)22 b(A)-7 b(vron)22 b(gi)n(v)o(es)h(an)f(ele)o(gant)h(\002nite)g(axiomatization)i (of)d(the)h(natural)h(numbers)f(using)g(transiti)n(v)o(e)150 2170 y(closure,)39 b(a)c(successor)i(relation)g(and)f(the)f(binary)i (function)g(symbol,)h(\223)p Fu(+)p FG(\224.)63 b(Furthermore,)39 b(he)c(sho)n(ws)h(that)150 2278 y(multiplication)31 b(is)c(de\002nable) h(in)f(this)h(language.)42 b(Since)28 b(the)f(unique)i(TC-model)e(for)g (A)-7 b(vron')i(s)29 b(axioms)f(is)f(the)150 2386 y(standard)f(natural) f(numbers)g(it)e(follo)n(ws)h(that:)150 2387 y SDict begin H.S end 150 2387 a 150 2387 a SDict begin 13 H.A end 150 2387 a 150 2387 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.2) cvn /DEST pdfmark end 150 2387 a 161 x FN(Cor)n(ollary)31 b(4.2.)45 b Fv(Let)28 b Fu(\000)g Fv(be)h(an)g(arithmetic)h(set)f(of)g (TC-valid)g(\002r)o(st-or)m(der)j(sentences)f(o)o(ver)e(a)g(vocab)n (ulary)j(in-)150 2656 y(cluding)24 b(a)e(binary)i(r)m(elation)f(symbol) g(and)g(a)f(binary)i(function)g(symbol)f(\(or)f(a)g(ternary)i(r)m (elation)g(symbol\).)29 b(Then)150 2764 y Fu(\000)23 b Fv(is)g(not)h(TC-complete)o(.)316 2926 y FG(In)k(Proposition)865 2927 y SDict begin H.S end 865 2927 a -1 x FG(3.1)979 2864 y SDict begin H.R end 979 2864 a 979 2926 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.3.1) cvn H.B /ANN pdfmark end 979 2926 a 27 w FG(we)f(sho)n(wed)h(that)h(an)o(y)f(\002nite)g (and)g(ac)o(yclic)h(model)g(of)e Fx(T)2827 2940 y Fw(1)2867 2926 y Fu([)p Fx(f)10 b Fu(])27 b FG(is)h(a)f(TC)f(model.)42 b(This)150 3034 y(can)24 b(be)f(strengthened)28 b(to)150 3053 y SDict begin H.S end 150 3053 a 150 3053 a SDict begin 13 H.A end 150 3053 a 150 3053 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.3) cvn /DEST pdfmark end 150 3053 a 143 x FN(Pr)n(oposition)d(4.3.)42 b Fv(Any)23 b(\002nite)h(model)g(of)f Fx(T)1558 3210 y Fw(1)1621 3196 y Fv(plus)h FN(IND)e Fv(is)i(a)f(TC-model.)150 3357 y(Pr)l(oof)o(.)42 b FG(Let)27 b Fy(A)f FG(be)i(a)f(\002nite)h(model)h (of)e Fx(T)1467 3371 y Fw(1)1534 3357 y FG(plus)h FN(IND)p FG(.)40 b(Let)27 b Fx(f)37 b FG(be)27 b(a)h(binary)h(relation)g (symbol,)h(and)e(let)g Fx(a;)15 b(b)27 b FG(be)150 3465 y(elements)e(of)e(the)h(uni)n(v)o(erse)h(of)f Fy(A)p FG(.)j(Since)d Fy(A)h(j)-15 b Fu(=)25 b Fx(T)1759 3479 y Fw(1)1798 3465 y FG(,)e(if)g(there)i(is)e(an)g Fx(f)33 b FG(path)24 b(from)f Fx(a)g FG(to)g Fx(b)g FG(then)h Fy(A)h(j)-15 b Fu(=)25 b Fx(f)3428 3479 y Fw(tc)3491 3465 y Fu(\()p Fx(a;)15 b(b)p Fu(\))p FG(.)316 3573 y(Con)l(v)o(ersely) -6 b(,)31 b(suppose)g(that)d(there)h(is)f(no)g Fx(f)37 b FG(path)29 b(from)f Fx(a)f FG(to)h Fx(b)p FG(.)42 b(Let)28 b Fx(R)2634 3587 y Fr(a)2703 3573 y FG(be)g(the)g(set)g(of)g(elements)i (of)e(the)150 3681 y(uni)n(v)o(erse)j(of)f Fy(A)e FG(that)j(are)e (reachable)k(from)c Fx(a)p FG(.)47 b(Let)29 b Fx(k)40 b Fu(=)c Fy(j)p Fx(R)2133 3695 y Fr(a)2175 3681 y Fy(j)p FG(.)47 b(Since)29 b Fy(A)g FG(is)g(\002nite)h(we)f(may)h(use)g(e)o (xistential)150 3789 y(quanti\002cation)j(to)d(name)g(e)o(xactly)i(all) e(the)g(elements)h(of)f Fx(R)2082 3803 y Fr(a)2161 3789 y Fu(:)38 b Fx(x)2276 3803 y Fw(1)2315 3789 y Fx(;)15 b(:)g(:)g(:)i(;)e(x)2569 3804 y Fr(k)2612 3789 y FG(.)47 b(W)-7 b(e)29 b(can)i(then)f(de\002ne)h(the)f(color)150 3897 y(class:)h Fx(C)7 b Fu(\()p Fx(y)s Fu(\))26 b Fy(\021)f Fx(y)k Fu(=)c Fx(x)915 3911 y Fw(1)975 3897 y Fy(_)20 b(\001)15 b(\001)g(\001)22 b(_)e Fx(y)28 b Fu(=)e Fx(x)1486 3912 y Fr(k)1529 3897 y FG(.)i(Then)c(we)f(can)i(pro)o(v)o(e)f(using)h FN(IND)p FG(,)d(or)i(equi)n(v)n(alently)j FN(NoExit)p FG(,)d(that)150 4005 y(no)g(v)o(erte)o(x)h(outside)h(this)e(color)i (class)f(is)e(reachable)k(from)d Fx(a)p FG(,)f(i.e.,)g Fy(A)j(j)-15 b Fu(=)26 b Fy(:)p Fx(f)2581 4019 y Fw(tc)2643 4005 y Fu(\()p Fx(a;)15 b(b)p Fu(\))p FG(.)31 b(Thus,)24 b(as)g(desired,)i Fy(A)d FG(is)h(a)150 4113 y(TC-model.)p 3677 4052 74 4 v 3677 4118 4 67 v 3747 4118 V 3677 4121 74 4 v 150 4301 a SDict begin H.S end 150 4301 a 150 4301 a SDict begin 13 H.A end 150 4301 a 150 4301 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.4.1) cvn /DEST pdfmark end 150 4301 a 99 x FG(4.1.)46 b FN(Mor)n(e)29 b(About)e (TC-Completeness.)46 b FG(Ev)o(en)28 b(though)j(there)e(is)g(no)f(r)-5 b(.e.)28 b(set)h(of)f(TC-complete)i(axioms)f(in)150 4508 y(general,)40 b(there)d(are)e(TC-complete)i(axiomatizations)j(for)35 b(certain)j(interesting)g(cases.)66 b(Let)35 b Fu(\006)g FG(be)g(a)g(set)h(of)150 4616 y(formulas.)30 b(W)-7 b(e)21 b(say)i(that)g Fx( )i FG(is)e Fv(TC-valid)g(wrt)f Fu(\006)f FG(if)n(f)h(e)n(v)o(ery)h(TC-model)f(of)h Fu(\006)e FG(satis\002es)j Fx( )s FG(.)k(Let)22 b Fu(\000)f FG(be)i(TC-sound.)150 4724 y(W)-7 b(e)31 b(say)g(that)h Fu(\000)f FG(is)g Fv(TC-complete)h (wrt)f Fu(\006)g FG(if)n(f)g Fu(\000)26 b Fy([)f Fu(\006)40 b Fy(`)f Fx( )c FG(for)c(e)n(v)o(ery)h Fx( )i FG(that)e(is)g(TC-v)n (alid)f(wrt)g Fu(\006)p FG(.)51 b(W)-7 b(e)31 b(are)150 4832 y(interested)26 b(in)e(whether)g Fx(T)988 4846 y Fw(1)1050 4832 y FG(plus)h FN(IND)d FG(is)h(TC-complete)i(with)e (respect)i(to)f(interesting)i(theories,)g Fu(\006)p FG(.)316 4940 y(Since)33 b Fu(TC[)p Fx(s)p Fu(]\()p Fx(a;)15 b(b)p Fu(\))33 b FG(asserts)i(the)e(e)o(xistence)i(of)e(a)f(\002nite)h Fx(s)p FG(-path)h(from)f Fx(a)f FG(to)h Fx(b)p FG(,)h(we)e(can)i(e)o (xpress)g(that)g(a)150 5048 y(structure)28 b(is)d(\002nite)h(by)g (writing)g(the)g(formula:)34 b Fu(\010)29 b Fy(\021)g FN(Func)o Fu([)p Fx(s)p Fu(])22 b Fy(^)f(9)p Fx(x)p Fy(8)p Fx(y)c(:)e(s)2562 5062 y Fw(tc)2625 5048 y Fu(\()p Fx(x;)g(y)s Fu(\))p FG(.)35 b(Observ)o(e)26 b(that)g(e)n(v)o(ery)h(TC-)150 5156 y(model)d(that)h(satis\002es)g Fu(\010)e FG(is)g(\002nite.)30 b(Thus,)24 b(if)g(we)f(are)h(in)g(a)f(setting)j(\226)d(as)h(is)g (frequent)i(in)e(logic)h(\226)e(where)h(we)f(may)150 5264 y(add)h(a)f(ne)n(w)g(binary)i(relation)g(symbol,)g Fx(s)p FG(,)d(then)i FN(\002niteness)f(is)h(TC-expr)n(essible)p FG(.)150 5283 y SDict begin H.S end 150 5283 a 150 5283 a SDict begin 13 H.A end 150 5283 a 150 5283 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.4) cvn /DEST pdfmark end 150 5283 a eop end end %%Page: 10 10 TeXDict begin HPSdict begin 10 9 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.10) cvn /DEST pdfmark end 150 82 a Fz(10)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 448 y FN(Pr)n(oposition)24 b(4.4.)40 b Fv(Let)22 b Fu(\006)g Fv(be)g(a)h(\002nite)g(set)g(of)g (formulas,)h(and)f Fu(\000)e Fv(an)i(r)-10 b(.e)o(.,)22 b(TC-complete)h(axiomatization)j(wrt)c Fu(\006)150 555 y Fv(in)h(a)h(langua)o(g)o(e)i(wher)m(e)d(\002niteness)k(is)c(TC-e)n (xpr)m(essible)o(.)31 b(Then)23 b(\002nite)i(TC-validity)g(for)f Fu(\006)e Fv(is)h(decidable)o(.)150 717 y(Pr)l(oof)o(.)42 b FG(Let)30 b Fu(\010)g FG(be)h(a)g(formula)h(as)e(abo)o(v)o(e)i(that)g (TC-e)o(xpresses)g(\002niteness.)53 b(Let)30 b Fx( )k FG(be)d(an)o(y)g(formula.)52 b(If)31 b Fx( )i FG(is)150 825 y(not)28 b(\002nite)g(TC-v)n(alid)g(wrt)f Fu(\006)p FG(,)h(then)g(we)f(can)i(\002nd)e(a)h(\002nite)g(TC)e(model)i(of)g Fu(\006)e FG(where)j Fx( )h FG(is)e(f)o(alse.)42 b(If)28 b Fx( )i FG(is)e(\002nite)150 933 y(TC-v)n(alid,)h(then)g Fu(\000)24 b Fy([)f Fu(\006)34 b Fy(`)g Fu(\010)g Fy(!)g Fx( )s FG(,)28 b(and)h(we)f(can)g(\002nd)g(this)h(out)g(by)f (systematically)k(generating)f(all)e(proofs)150 1041 y(from)23 b Fu(\000)p FG(.)p 3677 980 74 4 v 3677 1046 4 67 v 3747 1046 V 3677 1049 74 4 v 316 1199 a(From)j(Proposition)984 1200 y SDict begin H.S end 984 1200 a -1 x FG(4.4)1098 1137 y SDict begin H.R end 1098 1137 a 1098 1199 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.4) cvn H.B /ANN pdfmark end 1098 1199 a 26 w FG(we)g(kno)n(w)h(that)g(we)f(must)h (restrict)h(our)f(search)h(for)f(cases)h(of)f(TC-completeness)150 1307 y(to)c(those)g(where)g(\002nite)g(TC-v)n(alidity)h(is)f (decidable.)31 b(In)22 b(particular)l(,)k(since)d(the)g(\002nite)g (theory)h(of)f(tw)o(o)f(functional)150 1415 y(relations)k(is)d (undecidable,)k(e.g.,)c([)1261 1416 y SDict begin H.S end 1261 1416 a -1 x FG(IRR)1413 1382 y Fw(+)1471 1415 y FG(04a)1603 1342 y SDict begin H.R end 1603 1342 a 1603 1415 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.eadtc) cvn H.B /ANN pdfmark end 1603 1415 a FG(],)f(we)h(kno)n(w)h(that,)150 1434 y SDict begin H.S end 150 1434 a 150 1434 a SDict begin 13 H.A end 150 1434 a 150 1434 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.5) cvn /DEST pdfmark end 150 1434 a 143 x FN(Cor)n(ollary)32 b(4.5.)46 b Fv(Ther)m(e)30 b(ar)m(e)g(no)g(r)-10 b(.e)o(.)29 b(TC-valid)i(axioms)g(for)f(the)g (functional)j(case)e(e)o(ven)g(if)e(we)h(r)m(estrict)h(to)f(at)150 1685 y(most)23 b(two)h(binary)h(r)m(elation)g(symbols.)150 1887 y SDict begin H.S end 150 1887 a 150 1887 a SDict begin 13 H.A end 150 1887 a 150 1887 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.4.2) cvn /DEST pdfmark end 150 1887 a 89 x FG(4.2.)46 b FN(Nelson')m(s)25 b(Axioms.)47 b FG(Our)25 b(idea)h(of)f(considering)k(transiti)n(v)o(e-closure)h (axioms)d(is)e(similar)h(in)g(spirit)g(to)g(the)150 2084 y(approach)38 b(that)e(Nelson)g(tak)o(es)g([)1231 2085 y SDict begin H.S end 1231 2085 a -1 x FG(Nel83)1454 2022 y SDict begin H.R end 1454 2022 a 1454 2084 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Nelson) cvn H.B /ANN pdfmark end 1454 2084 a FG(].)63 b(T)-7 b(o)35 b(pro)o(v)o(e)g(some)h (program)g(properties,)41 b(he)36 b(introduces)i(a)d(set)g(of)150 2192 y(reachability)j(axiom)d(schemes)h(for)f(a)f(functional)j (predicate,)j Fx(f)10 b FG(.)60 b(By)34 b(\223functional\224)k(we)c (mean)h(that)g Fx(f)43 b FG(is)35 b(a)150 2300 y(partial)25 b(function:)31 b FN(Func)o Fu([)p Fx(f)10 b Fu(])25 b Fy(\021)g(8)p Fx(u;)15 b(v)s(;)g(w)k(:)c(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\))21 b Fy(^)f Fx(f)10 b Fu(\()p Fx(u;)15 b(w)r Fu(\))26 b Fy(!)f Fx(v)k Fu(=)c Fx(w)r FG(.)316 2408 y(W)-7 b(e)22 b(remark)i(that)g(Nelson')-5 b(s)25 b(axiom)f(schemes)g(are)f(pro)o(v)n(able)i(from)f Fx(T)2540 2422 y Fw(1)2602 2408 y FG(plus)g(our)f(induction)j(principle.)31 b(At)150 2516 y(least)g(tw)o(o)f(of)f(his)i(schemes)g(may)f(be)g (useful)h(for)f(us)g(to)g(add)h(in)f(our)g(approach.)51 b(Nelson)31 b(ask)o(ed)g(whether)g(his)150 2624 y(axioms)26 b(are)f(complete)i(for)e(the)h(functional)i(setting.)35 b(It)25 b(follo)n(ws)h(from)f(Corollary)2835 2625 y SDict begin H.S end 2835 2625 a -1 x FG(4.5)2949 2562 y SDict begin H.R end 2949 2562 a 2949 2624 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.5) cvn H.B /ANN pdfmark end 2949 2624 a 24 w FG(that)h(the)g(answer)f(is)g(no.)150 2731 y(W)-7 b(e)23 b(pro)o(v)o(e)h(belo)n(w)f(that)h(Nelson')-5 b(s)25 b(axioms)g(do)e(not)h(pro)o(v)o(e)g FN(NoExit)p FG(.)316 2839 y(Nelson')-5 b(s)22 b(basic)g(relation)g(symbols)g(are)f (ternary)-6 b(.)29 b(F)o(or)20 b(e)o(xample,)i(he)f(writes)g(\223)p Fx(u)2903 2795 y Fp(f)2890 2843 y Fo(!)2904 2881 y Fp(x)2997 2839 y Fx(v)t FG(\224)f(to)g(mean)h(that)g(there)150 2947 y(is)29 b(an)h Fx(f)10 b FG(-path)30 b(from)f Fx(u)g FG(to)g Fx(v)k FG(that)d(follo)n(ws)g(no)f(edges)i(out)f(of)g Fx(x)p FG(.)45 b(W)-7 b(e)29 b(encode)i(this)f(as,)h Fx(f)3053 2914 y Fr(x)3043 2970 y Fw(tc)3106 2947 y Fu(\()p Fx(u;)15 b(v)s Fu(\))p FG(,)31 b(where,)g(for)150 3055 y(each)23 b(parameter)i Fx(x)d FG(we)f(add)j(a)e(ne)n(w)g(relation)i (symbol,)g Fx(f)1979 3022 y Fr(x)2022 3055 y FG(,)e(together)j(with)d (the)h(assertion:)31 b Fy(8)p Fx(u;)15 b(v)k(:)c(f)3380 3022 y Fr(x)3423 3055 y Fu(\()p Fx(u;)g(v)s Fu(\))27 b Fy($)150 3163 y Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\))21 b Fy(^)f Fu(\()p Fx(u)26 b Fy(6)p Fu(=)g Fx(x)p Fu(\))p FG(.)i(Nelson)d(also)f(includes)i(a)d(notation)j(for)e(modifying)i(the) e(partial)h(function)h Fx(f)10 b FG(.)28 b(He)23 b(writes,)150 3292 y Fx(f)205 3244 y Fw(\()p Fr(p)p Fw(\))195 3304 y Fr(q)322 3292 y FG(for)h(the)g(partial)h(function)h(that)f(agrees)g (with)e Fx(f)33 b FG(e)n(v)o(erywhere)25 b(e)o(xcept)g(on)f(ar)n (gument)i Fx(p)d FG(where)h(it)f(has)h(v)n(alue)150 3400 y Fx(q)s FG(.)62 b(Nelson')-5 b(s)36 b(eighth)g(axiom)g(scheme)f (asserts)i(a)d(basic)i(consistenc)o(y)i(property)f(for)e(this)g (notation.)65 b(In)35 b(our)150 3526 y(translation)d(we)c(simply)h (assert)h(that)g Fx(f)1426 3478 y Fw(\()p Fr(p)p Fw(\))1416 3537 y Fr(q)1519 3526 y Fu(\()p Fx(u;)15 b(v)s Fu(\))37 b Fy($)e Fu(\()p Fx(u)g Fy(6)p Fu(=)g Fx(p)24 b Fy(^)f Fx(f)10 b Fu(\()p Fx(u;)15 b(v)s Fu(\)\))26 b Fy(_)d Fu(\()p Fx(u)36 b Fu(=)e Fx(p)24 b Fy(^)g Fx(v)38 b Fu(=)d Fx(q)s Fu(\))p FG(.)44 b(When)29 b(we)150 3634 y(translate)d(Nelson')-5 b(s)25 b(eighth)g(axiom)f(scheme)g(the)g(result)h(is)e(tautological,)k (so)c(we)g(can)h(safely)h(omit)e(it.)316 3741 y(Using)h(our)g (translation,)i(Nelson')-5 b(s)25 b(axiom)f(schemes)h(are)e(the)h (follo)n(wing.)150 3780 y SDict begin H.S end 150 3780 a 150 3780 a SDict begin 13 H.A end 150 3780 a 150 3780 a SDict begin [ /View [/XYZ H.V] /Dest (Item.9) cvn /DEST pdfmark end 150 3780 a 88 x FG(\(N1\))42 b Fx(f)418 3835 y Fr(x)408 3891 y Fw(tc)471 3868 y Fu(\()p Fx(u;)15 b(v)s Fu(\))52 b Fy($)e Fu(\()p Fx(u)26 b Fu(=)f Fx(v)s Fu(\))20 b Fy(_)g(9)p Fx(z)f(:)c Fu(\()p Fx(f)1507 3835 y Fr(x)1551 3868 y Fu(\()p Fx(u;)g(z)t Fu(\))22 b Fy(^)e Fx(f)1917 3835 y Fr(x)1907 3891 y Fw(tc)1969 3868 y Fu(\()p Fx(z)t(;)15 b(v)s Fu(\)\))150 3932 y SDict begin H.S end 150 3932 a 150 3932 a SDict begin 13 H.A end 150 3932 a 150 3932 a SDict begin [ /View [/XYZ H.V] /Dest (Item.10) cvn /DEST pdfmark end 150 3932 a 85 x FG(\(N2\))42 b Fx(f)418 3984 y Fr(x)408 4040 y Fw(tc)471 4017 y Fu(\()p Fx(u;)15 b(v)s Fu(\))21 b Fy(^)f Fx(f)837 3984 y Fr(x)827 4040 y Fw(tc)890 4017 y Fu(\()p Fx(v)s(;)15 b(w)r Fu(\))27 b Fy(!)e Fx(f)1312 3984 y Fr(x)1302 4040 y Fw(tc)1364 4017 y Fu(\()p Fx(u;)15 b(w)r Fu(\))150 4081 y SDict begin H.S end 150 4081 a 150 4081 a SDict begin 13 H.A end 150 4081 a 150 4081 a SDict begin [ /View [/XYZ H.V] /Dest (Item.11) cvn /DEST pdfmark end 150 4081 a 85 x FG(\(N3\))42 b Fx(f)418 4133 y Fr(x)408 4188 y Fw(tc)471 4166 y Fu(\()p Fx(u;)15 b(v)s Fu(\))26 b Fy(!)g Fx(f)868 4180 y Fw(tc)930 4166 y Fu(\()p Fx(u;)15 b(v)s Fu(\))150 4230 y SDict begin H.S end 150 4230 a 150 4230 a SDict begin 13 H.A end 150 4230 a 150 4230 a SDict begin [ /View [/XYZ H.V] /Dest (Item.12) cvn /DEST pdfmark end 150 4230 a 85 x FG(\(N4\))42 b Fx(f)418 4271 y Fr(y)408 4339 y Fw(tc)471 4315 y Fu(\()p Fx(u;)15 b(x)p Fu(\))21 b Fy(^)f Fx(f)842 4282 y Fr(z)832 4337 y Fw(tc)894 4315 y Fu(\()p Fx(u;)15 b(y)s Fu(\))26 b Fy(!)g Fx(f)1302 4282 y Fr(z)1292 4337 y Fw(tc)1354 4315 y Fu(\()p Fx(u;)15 b(x)p Fu(\))150 4380 y SDict begin H.S end 150 4380 a 150 4380 a SDict begin 13 H.A end 150 4380 a 150 4380 a SDict begin [ /View [/XYZ H.V] /Dest (Item.13) cvn /DEST pdfmark end 150 4380 a 84 x FG(\(N5\))42 b Fx(f)408 4478 y Fw(tc)471 4464 y Fu(\()p Fx(u;)15 b(x)p Fu(\))26 b Fy(!)f Fx(f)882 4419 y Fr(y)872 4488 y Fw(tc)935 4464 y Fu(\()p Fx(u;)15 b(x)p Fu(\))21 b Fy(_)f Fx(f)1306 4431 y Fr(x)1296 4486 y Fw(tc)1358 4464 y Fu(\()p Fx(u;)15 b(y)s Fu(\))150 4529 y SDict begin H.S end 150 4529 a 150 4529 a SDict begin 13 H.A end 150 4529 a 150 4529 a SDict begin [ /View [/XYZ H.V] /Dest (Item.14) cvn /DEST pdfmark end 150 4529 a 83 x FG(\(N6\))42 b Fx(f)418 4568 y Fr(y)408 4637 y Fw(tc)471 4612 y Fu(\()p Fx(u;)15 b(x)p Fu(\))21 b Fy(^)f Fx(f)842 4579 y Fr(z)832 4635 y Fw(tc)894 4612 y Fu(\()p Fx(u;)15 b(y)s Fu(\))26 b Fy(!)g Fx(f)1302 4579 y Fr(z)1292 4635 y Fw(tc)1354 4612 y Fu(\()p Fx(x;)15 b(y)s Fu(\))150 4677 y SDict begin H.S end 150 4677 a 150 4677 a SDict begin 13 H.A end 150 4677 a 150 4677 a SDict begin [ /View [/XYZ H.V] /Dest (Item.15) cvn /DEST pdfmark end 150 4677 a 84 x FG(\(N7\))42 b Fx(f)10 b Fu(\()p Fx(x;)15 b(u)p Fu(\))21 b Fy(^)f Fx(f)779 4775 y Fw(tc)841 4761 y Fu(\()p Fx(u;)15 b(v)s Fu(\))27 b Fy(!)e Fx(f)1248 4728 y Fr(x)1238 4784 y Fw(tc)1300 4761 y Fu(\()p Fx(u;)15 b(v)s Fu(\))316 4888 y FG(These)26 b(axiom)g(schemes)g(can)g(be)g(pro)o(v)o(ed)g(using)h(appropriate)h (instances)g(of)d Fx(T)2849 4902 y Fw(1)2914 4888 y FG(and)g(the)h (induction)i(prin-)150 4996 y(ciple.)h(Just)21 b(as)g(we)f(sho)n(wed)i (in)f(Proposition)1586 4997 y SDict begin H.S end 1586 4997 a -1 x FG(3.1)1700 4934 y SDict begin H.R end 1700 4934 a 1700 4996 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.3.1) cvn H.B /ANN pdfmark end 1700 4996 a 20 w FG(that)h(an)o(y)f (\002nite)g(and)g(ac)o(yclic)i(model)e(of)g Fx(T)3058 5010 y Fw(1)3097 4996 y Fu([)p Fx(f)10 b Fu(])20 b FG(is)h(a)g(TC)e (model,)150 5104 y(we)k(ha)n(v)o(e)h(that,)150 5117 y SDict begin H.S end 150 5117 a 150 5117 a SDict begin 13 H.A end 150 5117 a 150 5117 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.6) cvn /DEST pdfmark end 150 5117 a 149 x FN(Pr)n(oposition)h(4.6.)42 b Fv(Any)23 b(\002nite)h(and)g (functional)j(model)d(of)f(Nelson')l(s)i(axioms)g(is)e(a)g(TC-model.)p eop end end %%Page: 11 11 TeXDict begin HPSdict begin 11 10 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.11) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(11)150 448 y Fv(Pr)l(oof)o(.)42 b FG(Consider)d(an)o(y)f(\002nite)g(and)h(function)h(model,)i Fy(M)p FG(.)71 b(W)-7 b(e)37 b(claim)i(that)f(for)g(each)h Fx(f)47 b FG(and)38 b Fx(x)52 b Fy(2)g(jMj)p FG(,)150 557 y Fu(\()p Fx(f)240 524 y Fr(x)230 579 y Fw(tc)293 557 y Fu(\))328 524 y FM(M)460 557 y Fu(=)43 b(\(\()p Fx(f)699 524 y Fr(x)742 557 y Fu(\))777 524 y FM(M)866 557 y Fu(\))901 524 y Fr(?)941 557 y FG(.)57 b(If)33 b(there)h(is)f(an)g Fx(f)1594 524 y Fr(x)1670 557 y FG(path)h(from)f Fx(u)g FG(to)g Fx(v)s FG(,)i(then)f(it)f(follo)n(ws)h(from)f(repeated)i (uses)f(of)150 665 y(\(N1\))23 b(that)h Fx(f)558 632 y Fr(x)548 687 y Fw(tc)634 665 y FG(holds.)316 773 y(If)k(there)i(is)e (no)h Fx(f)876 740 y Fr(x)947 773 y FG(path)g(from)f Fx(u)g FG(to)h Fx(v)i FG(and)e Fx(u)f FG(is)g(not)h(on)g(an)f Fx(f)10 b FG(-c)o(ycle,)30 b(then)f(using)h(\(N1\))e(we)g(can)h(follo)n (w)150 881 y Fx(f)10 b FG(-edges)24 b(from)g Fx(u)f FG(to)g(the)h(end)g (and)g(pro)o(v)o(e)g(that)g Fx(f)1715 848 y Fr(x)1705 903 y Fw(tc)1790 881 y FG(does)g(not)g(hold.)316 989 y(If)h(there)g(is)g(no)g Fx(f)861 956 y Fr(x)928 989 y FG(path)g(from)g Fx(u)f FG(to)h Fx(v)i FG(and)e Fx(u)f FG(is)h(on)f(an)h Fx(f)10 b FG(-c)o(ycle)25 b(containing)j Fx(x)p FG(,)c(then)h(using)h(\(N1\))f(we)f(can)150 1097 y(follo)n(w)g Fx(f)10 b FG(-edges)24 b(from)g Fx(u)e FG(to)i Fx(x)e FG(to)i(pro)o(v)o(e)g(that)g Fx(f)1699 1064 y Fr(x)1689 1119 y Fw(tc)1751 1097 y Fu(\()p Fx(u;)15 b(v)s Fu(\))25 b FG(does)f(not)g(hold.)316 1205 y(Finally)-6 b(,)36 b(if)c(there)i(is)f(no)f Fx(f)42 b FG(path)33 b(from)g Fx(u)f FG(to)h Fx(v)i FG(and)e Fx(u)f FG(is)h(on)g(an)f Fx(f)10 b FG(-c)o(ycle,)35 b(suppose)g(for)e(the)g(sak)o(e)h(of)f(a)150 1312 y(contradiction)26 b(that)c Fx(f)853 1326 y Fw(tc)915 1312 y Fu(\()p Fx(u;)15 b(v)s Fu(\))23 b FG(holds.)29 b(Let)21 b Fx(x)g FG(be)h(the)g(predecessor)j(of)d Fx(u)f FG(on)g(the)h(c)o(ycle.)29 b(By)21 b(N7,)g Fx(f)3289 1279 y Fr(x)3279 1335 y Fw(tc)3342 1312 y Fu(\()p Fx(u;)15 b(v)s Fu(\))22 b FG(must)150 1420 y(hold.)30 b(Ho)n(we)n(v)o(er)l(,)23 b(this)h(contradicts)i(the)e(pre)n(vious)i(paragraph.)p 3677 1359 74 4 v 3677 1425 4 67 v 3747 1425 V 3677 1428 74 4 v 316 1578 a(Axiom)g(schemes)h(\(N5\))f(and)g(\(N7\))g(may)g(be)g (useful)h(for)f(us)g(to)g(assert)h(when)f Fx(f)35 b FG(is)26 b(functional.)39 b(\(N5\))25 b(says)150 1686 y(that)j(the)g(points)h (reachable)h(from)e Fx(u)f FG(are)h(totally)h(ordered)g(in)f(the)g (sense)g(that)h(if)e Fx(x)g FG(and)h Fx(y)h FG(are)f(both)h(reachable) 150 1794 y(from)f Fx(u)p FG(,)h(then)g(in)f(the)h(path)g(from)g Fx(u)e FG(either)j Fx(x)d FG(comes)i(\002rst)f(or)h Fx(y)h FG(comes)f(\002rst.)43 b(\(N7\))28 b(says)h(that)g(if)g(there)g(is)f (an)150 1902 y(edge)f(from)g Fx(x)e FG(to)i Fx(u)f FG(and)h(a)f(path)h (from)f Fx(u)g FG(to)h Fx(v)s FG(,)f(then)h(there)h(is)e(a)g(path)i (from)e Fx(u)g FG(to)g Fx(v)j FG(that)e(does)h(not)f(go)f(through)150 2010 y Fx(x)p FG(.)39 b(This)27 b(implies)h(the)f(useful)i(property)g (that)f(no)f(v)o(erte)o(x)g(not)h(on)f(a)g(c)o(ycle)h(is)f(reachable)i (from)e(a)g(v)o(erte)o(x)h(on)f(the)150 2118 y(c)o(ycle.)316 2226 y(W)-7 b(e)23 b(conclude)j(this)e(section)h(by)f(pro)o(ving)h(the) f(follo)n(wing,)150 2245 y SDict begin H.S end 150 2245 a 150 2245 a SDict begin 13 H.A end 150 2245 a 150 2245 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.7) cvn /DEST pdfmark end 150 2245 a 143 x FN(Pr)n(oposition)h(4.7.)42 b Fv(Nelson')l(s)25 b(axioms)f(do)g(not)g(imply)f FN(NoExit)p Fv(.)150 2549 y(Pr)l(oof)o(.)42 b FG(Consider)25 b(the)e(structure)j Fx(G)f Fu(=)g(\()p Fx(V)5 b(;)15 b(f)5 b(;)15 b(f)1701 2563 y Fw(tc)1764 2549 y Fx(;)g(f)1859 2516 y Fw(0)1849 2572 y(tc)1912 2549 y Fx(;)g(f)2007 2516 y Fw(1)1997 2572 y(tc)2060 2549 y Fx(;)g(f)2155 2516 y Fw(2)2145 2572 y(tc)2208 2549 y Fx(;)g(:)g(:)g(:)h(;)f(f)2464 2516 y FM(1)2454 2572 y Fw(tc)2539 2549 y Fx(;)g(A)p Fu(\))23 b FG(such)h(that)g Fx(V)46 b Fu(=)25 b FN(N)18 b Fy([)h(f1g)p FG(,)k(the)150 2657 y(set)h(of)f(natural)i(numbers)g(plus)f(a)f(point)i (at)e(in\002nity)-6 b(.)30 b(Let)23 b Fx(A)j Fu(=)e FN(N)p FG(,)f(i.e.,)f(the)i(color)g(class)h Fx(A)e FG(is)g(interpreted)k(as)c (all)150 2765 y(points)i(e)o(xcept)g Fy(1)p FG(.)j(De\002ne)23 b Fx(f)34 b Fu(=)25 b Fy(fh)p Fx(u;)15 b(u)22 b Fu(+)e(1)p Fy(i)15 b(j)g Fx(u)27 b Fy(2)d FN(N)p Fy(g)p FG(,)f(i.e.,)g(there)h(is) g(an)f(edge)i(from)e(e)n(v)o(ery)h(natural)h(number)150 2873 y(to)f(its)g(successor)l(,)j(b)n(ut)e Fy(1)e FG(is)h(isolated.)32 b(Ho)n(we)n(v)o(er)l(,)24 b(let)g Fx(f)1944 2887 y Fw(tc)2033 2873 y Fu(=)i Fy(fh)p Fx(u;)15 b(v)s Fy(i)g(j)g Fx(u)28 b Fy(\024)e Fx(v)s Fy(g)p FG(,)e(i.e.,)f Fx(G)h FG(belie)n(v)o(es)i (that)e(there)h(is)150 2983 y(a)e(path)i(from)e(each)i(natural)g (number)f(to)g(in\002nity)-6 b(.)30 b(Similarly)-6 b(,)24 b(for)g(each)g Fx(k)29 b Fy(2)c Fx(V)20 b FG(,)j Fx(f)2791 2950 y Fr(k)2781 3006 y Fw(tc)2869 2983 y Fu(=)i Fy(fh)p Fx(u;)15 b(v)s Fy(ij)p Fx(u)28 b Fy(\024)d Fx(v)e Fy(^)d Fu(\()p Fx(k)29 b(<)150 3091 y(u)20 b Fy(_)g Fx(v)29 b Fy(\024)c Fx(k)s Fu(\))p Fy(g)p FG(.)316 3199 y(It)e(is)h(easy)g(to)f (check)i(that)f Fx(G)f FG(satis\002es)i(all)f(of)f(Nelson')-5 b(s)25 b(axioms.)316 3307 y(The)40 b(problem)h(is)e(that)i Fx(G)56 b Fy(j)-15 b Fu(=)55 b Fy(:)p FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])p FG(.)77 b(It)40 b(follo)n(ws)g(that)h(Nelson') -5 b(s)41 b(axioms)g(do)f(not)g(entail)150 3415 y FN(NoExit)q Fu([)p Fx(A;)15 b(f)10 b Fu(])p FG(.)28 b(This)23 b(is)h(another)h (proof)g(that)f(the)o(y)g(are)f(not)h(TC)e(complete.)p 3677 3354 74 4 v 3677 3420 4 67 v 3747 3420 V 3677 3423 74 4 v 150 3617 a SDict begin H.S end 150 3617 a 150 3617 a SDict begin 13 H.A end 150 3617 a 150 3617 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.4.3) cvn /DEST pdfmark end 150 3617 a 85 x FG(4.3.)46 b FN(TC-Completeness)24 b(f)n(or)g(W)-7 b(ords.)46 b FG(In)23 b(this)i(subsection,)i(we)c(pro)o (v)o(e)h(that)h Fx(T)2760 3716 y Fw(1)2822 3702 y FG(plus)g FN(IND)e FG(is)g(TC-complete)150 3810 y(for)h(w)o(ords.)316 3918 y(F)o(or)g(an)o(y)i(alphabet,)h Fu(\006)p FG(,)e(let)g(the)h(v)n (ocab)n(ulary)i(of)e(w)o(ords)f(o)o(v)o(er)h Fu(\006)e FG(be)h Fx(v)s(ocab)p Fu(\(\006\))30 b(=)e Fy(h)p Fu(0)p Fx(;)15 b(max)p Fu(;)g Fx(s)3359 3885 y Fw(2)3399 3918 y Fx(;)g(s)3482 3885 y Fw(2)3482 3941 y(tc)3545 3918 y Fx(;)g(P)3656 3885 y Fw(1)3643 3941 y Fr(\033)3725 3918 y Fu(:)150 4026 y Fx(\033)32 b Fy(2)c Fu(\006)p Fy(i)d FG(.)33 b(The)25 b(domain)i(of)e(a)g(w)o(ord)h(model)g(is)f(an)g (ordered)i(set)f(of)f(positions,)k(and)c(the)h(unary)h(relation)g Fx(P)3580 4040 y Fr(\033)3627 4026 y Fu(\()p Fx(x)p Fu(\))150 4134 y FG(e)o(xpresses)g(the)e(presence)h(of)f(symbol)g Fx(\033)i FG(at)e(position)h(x.)32 b Fx(s)23 b FG(is)h(the)h(successor) i(relation)g(o)o(v)o(er)d(positions,)j(and)e Fx(s)3687 4148 y Fw(tc)150 4242 y FG(is)h(its)g(transiti)n(v)o(e)h(closure.)38 b(The)25 b(constants)j Fu(0)e FG(and)g Fx(max)f FG(represent)j(the)e (\002rst)g(and)g(last)g(positions)j(in)c(the)h(w)o(ord.)150 4350 y(A)c(simple)j(axiomatization)i(of)c(w)o(ords)h(is)f Fx(A)1560 4364 y Fw(\006)p Fr(w)1668 4350 y FG(,)g(the)g(conjunction)k (of)d(the)g(follo)n(wing)h(four)f(statements:)150 4389 y SDict begin H.S end 150 4389 a 150 4389 a SDict begin 13 H.A end 150 4389 a 150 4389 a SDict begin [ /View [/XYZ H.V] /Dest (Item.16) cvn /DEST pdfmark end 150 4389 a 88 x FG(\(A1\))42 b Fy(8)p Fx(x)15 b(:)g Fu(\()p Fy(:)p Fx(s)p Fu(\()p Fx(x;)g Fu(0\))21 b Fy(^)f(:)p Fx(s)p Fu(\()p Fx(max;)15 b(x)p Fu(\))21 b Fy(^)e Fu(\()p Fx(x)26 b Fy(6)p Fu(=)f(0)h Fy(!)f(9)p Fx(y)17 b(:)e(s)p Fu(\()p Fx(y)s(;)g(x)p Fu(\)\))22 b Fy(^)e Fu(\()p Fx(x)25 b Fy(6)p Fu(=)g Fx(max)g Fy(!)g(9)p Fx(y)18 b(:)d(s)p Fu(\()p Fx(x;)g(y)s Fu(\)\)\))150 4540 y SDict begin H.S end 150 4540 a 150 4540 a SDict begin 13 H.A end 150 4540 a 150 4540 a SDict begin [ /View [/XYZ H.V] /Dest (Item.17) cvn /DEST pdfmark end 150 4540 a 86 x FG(\(A2\))42 b Fy(8)p Fx(xy)s(z)19 b(:)c Fu(\(\()p Fx(s)p Fu(\()p Fx(x;)g(y)s Fu(\))22 b Fy(^)e Fx(s)p Fu(\()p Fx(x;)15 b(z)t Fu(\)\))21 b Fy(_)f Fu(\()p Fx(s)p Fu(\()p Fx(y)s(;)15 b(x)p Fu(\))21 b Fy(^)f Fx(s)p Fu(\()p Fx(z)t(;)15 b(x)p Fu(\)\)\))27 b Fy(!)e Fx(y)j Fu(=)d Fx(z)150 4689 y SDict begin H.S end 150 4689 a 150 4689 a SDict begin 13 H.A end 150 4689 a 150 4689 a SDict begin [ /View [/XYZ H.V] /Dest (Item.18) cvn /DEST pdfmark end 150 4689 a 85 x FG(\(A3\))42 b Fy(8)p Fx(x)15 b(:)g(s)564 4788 y Fw(tc)627 4774 y Fu(\(0)p Fx(;)g(x)p Fu(\))21 b Fy(^)f Fx(s)979 4788 y Fw(tc)1042 4774 y Fu(\()p Fx(x;)15 b(max)p Fu(\))150 4838 y SDict begin H.S end 150 4838 a 150 4838 a SDict begin 13 H.A end 150 4838 a 150 4838 a SDict begin [ /View [/XYZ H.V] /Dest (Item.19) cvn /DEST pdfmark end 150 4838 a 104 x FG(\(A4\))42 b Fy(8)p Fx(x)15 b(:)556 4855 y Fq(_)536 5052 y Fr(\033)r FM(2)p Fw(\006)677 4942 y Fu(\()p Fx(P)770 4956 y Fr(\033)818 4942 y Fu(\()p Fx(x)p Fu(\))20 b Fy(^)1059 4855 y Fq(^)1041 5053 y Fr(\034)8 b FM(6)p Fw(=)p Fr(\033)1193 4942 y Fy(:)p Fx(P)1312 4956 y Fr(\034)1355 4942 y Fu(\()p Fx(x)p Fu(\)\))316 5170 y FG(In)25 b(particular)l(,)i(observ)o(e)f(that)g(a)e(TC-model)g (of)h Fx(A)1902 5184 y Fw(\006)p Fr(w)2034 5170 y FG(is)f(e)o(xactly)i (a)e Fu(\006)g FG(w)o(ord.)32 b(Let)24 b Fu(\000)j(=)g FN(IND)21 b Fy([)f(f)p Fx(T)3491 5184 y Fw(1)3531 5170 y Fy(g)p FG(.)32 b(W)-7 b(e)150 5278 y(wish)23 b(to)h(pro)o(v)o(e)g (the)g(follo)n(wing:)150 5298 y SDict begin H.S end 150 5298 a 150 5298 a SDict begin 13 H.A end 150 5298 a 150 5298 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.8) cvn /DEST pdfmark end 150 5298 a 142 x FN(Theor)n(em)g(4.8.)41 b Fu(\000)23 b Fv(is)g(TC-complete)i(wrt)e Fx(A)1570 5454 y Fw(\006)p Fr(w)1677 5440 y Fv(.)p eop end end %%Page: 12 12 TeXDict begin HPSdict begin 12 11 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.12) cvn /DEST pdfmark end 150 82 a Fz(12)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)316 448 y FG(W)-7 b(e)25 b(\002rst)g(note)h(that) g Fu(\000)c Fy([)f(f)p Fx(A)1242 462 y Fw(\006)p Fr(w)1350 448 y Fy(g)26 b FG(implies)g(ac)o(yclicity:)36 b Fy(8)p Fx(xy)17 b(:)e(s)p Fu(\()p Fx(x;)g(y)s Fu(\))30 b Fy(!)f(:)p Fx(s)2835 462 y Fw(tc)2897 448 y Fu(\()p Fx(y)s(;)15 b(x)p Fu(\))p FG(.)35 b(The)25 b(proof)i(using)150 555 y(induction)i(proceeds)f(as)e(follo)n(ws:)35 b(in)26 b(the)g(base)h(case,)g(there)g(is)f(no)g(loop)h(at)e Fu(0)p FG(.)36 b(Inducti)n(v)o(ely)-6 b(,)29 b(suppose)f(there)f(is)150 663 y(no)d(loop)h(starting)h(at)e Fx(x)p FG(,)f Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))24 b FG(holds,)h(b)n(ut)g(there)g(is)f(a)g (loop)g(at)g Fx(y)s FG(,)f(i.e.,)h Fy(9)p Fx(z)19 b(:)c(s)p Fu(\()p Fx(y)s(;)g(z)t Fu(\))21 b Fy(^)g Fx(s)3013 677 y Fw(tc)3075 663 y Fu(\()p Fx(z)t(;)15 b(y)s Fu(\))p FG(.)31 b(Then)24 b(by)g Fx(T)3710 677 y Fw(1)150 771 y FG(and)f FN(IND)f FG(we)g(kno)n(w)h Fy(9)p Fx(x)945 738 y FM(0)983 771 y Fx(:)15 b(s)1066 785 y Fw(tc)1129 771 y Fu(\()p Fx(z)t(;)g(x)1302 738 y FM(0)1326 771 y Fu(\))j Fy(^)f Fx(s)p Fu(\()p Fx(x)1587 738 y FM(0)1611 771 y Fx(;)e(y)s Fu(\))p FG(,)22 b(and)i Fx(s)1976 785 y Fw(tc)2038 771 y Fu(\()p Fx(y)s(;)15 b(x)2213 738 y FM(0)2237 771 y Fu(\))p FG(.)28 b(\(A2\))23 b(asserts)h(that)g(the)f (in-de)o(gree)i(of)d Fx(s)g FG(is)h(1,)150 879 y(which)h(means)g Fx(x)702 846 y FM(0)750 879 y Fu(=)h Fx(x)e FG(and)h(we)f(ha)n(v)o(e)h (a)f(contradiction:)33 b Fx(s)2034 893 y Fw(tc)2097 879 y Fu(\()p Fx(y)s(;)15 b(x)p Fu(\))p FG(.)316 987 y(In)20 b(order)i(to)e(pro)o(v)o(e)h(Theorem)1285 988 y SDict begin H.S end 1285 988 a -1 x FG(4.8)1399 925 y SDict begin H.R end 1399 925 a 1399 987 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.8) cvn H.B /ANN pdfmark end 1399 987 a FG(,)f(we)g(need)h(to)f(sho)n(w)h(that)g(if)f Fx(')g FG(is)h(true)g(in)f(all)h(TC)d(models)k(of)e Fu(\000)9 b Fy([)g(f)p Fx(A)3574 1001 y Fw(\006)p Fr(w)3682 987 y Fy(g)p FG(,)150 1095 y(i.e.,)24 b(in)h(all)g(w)o(ords,)g(then)h Fu(\000)21 b Fy([)g(f)p Fx(A)1240 1109 y Fw(\006)p Fr(w)1348 1095 y Fy(g)28 b(`)g Fx(')p FG(.)k(By)24 b(the)h(completeness)j(of)d (\002rst-order)i(logic)e(it)g(suf)n(\002ces)h(to)e(sho)n(w)150 1203 y(that)f Fu(\000)15 b Fy([)g(f)p Fx(A)569 1217 y Fw(\006)p Fr(w)675 1203 y Fy(g)26 b(j)-15 b Fu(=)25 b Fx(')p FG(.)j(W)-7 b(e)21 b(pro)o(v)o(e)i(the)f(contrapositi)n(v)o(e)j (of)d(this)h(in)f(Lemma)2633 1204 y SDict begin H.S end 2633 1204 a -1 x FG(4.10)2792 1141 y SDict begin H.R end 2792 1141 a 2792 1203 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.10) cvn H.B /ANN pdfmark end 2792 1203 a FG(.)27 b(In)22 b(order)h(to)f(do)g(so,)g(we)g(\002rst)150 1311 y(construct)k(a)d(DF)-7 b(A)22 b Fx(D)842 1325 y Fr(')915 1311 y FG(that)i(has)g(some)g(desirable)i(properties.)150 1338 y SDict begin H.S end 150 1338 a 150 1338 a SDict begin 13 H.A end 150 1338 a 150 1338 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.9) cvn /DEST pdfmark end 150 1338 a 135 x FN(Lemma)f(4.9.)43 b Fv(F)-10 b(or)25 b(any)h Fx(')j Fy(2)f(L)p Fu(\()p Fx(v)s(ocab)p Fu(\(\006\)\))f Fv(we)d(can)i(b)n(uild)h(a)e(DF)-10 b(A)23 b Fx(D)2476 1487 y Fr(')2555 1473 y Fu(=)28 b(\()p Fx(Q)2761 1487 y Fr(')2812 1473 y Fx(;)15 b Fu(\006)p Fx(;)g(\016)2998 1487 y Fr(')3049 1473 y Fx(;)g(q)3130 1487 y Fw(1)3169 1473 y Fx(;)g(F)3267 1487 y Fr(')3318 1473 y Fu(\))p Fv(,)25 b(satisfying)150 1581 y(the)f(following)h(pr)l(operties:)150 1618 y SDict begin H.S end 150 1618 a 150 1618 a SDict begin 13 H.A end 150 1618 a 150 1618 a SDict begin [ /View [/XYZ H.V] /Dest (Item.20) cvn /DEST pdfmark end 150 1618 a 90 x FG(\(1\))43 b Fv(The)30 b(states)j Fx(q)743 1722 y Fw(1)782 1708 y Fx(;)15 b(q)863 1722 y Fw(2)903 1708 y Fx(;)g(:)g(:)g(:)h(q)1105 1722 y Fr(n)1182 1708 y Fv(of)32 b Fx(D)1359 1722 y Fr(')1440 1708 y Fv(ar)m(e)f(\002r)o (st-or)m(der)j(de\002nable)g(as)e(formulas)g Fx(q)2861 1675 y Fw(1)2858 1732 y(1)2901 1708 y Fx(;)15 b(q)2985 1675 y Fw(1)2982 1732 y(2)3024 1708 y Fx(;)g(:)g(:)g(:)i(q)3230 1675 y Fw(1)3227 1730 y Fr(n)3274 1708 y Fv(,)32 b(wher)m(e)f(intu-)298 1816 y(itively)22 b Fx(q)581 1830 y Fr(i)609 1816 y Fu(\()p Fx(x)p Fu(\))g Fv(will)f(mean)g(that)i Fx(D)1365 1830 y Fr(')1436 1816 y Fv(is)e(in)h(state)g Fx(q)1842 1830 y Fr(i)1891 1816 y Fv(after)g(r)m(eading)h(symbols)g(at)f(wor)m(d)f (positions)j Fu(0)p Fx(;)15 b Fu(1)p Fx(;)g(:)g(:)g(:)j(;)d(x)p Fv(.)150 1842 y SDict begin H.S end 150 1842 a 150 1842 a SDict begin 13 H.A end 150 1842 a 150 1842 a SDict begin [ /View [/XYZ H.V] /Dest (Item.21) cvn /DEST pdfmark end 150 1842 a 81 x FG(\(2\))43 b Fv(The)24 b(tr)o(ansition)j (function)g Fx(\016)1196 1937 y Fr(')1271 1923 y Fv(of)d Fx(D)1440 1937 y Fr(')1515 1923 y Fv(is)g(captur)m(ed)j(by)e(the)g (\002r)o(st-or)m(der)j(de\002nitions)f(of)e(the)g(states.)34 b(That)25 b(is,)298 2031 y(for)e(all)h Fx(i)i Fy(\024)f Fx(n)p Fv(,)d Fu(\000)e Fy([)f(A)1028 2045 y Fw(\006)p Fr(w)1158 2031 y Fv(semantically)27 b(implies)d(the)g(following)h(two)e (formulas)i(for)f(e)o(very)g(state)h Fx(q)3509 2045 y Fr(i)3536 2031 y Fv(:)150 2050 y SDict begin H.S end 150 2050 a 150 2050 a SDict begin 13 H.A end 150 2050 a 150 2050 a SDict begin [ /View [/XYZ H.V] /Dest (Item.22) cvn /DEST pdfmark end 150 2050 a 303 2154 a FG(\(a\))42 b Fx(q)486 2168 y Fr(i)514 2154 y Fu(\(0\))117 b Fy($)1169 2068 y Fq(_)953 2269 y Fr(\033)r FM(2)p Fw(\006)p Fr(;\016)1144 2277 y FK(')1189 2269 y Fw(\()p Fr(q)1248 2278 y Fn(1)1283 2269 y Fr(;\033)r Fw(\)=)p Fr(q)1459 2279 y FK(i)1500 2154 y Fx(P)1558 2168 y Fr(\033)1606 2154 y Fu(\(0\))p Fv(.)150 2296 y SDict begin H.S end 150 2296 a 150 2296 a SDict begin 13 H.A end 150 2296 a 150 2296 a SDict begin [ /View [/XYZ H.V] /Dest (Item.23) cvn /DEST pdfmark end 150 2296 a 298 2409 a FG(\(b\))42 b Fy(8)p Fx(u;)15 b(v)j(:)d(s)p Fu(\()p Fx(u;)g(v)s Fu(\))27 b Fy(!)1085 2308 y Fq(\020)1140 2409 y Fx(q)1181 2423 y Fr(i)1208 2409 y Fu(\()p Fx(v)s Fu(\))118 b Fy($)1864 2322 y Fq(_)1650 2524 y Fr(\033)r FM(2)p Fw(\006)p Fr(;\016)1841 2532 y FK(')1886 2524 y Fw(\()p Fr(q)1945 2534 y FK(j)1977 2524 y Fr(;\033)r Fw(\)=)p Fr(q)2153 2534 y FK(i)2180 2409 y Fu(\()p Fx(P)2273 2423 y Fr(\033)2320 2409 y Fu(\()p Fx(v)s Fu(\))22 b Fy(^)d Fx(q)2580 2423 y Fr(j)2617 2409 y Fu(\()p Fx(u)p Fu(\)\))2774 2308 y Fq(\021)2829 2409 y Fv(.)150 2553 y SDict begin H.S end 150 2553 a 150 2553 a SDict begin 13 H.A end 150 2553 a 150 2553 a SDict begin [ /View [/XYZ H.V] /Dest (Item.24) cvn /DEST pdfmark end 150 2553 a 103 x FG(\(3\))43 b Fu(\000)20 b Fy([)f(fA)573 2670 y Fw(\006)p Fr(w)681 2656 y Fy(g)26 b(j)-15 b Fu(=)25 b Fx(')g Fy($)h Fx(F)13 b Fu(\()p Fx(max)p Fu(\))p Fv(,)114 b(wher)m(e)23 b Fx(F)13 b Fu(\()p Fx(u)p Fu(\))26 b Fy(\021)2120 2570 y Fq(_)2073 2767 y Fr(q)2105 2777 y FK(i)2131 2767 y FM(2)p Fr(F)2223 2775 y FK(')2282 2656 y Fx(q)2323 2670 y Fr(i)2351 2656 y Fu(\()p Fx(u)p Fu(\))p Fv(.)150 2919 y(Pr)l(oof)o(.)42 b FG(W)-7 b(e)34 b(pro)o(v)o(e)i(properties)j (1,)f(2,)g(and)d(3)h(while)f(constructing)40 b Fx(D)2461 2933 y Fr(')2546 2919 y FG(and)c(the)f(\002rst-order)j(de\002nitions)f (of)150 3026 y(its)d(states)i(by)e(induction)j(on)e(the)f(length)i(of)e Fx(')p FG(.)61 b(The)34 b(re)n(w)o(ard)g(is)g(that)h(we)f(get)g(a)g (generalized)k(form)c(of)g(the)150 3134 y(McNaughton-P)o(apert)27 b([)944 3135 y SDict begin H.S end 944 3135 a -1 x FG(MP71)1166 3072 y SDict begin H.R end 1166 3072 a 1166 3134 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.mcnaughton) cvn H.B /ANN pdfmark end 1166 3134 a FG(])c(construction)k(that)d(w)o(orks)g (on)g(non-standard)j(models.)316 3242 y(Some)i(subformulas)j(of)d Fx(')g FG(may)g(ha)n(v)o(e)h(free)f(v)n(ariables,)k(e.g.,)d Fx(x;)15 b(y)s FG(.)45 b(In)29 b(the)h(inducti)n(v)o(e)h(step)f (considering)150 3350 y(such)g(subformulas,)j(we)28 b(e)o(xpand)i(the)g (v)n(ocab)n(ulary)i(of)d(the)h(automaton)h(to)e Fu(\006)2659 3317 y FM(0)2717 3350 y Fu(=)35 b Fy(f)p Fx(x;)15 b(\017)p Fy(g)26 b(\002)e(f)p Fx(y)s(;)15 b(\017)p Fy(g)25 b(\002)f Fu(\006)p FG(.)44 b(W)-7 b(e)150 3458 y(write)23 b Fx(P)417 3472 y Fr(\033)465 3458 y Fu(\()p Fx(u)p Fu(\))d Fy(^)f Fu(\()p Fx(x)25 b Fu(=)g Fx(u)p Fu(\))20 b Fy(^)f Fu(\()p Fx(y)28 b Fy(6)p Fu(=)d Fx(u)p Fu(\))e FG(to)h(mean)f(that)h(at)f (position)i Fx(u)p FG(,)e(symbol)h Fx(\033)i FG(occurs,)e(as)g(does)g Fx(x)p FG(,)e(b)n(ut)i(not)f Fx(y)s FG(.)316 3566 y FN(Note:)33 b FG(Since)26 b(e)n(v)o(ery)g(structure)i(gi)n(v)o(es)e(a)f(unique)i(v) n(alue)g(to)e(each)i(v)n(ariable,)g Fx(x)p FG(,)e(we)g(are)h(only)g (interested)i(in)150 3674 y(strings)d(in)f(which)g Fx(x)e FG(occurs)j(at)f(e)o(xactly)g(one)g(position.)316 3782 y(F)o(or)g(the)h(follo)n(wing)h(induction,)h(let)e Fy(B)i FG(be)d(an)o(y)h(model)g(of)g Fu(\000)c Fy([)g(fA)2459 3796 y Fw(\006)p Fr(w)2566 3782 y Fy(g)p FG(.)32 b(F)o(or)24 b(the)h(intermediate)i(stages)f(of)150 3890 y(induction)h(where)f(some) f(v)n(ariables)h(may)f(occur)h(freely)-6 b(,)26 b(we)e(assume)i(that)f Fy(B)i FG(interprets)g(these)f(free)f(v)n(ariables.)150 3998 y(W)-7 b(e)23 b(pro)o(v)o(e)h(that)g(the)g(formulas)g(of)g (properties)i(2)d(and)h(3)g(must)f(hold)h(in)g Fy(B)h FG(at)e(each)i(step)f(of)f(the)h(induction.)150 4036 y SDict begin H.S end 150 4036 a 150 4036 a SDict begin 13 H.A end 150 4036 a 150 4036 a SDict begin [ /View [/XYZ H.V] /Dest (Item.25) cvn /DEST pdfmark end 150 4036 a 89 x Fv(Base)f(cases)p FG(:)48 b Fx(')23 b FG(is)h(either)g Fx(P)1070 4139 y Fr(\033)1118 4125 y Fu(\()p Fx(x)p Fu(\))p FG(,)f Fx(x)i Fu(=)g Fx(y)s FG(,)d Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))p FG(,)23 b(or)h Fx(s)1993 4139 y Fw(tc)2055 4125 y Fu(\()p Fx(x;)15 b(y)s Fu(\))p FG(.)150 4166 y SDict begin H.S end 150 4166 a 150 4166 a SDict begin 13 H.A end 150 4166 a 150 4166 a SDict begin [ /View [/XYZ H.V] /Dest (Item.26) cvn /DEST pdfmark end 150 4166 a 85 x Fx(')26 b Fu(=)f Fx(P)389 4265 y Fr(\033)436 4251 y Fu(\()p Fx(x)p Fu(\))p FG(:)46 b(The)23 b(automaton)j(for)e Fx(P)1387 4265 y Fr(\033)1434 4251 y Fu(\()p Fx(x)p Fu(\))f FG(and)h(its)g(state)g(de\002nitions)i(are)e(sho)n(wn)f(in)h(Fig)3067 4251 y SDict begin H.S end 3067 4251 a FG(1)3112 4189 y SDict begin H.R end 3112 4189 a 3112 4251 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.1) cvn H.B /ANN pdfmark end 3112 4251 a FG(.)332 5219 y @beginspecial 0 @llx 0 @lly 427 @urx 338 @ury 1281 @rwi @setspecial %%BeginDocument: psigma.eps [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def /cp {closepath} bind def /c {curveto} bind def /f {fill} bind def /a {arc} bind def /ef {eofill} bind def /ex {exch} bind def /gr {grestore} bind def /gs {gsave} bind def /sa {save} bind def /rs {restore} bind def /l {lineto} bind def /m {moveto} bind def /rm {rmoveto} bind def /n {newpath} bind def /s {stroke} bind def /sh {show} bind def /slc {setlinecap} bind def /slj {setlinejoin} bind def /slw {setlinewidth} bind def /srgb {setrgbcolor} bind def /rot {rotate} bind def /sc {scale} bind def /sd {setdash} bind def /ff {findfont} bind def /sf {setfont} bind def /scf {scalefont} bind def /sw {stringwidth pop} bind def /tr {translate} bind def /ellipsedict 8 dict def ellipsedict /mtrx matrix put /ellipse { ellipsedict begin /endangle exch def /startangle exch def /yrad exch def /xrad exch def /y exch def /x exch def /savematrix mtrx currentmatrix def x y tr xrad yrad sc 0 0 1 startangle endangle arc savematrix setmatrix end } def /mergeprocs { dup length 3 -1 roll dup length dup 5 1 roll 3 -1 roll add array cvx dup 3 -1 roll 0 exch putinterval dup 4 2 roll putinterval } bind def /dpi_x 300 def /dpi_y 300 def /conicto { /to_y exch def /to_x exch def /conic_cntrl_y exch def /conic_cntrl_x exch def currentpoint /p0_y exch def /p0_x exch def /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def /p2_x p1_x to_x p0_x sub 1 3 div mul add def /p2_y p1_y to_y p0_y sub 1 3 div mul add def p1_x p1_y p2_x p2_y to_x to_y curveto } bind def /start_ol { gsave 1.1 dpi_x div dup scale} bind def /end_ol { closepath fill grestore } bind def 28.346000 -28.346000 scale 0.685000 -15.164790 translate 1.000000 1.000000 1.000000 srgb n 3.400000 6.850000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 3.400000 6.850000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 6.650000 11.800000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 6.650000 11.800000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.099372 15.447279 9.026198 9.026198 252.265950 285.121454 ellipse s [] 0 sd 0 slj 0 slc n 9.809123 6.854083 m 9.255313 6.930204 l 9.454000 6.733613 l 9.415940 6.456708 l ef n 9.809123 6.854083 m 9.255313 6.930204 l 9.454000 6.733613 l 9.415940 6.456708 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 6.558355 8.673382 3.290568 3.290568 113.856155 196.296899 ellipse s [] 0 sd 0 slj 0 slc n 5.591484 11.773087 m 5.046007 11.895375 l 5.227511 11.682816 l 5.166367 11.410078 l ef n 5.591484 11.773087 m 5.046007 11.895375 l 5.227511 11.682816 l 5.166367 11.410078 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 2.550638 5.051766 1.236220 1.236220 104.422269 46.601888 ellipse s [] 0 sd 0 slj 0 slc n 2.616743 6.221737 m 2.136263 6.507462 l 2.242737 6.249028 l 2.099875 6.008788 l ef n 2.616743 6.221737 m 2.136263 6.507462 l 2.242737 6.249028 l 2.099875 6.008788 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 12.946707 6.128635 1.415434 1.415434 174.934901 126.005373 ellipse s [] 0 sd 0 slj 0 slc n 11.883815 6.978116 m 12.388600 7.218309 l 12.114628 7.273667 l 11.994532 7.526059 l ef n 11.883815 6.978116 m 12.388600 7.218309 l 12.114628 7.273667 l 11.994532 7.526059 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.547312 13.722327 1.360266 1.360266 280.964229 228.726089 ellipse s [] 0 sd 0 slj 0 slc n 7.432974 12.425030 m 7.904956 12.125476 l 7.806029 12.386892 l 7.955806 12.622883 l ef n 7.432974 12.425030 m 7.904956 12.125476 l 7.806029 12.386892 l 7.955806 12.622883 l cp s gsave 3.100000 7.250000 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore gsave 5.615000 6.290000 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 6.436490 6.160430 m 6.636490 5.660430 l 6.836490 6.160430 l s 1.000000 1.000000 1.000000 srgb n 7.326447 5.911536 0.291447 0.287386 0 360 ellipse f 0.140000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 7.326447 5.911536 0.291447 0.287386 0 360 ellipse cp s 0.140000 slw [] 0 sd [] 0 sd 0 slc n 7.490158 6.564077 0.954077 0.954077 260.119855 305.403907 ellipse s 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n -0.630000 4.502500 m -0.030000 4.502500 l -0.030000 4.952500 l s gsave 0.165000 4.997500 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 0.265000 11.340000 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.136490 11.260400 m 1.336490 10.760400 l 1.536490 11.260400 l s 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.670000 10.795000 m 2.270000 10.795000 l 2.270000 11.245000 l s 1.000000 1.000000 1.000000 srgb n 2.926447 10.961486 0.291447 0.287386 0 360 ellipse f 0.140000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 2.926447 10.961486 0.291447 0.287386 0 360 ellipse cp s 0.140000 slw [] 0 sd [] 0 sd 0 slc n 3.090120 11.614051 0.954094 0.954094 260.122336 305.405990 ellipse s 0.100000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.415000 6.540000 m 2.450000 6.850000 l 1.415000 7.190000 l s 1.000000 1.000000 1.000000 srgb n 10.865000 6.890000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 10.865000 6.890000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 10.865000 6.890000 0.700000 0.650000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 10.865000 6.890000 0.700000 0.650000 0 360 ellipse cp s gsave 6.415000 12.097500 translate 0.035278 -0.035278 scale start_ol 2364 2511 moveto 2441 2539 2531 2566 2601 2587 curveto 3179 2795 3520 3224 3520 3764 curveto 3520 4414 2988 4864 2221 4864 curveto 1468 4864 832 4384 832 3819 curveto 832 3534 1012 3339 1269 3339 curveto 1498 3339 1664 3505 1664 3734 curveto 1664 3852 1623 3935 1522 4046 curveto 1454 4115 1427 4157 1427 4205 curveto 1427 4371 1767 4544 2087 4544 curveto 2544 4544 2816 4292 2816 3868 curveto 2816 3268 2380 2688 1930 2688 curveto 1909 2688 1855 2688 1773 2688 curveto 1570 2688 1563 2688 1536 2688 curveto 1393 2688 1305 2622 1305 2504 curveto 1305 2381 1380 2304 1502 2304 curveto 1536 2304 1583 2312 1638 2319 curveto 1733 2342 1828 2350 1896 2350 curveto 2215 2350 2432 2055 2432 1619 curveto 2432 1288 2349 965 2205 698 curveto 1998 318 1681 128 1233 128 curveto 855 128 517 324 517 549 curveto 517 626 546 654 662 703 curveto 873 795 960 921 960 1111 curveto 960 1349 754 1546 505 1546 curveto 199 1546 0 1313 0 956 curveto 0 291 515 -128 1350 -128 curveto 2400 -128 3200 575 3200 1508 curveto 3200 1759 3122 1975 2973 2149 curveto 2817 2330 2676 2414 2364 2511 curveto end_ol grestore gsave 10.715000 7.190000 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore showpage %%EndDocument @endspecial 704 5410 a(Figure)g(1:)1063 5410 y SDict begin H.S end 1063 5410 a 1063 5410 a SDict begin H.R end 1063 5410 a 1063 5410 a SDict begin [ /View [/XYZ H.V] /Dest (figure.1) cvn /DEST pdfmark end 1063 5410 a Fx(D)1138 5428 y Fr(P)1183 5436 y FK(\033)1225 5428 y Fw(\()p Fr(x)p Fw(\))p 2022 4598 1410 4 v 2020 4705 4 108 v 2064 4673 a FG(State)f(predicate)p 2641 4705 V 86 w(De\002nition)p 3430 4705 V 2022 4709 1410 4 v 2020 4817 4 108 v 2233 4784 a Fx(q)2274 4798 y Fw(1)2313 4784 y Fu(\()p Fx(v)s Fu(\))p 2641 4817 V 254 w Fy(:)p Fx(s)2788 4798 y Fw(tc)2850 4784 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3430 4817 V 2020 4925 V 2233 4892 a Fx(q)2274 4906 y Fw(2)2313 4892 y Fu(\()p Fx(v)s Fu(\))p 2641 4925 V 254 w Fx(s)2727 4906 y Fw(tc)2790 4892 y Fu(\()p Fx(x;)g(v)s Fu(\))21 b Fy(^)f Fx(P)3159 4906 y Fr(\033)3206 4892 y Fu(\()p Fx(x)p Fu(\))p 3430 4925 V 2020 5033 V 2233 5000 a Fx(q)2274 5014 y Fw(3)2313 5000 y Fu(\()p Fx(v)s Fu(\))p 2641 5033 V 254 w Fx(s)2727 5014 y Fw(tc)2790 5000 y Fu(\()p Fx(x;)15 b(v)s Fu(\))21 b Fy(^)f(:)p Fx(P)3220 5014 y Fr(\033)3267 5000 y Fu(\()p Fx(x)p Fu(\))p 3430 5033 V 2022 5036 1410 4 v 2595 5189 a FG(T)-7 b(able)24 b(1:)2916 5189 y SDict begin H.S end 2916 5189 a 2916 5189 a SDict begin H.R end 2916 5189 a 2916 5189 a SDict begin [ /View [/XYZ H.V] /Dest (table.1) cvn /DEST pdfmark end 2916 5189 a Fx(D)2991 5208 y Fr(P)3036 5216 y FK(\033)3078 5208 y Fw(\()p Fr(x)p Fw(\))p eop end end %%Page: 13 13 TeXDict begin HPSdict begin 13 12 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.13) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(13)241 448 y FG(Properties)26 b(2)d(and)h(3)f(can)h(be)f(v)o(eri\002ed)i(as)e(follo)n(ws:)341 555 y(F)o(or)g(property)i(2b,)f(suppose)h(that)g Fy(B)i(j)-15 b Fu(=)26 b Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))p FG(.)29 b(W)-7 b(e)22 b(must)i(sho)n(w)f(that)h Fy(B)k(j)-15 b Fu(=)25 b Fx(q)2876 569 y Fw(2)2915 555 y Fu(\()p Fx(v)s Fu(\))f FG(if)n(f)g(one)g(of)f(tw)o(o)g(rules)241 663 y(leading)j(to)e(state)h Fx(q)857 677 y Fw(2)919 663 y FG(holds.)32 b(These)24 b(tw)o(o)g(rules)h(correspond)i(to)d(the)h (edge)g(from)f Fx(q)2860 677 y Fw(1)2922 663 y FG(\(if)g Fx(x)i Fu(=)g Fx(v)s FG(\),)e(and)g(the)h(self)241 771 y(loop)30 b(on)e Fx(q)590 785 y Fw(2)657 771 y FG(\(if)g Fx(x)35 b Fy(6)p Fu(=)f Fx(v)s FG(\).)43 b(Suppose)30 b Fy(B)36 b(j)-15 b Fu(=)35 b Fx(q)1694 785 y Fw(2)1733 771 y Fu(\()p Fx(v)s Fu(\))24 b Fy(^)g Fu(\()p Fx(v)38 b Fu(=)c Fx(x)p Fu(\))p FG(.)43 b(Expanding)30 b(the)f(de\002nition)h (of)f Fx(q)3415 785 y Fw(2)3454 771 y FG(,)f(we)g(get)241 879 y Fy(B)33 b(j)-15 b Fu(=)31 b Fx(s)489 893 y Fw(tc)551 879 y Fu(\()p Fx(x;)15 b(v)s Fu(\))24 b Fy(^)e Fx(P)925 893 y Fr(\033)972 879 y Fu(\()p Fx(x)p Fu(\))h Fy(^)f Fu(\()p Fx(v)34 b Fu(=)c Fx(x)p Fu(\))p FG(.)37 b(But)26 b(this)h(means)f Fy(B)33 b(j)-15 b Fu(=)31 b Fy(:)p Fx(s)2441 893 y Fw(tc)2503 879 y Fu(\()p Fx(x;)15 b(u)p Fu(\))27 b FG(since)g Fy(B)33 b(j)-15 b Fu(=)30 b(\000)22 b Fy([)g(fA)3440 893 y Fw(\006)p Fr(w)3548 879 y Fy(g)k FG(and)241 987 y(we)j(ha)n(v)o(e)h(ac)o(yclicity)-6 b(.)49 b(Therefore,)33 b(we)28 b(ha)n(v)o(e)i Fy(B)39 b(j)-15 b Fu(=)36 b Fx(q)1988 1001 y Fw(1)2027 987 y Fu(\()p Fx(u)p Fu(\))30 b FG(by)f(de\002nition)j (of)d Fx(q)2821 1001 y Fw(1)2860 987 y FG(,)h(and)g(we)f(get)h(the)f (desired)241 1095 y(conclusion,)e Fy(B)g(j)-15 b Fu(=)25 b Fx(q)915 1109 y Fw(1)954 1095 y Fu(\()p Fx(u)p Fu(\))c Fy(^)f Fx(P)1236 1109 y Fr(\033)1283 1095 y Fu(\()p Fx(v)s Fu(\))p FG(.)341 1203 y(The)32 b(case)h(corresponding)k(to)c Fx(x)42 b Fy(6)p Fu(=)g Fx(v)35 b FG(is)d(also)i(easy)-6 b(,)35 b(and)e(relies)h(on)f(the)g(f)o(act)g(that)g Fy(B)45 b(j)-15 b Fu(=)41 b Fx(s)3389 1217 y Fw(tc)3452 1203 y Fu(\()p Fx(x;)15 b(v)s Fu(\))28 b Fy(^)241 1311 y Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))25 b Fy(^)f Fu(\()p Fx(x)34 b Fy(6)p Fu(=)h Fx(v)s Fu(\))g Fy(!)f Fx(s)1115 1325 y Fw(tc)1178 1311 y Fu(\()p Fx(x;)15 b(u)p Fu(\))p FG(.)43 b(In)29 b(other)g(w)o(ords,)h(if)e Fx(q)2173 1325 y Fw(2)2212 1311 y Fu(\()p Fx(v)s Fu(\))h FG(holds)h(and)f Fx(x)34 b Fy(6)p Fu(=)g Fx(v)s FG(,)29 b(then)g Fx(q)3257 1325 y Fw(2)3324 1311 y FG(holds)h(at)e Fx(v)s FG(')-5 b(s)241 1419 y(predecessor)27 b(too.)341 1527 y(This)22 b(pro)o(v)o(es)h(one)f (direction)j(of)d(property)i(2b)e(for)h(state)g Fx(q)2177 1541 y Fw(2)2216 1527 y FG(.)k(The)22 b(other)h(direction)h(for)e Fx(q)3149 1541 y Fw(2)3188 1527 y FG(,)g(and)g(the)h(proofs)241 1635 y(for)h(other)h(states)f(proceed)i(similarly)-6 b(.)30 b(The)23 b(proof)i(for)e(2a)h(is)f(similar)-5 b(.)341 1743 y(F)o(or)29 b(property)k(3,)e(we)f(need)h(to)f(sho)n(w)g (that)h Fy(B)41 b(j)-15 b Fu(=)37 b Fx(P)2031 1757 y Fr(\033)2079 1743 y Fu(\()p Fx(x)p Fu(\))h Fy($)g Fx(q)2409 1757 y Fw(2)2448 1743 y Fu(\()p Fx(max)p Fu(\))p FG(.)49 b(This)30 b(can)h(be)f(v)o(eri\002ed)h(easily)241 1851 y(from)24 b(the)g(de\002nition)h(of)e Fx(q)1085 1865 y Fw(2)1124 1851 y FG(.)150 1887 y SDict begin H.S end 150 1887 a 150 1887 a SDict begin 13 H.A end 150 1887 a 150 1887 a SDict begin [ /View [/XYZ H.V] /Dest (Item.27) cvn /DEST pdfmark end 150 1887 a 90 x Fx(')j Fu(=)g(\()p Fx(x)g Fu(=)g Fx(y)s Fu(\))d FG(or)h Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))p FG(:)46 b(The)24 b(automata)h(and)f(their)h(state)g (de\002nitions)h(for)e Fx(')i Fu(=)g(\()p Fx(x)g Fu(=)g Fx(y)s Fu(\))d FG(and)h Fx(')j Fu(=)e Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))241 2085 y FG(are)24 b(sho)n(wn)g(in)f(Figs)906 2085 y SDict begin H.S end 906 2085 a FG(2)951 2023 y SDict begin H.R end 951 2023 a 951 2085 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.2) cvn H.B /ANN pdfmark end 951 2085 a 23 w FG(and)1128 2086 y SDict begin H.S end 1128 2086 a -1 x FG(3)1173 2023 y SDict begin H.R end 1173 2023 a 1173 2085 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.3) cvn H.B /ANN pdfmark end 1173 2085 a FG(.)28 b(Properties)e(2)d(and)h(3)f(can)h(be)f(v)o(eri\002ed)h(easily) h(for)f(these)h(de\002nitions.)505 3129 y @beginspecial 0 @llx 0 @lly 456 @urx 376 @ury 1368 @rwi @setspecial %%BeginDocument: xeqy.eps [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def /cp {closepath} bind def /c {curveto} bind def /f {fill} bind def /a {arc} bind def /ef {eofill} bind def /ex {exch} bind def /gr {grestore} bind def /gs {gsave} bind def /sa {save} bind def /rs {restore} bind def /l {lineto} bind def /m {moveto} bind def /rm {rmoveto} bind def /n {newpath} bind def /s {stroke} bind def /sh {show} bind def /slc {setlinecap} bind def /slj {setlinejoin} bind def /slw {setlinewidth} bind def /srgb {setrgbcolor} bind def /rot {rotate} bind def /sc {scale} bind def /sd {setdash} bind def /ff {findfont} bind def /sf {setfont} bind def /scf {scalefont} bind def /sw {stringwidth pop} bind def /tr {translate} bind def /ellipsedict 8 dict def ellipsedict /mtrx matrix put /ellipse { ellipsedict begin /endangle exch def /startangle exch def /yrad exch def /xrad exch def /y exch def /x exch def /savematrix mtrx currentmatrix def x y tr xrad yrad sc 0 0 1 startangle endangle arc savematrix setmatrix end } def /mergeprocs { dup length 3 -1 roll dup length dup 5 1 roll 3 -1 roll add array cvx dup 3 -1 roll 0 exch putinterval dup 4 2 roll putinterval } bind def /dpi_x 300 def /dpi_y 300 def /conicto { /to_y exch def /to_x exch def /conic_cntrl_y exch def /conic_cntrl_x exch def currentpoint /p0_y exch def /p0_x exch def /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def /p2_x p1_x to_x p0_x sub 1 3 div mul add def /p2_y p1_y to_y p0_y sub 1 3 div mul add def p1_x p1_y p2_x p2_y to_x to_y curveto } bind def /start_ol { gsave 1.1 dpi_x div dup scale} bind def /end_ol { closepath fill grestore } bind def 28.346000 -28.346000 scale -0.211702 -11.469458 translate 1.000000 1.000000 1.000000 srgb n 3.500000 2.950000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 3.500000 2.950000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 7.950000 8.000000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 7.950000 8.000000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 8.505887 11.803516 9.738325 9.738325 245.386995 289.160963 ellipse s [] 0 sd 0 slj 0 slc n 12.049087 2.747225 m 11.491590 2.788419 l 11.702231 2.604692 l 11.681634 2.325944 l ef n 12.049087 2.747225 m 11.491590 2.788419 l 11.702231 2.604692 l 11.681634 2.325944 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.760710 3.844429 4.260713 4.260713 106.933248 179.925086 ellipse s [] 0 sd 0 slj 0 slc n 6.889701 7.981723 m 6.355558 8.146620 l 6.519746 7.920418 l 6.437297 7.653347 l ef n 6.889701 7.981723 m 6.355558 8.146620 l 6.519746 7.920418 l 6.437297 7.653347 l cp s gsave 7.000000 1.772390 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 8.550700 1.700000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 7.890640 1.704820 m 8.090640 1.204820 l 8.290640 1.704820 l s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 3.426797 1.494694 1.107051 1.107051 152.226801 47.707422 ellipse s [] 0 sd 0 slj 0 slc n 2.740753 2.243999 m 2.193823 2.128382 l 2.447280 2.010550 l 2.505088 1.737085 l ef n 2.740753 2.243999 m 2.193823 2.128382 l 2.447280 2.010550 l 2.505088 1.737085 l cp s 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 2.765640 -0.505284 m 3.365640 -0.505284 l 3.365640 -0.055284 l s gsave 3.560640 -0.010284 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 0.211702 6.166310 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.173980 6.079650 m 1.373980 5.579650 l 1.573980 6.079650 l s 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.607480 5.664220 m 2.207480 5.664220 l 2.207480 6.114220 l s gsave 2.402480 6.059220 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.100000 slw [] 0 sd [] 0 sd 0 slc n 8.679784 10.048004 1.412797 1.412797 267.645784 217.450810 ellipse s [] 0 sd 0 slj 0 slc n 7.860016 8.966354 m 7.605965 9.464308 l 7.558199 9.188911 l 7.309222 9.061885 l ef n 7.860016 8.966354 m 7.605965 9.464308 l 7.558199 9.188911 l 7.309222 9.061885 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.465590 2.651960 m 2.550000 2.950000 l 1.465590 3.301960 l s 1.000000 1.000000 1.000000 srgb n 13.102500 2.789720 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 13.102500 2.789720 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 13.102500 2.789720 0.700000 0.650000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 13.102500 2.789720 0.700000 0.650000 0 360 ellipse cp s gsave 3.252480 3.189720 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore gsave 12.902500 3.089720 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore gsave 7.852480 8.239720 translate 0.035278 -0.035278 scale start_ol 2364 2511 moveto 2441 2539 2531 2566 2601 2587 curveto 3179 2795 3520 3224 3520 3764 curveto 3520 4414 2988 4864 2221 4864 curveto 1468 4864 832 4384 832 3819 curveto 832 3534 1012 3339 1269 3339 curveto 1498 3339 1664 3505 1664 3734 curveto 1664 3852 1623 3935 1522 4046 curveto 1454 4115 1427 4157 1427 4205 curveto 1427 4371 1767 4544 2087 4544 curveto 2544 4544 2816 4292 2816 3868 curveto 2816 3268 2380 2688 1930 2688 curveto 1909 2688 1855 2688 1773 2688 curveto 1570 2688 1563 2688 1536 2688 curveto 1393 2688 1305 2622 1305 2504 curveto 1305 2381 1380 2304 1502 2304 curveto 1536 2304 1583 2312 1638 2319 curveto 1733 2342 1828 2350 1896 2350 curveto 2215 2350 2432 2055 2432 1619 curveto 2432 1288 2349 965 2205 698 curveto 1998 318 1681 128 1233 128 curveto 855 128 517 324 517 549 curveto 517 626 546 654 662 703 curveto 873 795 960 921 960 1111 curveto 960 1349 754 1546 505 1546 curveto 199 1546 0 1313 0 956 curveto 0 291 515 -128 1350 -128 curveto 2400 -128 3200 575 3200 1508 curveto 3200 1759 3122 1975 2973 2149 curveto 2817 2330 2676 2414 2364 2511 curveto end_ol grestore 0.100000 slw [] 0 sd [] 0 sd 0 slc n 14.950777 1.904849 1.260912 1.260912 190.709129 135.430753 ellipse s [] 0 sd 0 slj 0 slc n 13.759952 2.042441 m 13.447852 1.578659 l 13.711826 1.670542 l 13.943717 1.514492 l ef n 13.759952 2.042441 m 13.447852 1.578659 l 13.711826 1.670542 l 13.943717 1.514492 l cp s showpage %%EndDocument @endspecial 790 3319 a(Figure)f(2:)1148 3319 y SDict begin H.S end 1148 3319 a 1148 3319 a SDict begin H.R end 1148 3319 a 1148 3319 a SDict begin [ /View [/XYZ H.V] /Dest (figure.2) cvn /DEST pdfmark end 1148 3319 a Fx(D)1223 3333 y Fr(x)p Fw(=)p Fr(y)p 2119 2460 1413 4 v 2117 2568 4 108 v 2161 2535 a FG(State)f(predicate)p 2738 2568 V 86 w(De\002nition)p 3530 2568 V 2119 2571 1413 4 v 2117 2679 4 108 v 2330 2647 a Fx(q)2371 2661 y Fw(1)2410 2647 y Fu(\()p Fx(v)s Fu(\))p 2738 2679 V 254 w Fy(:)p Fx(s)2885 2661 y Fw(tc)2948 2647 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3530 2679 V 2117 2787 V 2330 2754 a Fx(q)2371 2768 y Fw(2)2410 2754 y Fu(\()p Fx(v)s Fu(\))p 2738 2787 V 254 w(\()p Fx(x)26 b Fu(=)f Fx(y)s Fu(\))20 b Fy(^)g Fx(s)3217 2768 y Fw(tc)3280 2754 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3530 2787 V 2117 2895 V 2330 2862 a Fx(q)2371 2876 y Fw(3)2410 2862 y Fu(\()p Fx(v)s Fu(\))p 2738 2895 V 254 w(\()p Fx(x)26 b Fy(6)p Fu(=)f Fx(y)s Fu(\))20 b Fy(^)g Fx(s)3217 2876 y Fw(tc)3280 2862 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3530 2895 V 2119 2898 1413 4 v 2559 3052 a FG(T)-7 b(able)23 b(2:)2880 3052 y SDict begin H.S end 2880 3052 a 2880 3052 a SDict begin H.R end 2880 3052 a 2880 3052 a SDict begin [ /View [/XYZ H.V] /Dest (table.2) cvn /DEST pdfmark end 2880 3052 a Fx(D)2955 3066 y Fr(x)p Fw(=)p Fr(y)328 4511 y @beginspecial 0 @llx 0 @lly 549 @urx 399 @ury 1647 @rwi @setspecial %%BeginDocument: sxy.eps [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def /cp {closepath} bind def /c {curveto} bind def /f {fill} bind def /a {arc} bind def /ef {eofill} bind def /ex {exch} bind def /gr {grestore} bind def /gs {gsave} bind def /sa {save} bind def /rs {restore} bind def /l {lineto} bind def /m {moveto} bind def /rm {rmoveto} bind def /n {newpath} bind def /s {stroke} bind def /sh {show} bind def /slc {setlinecap} bind def /slj {setlinejoin} bind def /slw {setlinewidth} bind def /srgb {setrgbcolor} bind def /rot {rotate} bind def /sc {scale} bind def /sd {setdash} bind def /ff {findfont} bind def /sf {setfont} bind def /scf {scalefont} bind def /sw {stringwidth pop} bind def /tr {translate} bind def /ellipsedict 8 dict def ellipsedict /mtrx matrix put /ellipse { ellipsedict begin /endangle exch def /startangle exch def /yrad exch def /xrad exch def /y exch def /x exch def /savematrix mtrx currentmatrix def x y tr xrad yrad sc 0 0 1 startangle endangle arc savematrix setmatrix end } def /mergeprocs { dup length 3 -1 roll dup length dup 5 1 roll 3 -1 roll add array cvx dup 3 -1 roll 0 exch putinterval dup 4 2 roll putinterval } bind def /dpi_x 300 def /dpi_y 300 def /conicto { /to_y exch def /to_x exch def /conic_cntrl_y exch def /conic_cntrl_x exch def currentpoint /p0_y exch def /p0_x exch def /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def /p2_x p1_x to_x p0_x sub 1 3 div mul add def /p2_y p1_y to_y p0_y sub 1 3 div mul add def p1_x p1_y p2_x p2_y to_x to_y curveto } bind def /start_ol { gsave 1.1 dpi_x div dup scale} bind def /end_ol { closepath fill grestore } bind def 28.346000 -28.346000 scale -0.265000 -12.249946 translate 1.000000 1.000000 1.000000 srgb n 3.050000 2.850000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 3.050000 2.850000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 10.050000 9.100000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 10.050000 9.100000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 10.000000 3.050000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 10.000000 3.050000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 6.334462 8.574056 6.181790 6.181790 247.812716 291.661885 ellipse s [] 0 sd 0 slj 0 slc n 8.950401 2.999205 m 8.391402 2.994753 l 8.616337 2.828834 l 8.618564 2.549334 l ef n 8.950401 2.999205 m 8.391402 2.994753 l 8.616337 2.828834 l 8.618564 2.549334 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 13.636177 6.778145 4.595063 4.595063 234.226759 296.843701 ellipse s [] 0 sd 0 slj 0 slc n 16.022240 2.887585 m 15.467842 2.815872 l 15.711115 2.678238 l 15.746972 2.401039 l ef n 16.022240 2.887585 m 15.467842 2.815872 l 15.711115 2.678238 l 15.746972 2.401039 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.149881 6.148428 3.599481 3.599481 322.355344 27.506551 ellipse s [] 0 sd 0 slj 0 slc n 10.117171 8.110624 m 10.217719 7.560724 l 10.342470 7.810848 l 10.617420 7.861122 l ef n 10.117171 8.110624 m 10.217719 7.560724 l 10.342470 7.810848 l 10.617420 7.861122 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 2.978261 1.286347 1.188518 1.188518 147.063506 51.276696 ellipse s [] 0 sd 0 slj 0 slc n 2.286961 2.149053 m 1.734373 2.064517 l 1.980769 1.932555 l 2.023037 1.656261 l ef n 2.286961 2.149053 m 1.734373 2.064517 l 1.980769 1.932555 l 2.023037 1.656261 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 18.233503 1.664135 1.304297 1.304297 183.620513 99.643965 ellipse s [] 0 sd 0 slj 0 slc n 17.034410 1.942463 m 16.657148 1.529943 l 16.931809 1.581772 l 17.138069 1.393141 l ef n 17.034410 1.942463 m 16.657148 1.529943 l 16.931809 1.581772 l 17.138069 1.393141 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 10.905844 10.915074 1.252929 1.252929 283.915316 226.915592 ellipse s [] 0 sd 0 slj 0 slc n 10.833271 9.727791 m 11.312537 9.440033 l 11.207158 9.698916 l 11.351037 9.938549 l ef n 10.833271 9.727791 m 11.312537 9.440033 l 11.207158 9.698916 l 11.351037 9.938549 l cp s gsave 6.031670 2.200000 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 13.231700 1.850000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 0.320000 -0.545000 m 0.920000 -0.545000 l 0.920000 -0.095000 l s gsave 1.115000 -0.050000 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 9.101770 5.855000 m 9.701770 5.855000 l 9.701770 6.305000 l s gsave 9.896770 6.250000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.100000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.079520 2.514520 m 2.100000 2.850000 l 1.079520 3.214520 l s gsave 2.815000 3.200000 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore gsave 9.815000 3.350000 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore gsave 9.915000 9.500000 translate 0.035278 -0.035278 scale start_ol 3523 4874 moveto 3151 4874 lineto -55 1579 lineto -55 1280 lineto 1885 1280 lineto 1775 854 lineto 1672 484 1672 471 1617 422 curveto 1541 352 1376 324 1039 324 curveto 915 324 lineto 874 0 lineto 3013 0 lineto 3048 324 lineto 2924 324 lineto 2470 324 2374 359 2374 512 curveto 2374 568 2394 680 2442 854 curveto 2559 1280 lineto 3344 1280 lineto 3440 1664 lineto 2656 1641 lineto 3523 4874 lineto 1988 1641 moveto 447 1641 lineto 2573 3836 lineto 1988 1641 lineto end_ol grestore 1.000000 1.000000 1.000000 srgb n 17.065000 2.950000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 17.065000 2.950000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 17.065000 2.950000 0.700000 0.650000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 17.065000 2.950000 0.700000 0.650000 0 360 ellipse cp s gsave 16.815000 3.300000 translate 0.035278 -0.035278 scale start_ol 2364 2511 moveto 2441 2539 2531 2566 2601 2587 curveto 3179 2795 3520 3224 3520 3764 curveto 3520 4414 2988 4864 2221 4864 curveto 1468 4864 832 4384 832 3819 curveto 832 3534 1012 3339 1269 3339 curveto 1498 3339 1664 3505 1664 3734 curveto 1664 3852 1623 3935 1522 4046 curveto 1454 4115 1427 4157 1427 4205 curveto 1427 4371 1767 4544 2087 4544 curveto 2544 4544 2816 4292 2816 3868 curveto 2816 3268 2380 2688 1930 2688 curveto 1909 2688 1855 2688 1773 2688 curveto 1570 2688 1563 2688 1536 2688 curveto 1393 2688 1305 2622 1305 2504 curveto 1305 2381 1380 2304 1502 2304 curveto 1536 2304 1583 2312 1638 2319 curveto 1733 2342 1828 2350 1896 2350 curveto 2215 2350 2432 2055 2432 1619 curveto 2432 1288 2349 965 2205 698 curveto 1998 318 1681 128 1233 128 curveto 855 128 517 324 517 549 curveto 517 626 546 654 662 703 curveto 873 795 960 921 960 1111 curveto 960 1349 754 1546 505 1546 curveto 199 1546 0 1313 0 956 curveto 0 291 515 -128 1350 -128 curveto 2400 -128 3200 575 3200 1508 curveto 3200 1759 3122 1975 2973 2149 curveto 2817 2330 2676 2414 2364 2511 curveto end_ol grestore showpage %%EndDocument @endspecial 703 4701 a FG(Figure)h(3:)1062 4701 y SDict begin H.S end 1062 4701 a 1062 4701 a SDict begin H.R end 1062 4701 a 1062 4701 a SDict begin [ /View [/XYZ H.V] /Dest (figure.3) cvn /DEST pdfmark end 1062 4701 a Fx(D)1137 4720 y Fr(s)p Fw(\()p Fr(x;y)r Fw(\))p 2150 3705 1473 4 v 2148 3813 4 108 v 2191 3781 a FG(State)g(predicate)p 2769 3813 V 86 w(De\002nition)p 3621 3813 V 2150 3816 1473 4 v 2148 3924 4 108 v 2361 3892 a Fx(q)2402 3906 y Fw(1)2441 3892 y Fu(\()p Fx(v)s Fu(\))p 2769 3924 V 254 w Fy(:)p Fx(s)2916 3906 y Fw(tc)2978 3892 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3621 3924 V 2148 4032 V 2361 4000 a Fx(q)2402 4014 y Fw(2)2441 4000 y Fu(\()p Fx(v)s Fu(\))p 2769 4032 V 254 w Fx(x)25 b Fu(=)g Fx(v)p 3621 4032 V 2148 4140 V 2361 4108 a(q)2402 4122 y Fw(3)2441 4108 y Fu(\()p Fx(v)s Fu(\))p 2769 4140 V 254 w Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))21 b Fy(^)f Fx(s)3210 4122 y Fw(tc)3272 4108 y Fu(\()p Fx(y)s(;)15 b(v)s Fu(\))p 3621 4140 V 2148 4248 V 2361 4216 a Fx(q)2402 4230 y Fw(4)2441 4216 y Fu(\()p Fx(v)s Fu(\))p 2769 4248 V 254 w Fx(s)2855 4230 y Fw(tc)2918 4216 y Fu(\()p Fx(x;)g(v)s Fu(\))21 b Fy(^)f Fu(\()p Fx(x)26 b Fy(6)p Fu(=)e Fx(v)s Fu(\))p Fy(^)p 3621 4248 V 2148 4356 V 2769 4356 V 2812 4324 a(:)p Fx(s)p Fu(\()p Fx(x;)15 b(y)s Fu(\))p 3621 4356 V 2150 4359 1473 4 v 2594 4513 a FG(T)-7 b(able)23 b(3:)2915 4513 y SDict begin H.S end 2915 4513 a 2915 4513 a SDict begin H.R end 2915 4513 a 2915 4513 a SDict begin [ /View [/XYZ H.V] /Dest (table.3) cvn /DEST pdfmark end 2915 4513 a Fx(D)2990 4531 y Fr(s)p Fw(\()p Fr(x;y)r Fw(\))150 4820 y SDict begin H.S end 150 4820 a 150 4820 a SDict begin 13 H.A end 150 4820 a 150 4820 a SDict begin [ /View [/XYZ H.V] /Dest (Item.28) cvn /DEST pdfmark end 150 4820 a 88 x Fx(')j Fu(=)f Fx(s)374 4922 y Fw(tc)436 4908 y Fu(\()p Fx(x;)15 b(y)s Fu(\))p FG(:)47 b(The)23 b(automaton)j(for)d Fx(')j Fu(=)f Fx(s)1641 4922 y Fw(tc)1703 4908 y Fu(\()p Fx(x;)15 b(y)s Fu(\))p FG(,)24 b(and)g(its)f(state)i(de\002nitions)g(are)f(sho)n(wn)g(in)f (Fig)3447 4908 y SDict begin H.S end 3447 4908 a FG(4)3493 4846 y SDict begin H.R end 3493 4846 a 3493 4908 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.4) cvn H.B /ANN pdfmark end 3493 4908 a FG(.)341 5016 y(W)-7 b(e)30 b(pro)o(vide)j(a)e(sk)o(etch)i(of)f(the)f(proof)i(of)e(property)j(2b)d (for)h(state)g Fx(q)2547 5030 y Fw(3)2586 5016 y FG(.)51 b(Proofs)32 b(for)g(other)g(states)h(follo)n(w)241 5124 y(using)d(similar)e(ar)n(guments.)45 b(Suppose)29 b Fy(B)37 b(j)-15 b Fu(=)33 b Fx(q)1774 5138 y Fw(3)1813 5124 y Fu(\()p Fx(v)s Fu(\))25 b Fy(^)e Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))p FG(.)42 b(Expanding)31 b(the)d(de\002nition)i(of)e Fx(q)3436 5138 y Fw(3)3475 5124 y Fu(\()p Fx(v)s Fu(\))p FG(,)h(we)241 5232 y(get)24 b Fy(B)k(j)-15 b Fu(=)25 b Fx(s)612 5246 y Fw(tc)675 5232 y Fu(\()p Fx(x;)15 b(y)s Fu(\))21 b Fy(^)e Fx(s)1029 5246 y Fw(tc)1092 5232 y Fu(\()p Fx(y)s(;)c(v)s Fu(\))21 b Fy(^)f Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))p FG(.)341 5340 y(There)28 b(are)f(tw)o(o)g (possibilities:)41 b Fx(v)35 b Fy(6)p Fu(=)d Fx(y)e FG(and)e Fx(v)35 b Fu(=)d Fx(y)s FG(,)27 b(corresponding)32 b(to)27 b(the)h(loop)g(on)g(state)g Fx(q)3392 5354 y Fw(3)3431 5340 y FG(,)f(and)h(the)241 5448 y(incoming)23 b(edges)f(from)e Fx(q)1069 5462 y Fw(2)1128 5448 y FG(or)h Fx(q)1265 5462 y Fw(1)1304 5448 y FG(.)27 b(Suppose)22 b Fx(v)28 b Fu(=)d Fx(y)s FG(.)i(No)n(w)19 b(we)h(ha)n(v)o(e)i(tw)o(o)e(further)i(cases,)g Fx(x)j Fu(=)g Fx(y)e FG(and)e Fx(x)k Fy(6)p Fu(=)g Fx(y)s FG(.)p eop end end %%Page: 14 14 TeXDict begin HPSdict begin 14 13 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.14) cvn /DEST pdfmark end 150 82 a Fz(14)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)332 1040 y @beginspecial 0 @llx 0 @lly 526 @urx 277 @ury 1578 @rwi @setspecial %%BeginDocument: stcxy.eps [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def /cp {closepath} bind def /c {curveto} bind def /f {fill} bind def /a {arc} bind def /ef {eofill} bind def /ex {exch} bind def /gr {grestore} bind def /gs {gsave} bind def /sa {save} bind def /rs {restore} bind def /l {lineto} bind def /m {moveto} bind def /rm {rmoveto} bind def /n {newpath} bind def /s {stroke} bind def /sh {show} bind def /slc {setlinecap} bind def /slj {setlinejoin} bind def /slw {setlinewidth} bind def /srgb {setrgbcolor} bind def /rot {rotate} bind def /sc {scale} bind def /sd {setdash} bind def /ff {findfont} bind def /sf {setfont} bind def /scf {scalefont} bind def /sw {stringwidth pop} bind def /tr {translate} bind def /ellipsedict 8 dict def ellipsedict /mtrx matrix put /ellipse { ellipsedict begin /endangle exch def /startangle exch def /yrad exch def /xrad exch def /y exch def /x exch def /savematrix mtrx currentmatrix def x y tr xrad yrad sc 0 0 1 startangle endangle arc savematrix setmatrix end } def /mergeprocs { dup length 3 -1 roll dup length dup 5 1 roll 3 -1 roll add array cvx dup 3 -1 roll 0 exch putinterval dup 4 2 roll putinterval } bind def /dpi_x 300 def /dpi_y 300 def /conicto { /to_y exch def /to_x exch def /conic_cntrl_y exch def /conic_cntrl_x exch def currentpoint /p0_y exch def /p0_x exch def /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def /p2_x p1_x to_x p0_x sub 1 3 div mul add def /p2_y p1_y to_y p0_y sub 1 3 div mul add def p1_x p1_y p2_x p2_y to_x to_y curveto } bind def /start_ol { gsave 1.1 dpi_x div dup scale} bind def /end_ol { closepath fill grestore } bind def 28.346000 -28.346000 scale -1.634769 -6.900000 translate 1.000000 1.000000 1.000000 srgb n 3.800000 2.950000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 3.800000 2.950000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 10.950000 3.050000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 10.950000 3.050000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.299693 8.553897 6.156671 6.156671 245.535139 291.598736 ellipse s [] 0 sd 0 slj 0 slc n 9.900321 2.999362 m 9.341316 2.995793 l 9.565989 2.829519 l 9.567774 2.550016 l ef n 9.900321 2.999362 m 9.341316 2.995793 l 9.565989 2.829519 l 9.567774 2.550016 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 14.810591 6.791088 4.739966 4.739966 232.116852 297.257398 ellipse s [] 0 sd 0 slj 0 slc n 17.292161 2.787406 m 16.737903 2.714621 l 16.981442 2.577457 l 17.017834 2.300328 l ef n 17.292161 2.787406 m 16.737903 2.714621 l 16.981442 2.577457 l 17.017834 2.300328 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 2.981406 1.231760 1.157416 1.157416 107.048462 44.987634 ellipse s [] 0 sd 0 slj 0 slc n 3.016591 2.319276 m 2.529929 2.594340 l 2.642074 2.338316 l 2.504543 2.094985 l ef n 3.016591 2.319276 m 2.529929 2.594340 l 2.642074 2.338316 l 2.504543 2.094985 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 12.123664 4.131568 1.187625 1.187625 282.490585 188.794040 ellipse s [] 0 sd 0 slj 0 slc n 12.010361 3.032098 m 12.463879 2.705262 l 12.380522 2.972052 l 12.543940 3.198811 l ef n 12.010361 3.032098 m 12.463879 2.705262 l 12.380522 2.972052 l 12.543940 3.198811 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 18.938832 1.116882 1.098804 1.098804 152.129693 86.469298 ellipse s [] 0 sd 0 slj 0 slc n 18.250438 1.876630 m 17.709102 1.737150 l 17.967480 1.630541 l 18.037220 1.359873 l ef n 18.250438 1.876630 m 17.709102 1.737150 l 17.967480 1.630541 l 18.037220 1.359873 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 11.117457 7.577820 8.478056 8.478056 218.383564 317.372931 ellipse s [] 0 sd 0 slj 0 slc n 17.592358 2.126941 m 17.082663 1.897352 l 17.355418 1.836279 l 17.470212 1.581432 l ef n 17.592358 2.126941 m 17.082663 1.897352 l 17.355418 1.836279 l 17.470212 1.581432 l cp s gsave 10.300000 -1.027610 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 11.850700 -1.100000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 11.190600 -1.095180 m 11.390600 -1.595180 l 11.590600 -1.095180 l s gsave 5.950000 2.357090 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 6.912270 2.270430 m 7.112270 1.770430 l 7.312270 2.270430 l s 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 7.345780 1.855000 m 7.945780 1.855000 l 7.945780 2.305000 l s gsave 8.140780 2.250000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 2.555000 -0.595000 m 3.155000 -0.595000 l 3.155000 -0.145000 l s gsave 3.350000 -0.100000 translate 0.035278 -0.035278 scale start_ol 2305 1792 moveto 2477 1010 lineto 2672 135 2970 -192 3532 -192 curveto 3956 -192 4163 -52 4690 604 curveto 4896 849 4931 908 5229 1446 curveto 4873 1642 lineto 4759 1454 4724 1395 4552 1148 curveto 4220 689 4025 512 3819 512 curveto 3555 512 3440 768 3234 1723 curveto 3016 2829 lineto 3520 3765 lineto 3796 4286 4036 4540 4243 4540 curveto 4335 4540 4392 4493 4438 4388 curveto 4541 4154 4621 4096 4828 4096 curveto 5183 4096 5401 4341 5401 4727 curveto 5401 5136 5126 5440 4747 5440 curveto 4438 5440 4094 5277 3853 5010 curveto 3624 4754 3612 4754 3222 4021 curveto 2890 3416 lineto 2764 4056 lineto 2569 5056 2316 5440 1846 5440 curveto 1594 5440 1342 5289 1055 4962 curveto 871 4752 711 4519 195 3762 curveto 527 3520 lineto 1112 4366 1273 4540 1468 4540 curveto 1548 4540 1663 4459 1709 4367 curveto 1812 4182 1812 4182 2041 3038 curveto 2179 2368 lineto 1663 1434 lineto 1342 839 1055 512 871 512 curveto 791 512 722 596 699 751 curveto 642 1073 493 1216 206 1216 curveto -138 1216 -378 930 -378 524 curveto -378 97 -80 -192 378 -192 curveto 929 -192 1468 275 1961 1162 curveto 2305 1792 lineto end_ol grestore gsave 14.100000 2.050000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore 0.100000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.697460 2.662240 m 2.850000 2.950000 l 1.697460 3.312240 l s 1.000000 1.000000 1.000000 srgb n 18.334800 2.850000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 18.334800 2.850000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 18.334800 2.850000 0.700000 0.650000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 18.334800 2.850000 0.700000 0.650000 0 360 ellipse cp s gsave 3.584770 3.200000 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore gsave 10.734800 3.350000 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore gsave 18.084800 3.150000 translate 0.035278 -0.035278 scale start_ol 2364 2511 moveto 2441 2539 2531 2566 2601 2587 curveto 3179 2795 3520 3224 3520 3764 curveto 3520 4414 2988 4864 2221 4864 curveto 1468 4864 832 4384 832 3819 curveto 832 3534 1012 3339 1269 3339 curveto 1498 3339 1664 3505 1664 3734 curveto 1664 3852 1623 3935 1522 4046 curveto 1454 4115 1427 4157 1427 4205 curveto 1427 4371 1767 4544 2087 4544 curveto 2544 4544 2816 4292 2816 3868 curveto 2816 3268 2380 2688 1930 2688 curveto 1909 2688 1855 2688 1773 2688 curveto 1570 2688 1563 2688 1536 2688 curveto 1393 2688 1305 2622 1305 2504 curveto 1305 2381 1380 2304 1502 2304 curveto 1536 2304 1583 2312 1638 2319 curveto 1733 2342 1828 2350 1896 2350 curveto 2215 2350 2432 2055 2432 1619 curveto 2432 1288 2349 965 2205 698 curveto 1998 318 1681 128 1233 128 curveto 855 128 517 324 517 549 curveto 517 626 546 654 662 703 curveto 873 795 960 921 960 1111 curveto 960 1349 754 1546 505 1546 curveto 199 1546 0 1313 0 956 curveto 0 291 515 -128 1350 -128 curveto 2400 -128 3200 575 3200 1508 curveto 3200 1759 3122 1975 2973 2149 curveto 2817 2330 2676 2414 2364 2511 curveto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 12.139800 5.705000 m 12.739800 5.705000 l 12.739800 6.155000 l s gsave 12.934800 6.100000 translate 0.035278 -0.035278 scale start_ol 2556 3641 moveto 2292 4906 1971 5440 1478 5440 curveto 973 5440 456 4797 -14 3534 curveto 348 3372 lineto 772 4295 898 4480 1092 4480 curveto 1252 4480 1401 4238 1527 3741 curveto 1882 2426 2088 1456 2340 2 curveto 1962 -598 1882 -714 1687 -967 curveto 1229 -1533 783 -1856 474 -1856 curveto 336 -1856 256 -1787 256 -1671 curveto 256 -1313 256 -1313 221 -1221 curveto 138 -1002 -61 -863 -285 -863 curveto -626 -863 -896 -1133 -896 -1471 curveto -896 -1932 -435 -2304 165 -2304 curveto 833 -2304 1456 -1912 2136 -1059 curveto 2677 -368 3588 1153 4453 2836 curveto 5110 4103 5248 4460 5248 4841 curveto 5248 5198 5040 5440 4727 5440 curveto 4415 5440 4160 5169 4160 4851 curveto 4160 4792 4172 4721 4183 4651 curveto 4253 4250 4253 4215 4253 4041 curveto 4253 3464 3806 2379 3061 1191 curveto 2556 3641 lineto end_ol grestore showpage %%EndDocument @endspecial 675 1231 a FG(Figure)24 b(4:)1034 1231 y SDict begin H.S end 1034 1231 a 1034 1231 a SDict begin H.R end 1034 1231 a 1034 1231 a SDict begin [ /View [/XYZ H.V] /Dest (figure.4) cvn /DEST pdfmark end 1034 1231 a Fx(D)1109 1250 y Fr(s)1142 1258 y Fn(tc)1197 1250 y Fw(\()p Fr(x;y)r Fw(\))p 2104 441 1565 4 v 2102 549 4 108 v 2145 517 a FG(State)g(predicate)p 2723 549 V 86 w(De\002nition)p 3667 549 V 2104 553 1565 4 v 2102 661 4 108 v 2315 628 a Fx(q)2356 642 y Fw(1)2395 628 y Fu(\()p Fx(v)s Fu(\))p 2723 661 V 254 w Fy(:)p Fx(s)2870 642 y Fw(tc)2932 628 y Fu(\()p Fx(x;)15 b(v)s Fu(\))p 3667 661 V 2102 769 V 2315 736 a Fx(q)2356 750 y Fw(2)2395 736 y Fu(\()p Fx(v)s Fu(\))p 2723 769 V 254 w Fx(s)2809 750 y Fw(tc)2872 736 y Fu(\()p Fx(x;)g(v)s Fu(\))p Fy(^)p 3667 769 V 2102 876 V 2723 876 V 2766 844 a(:)p Fu(\()p Fx(s)2905 858 y Fw(tc)2968 844 y Fu(\()p Fx(x;)g(y)s Fu(\))21 b Fy(^)f Fx(s)3323 858 y Fw(tc)3385 844 y Fu(\()p Fx(y)s(;)15 b(v)s Fu(\)\))p 3667 876 V 2102 984 V 2315 952 a Fx(q)2356 966 y Fw(3)2395 952 y Fu(\()p Fx(v)s Fu(\))p 2723 984 V 254 w Fx(s)2809 966 y Fw(tc)2872 952 y Fu(\()p Fx(x;)g(y)s Fu(\))21 b Fy(^)f Fx(s)3227 966 y Fw(tc)3289 952 y Fu(\()p Fx(y)s(;)15 b(v)s Fu(\))p 3667 984 V 2104 988 1565 4 v 2566 1141 a FG(T)-7 b(able)23 b(4:)2887 1141 y SDict begin H.S end 2887 1141 a 2887 1141 a SDict begin H.R end 2887 1141 a 2887 1141 a SDict begin [ /View [/XYZ H.V] /Dest (table.4) cvn /DEST pdfmark end 2887 1141 a Fx(D)2962 1160 y Fr(s)2995 1168 y Fn(tc)3050 1160 y Fw(\()p Fr(x;y)r Fw(\))241 1491 y FG(If)29 b Fx(x)36 b Fu(=)g Fx(y)i Fu(=)e Fx(v)s FG(,)30 b(we)f(get)g Fy(B)38 b(j)-15 b Fu(=)36 b Fy(:)p Fx(s)1408 1505 y Fw(tc)1470 1491 y Fu(\()p Fx(x;)15 b(u)p Fu(\))p FG(,)31 b(or)e Fy(B)39 b(j)-15 b Fu(=)35 b Fx(q)2098 1505 y Fw(1)2137 1491 y Fu(\()p Fx(u)p Fu(\))26 b Fy(^)e Fx(s)p Fu(\()p Fx(u;)15 b(x)p Fu(\))25 b Fy(^)f Fu(\()p Fx(x)36 b Fu(=)g Fx(y)i Fu(=)e Fx(v)s Fu(\))p FG(,)30 b(denoting)i(the)241 1599 y(appropriate)27 b(transition)f(from)e(state) g Fx(q)1474 1613 y Fw(1)1513 1599 y FG(.)341 1707 y(On)c(the)g(other)h (hand,)h(if)e Fy(B)28 b(j)-15 b Fu(=)25 b(\()p Fx(x)g Fy(6)p Fu(=)g Fx(y)s Fu(\))p FG(,)c(we)e(need)i(to)f(sho)n(w)h(that)f Fx(q)2444 1721 y Fw(3)2503 1707 y FG(w)o(as)g(reached)i(via)f Fx(q)3137 1721 y Fw(2)3176 1707 y FG(.)26 b(Expanding)d(the)241 1814 y(de\002nition)e(of)d Fx(q)742 1828 y Fw(3)781 1814 y Fu(\()p Fx(v)s Fu(\))h FG(we)f(ha)n(v)o(e)h Fy(B)28 b(j)-15 b Fu(=)25 b Fx(s)1464 1828 y Fw(tc)1527 1814 y Fu(\()p Fx(x;)15 b(y)s Fu(\))r Fy(^)r Fx(s)1845 1828 y Fw(tc)1908 1814 y Fu(\()p Fx(y)s(;)g(v)s Fu(\))p FG(.)28 b(Since)19 b Fx(y)28 b Fu(=)d Fx(v)s FG(,)18 b(we)g(get)h Fy(B)28 b(j)-15 b Fu(=)25 b Fx(s)3131 1828 y Fw(tc)3194 1814 y Fu(\()p Fx(x;)15 b(u)p Fu(\))r Fy(^)r Fx(s)p Fu(\()p Fx(u;)g(y)s Fu(\))p FG(.)241 1922 y(But)24 b(by)g(de\002nition)i(of)e Fx(q)1022 1936 y Fw(2)1061 1922 y FG(,)f(this)i(means)g Fy(B)k(j)-15 b Fu(=)26 b Fx(q)1755 1936 y Fw(2)1794 1922 y Fu(\()p Fx(u)p Fu(\))p FG(.)k(Thus,)24 b(we)g(ha)n(v)o(e)g Fy(B)29 b(j)-15 b Fu(=)26 b Fx(q)2755 1936 y Fw(2)2794 1922 y Fu(\()p Fx(u)p Fu(\))c Fy(^)e Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))22 b Fy(^)e Fx(v)30 b Fu(=)c Fx(y)s FG(,)d(the)241 2030 y(appropriate)k(transition)f(rule)e(for)g(mo)o(ving)g(from)g (state)g Fx(q)2066 2044 y Fw(2)2128 2030 y FG(to)f Fx(q)2262 2044 y Fw(3)2301 2030 y FG(.)341 2138 y(F)o(or)j(this)i(direction)i(of) d(property)i(2b,)f(the)g(only)g(remaining)h(case)f(is)f Fx(y)35 b Fy(6)p Fu(=)d Fx(v)s FG(.)40 b(In)27 b(this)h(case,)g(it)f (is)g(easy)h(to)241 2246 y(pro)o(v)o(e)f(that)f(we)f(entered)j(state)f Fx(q)1289 2260 y Fw(3)1353 2246 y FG(at)e Fx(y)s FG(,)h(and)g(looped)i (thereafter)g(using)f(the)f(appropriate)j(transition)g(for)d(the)241 2354 y(loop.)341 2462 y(F)o(or)h(the)i(re)n(v)o(erse)g(direction,)i(we) c(need)i(to)f(pro)o(v)o(e)h(that)g(if)e(a)h(transition)j(rule)e(is)e (applicable)k(at)d(a)g(position)241 2570 y(then)e(the)f(corresponding)k (ne)o(xt)d(state)f(must)g(hold)h(at)f(the)g(ne)o(xt)g(position.)36 b(This)24 b(is)h(easily)h(v)o(eri\002ed)g(using)g(the)241 2678 y(state-de\002nitions.)33 b(Property)24 b(2)f(for)g(other)h (states)g(follo)n(ws)f(by)g(similar)h(ar)n(guments.)31 b(Property)24 b(3)e(can)i(also)f(be)241 2786 y(v)o(eri\002ed)h(easily)h (using)g(the)f(de\002nition)h(of)e Fx(q)1639 2800 y Fw(3)1679 2786 y FG(.)150 2824 y SDict begin H.S end 150 2824 a 150 2824 a SDict begin 13 H.A end 150 2824 a 150 2824 a SDict begin [ /View [/XYZ H.V] /Dest (Item.29) cvn /DEST pdfmark end 150 2824 a 89 x Fv(Inductive)j(steps)p FG(:)48 b Fx(')23 b FG(is)g(either)i Fx(')1218 2927 y Fw(1)1278 2913 y Fy(^)20 b Fx(')1418 2927 y Fw(2)1458 2913 y FG(,)i(or)i Fy(:)p Fx( )s FG(,)e(or)i Fy(9)p Fx(x)15 b(:)g( )s Fu(\()p Fx(x)p Fu(\))p FG(.)150 2935 y SDict begin H.S end 150 2935 a 150 2935 a SDict begin 13 H.A end 150 2935 a 150 2935 a SDict begin [ /View [/XYZ H.V] /Dest (Item.30) cvn /DEST pdfmark end 150 2935 a 86 x Fx(')26 b Fu(=)f Fx(')390 3035 y Fw(1)438 3021 y Fy(^)8 b Fx(')566 3035 y Fw(2)606 3021 y FG(:)45 b(Inducti)n(v)o(ely)23 b(we)d(ha)n(v)o(e)h Fx(D)1495 3035 y Fr(')1541 3044 y Fn(1)1599 3021 y FG(and)g Fx(D)1825 3035 y Fr(')1871 3044 y Fn(2)1930 3021 y FG(with)f(\002nal)g (state)h(de\002nitions)h Fx(q)2922 3036 y Fr(f)2956 3045 y Fn(1)3014 3021 y FG(and)f Fx(q)3206 3036 y Fr(f)3240 3045 y Fn(2)3298 3021 y FG(respecti)n(v)o(ely)-6 b(.)241 3128 y(T)f(o)27 b(construct)j Fx(D)797 3142 y Fr(')847 3128 y FG(,)e(we)f(perform)h(the)g(product)i(construction:)41 b(let)27 b Fx(q)2462 3142 y Fr(i)2517 3128 y FG(be)h(state)g (de\002nitions)i(of)d Fx(D)3411 3142 y Fr(')3457 3151 y Fn(1)3523 3128 y FG(and)h Fx(q)3725 3095 y FM(0)3722 3154 y Fr(i)241 3236 y FG(those)f(of)e Fx(D)633 3250 y Fr(')679 3259 y Fn(2)718 3236 y FG(.)33 b(Then)25 b(the)g(state)h (de\002nitions)i(of)d Fx(D)1895 3250 y Fr(')1969 3236 y FG(are)h Fx(q)2146 3255 y FM(h)p Fr(i;j)t FM(i)2280 3236 y FG(,)f(and)h(we)e(ha)n(v)o(e)i Fx(q)2848 3255 y FM(h)p Fr(i;j)t FM(i)2982 3236 y Fu(\()p Fx(u)p Fu(\))j Fy(\021)f Fx(q)3273 3250 y Fr(i)3301 3236 y Fu(\()p Fx(u)p Fu(\))22 b Fy(^)f Fx(q)3571 3203 y FM(0)3568 3262 y Fr(j)3605 3236 y Fu(\()p Fx(u)p Fu(\))p FG(.)241 3345 y(The)i(accepting)k(states) d(are)1174 3561 y Fx(F)1232 3575 y Fr(')1278 3584 y Fn(1)1313 3575 y FM(^)p Fr(')1406 3584 y Fn(2)1445 3561 y Fu(\()p Fx(u)p Fu(\))116 b Fy(\021)2038 3475 y Fq(_)1870 3672 y Fr(f)1904 3681 y Fn(1)1939 3672 y FM(2)p Fr(F)2031 3681 y Fn(1)2065 3672 y FM(^)p Fr(f)2146 3681 y Fn(2)2181 3672 y FM(2)p Fr(F)2273 3681 y Fn(2)2322 3561 y Fx(q)2363 3579 y FM(h)p Fr(f)2424 3588 y Fn(1)2459 3579 y Fr(;f)2513 3588 y Fn(2)2547 3579 y FM(i)2578 3561 y Fu(\()p Fx(u)p Fu(\))p Fx(:)341 3783 y FG(Property)34 b(1)d(holds)j(because)g(we)e (are)g(still)h(in)f(\002rst-order)-5 b(.)57 b(Property)34 b(2)e(follo)n(ws)g(because)j(we)c(are)i(just)241 3891 y(performing)22 b(logical)g(transliterations)i(of)c(the)g(standard)i (DF)-7 b(A)18 b(conjunction)24 b(operation.)30 b(Property)21 b(3)f(follo)n(ws)241 3999 y(from)j(the)h(f)o(act)g(that)f(we)g(already) i(ha)n(v)o(e)f Fy(B)j(j)-15 b Fu(=)26 b Fx(F)1752 4013 y Fw(1)1791 3999 y Fu(\()p Fx(max)p Fu(\))g Fy($)f Fx(')2242 4013 y Fw(1)2305 3999 y FG(and)e Fy(B)28 b(j)-15 b Fu(=)25 b Fx(F)2710 4013 y Fw(2)2750 3999 y Fu(\()p Fx(max)p Fu(\))h Fy($)f Fx(')3201 4013 y Fw(2)3241 3999 y FG(,)d(and)i(from)f (the)241 4107 y(de\002nition)j(of)d Fx(F)769 4121 y Fr(')815 4130 y Fn(1)850 4121 y FM(^)p Fr(')943 4130 y Fn(2)982 4107 y FG(.)150 4134 y SDict begin H.S end 150 4134 a 150 4134 a SDict begin 13 H.A end 150 4134 a 150 4134 a SDict begin [ /View [/XYZ H.V] /Dest (Item.31) cvn /DEST pdfmark end 150 4134 a 81 x Fx(')43 b Fu(=)g Fy(:)p Fx( )s FG(:)j(In)33 b(this)g(case,)j(we)c(tak)o(e)i(the)f(complement)i (of)e Fx(D)2174 4230 y Fr( )2259 4215 y FG(which)h(is)e(easy)i(because) h(our)f(automata)g(are)241 4323 y(deterministic.)e(Let)22 b(the)g(\002nal)h(state)g(of)g Fx(D)1587 4338 y Fr( )1662 4323 y FG(be)f Fx(F)1840 4290 y FM(0)1864 4323 y FG(.)27 b Fx(D)1989 4337 y Fr(')2061 4323 y FG(has)c(the)g(same)g(state)g (de\002nitions)i(as)d Fx( )s FG(,)h(b)n(ut)g(its)f(\002nal)241 4431 y(state)j(de\002nition)g(is)e Fx(F)13 b Fu(\()p Fx(u)p Fu(\))26 b Fy(\021)f(:)p Fx(F)1332 4398 y FM(0)1355 4431 y Fu(\()p Fx(u)p Fu(\))p FG(.)k(It)23 b(is)h(easy)g(to)f(see)h (that)g(properties)j(1,)22 b(2)i(and)g(3)f(hold)h(in)g(this)g(case.)150 4454 y SDict begin H.S end 150 4454 a 150 4454 a SDict begin 13 H.A end 150 4454 a 150 4454 a SDict begin [ /View [/XYZ H.V] /Dest (Item.32) cvn /DEST pdfmark end 150 4454 a 85 x Fx(')i Fu(=)f Fy(9)p Fx(x)15 b(:)g( )s Fu(\()p Fx(x)p Fu(\))p FG(:)341 4647 y(Inducti)n(v)o(ely)26 b(we)d(ha)n(v)o(e)h Fx(D)1169 4662 y Fr( )1247 4647 y Fu(=)h(\()p Fy(f)p Fx(q)1464 4661 y Fw(1)1504 4647 y Fx(;)15 b(:)g(:)g(:)i(;)e(q)1747 4661 y Fr(n)1794 4647 y Fy(g)p Fx(;)g Fu(\006)20 b Fy(\002)g(f)p Fx(x;)15 b(\017)p Fy(g)p Fx(;)g(\016)2355 4662 y Fr( )2410 4647 y Fx(;)g(q)2491 4661 y Fw(1)2530 4647 y Fx(;)g(F)2628 4662 y Fr( )2682 4647 y Fu(\))p FG(.)341 4755 y(First)29 b(we)f(transform)i Fx(D)1126 4770 y Fr( )1207 4755 y FG(to)e(an)h(NF)-7 b(A)27 b Fy(N)1697 4769 y Fr(')1782 4755 y Fu(=)34 b(\()p Fy(f)p Fx(p)2013 4769 y Fw(1)2053 4755 y Fx(;)15 b(:)g(:)g(:)i(;)e(p)2301 4769 y Fr(n)2348 4755 y Fx(;)g(p)2434 4722 y FM(0)2434 4779 y Fw(1)2474 4755 y Fx(;)g(:)g(:)g(:)h(;)f(p)2721 4722 y FM(0)2721 4777 y Fr(n)2768 4755 y Fy(g)p Fx(;)g Fu(\006)p Fx(;)g(\016)n(;)g(p) 3083 4769 y Fw(1)3125 4755 y Fx(;)g(F)e Fu(\))p FG(,)29 b(where)g Fx(F)48 b Fu(=)241 4863 y Fy(f)p Fx(p)332 4830 y FM(0)332 4888 y Fr(i)361 4863 y Fy(j)p Fx(q)427 4877 y Fr(i)480 4863 y Fy(2)25 b Fx(F)624 4878 y Fr( )677 4863 y Fy(g)e FG(and)h Fx(\016)s Fu(\()p Fx(p)1023 4877 y Fr(i)1052 4863 y Fx(;)15 b(\033)s Fu(\))26 b(=)f Fy(f)p Fx(p)1395 4877 y Fr(j)1432 4863 y Fx(;)15 b(p)1518 4830 y FM(0)1518 4890 y Fr(k)1561 4863 y Fy(j)p Fx(\016)1626 4878 y Fr( )1679 4863 y Fu(\()p Fx(q)1755 4877 y Fr(i)1783 4863 y Fx(;)g(\033)24 b Fy(^)c(:)p Fx(x)p Fu(\))25 b(=)g Fx(q)2290 4877 y Fr(j)2326 4863 y Fx(;)15 b(\016)2406 4878 y Fr( )2460 4863 y Fu(\()p Fx(q)2536 4877 y Fr(i)2564 4863 y Fx(;)g(\033)24 b Fy(^)19 b Fx(x)p Fu(\))26 b(=)f Fx(q)3010 4878 y Fr(k)3052 4863 y Fy(g)p FG(.)341 4971 y(Thus)i Fy(N)624 4985 y Fr(')701 4971 y FG(no)g(longer)i(sees)f Fx(x)p FG(')-5 b(s.)41 b(Instead,)30 b(it)d(guesses)i(the)f(one)g (place)g(that)g Fx(x)f FG(might)h(occur)l(,)h(and)f(that)g(is)241 5079 y(where)c(the)g(transition)i(from)e Fx(p)1232 5093 y Fr(i)1282 5079 y FG(to)g Fx(p)1422 5046 y FM(0)1422 5104 y Fr(i)1472 5079 y FG(occurs.)31 b(\(See)23 b(Fig.)2117 5080 y SDict begin H.S end 2117 5080 a -1 x FG(5)2162 5017 y SDict begin H.R end 2162 5017 a 2162 5079 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.5) cvn H.B /ANN pdfmark end 2162 5079 a FG(\))341 5186 y(Let)48 b Fx(p)556 5200 y Fr(i)584 5186 y Fu(\()p Fx(u)p Fu(\))26 b Fy(\021)f(9)p Fx(x)15 b(:)g Fy(:)p Fx(s)1090 5200 y Fw(tc)1152 5186 y Fu(\()p Fx(x;)g(u)p Fu(\))21 b Fy(^)f Fx(q)1509 5200 y Fr(i)1537 5186 y Fu(\()p Fx(u)p Fu(\);)107 b Fx(p)1837 5153 y FM(0)1837 5212 y Fr(i)1865 5186 y Fu(\()p Fx(u)p Fu(\))26 b Fy(\021)f(9)p Fx(x)15 b(:)g(s)2310 5200 y Fw(tc)2373 5186 y Fu(\()p Fx(x;)g(u)p Fu(\))21 b Fy(^)f Fx(q)2730 5200 y Fr(i)2757 5186 y Fu(\()p Fx(u)p Fu(\))p FG(.)p eop end end %%Page: 15 15 TeXDict begin HPSdict begin 15 14 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.15) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(15)802 1567 y @beginspecial 0 @llx 0 @lly 918 @urx 480 @ury 2754 @rwi @setspecial %%BeginDocument: psigma_lr.eps [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def /cp {closepath} bind def /c {curveto} bind def /f {fill} bind def /a {arc} bind def /ef {eofill} bind def /ex {exch} bind def /gr {grestore} bind def /gs {gsave} bind def /sa {save} bind def /rs {restore} bind def /l {lineto} bind def /m {moveto} bind def /rm {rmoveto} bind def /n {newpath} bind def /s {stroke} bind def /sh {show} bind def /slc {setlinecap} bind def /slj {setlinejoin} bind def /slw {setlinewidth} bind def /srgb {setrgbcolor} bind def /rot {rotate} bind def /sc {scale} bind def /sd {setdash} bind def /ff {findfont} bind def /sf {setfont} bind def /scf {scalefont} bind def /sw {stringwidth pop} bind def /tr {translate} bind def /ellipsedict 8 dict def ellipsedict /mtrx matrix put /ellipse { ellipsedict begin /endangle exch def /startangle exch def /yrad exch def /xrad exch def /y exch def /x exch def /savematrix mtrx currentmatrix def x y tr xrad yrad sc 0 0 1 startangle endangle arc savematrix setmatrix end } def /mergeprocs { dup length 3 -1 roll dup length dup 5 1 roll 3 -1 roll add array cvx dup 3 -1 roll 0 exch putinterval dup 4 2 roll putinterval } bind def /dpi_x 300 def /dpi_y 300 def /conicto { /to_y exch def /to_x exch def /conic_cntrl_y exch def /conic_cntrl_x exch def currentpoint /p0_y exch def /p0_x exch def /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def /p2_x p1_x to_x p0_x sub 1 3 div mul add def /p2_y p1_y to_y p0_y sub 1 3 div mul add def p1_x p1_y p2_x p2_y to_x to_y curveto } bind def /start_ol { gsave 1.1 dpi_x div dup scale} bind def /end_ol { closepath fill grestore } bind def 28.346000 -28.346000 scale 0.910000 -18.297500 translate 1.000000 1.000000 1.000000 srgb n 15.950000 3.667500 m 15.950000 18.117500 l 31.450000 18.117500 l 31.450000 3.667500 l f 0.050000 slw [0.200000] 0 sd [0.200000] 0 sd 0 slj 0.000000 0.000000 0.000000 srgb n 15.950000 3.667500 m 15.950000 18.117500 l 31.450000 18.117500 l 31.450000 3.667500 l cp s 1.000000 1.000000 1.000000 srgb n -0.885000 3.647500 m -0.885000 18.097500 l 14.615000 18.097500 l 14.615000 3.647500 l f 0.050000 slw [0.200000] 0 sd [0.200000] 0 sd 0 slj 0.000000 0.000000 0.000000 srgb n -0.885000 3.647500 m -0.885000 18.097500 l 14.615000 18.097500 l 14.615000 3.647500 l cp s 1.000000 1.000000 1.000000 srgb n 3.400000 6.850000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [0.200000] 0 sd [0.200000] 0 sd 0.000000 0.000000 0.000000 srgb n 3.400000 6.850000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 6.650000 11.800000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [0.200000] 0 sd [0.200000] 0 sd 0.000000 0.000000 0.000000 srgb n 6.650000 11.800000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 14.977826 20.925547 18.313489 18.313489 233.450184 308.394701 ellipse s [] 0 sd 0 slj 0 slc n 26.639307 6.813190 m 26.095502 6.683664 l 26.351882 6.572334 l 26.416645 6.300431 l ef n 26.639307 6.813190 m 26.095502 6.683664 l 26.351882 6.572334 l 26.416645 6.300431 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 16.350057 -6.235522 19.060399 19.060399 72.601289 132.798505 ellipse s [] 0 sd 0 slj 0 slc n 22.404234 11.831243 m 22.012278 12.229829 l 22.049485 11.952808 l 21.850192 11.756829 l ef n 22.404234 11.831243 m 22.012278 12.229829 l 22.049485 11.952808 l 21.850192 11.756829 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 2.550638 5.051766 1.236220 1.236220 104.422269 46.601888 ellipse s [] 0 sd 0 slj 0 slc n 2.616743 6.221737 m 2.136263 6.507462 l 2.242737 6.249028 l 2.099875 6.008788 l ef n 2.616743 6.221737 m 2.136263 6.507462 l 2.242737 6.249028 l 2.099875 6.008788 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 12.946707 6.128635 1.415434 1.415434 174.934901 126.005373 ellipse s [] 0 sd 0 slj 0 slc n 11.883815 6.978116 m 12.388600 7.218309 l 12.114628 7.273667 l 11.994532 7.526059 l ef n 11.883815 6.978116 m 12.388600 7.218309 l 12.114628 7.273667 l 11.994532 7.526059 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 7.547312 13.722327 1.360266 1.360266 280.964229 228.726089 ellipse s [] 0 sd 0 slj 0 slc n 7.432974 12.425030 m 7.904956 12.125476 l 7.806029 12.386892 l 7.955806 12.622883 l ef n 7.432974 12.425030 m 7.904956 12.125476 l 7.806029 12.386892 l 7.955806 12.622883 l cp s gsave 3.100000 7.250000 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore 0.100000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 1.415000 6.540000 m 2.450000 6.850000 l 1.415000 7.190000 l s 1.000000 1.000000 1.000000 srgb n 10.865000 6.890000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [0.200000] 0 sd [0.200000] 0 sd 0.000000 0.000000 0.000000 srgb n 10.865000 6.890000 0.950000 0.900000 0 360 ellipse cp s gsave 6.490000 12.140000 translate 0.035278 -0.035278 scale start_ol 1876 4280 moveto 1277 4280 lineto 940 3136 lineto 289 3136 lineto 192 2812 lineto 844 2812 lineto 324 1061 lineto 227 713 192 553 192 400 curveto 192 108 413 -128 689 -128 curveto 1013 -128 1399 90 1641 420 curveto 1738 554 1807 666 1986 961 curveto 1779 1099 lineto 1353 449 1153 256 926 256 curveto 830 256 768 332 768 449 curveto 768 505 775 553 789 608 curveto 1442 2812 lineto 2192 2812 lineto 2288 3136 lineto 1539 3136 lineto 1876 4280 lineto end_ol grestore gsave 10.715000 7.190000 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore 1.000000 1.000000 1.000000 srgb n 20.210000 6.845000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 20.210000 6.845000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 23.460000 11.795000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 23.460000 11.795000 0.950000 0.900000 0 360 ellipse cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 19.360644 5.046755 1.236224 1.236224 104.424974 46.602423 ellipse s [] 0 sd 0 slj 0 slc n 19.426693 6.216732 m 18.946200 6.502436 l 19.052686 6.244007 l 18.909834 6.003760 l ef n 19.426693 6.216732 m 18.946200 6.502436 l 19.052686 6.244007 l 18.909834 6.003760 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 29.756707 6.123635 1.415434 1.415434 174.934901 126.005373 ellipse s [] 0 sd 0 slj 0 slc n 28.693815 6.973116 m 29.198600 7.213309 l 28.924628 7.268667 l 28.804532 7.521059 l ef n 28.693815 6.973116 m 29.198600 7.213309 l 28.924628 7.268667 l 28.804532 7.521059 l cp s 0.100000 slw [] 0 sd [] 0 sd 0 slc n 24.357303 13.717340 1.360269 1.360269 280.966819 228.726709 ellipse s [] 0 sd 0 slj 0 slc n 24.243024 12.420034 m 24.715019 12.120501 l 24.616081 12.381913 l 24.765848 12.617910 l ef n 24.243024 12.420034 m 24.715019 12.120501 l 24.616081 12.381913 l 24.765848 12.617910 l cp s gsave 19.910000 7.245000 translate 0.035278 -0.035278 scale start_ol 3158 4874 moveto 2958 4874 lineto 2587 4558 1851 4288 1355 4288 curveto 1273 4032 lineto 1748 4032 lineto 2167 4032 2215 4018 2215 3895 curveto 2215 3833 2215 3833 2147 3587 curveto 1410 845 lineto 1314 482 1307 475 1252 420 curveto 1176 351 1018 324 674 324 curveto 378 324 lineto 344 0 lineto 2890 0 lineto 2931 324 lineto 2559 324 lineto 2112 324 2016 358 2016 509 curveto 2016 564 2016 564 2078 846 curveto 3158 4874 lineto end_ol grestore gsave 20.418000 7.245000 translate 0.035278 -0.035278 scale start_ol 784 3595 moveto 922 3526 lineto 1706 4539 lineto 1768 4621 1803 4704 1803 4773 curveto 1803 4918 1651 5056 1479 5056 curveto 1328 5056 1238 4980 1183 4801 curveto 784 3595 lineto end_ol grestore 1.000000 1.000000 1.000000 srgb n 27.675000 6.885000 0.950000 0.900000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 27.675000 6.885000 0.950000 0.900000 0 360 ellipse cp s 1.000000 1.000000 1.000000 srgb n 27.675000 6.885000 0.700000 0.650000 0 360 ellipse f 0.100000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 27.675000 6.885000 0.700000 0.650000 0 360 ellipse cp s gsave 23.240000 12.040000 translate 0.035278 -0.035278 scale start_ol 1876 4280 moveto 1277 4280 lineto 940 3136 lineto 289 3136 lineto 192 2812 lineto 844 2812 lineto 324 1061 lineto 227 713 192 553 192 400 curveto 192 108 413 -128 689 -128 curveto 1013 -128 1399 90 1641 420 curveto 1738 554 1807 666 1986 961 curveto 1779 1099 lineto 1353 449 1153 256 926 256 curveto 830 256 768 332 768 449 curveto 768 505 775 553 789 608 curveto 1442 2812 lineto 2192 2812 lineto 2288 3136 lineto 1539 3136 lineto 1876 4280 lineto end_ol grestore gsave 23.561733 12.040000 translate 0.035278 -0.035278 scale start_ol 784 3595 moveto 922 3526 lineto 1706 4539 lineto 1768 4621 1803 4704 1803 4773 curveto 1803 4918 1651 5056 1479 5056 curveto 1328 5056 1238 4980 1183 4801 curveto 784 3595 lineto end_ol grestore gsave 27.365000 7.247500 translate 0.035278 -0.035278 scale start_ol 2967 1421 moveto 2789 1106 lineto 2536 661 2447 586 2112 586 curveto 526 586 lineto 696 804 983 1042 1534 1437 curveto 2468 2077 2509 2111 2686 2247 curveto 3231 2669 3456 3071 3456 3609 curveto 3456 4317 2924 4800 2141 4800 curveto 1268 4800 512 4164 512 3426 curveto 512 3047 715 2803 1033 2803 curveto 1283 2803 1472 2995 1472 3241 curveto 1472 3419 1384 3535 1161 3659 curveto 1006 3741 972 3775 972 3857 curveto 972 4151 1487 4480 1948 4480 curveto 2429 4480 2752 4158 2752 3679 curveto 2752 3165 2526 2788 1908 2254 curveto 84 678 -190 384 -252 0 curveto 2690 0 lineto 3208 1325 lineto 2967 1421 lineto end_ol grestore gsave 27.873000 7.247500 translate 0.035278 -0.035278 scale start_ol 784 3595 moveto 922 3526 lineto 1706 4539 lineto 1768 4621 1803 4704 1803 4773 curveto 1803 4918 1651 5056 1479 5056 curveto 1328 5056 1238 4980 1183 4801 curveto 784 3595 lineto end_ol grestore 0.110000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 15.370000 13.345000 m 15.970000 13.345000 l 15.970000 13.795000 l s 1.000000 1.000000 1.000000 srgb n 16.626447 13.511486 0.291447 0.287386 0 360 ellipse f 0.140000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 16.626447 13.511486 0.291447 0.287386 0 360 ellipse cp s 0.140000 slw [] 0 sd [] 0 sd 0 slc n 16.790083 14.164197 0.954240 0.954240 260.123059 305.403199 ellipse s 1.000000 1.000000 1.000000 srgb n 15.526447 1.761536 0.291447 0.287386 0 360 ellipse f 0.140000 slw [] 0 sd [] 0 sd 0.000000 0.000000 0.000000 srgb n 15.526447 1.761536 0.291447 0.287386 0 360 ellipse cp s 0.140000 slw [] 0 sd [] 0 sd 0 slc n 15.690121 2.414223 0.954223 0.954223 260.120578 305.401116 ellipse s gsave 4.965000 17.847500 translate 0.035278 -0.035278 scale start_ol 4052 1749 moveto 3447 635 3007 324 2030 324 curveto 1741 324 lineto 1383 324 1259 379 1259 545 curveto 1259 635 1266 670 1335 925 curveto 2195 4142 lineto 2291 4516 2291 4516 2353 4571 curveto 2422 4640 2587 4668 2924 4668 curveto 3075 4668 lineto 3117 4992 lineto 805 4992 lineto 764 4668 lineto 943 4668 lineto 1390 4668 1486 4633 1486 4481 curveto 1486 4426 1459 4280 1424 4142 curveto 544 850 lineto 447 483 440 476 385 421 curveto 310 352 151 324 -186 324 curveto -220 324 lineto -255 0 lineto 3798 0 lineto 4334 1694 lineto 4052 1749 lineto end_ol grestore gsave 5.574600 17.847500 translate 0.035278 -0.035278 scale start_ol 2331 773 moveto 1920 351 1614 192 1252 192 curveto 834 192 576 469 576 911 curveto 576 959 576 1056 576 1146 curveto 1394 1338 1534 1379 1849 1516 curveto 2387 1749 2688 2098 2688 2495 curveto 2688 2912 2348 3200 1863 3200 curveto 851 3200 -64 2178 -64 1059 curveto -64 318 387 -128 1136 -128 curveto 1670 -128 2121 105 2496 586 curveto 2331 773 lineto 611 1416 moveto 773 2349 1203 2944 1724 2944 curveto 1957 2944 2112 2785 2112 2550 curveto 2112 2170 1837 1845 1330 1623 curveto 1125 1534 1006 1499 611 1416 curveto end_ol grestore gsave 5.981000 17.847500 translate 0.035278 -0.035278 scale start_ol 1498 3136 moveto 1663 3803 1697 3930 1834 4260 curveto 1999 4674 2184 4864 2437 4864 curveto 2527 4864 2602 4815 2602 4745 curveto 2602 4717 2595 4689 2556 4618 curveto 2509 4541 2496 4485 2496 4421 curveto 2496 4246 2649 4105 2841 4105 curveto 3047 4105 3200 4268 3200 4481 curveto 3200 4850 2880 5120 2445 5120 curveto 2016 5120 1642 4873 1376 4414 curveto 1179 4082 1070 3786 900 3136 curveto 301 3136 lineto 212 2812 lineto 824 2812 lineto 542 1613 lineto 301 599 -50 -442 -476 -1393 curveto 281 -1269 lineto 439 -842 838 475 996 1109 curveto 1423 2812 lineto 2290 2812 lineto 2386 3136 lineto 1498 3136 lineto end_ol grestore gsave 6.285800 17.847500 translate 0.035278 -0.035278 scale start_ol 1876 4280 moveto 1277 4280 lineto 940 3136 lineto 289 3136 lineto 192 2812 lineto 844 2812 lineto 324 1061 lineto 227 713 192 553 192 400 curveto 192 108 413 -128 689 -128 curveto 1013 -128 1399 90 1641 420 curveto 1738 554 1807 666 1986 961 curveto 1779 1099 lineto 1353 449 1153 256 926 256 curveto 830 256 768 332 768 449 curveto 768 505 775 553 789 608 curveto 1442 2812 lineto 2192 2812 lineto 2288 3136 lineto 1539 3136 lineto 1876 4280 lineto end_ol grestore gsave 6.607533 17.847500 translate 0.035278 -0.035278 scale start_ol end_ol grestore gsave 6.861533 17.847500 translate 0.035278 -0.035278 scale start_ol 1519 3264 moveto 265 3130 lineto 244 2882 lineto 361 2882 lineto 625 2882 747 2820 747 2683 curveto 747 2635 720 2489 679 2365 curveto 449 1568 lineto 367 1284 320 994 320 779 curveto 320 267 698 -128 1194 -128 curveto 1675 -128 2102 179 2473 779 curveto 2817 1345 3072 2168 3072 2713 curveto 3072 3020 2878 3264 2627 3264 curveto 2448 3264 2304 3101 2304 2910 curveto 2304 2797 2347 2705 2455 2584 curveto 2627 2393 2656 2337 2656 2181 curveto 2656 1947 2533 1521 2355 1157 curveto 2088 600 1704 256 1348 256 curveto 1095 256 896 492 896 798 curveto 896 1020 937 1242 1059 1659 curveto 1519 3264 lineto end_ol grestore gsave 7.335667 17.847500 translate 0.035278 -0.035278 scale start_ol 2331 773 moveto 1920 351 1614 192 1252 192 curveto 834 192 576 469 576 911 curveto 576 959 576 1056 576 1146 curveto 1394 1338 1534 1379 1849 1516 curveto 2387 1749 2688 2098 2688 2495 curveto 2688 2912 2348 3200 1863 3200 curveto 851 3200 -64 2178 -64 1059 curveto -64 318 387 -128 1136 -128 curveto 1670 -128 2121 105 2496 586 curveto 2331 773 lineto 611 1416 moveto 773 2349 1203 2944 1724 2944 curveto 1957 2944 2112 2785 2112 2550 curveto 2112 2170 1837 1845 1330 1623 curveto 1125 1534 1006 1499 611 1416 curveto end_ol grestore gsave 7.742067 17.847500 translate 0.035278 -0.035278 scale start_ol 1531 3264 moveto 286 3130 lineto 259 2888 lineto 424 2888 lineto 699 2888 823 2828 823 2700 curveto 823 2652 789 2500 754 2375 curveto 52 0 lineto 651 0 lineto 974 1090 lineto 1229 1952 1800 2821 2116 2821 curveto 2199 2821 2240 2767 2240 2667 curveto 2240 2512 2240 2492 2267 2452 curveto 2320 2358 2426 2304 2552 2304 curveto 2778 2304 2944 2492 2944 2749 curveto 2944 3048 2721 3264 2409 3264 curveto 2030 3264 1732 3026 1373 2452 curveto 1531 3264 lineto end_ol grestore gsave 8.148467 17.847500 translate 0.035278 -0.035278 scale start_ol 1680 3264 moveto 965 3264 448 2815 448 2205 curveto 448 1910 617 1650 914 1489 curveto 1022 1433 1164 1363 1441 1251 curveto 1825 1089 1920 984 1920 745 curveto 1920 374 1618 128 1154 128 curveto 811 128 569 226 569 367 curveto 569 402 590 451 619 473 curveto 747 613 768 648 768 775 curveto 768 972 613 1127 409 1127 curveto 176 1127 0 932 0 660 curveto 0 172 429 -128 1110 -128 curveto 1894 -128 2432 314 2432 952 curveto 2432 1226 2311 1472 2096 1626 curveto 1948 1724 1881 1759 1511 1900 curveto 1074 2061 960 2173 960 2447 curveto 960 2769 1252 3008 1636 3008 curveto 1888 3008 2067 2931 2067 2818 curveto 2067 2790 2053 2754 2032 2719 curveto 1934 2578 1920 2543 1920 2437 curveto 1920 2246 2075 2112 2286 2112 curveto 2526 2112 2688 2287 2688 2538 curveto 2688 2964 2266 3264 1680 3264 curveto end_ol grestore gsave 8.554867 17.847500 translate 0.035278 -0.035278 scale start_ol 1580 3232 moveto 273 3130 lineto 246 2878 lineto 407 2878 lineto 682 2878 789 2815 789 2660 curveto 789 2598 769 2507 729 2355 curveto 340 1002 lineto 219 566 192 455 192 302 curveto 192 59 397 -128 663 -128 curveto 956 -128 1235 29 1508 342 curveto 1631 478 1740 628 1931 921 curveto 1717 1040 lineto 1373 500 1071 192 885 192 curveto 816 192 768 255 768 339 curveto 768 409 796 535 851 731 curveto 1580 3232 lineto 1456 4928 moveto 1249 4928 1084 4757 1084 4544 curveto 1084 4338 1249 4160 1449 4160 curveto 1663 4160 1828 4331 1828 4544 curveto 1828 4757 1663 4928 1456 4928 curveto end_ol grestore gsave 8.859667 17.847500 translate 0.035278 -0.035278 scale start_ol 1876 3264 moveto 1436 3264 997 3054 632 2663 curveto 260 2264 64 1760 64 1180 curveto 64 383 530 -128 1267 -128 curveto 1754 -128 2173 68 2497 445 curveto 2856 865 3072 1425 3072 1942 curveto 3072 2670 2531 3264 1876 3264 curveto 1832 3008 moveto 2211 3008 2432 2684 2432 2142 curveto 2432 1776 2294 1212 2108 825 curveto 1874 339 1619 128 1253 128 curveto 854 128 640 389 640 867 curveto 640 1452 874 2240 1157 2628 curveto 1350 2881 1570 3008 1832 3008 curveto end_ol grestore gsave 9.316867 17.847500 translate 0.035278 -0.035278 scale start_ol 1562 3200 moveto 316 3130 lineto 289 2879 lineto 454 2879 lineto 736 2879 846 2817 846 2665 curveto 846 2603 825 2514 784 2364 curveto 82 7 lineto 681 7 lineto 961 959 lineto 1138 1555 1220 1747 1466 2110 curveto 1760 2549 2121 2816 2415 2816 curveto 2572 2816 2688 2691 2688 2532 curveto 2688 2414 2655 2262 2588 2047 curveto 2233 966 lineto 2145 696 2112 537 2112 385 curveto 2112 94 2315 -128 2585 -128 curveto 3010 -128 3443 247 3821 934 curveto 3622 1077 lineto 3293 537 3010 256 2806 256 curveto 2741 256 2688 310 2688 385 curveto 2688 460 2707 541 2810 839 curveto 3110 1775 lineto 3213 2081 3264 2345 3264 2542 curveto 3264 2902 2973 3200 2614 3200 curveto 2215 3200 1816 2914 1362 2303 curveto 1562 3200 lineto end_ol grestore gsave 21.925000 17.792500 translate 0.035278 -0.035278 scale start_ol 1733 2432 moveto 2209 2432 lineto 2787 2432 3008 2258 3008 1806 curveto 3008 1722 3008 1576 3008 1430 curveto 2944 903 2944 868 2944 736 curveto 2944 237 3232 -103 3654 -103 curveto 4082 -103 4350 181 4611 915 curveto 4361 1020 lineto 4199 526 4088 373 3907 373 curveto 3770 373 3712 505 3712 797 curveto 3712 1152 lineto 3712 1242 3712 1325 3712 1402 curveto 3712 2006 3513 2339 3028 2527 curveto 3550 2589 3812 2651 4053 2775 curveto 4468 2995 4736 3415 4736 3863 curveto 4736 4269 4525 4606 4151 4799 curveto 3886 4937 3552 4992 2981 4992 curveto 804 4992 lineto 763 4668 lineto 942 4668 lineto 1389 4668 1485 4634 1485 4482 curveto 1485 4427 1457 4281 1423 4143 curveto 543 850 lineto 447 483 440 476 385 421 curveto 309 352 151 324 -186 324 curveto -221 324 lineto -255 0 lineto 1933 0 lineto 1967 324 lineto 1788 324 lineto 1341 324 1245 359 1245 512 curveto 1245 568 1245 568 1314 853 curveto 1733 2432 lineto 1816 2752 moveto 2212 4254 lineto 2306 4606 2373 4668 2689 4668 curveto 3018 4668 lineto 3582 4668 3904 4392 3904 3910 curveto 3904 3489 3716 3159 3353 2938 curveto 3105 2786 2904 2752 2340 2752 curveto 1816 2752 lineto end_ol grestore gsave 22.602333 17.792500 translate 0.035278 -0.035278 scale start_ol 1580 3232 moveto 273 3130 lineto 246 2878 lineto 407 2878 lineto 682 2878 789 2815 789 2660 curveto 789 2598 769 2507 729 2355 curveto 340 1002 lineto 219 566 192 455 192 302 curveto 192 59 397 -128 663 -128 curveto 956 -128 1235 29 1508 342 curveto 1631 478 1740 628 1931 921 curveto 1717 1040 lineto 1373 500 1071 192 885 192 curveto 816 192 768 255 768 339 curveto 768 409 796 535 851 731 curveto 1580 3232 lineto 1456 4928 moveto 1249 4928 1084 4757 1084 4544 curveto 1084 4338 1249 4160 1449 4160 curveto 1663 4160 1828 4331 1828 4544 curveto 1828 4757 1663 4928 1456 4928 curveto end_ol grestore gsave 22.907133 17.792500 translate 0.035278 -0.035278 scale start_ol 2626 3008 moveto 2733 3102 2794 3136 2874 3136 curveto 2941 3136 2995 3098 3049 3014 curveto 3156 2846 3196 2816 3304 2816 curveto 3451 2816 3572 2960 3572 3149 curveto 3572 3314 3384 3456 3148 3456 curveto 2913 3456 2731 3379 2381 3136 curveto 2161 3230 2010 3264 1791 3264 curveto 1036 3264 384 2706 384 2056 curveto 384 1717 504 1484 776 1322 curveto 462 1280 318 1231 161 1092 curveto 25 981 -64 793 -64 625 curveto -64 389 47 242 317 110 curveto 24 49 -88 8 -234 -81 curveto -443 -203 -576 -421 -576 -646 curveto -576 -836 -480 -1027 -330 -1143 curveto -57 -1333 257 -1408 824 -1408 curveto 1500 -1408 1889 -1326 2224 -1107 curveto 2517 -915 2688 -621 2688 -299 curveto 2688 -33 2559 193 2334 316 curveto 2117 433 1899 481 1437 508 curveto 845 543 791 550 697 571 curveto 535 612 448 696 448 814 curveto 448 975 620 1093 860 1093 curveto 949 1093 1045 1086 1141 1072 curveto 1423 1031 1464 1024 1635 1024 curveto 2020 1024 2322 1123 2562 1322 curveto 2830 1541 3008 1903 3008 2221 curveto 3008 2547 2879 2810 2626 3008 curveto 1825 3008 moveto 2196 3008 2432 2788 2432 2439 curveto 2432 2105 2318 1742 2139 1522 curveto 2010 1372 1810 1280 1589 1280 curveto 1203 1280 960 1522 960 1920 curveto 960 2560 1310 3008 1825 3008 curveto 972 -15 moveto 1278 -15 1768 -85 1924 -155 curveto 2094 -224 2176 -343 2176 -517 curveto 2176 -929 1741 -1152 966 -1152 curveto 313 -1152 0 -978 0 -615 curveto 0 -238 360 -15 972 -15 curveto end_ol grestore gsave 23.398200 17.792500 translate 0.035278 -0.035278 scale start_ol 2126 5073 moveto 757 4970 lineto 729 4717 lineto 942 4717 lineto 1225 4717 1335 4654 1335 4499 curveto 1335 4437 1314 4341 1273 4197 curveto 27 7 lineto 626 7 lineto 906 959 lineto 1083 1555 1165 1754 1411 2110 curveto 1725 2569 2067 2816 2388 2816 curveto 2565 2816 2688 2698 2688 2532 curveto 2688 2414 2655 2262 2588 2047 curveto 2233 966 lineto 2145 689 2112 537 2112 392 curveto 2112 94 2315 -128 2585 -128 curveto 3004 -128 3449 247 3814 920 curveto 3615 1064 lineto 3280 523 3010 256 2806 256 curveto 2741 256 2688 310 2688 385 curveto 2688 460 2707 534 2810 839 curveto 3110 1775 lineto 3213 2081 3264 2345 3264 2535 curveto 3264 2915 2966 3200 2580 3200 curveto 2160 3200 1767 2928 1307 2303 curveto 2126 5073 lineto end_ol grestore gsave 23.957000 17.792500 translate 0.035278 -0.035278 scale start_ol 1876 4280 moveto 1277 4280 lineto 940 3136 lineto 289 3136 lineto 192 2812 lineto 844 2812 lineto 324 1061 lineto 227 713 192 553 192 400 curveto 192 108 413 -128 689 -128 curveto 1013 -128 1399 90 1641 420 curveto 1738 554 1807 666 1986 961 curveto 1779 1099 lineto 1353 449 1153 256 926 256 curveto 830 256 768 332 768 449 curveto 768 505 775 553 789 608 curveto 1442 2812 lineto 2192 2812 lineto 2288 3136 lineto 1539 3136 lineto 1876 4280 lineto end_ol grestore gsave 24.278733 17.792500 translate 0.035278 -0.035278 scale start_ol end_ol grestore gsave 24.532733 17.792500 translate 0.035278 -0.035278 scale start_ol 1519 3264 moveto 265 3130 lineto 244 2882 lineto 361 2882 lineto 625 2882 747 2820 747 2683 curveto 747 2635 720 2489 679 2365 curveto 449 1568 lineto 367 1284 320 994 320 779 curveto 320 267 698 -128 1194 -128 curveto 1675 -128 2102 179 2473 779 curveto 2817 1345 3072 2168 3072 2713 curveto 3072 3020 2878 3264 2627 3264 curveto 2448 3264 2304 3101 2304 2910 curveto 2304 2797 2347 2705 2455 2584 curveto 2627 2393 2656 2337 2656 2181 curveto 2656 1947 2533 1521 2355 1157 curveto 2088 600 1704 256 1348 256 curveto 1095 256 896 492 896 798 curveto 896 1020 937 1242 1059 1659 curveto 1519 3264 lineto end_ol grestore gsave 25.006867 17.792500 translate 0.035278 -0.035278 scale start_ol 2331 773 moveto 1920 351 1614 192 1252 192 curveto 834 192 576 469 576 911 curveto 576 959 576 1056 576 1146 curveto 1394 1338 1534 1379 1849 1516 curveto 2387 1749 2688 2098 2688 2495 curveto 2688 2912 2348 3200 1863 3200 curveto 851 3200 -64 2178 -64 1059 curveto -64 318 387 -128 1136 -128 curveto 1670 -128 2121 105 2496 586 curveto 2331 773 lineto 611 1416 moveto 773 2349 1203 2944 1724 2944 curveto 1957 2944 2112 2785 2112 2550 curveto 2112 2170 1837 1845 1330 1623 curveto 1125 1534 1006 1499 611 1416 curveto end_ol grestore gsave 25.413267 17.792500 translate 0.035278 -0.035278 scale start_ol 1531 3264 moveto 286 3130 lineto 259 2888 lineto 424 2888 lineto 699 2888 823 2828 823 2700 curveto 823 2652 789 2500 754 2375 curveto 52 0 lineto 651 0 lineto 974 1090 lineto 1229 1952 1800 2821 2116 2821 curveto 2199 2821 2240 2767 2240 2667 curveto 2240 2512 2240 2492 2267 2452 curveto 2320 2358 2426 2304 2552 2304 curveto 2778 2304 2944 2492 2944 2749 curveto 2944 3048 2721 3264 2409 3264 curveto 2030 3264 1732 3026 1373 2452 curveto 1531 3264 lineto end_ol grestore gsave 25.819667 17.792500 translate 0.035278 -0.035278 scale start_ol 1680 3264 moveto 965 3264 448 2815 448 2205 curveto 448 1910 617 1650 914 1489 curveto 1022 1433 1164 1363 1441 1251 curveto 1825 1089 1920 984 1920 745 curveto 1920 374 1618 128 1154 128 curveto 811 128 569 226 569 367 curveto 569 402 590 451 619 473 curveto 747 613 768 648 768 775 curveto 768 972 613 1127 409 1127 curveto 176 1127 0 932 0 660 curveto 0 172 429 -128 1110 -128 curveto 1894 -128 2432 314 2432 952 curveto 2432 1226 2311 1472 2096 1626 curveto 1948 1724 1881 1759 1511 1900 curveto 1074 2061 960 2173 960 2447 curveto 960 2769 1252 3008 1636 3008 curveto 1888 3008 2067 2931 2067 2818 curveto 2067 2790 2053 2754 2032 2719 curveto 1934 2578 1920 2543 1920 2437 curveto 1920 2246 2075 2112 2286 2112 curveto 2526 2112 2688 2287 2688 2538 curveto 2688 2964 2266 3264 1680 3264 curveto end_ol grestore gsave 26.226067 17.792500 translate 0.035278 -0.035278 scale start_ol 1580 3232 moveto 273 3130 lineto 246 2878 lineto 407 2878 lineto 682 2878 789 2815 789 2660 curveto 789 2598 769 2507 729 2355 curveto 340 1002 lineto 219 566 192 455 192 302 curveto 192 59 397 -128 663 -128 curveto 956 -128 1235 29 1508 342 curveto 1631 478 1740 628 1931 921 curveto 1717 1040 lineto 1373 500 1071 192 885 192 curveto 816 192 768 255 768 339 curveto 768 409 796 535 851 731 curveto 1580 3232 lineto 1456 4928 moveto 1249 4928 1084 4757 1084 4544 curveto 1084 4338 1249 4160 1449 4160 curveto 1663 4160 1828 4331 1828 4544 curveto 1828 4757 1663 4928 1456 4928 curveto end_ol grestore gsave 26.530867 17.792500 translate 0.035278 -0.035278 scale start_ol 1876 3264 moveto 1436 3264 997 3054 632 2663 curveto 260 2264 64 1760 64 1180 curveto 64 383 530 -128 1267 -128 curveto 1754 -128 2173 68 2497 445 curveto 2856 865 3072 1425 3072 1942 curveto 3072 2670 2531 3264 1876 3264 curveto 1832 3008 moveto 2211 3008 2432 2684 2432 2142 curveto 2432 1776 2294 1212 2108 825 curveto 1874 339 1619 128 1253 128 curveto 854 128 640 389 640 867 curveto 640 1452 874 2240 1157 2628 curveto 1350 2881 1570 3008 1832 3008 curveto end_ol grestore gsave 26.988067 17.792500 translate 0.035278 -0.035278 scale start_ol 1562 3200 moveto 316 3130 lineto 289 2879 lineto 454 2879 lineto 736 2879 846 2817 846 2665 curveto 846 2603 825 2514 784 2364 curveto 82 7 lineto 681 7 lineto 961 959 lineto 1138 1555 1220 1747 1466 2110 curveto 1760 2549 2121 2816 2415 2816 curveto 2572 2816 2688 2691 2688 2532 curveto 2688 2414 2655 2262 2588 2047 curveto 2233 966 lineto 2145 696 2112 537 2112 385 curveto 2112 94 2315 -128 2585 -128 curveto 3010 -128 3443 247 3821 934 curveto 3622 1077 lineto 3293 537 3010 256 2806 256 curveto 2741 256 2688 310 2688 385 curveto 2688 460 2707 541 2810 839 curveto 3110 1775 lineto 3213 2081 3264 2345 3264 2542 curveto 3264 2902 2973 3200 2614 3200 curveto 2215 3200 1816 2914 1362 2303 curveto 1562 3200 lineto end_ol grestore 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 9.340010 15.132500 m 8.688980 15.119200 l 9.110200 15.539100 l 8.692060 15.953100 l 9.292060 15.953100 l s 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 0.960796 4.490530 m 0.309762 4.477260 l 0.730987 4.897120 l 0.312841 5.311170 l 0.912841 5.311170 l s 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 14.006900 7.990710 m 13.355900 7.977440 l 13.777100 8.397290 l 13.359000 8.811350 l 13.959000 8.811350 l s 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 18.355600 6.152230 m 17.704600 6.138960 l 18.125800 6.558820 l 17.707700 6.972870 l 18.307700 6.972870 l s 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 26.204500 15.132500 m 25.553500 15.119200 l 25.974700 15.539100 l 25.556600 15.953100 l 26.156600 15.953100 l s 0.150000 slw [] 0 sd [] 0 sd 0 slj 0 slc n 30.482500 7.955350 m 29.831500 7.942080 l 30.252700 8.361940 l 29.834500 8.776000 l 30.434500 8.776000 l s showpage %%EndDocument @endspecial 1580 1758 a FG(Figure)24 b(5:)1939 1758 y SDict begin H.S end 1939 1758 a 1939 1758 a SDict begin H.R end 1939 1758 a 1939 1758 a SDict begin [ /View [/XYZ H.V] /Dest (figure.5) cvn /DEST pdfmark end 1939 1758 a Fy(N)2014 1776 y FM(9)p Fr(x)11 b(:)g(P)2180 1784 y FK(\033)2222 1776 y Fw(\()p Fr(x)p Fw(\))341 2036 y FG(De\002ne)18 b Fx(D)676 2050 y Fr(')744 2036 y FG(to)g(be)g(the)h(DF) -7 b(A)16 b(equi)n(v)n(alent)21 b(to)d Fy(N)1811 2050 y Fr(')1878 2036 y FG(using)i(the)e(subset)i(construction.)31 b(Let)17 b Fx(S)3159 2050 y Fw(0)3224 2036 y Fu(=)25 b Fy(f)p Fx(p)3411 2050 y Fr(i)3435 2059 y Fn(0)3474 2036 y Fx(;)15 b(p)3560 2003 y FM(0)3560 2061 y Fr(j)3596 2036 y Fy(j)p Fx(j)31 b Fy(2)241 2152 y Fx(J)291 2166 y Fw(0)331 2152 y Fy(g)p FG(,)20 b Fx(S)475 2166 y Fw(1)539 2152 y Fu(=)25 b Fy(f)p Fx(p)726 2166 y Fr(i)750 2175 y Fn(1)789 2152 y Fx(;)15 b(p)875 2120 y FM(0)875 2178 y Fr(j)912 2152 y Fy(j)p Fx(j)31 b Fy(2)25 b Fx(J)1141 2166 y Fw(1)1181 2152 y Fy(g)19 b FG(be)g(tw)o(o)g(states)i(of)e Fx(D)1893 2166 y Fr(')1943 2152 y FG(.)27 b(\(Note)20 b(that)g(each)g(reachable)i(state)e(of)f Fx(D)3280 2166 y Fr(')3349 2152 y FG(has)h(e)o(xactly)241 2267 y(one)k(element)h(of)e Fy(f)p Fx(p)895 2281 y Fw(1)935 2267 y Fx(;)15 b(:)g(:)g(:)i(;)e(p)1183 2281 y Fr(n)1230 2267 y Fy(g)p FG(.\))341 2375 y(Observ)o(e)26 b(that)h(in)e(a)g(\223run\224)i(of)f Fy(N)1392 2389 y Fr(')1466 2375 y FG(on)g Fy(B)s FG(,)f(we)f(can)j(be)e(in)h(state)g Fx(p)2418 2389 y Fr(i)2471 2375 y FG(at)g(position)h Fx(u)e FG(if)n(f)h Fy(B)31 b(j)-15 b Fu(=)29 b Fx(p)3312 2389 y Fr(i)3340 2375 y Fu(\()p Fx(u)p Fu(\))d FG(and)g(we)241 2483 y(can)e(be)g(in)f(state)i Fx(p)828 2450 y FM(0)828 2509 y Fr(i)878 2483 y FG(of)f Fx(u)e FG(if)n(f)i Fy(B)j(j)-15 b Fu(=)26 b Fx(p)1398 2450 y FM(0)1398 2509 y Fr(i)1425 2483 y Fu(\()p Fx(u)p Fu(\))p FG(.)j(Thus,)23 b(the)h(\002rst-order)h (formula)g(capturing)h(state)e Fx(S)3268 2497 y Fw(0)3330 2483 y FG(is)1081 2650 y Fx(S)1137 2664 y Fw(0)1176 2650 y Fu(\()p Fx(u)p Fu(\))117 b Fy(\021)f Fx(p)1648 2664 y Fr(i)1672 2673 y Fn(0)1756 2650 y Fy(^)1887 2564 y Fq(^)1862 2761 y Fr(j)t FM(2)p Fr(J)1981 2770 y Fn(0)2029 2650 y Fx(p)2075 2613 y FM(0)2075 2673 y Fr(j)2112 2650 y Fu(\()p Fx(u)p Fu(\))46 b Fy(^)2412 2564 y Fq(^)2386 2765 y Fr(j)11 b(=)-42 b FM(2)o Fr(J)2504 2774 y Fn(0)2554 2650 y Fy(:)p Fx(p)2661 2613 y FM(0)2661 2673 y Fr(j)2697 2650 y Fu(\()p Fx(u)p Fu(\))341 2895 y FG(Conditions)31 b(2)d(and)h(3)g(for)g Fx(D)1283 2909 y Fr(')1361 2895 y FG(thus)g(follo)n(w)g(by)g(these)h(conditions)h(for)e Fx(D)2752 2910 y Fr( )2805 2895 y FG(,)g(which)g(hold)h(by)e(inducti)n (v)o(e)241 3003 y(assumption.)341 3111 y(F)o(or)20 b(e)o(xample,)i(if)f Fx(\016)952 3125 y Fr(')1002 3111 y Fu(\()p Fx(S)1093 3125 y Fw(0)1133 3111 y Fx(;)15 b(\033)s Fu(\))26 b(=)f Fx(S)1441 3125 y Fw(1)1480 3111 y FG(,)c(then)g Fx(\016)1740 3126 y Fr( )1793 3111 y Fu(\()p Fx(p)1874 3125 y Fr(i)1898 3134 y Fn(0)1937 3111 y Fx(;)15 b(\033)f Fy(^)d(:)p Fx(x)p Fu(\))25 b(=)g Fx(p)2430 3125 y Fr(i)2454 3134 y Fn(1)2493 3111 y FG(,)20 b(and)h Fx(j)31 b Fy(2)25 b Fx(J)2891 3125 y Fw(1)2951 3111 y FG(if)n(f)c Fx(\016)3095 3126 y Fr( )3148 3111 y Fu(\()p Fx(q)3224 3125 y Fr(i)3248 3134 y Fn(0)3287 3111 y Fx(;)15 b(\033)f Fy(^)d Fx(x)p Fu(\))25 b(=)g Fx(q)3714 3125 y Fr(j)241 3219 y FG(or)f Fx(\016)380 3234 y Fr( )433 3219 y Fu(\()p Fx(q)509 3233 y Fr(j)538 3242 y Fn(0)576 3219 y Fx(;)15 b(\033)24 b Fy(^)c(:)p Fx(x)p Fu(\))25 b(=)g Fx(q)1083 3233 y Fr(j)1142 3219 y FG(for)e(some)h Fx(j)1522 3233 y Fw(0)1587 3219 y Fy(2)h Fx(J)1723 3233 y Fw(0)1763 3219 y FG(.)150 3346 y(Thus,)e(we)g(ha)n(v)o(e)h(inducti)n(v)o(ely)i(constructed)h(the)d Fx(D)1776 3360 y Fr(')1849 3346 y FG(and)g(pro)o(v)o(ed)h(that)f(it)f (satis\002es)i(properties)h(1,)d(2,)g(and)h(3.)p 3677 3285 74 4 v 3677 3351 4 67 v 3747 3351 V 3677 3354 74 4 v 316 3504 a(Lemma)620 3506 y SDict begin H.S end 620 3506 a -2 x FG(4.9)734 3442 y SDict begin H.R end 734 3442 a 734 3504 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.9) cvn H.B /ANN pdfmark end 734 3504 a 27 w FG(tells)k(us)g(that)g (for)f(an)o(y)h(model)g Fy(B)h FG(of)f Fu(\000)23 b Fy([)f(f)p Fx(A)2221 3518 y Fw(\006)p Fr(w)2329 3504 y Fy(g)p FG(,)28 b Fy(B)35 b(j)-15 b Fu(=)33 b Fx(')27 b FG(if)n(f)g Fy(B)35 b(j)-15 b Fu(=)33 b Fx(F)3097 3518 y Fr(')3147 3504 y Fu(\()p Fx(max)p Fu(\))p FG(.)41 b(In)27 b(other)150 3612 y(w)o(ords,)c Fy(B)28 b(j)-15 b Fu(=)25 b Fx(')d FG(if)n(f)g Fy(B)j FG(\223belie)n(v)o(es\224)f(that)g(there)f(is)g(a)f (path)h(from)g(the)g(start)g(state)g(to)g(some)g Fx(q)3008 3627 y Fr(f)3074 3612 y FG(in)g Fx(F)3225 3626 y Fr(')3276 3612 y FG(.)k(As)22 b(a)g(part)h(of)150 3720 y(the)g(ne)o(xt)h(lemma,)e (we)g(use)h(induction)j(to)d(pro)o(v)o(e)g(that)h(this)f(implies)h (that)g(there)g(actually)h(must)e(be)g(a)f(path)i(in)f Fx(D)3700 3734 y Fr(')150 3828 y FG(from)g(the)h(start)h(state)f(to)f (some)h Fx(q)1201 3843 y Fr(f)1269 3828 y FG(in)f Fx(F)1420 3842 y Fr(')1471 3828 y FG(.)150 3855 y SDict begin H.S end 150 3855 a 150 3855 a SDict begin 13 H.A end 150 3855 a 150 3855 a SDict begin [ /View [/XYZ H.V] /Dest (thm.4.10) cvn /DEST pdfmark end 150 3855 a 134 x FN(Lemma)35 b(4.10.)50 b Fv(Suppose)39 b Fy(B)51 b(j)-15 b Fu(=)49 b(\000)29 b Fy([)h(f)p Fx(A)1584 4003 y Fw(\006)p Fr(w)1692 3989 y Fy(g)g([)f(f)p Fx(')p Fy(g)p Fv(.)68 b(Then,)39 b(ther)m(e)e(e)n(xists)h(a)e(wor)m(d,)i Fx(w)3185 4003 y Fw(0)3225 3989 y Fv(,)g(suc)o(h)f(that)g(its)150 4097 y(corr)m(esponding)28 b(wor)m(d)23 b(model,)h Fy(B)1234 4111 y Fw(0)1273 4097 y Fv(,)e(satis\002es)k Fx(')p Fv(.)150 4259 y(Pr)l(oof)o(.)42 b FG(By)29 b(Lemma)858 4261 y SDict begin H.S end 858 4261 a -2 x FG(4.9)971 4197 y SDict begin H.R end 971 4197 a 971 4259 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.9) cvn H.B /ANN pdfmark end 971 4259 a FG(,)h(we)f(can)h(construct)j Fx(D)1752 4273 y Fr(')1802 4259 y FG(,)d(and)h(we)d(ha)n(v)o(e)j Fy(B)39 b(j)-15 b Fu(=)37 b Fx(F)2623 4273 y Fr(')2673 4259 y Fu(\()p Fx(max)p Fu(\))p FG(.)47 b(So)29 b Fy(B)j FG(\223belie)n(v)o(es\224)g(that)150 4367 y(there)24 b(is)f(a)g(path)h(to)f(some)g Fx(q)1027 4382 y Fr(f)1097 4367 y Fy(2)i Fx(F)1241 4381 y Fr(')1292 4367 y FG(.)i(Suppose)e(there) f(is)f(no)g(such)h(path)g(in)f Fx(D)2609 4381 y Fr(')2660 4367 y FG(.)k(Let)c Fx(C)29 b FG(denote)24 b(the)g(disjunction)150 4475 y(of)k(all)h(states)h(that)f(are)g(truly)g(reachable)i(from)e(the) f(start)i(state)f(in)f Fx(D)2375 4489 y Fr(')2426 4475 y FG(.)43 b(This)28 b(situation)j(can)e(be)f(e)o(xpressed)j(as)150 4583 y(follo)n(ws:)50 b Fy(8)p Fx(u;)15 b(v)k(:)c(C)7 b Fu(\()p Fx(u)p Fu(\))28 b Fy(^)f Fx(s)p Fu(\()p Fx(u;)15 b(v)s Fu(\))46 b Fy(!)e Fx(C)7 b Fu(\()p Fx(v)s Fu(\))p FG(.)58 b(But)34 b(this)g(is)g(e)o(xactly)h(the)f(premise)g(for)g(the)g (axiom)g(scheme)150 4691 y FN(NoExit)q FG(,)23 b(which)i(must)f(hold)h (since)h Fy(B)j(j)-15 b Fu(=)26 b(\000)p FG(.)k(Therefore,)c(we)d(ha)n (v)o(e)i Fy(B)30 b(j)-15 b Fu(=)26 b Fy(8)p Fx(u;)15 b(v)j(:)d(C)7 b Fu(\()p Fx(v)s Fu(\))22 b Fy(^)e Fx(s)3120 4705 y Fw(tc)3183 4691 y Fu(\()p Fx(u;)15 b(v)s Fu(\))28 b Fy(!)f Fx(C)7 b Fu(\()p Fx(v)s Fu(\))p FG(.)150 4799 y(This)27 b(implies)i(some)e(accepting)j(state)e Fx(q)1460 4814 y Fr(f)1532 4799 y FG(should)h(be)e(in)h Fx(C)7 b FG(,)26 b(because)k Fy(B)35 b(j)-15 b Fu(=)32 b Fy(8)p Fx(u)15 b(:)g(s)2856 4813 y Fw(tc)2918 4799 y Fu(\()p Fx(u;)g(max)p Fu(\))24 b Fy(^)f Fx(F)3426 4813 y Fr(')3477 4799 y Fu(\()p Fx(max)p Fu(\))p FG(,)150 4907 y(and)h(we)f(get)h(a)f (contradiction.)316 5015 y(Therefore,)j(there)f(has)g(to)f(be)g(a)g (real)g(path)h(from)g(the)f(start)h(state)g(to)f(a)g(\002nal)g(state)h Fx(q)2956 5030 y Fr(f)3025 5015 y FG(in)f Fx(D)3194 5029 y Fr(')3244 5015 y FG(.)30 b(This)24 b(implies)150 5123 y(that)h(the)f(DF)-7 b(A)22 b Fx(D)717 5137 y Fr(')791 5123 y FG(accepts)j(some)f(standard)j(w)o(ord,)c Fx(w)1924 5137 y Fw(0)1964 5123 y FG(.)29 b(Let)24 b Fy(B)2221 5137 y Fw(0)2283 5123 y FG(be)g(the)g(w)o(ord)g(model)h(corresponding)j (to)c Fx(w)3688 5137 y Fw(0)3727 5123 y FG(.)150 5231 y(Thus)g Fy(B)415 5245 y Fw(0)479 5231 y Fy(j)-15 b Fu(=)25 b Fx(F)643 5245 y Fr(')694 5231 y Fu(\()p Fx(max)p Fu(\))p FG(,)e(and)h(therefore)h(by)f(Lemma)1908 5233 y SDict begin H.S end 1908 5233 a -2 x FG(4.9)2022 5169 y SDict begin H.R end 2022 5169 a 2022 5231 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.9) cvn H.B /ANN pdfmark end 2022 5231 a 23 w Fy(B)2105 5245 y Fw(0)2169 5231 y Fy(j)-15 b Fu(=)25 b Fx(')f FG(as)f(desired.)p 3677 5169 74 4 v 3677 5236 4 67 v 3747 5236 V 3677 5239 74 4 v eop end end %%Page: 16 16 TeXDict begin HPSdict begin 16 15 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.16) cvn /DEST pdfmark end 150 82 a Fz(16)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)1050 423 y Fm(Node)53 b(reverse\(Node)c(x\))p Fy(f)1159 531 y Fm([0])k(Node)g(y)h(=)g(null;)1159 639 y([1])f(while)g(\(x)g(!=)h(null\))p Fy(f)1159 747 y Fm([2])217 b(Node)53 b(t)h(=)g(x.next;)1159 855 y([3])217 b(x.next)52 b(=)i(y;)1159 963 y([4])217 b(y)54 b(=)g(x;)1159 1071 y([5])217 b(x)54 b(=)g(t;)1159 1179 y([6])f Fy(g)1159 1287 y Fm([7])g(return)f(y;)1050 1395 y Fy(g)288 1656 y FG(Figure)24 b(6:)647 1656 y SDict begin H.S end 647 1656 a 647 1656 a SDict begin H.R end 647 1656 a 647 1656 a SDict begin [ /View [/XYZ H.V] /Dest (figure.6) cvn /DEST pdfmark end 647 1656 a FG(A)e(simple)i(Ja)n(v)n(a-lik)o(e)i (implementation)h(of)c(the)h(in-place)i(re)n(v)o(ersal)e(of)g(a)f (singly)i(link)o(ed)g(list.)150 1800 y SDict begin H.S end 150 1800 a 150 1800 a SDict begin 13 H.A end 150 1800 a 150 1800 a SDict begin [ /View [/XYZ H.V] /Dest (section.5) cvn /DEST pdfmark end 150 1800 a 938 1900 a FG(5.)48 b(H)t FF(E)t(U)t(R)t(I)t(S)t(T)t(I)t(C)t(S)32 b(F)t(O)t(R)27 b FG(U)t FF(S)t(I)t(N)t(G)i(T)t(H)t(E)f FG(C)t FF(O)t(L)t(O)t(R)t(I)t (N)t(G)h FG(A)t FF(X)t(I)t(O)t(M)t(S)316 2062 y FG(This)c(section)i (presents)g(heuristics)h(for)d(using)h(the)g(coloring)h(axioms.)34 b(T)-7 b(o)n(w)o(ard)25 b(that)g(end,)h(it)f(answers)h(the)150 2170 y(follo)n(wing)f(questions:)150 2208 y SDict begin H.S end 150 2208 a 150 2208 a SDict begin 13 H.A end 150 2208 a 150 2208 a SDict begin [ /View [/XYZ H.V] /Dest (Item.33) cvn /DEST pdfmark end 150 2208 a 89 x Fy(\017)42 b FG(Ho)n(w)22 b(can)i(the)g(coloring)i(axioms)e(be)f(used)i(by)e(a)h (theorem)g(pro)o(v)o(er)g(to)g(pro)o(v)o(e)g Fx(\037)p FG(?)k(\(Section)3152 2298 y SDict begin H.S end 3152 2298 a -1 x FG(5.2)3266 2235 y SDict begin H.R end 3266 2235 a 3266 2297 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.2) cvn H.B /ANN pdfmark end 3266 2297 a FG(\))150 2316 y SDict begin H.S end 150 2316 a 150 2316 a SDict begin 13 H.A end 150 2316 a 150 2316 a SDict begin [ /View [/XYZ H.V] /Dest (Item.34) cvn /DEST pdfmark end 150 2316 a 88 x Fy(\017)42 b FG(When)24 b(should)i(a)e(speci\002c)h (instance)h(of)e(a)g(coloring)i(axiom)f(be)f(gi)n(v)o(en)h(to)f(the)g (theorem)i(pro)o(v)o(er)e(while)h(trying)237 2512 y(to)e(pro)o(v)o(e)h Fx(\037)p FG(?)29 b(\(Section)1009 2513 y SDict begin H.S end 1009 2513 a -1 x FG(5.4)1122 2450 y SDict begin H.R end 1122 2450 a 1122 2512 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.4) cvn H.B /ANN pdfmark end 1122 2512 a FG(\))150 2532 y SDict begin H.S end 150 2532 a 150 2532 a SDict begin 13 H.A end 150 2532 a 150 2532 a SDict begin [ /View [/XYZ H.V] /Dest (Item.35) cvn /DEST pdfmark end 150 2532 a 88 x Fy(\017)42 b FG(What)24 b(part)g(of)f(the)h(process)h(can)f(be)g(automated?)31 b(\(Section)2179 2621 y SDict begin H.S end 2179 2621 a -1 x FG(5.5)2292 2558 y SDict begin H.R end 2292 2558 a 2292 2620 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.5) cvn H.B /ANN pdfmark end 2292 2620 a FG(\))150 2747 y(W)-7 b(e)28 b(\002rst)g(present)i(a)e(running)i(e)o(xample)f (\(more)g(e)o(xamples)h(are)e(described)j(in)d(Section)2996 2748 y SDict begin H.S end 2996 2748 a -1 x FG(5.6)3109 2685 y SDict begin H.R end 3109 2685 a 3109 2747 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.6) cvn H.B /ANN pdfmark end 3109 2747 a 28 w FG(and)h(used)g(in)f(later)150 2855 y(sections)h(to)d(illustrate)j(the)e(heuristics\).)41 b(W)-7 b(e)26 b(then)h(e)o(xplain)h(ho)n(w)f(the)f(coloring)j(axioms)f (are)f(useful,)h(describe)150 2963 y(the)33 b(search)i(space)f(for)f (useful)i(axioms,)h(gi)n(v)o(e)d(an)g(algorithm)i(for)f(e)o(xploring)h (this)f(space,)i(and)e(conclude)h(by)150 3071 y(discussing)d(a)d (prototype)k(implementation)f(we)d(ha)n(v)o(e)h(de)n(v)o(eloped)h(that) f(pro)o(v)o(es)h(the)e(e)o(xample)i(presented)h(and)150 3179 y(others.)150 3309 y SDict begin H.S end 150 3309 a 150 3309 a SDict begin 13 H.A end 150 3309 a 150 3309 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.1) cvn /DEST pdfmark end 150 3309 a 107 x FG(5.1.)46 b FN(Re)o(v)o(erse)31 b(Speci\002cation.)46 b FG(The)30 b(heuristics)k(described)f(in)d (Sections)2596 3417 y SDict begin H.S end 2596 3417 a -1 x FG(5.2)2710 3354 y SDict begin H.R end 2710 3354 a 2710 3416 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.2) cvn H.B /ANN pdfmark end 2710 3416 a FG(\226)2755 3417 y SDict begin H.S end 2755 3417 a -1 x FG(5.4)2869 3354 y SDict begin H.R end 2869 3354 a 2869 3416 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.4) cvn H.B /ANN pdfmark end 2869 3416 a 29 w FG(are)h(illustrated)i(on)e(prob-)150 3524 y(lems)24 b(that)h(arise)h(in)e(the)h(v)o(eri\002cation)h(of)f (partial)h(correctness)h(of)e(a)f(list)g(re)n(v)o(ersal)i(procedure.)34 b(Other)25 b(e)o(xamples)150 3632 y(pro)o(v)o(en)f(using)h(this)f (technique)i(can)e(be)g(found)h(in)e(Section)2054 3633 y SDict begin H.S end 2054 3633 a -1 x FG(5.6)2167 3570 y SDict begin H.R end 2167 3570 a 2167 3632 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.6) cvn H.B /ANN pdfmark end 2167 3632 a FG(.)316 3740 y(The)28 b(procedure)i(re)n(v)o(erse,) g(sho)n(wn)e(in)g(Fig.)1716 3741 y SDict begin H.S end 1716 3741 a -1 x FG(6)1761 3678 y SDict begin H.R end 1761 3678 a 1761 3740 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.6) cvn H.B /ANN pdfmark end 1761 3740 a FG(,)g(performs)i(in-place)f (re)n(v)o(ersal)h(of)e(a)f(singly)i(link)o(ed)h(list,)f(de-)150 3848 y(structi)n(v)o(ely)j(updating)f(the)f(list.)46 b(The)29 b(precondition)k(requires)f(that)d(the)h(input)g(list)g(be)f (ac)o(yclic)i(and)f(unshared)150 3956 y(\(i.e.,)25 b(each)h(heap)h (node)f(is)f(pointed)j(to)d(by)h(at)f(most)g(one)h(heap)h(node\).)35 b(F)o(or)25 b(simplicity)-6 b(,)27 b(we)e(assume)h(that)g(there)150 4064 y(is)32 b(no)f(garbage.)55 b(The)31 b(postcondition)36 b(ensures)e(that)e(the)g(resulting)i(list)e(is)f(ac)o(yclic)i(and)g (unshared.)55 b(Also,)33 b(it)150 4172 y(ensures)23 b(that)e(the)h (nodes)g(reachable)h(from)e(the)h(formal)f(parameter)i(on)e(entry)h(to) f(re)n(v)o(erse)h(are)f(e)o(xactly)i(the)e(nodes)150 4280 y(reachable)26 b(from)d(the)g(return)i(v)n(alue)f(of)f(re)n(v)o (erse)h(at)f(the)h(e)o(xit.)29 b(Most)23 b(importantly)-6 b(,)25 b(it)e(ensures)i(that)f(each)g(edge)g(in)150 4388 y(the)g(original)h(list)f(is)g(re)n(v)o(ersed)h(in)e(the)h(returned)i (list.)316 4496 y(The)e(speci\002cation)j(for)e(re)n(v)o(erse)g(is)g (sho)n(wn)f(in)h(Fig.)1981 4497 y SDict begin H.S end 1981 4497 a -1 x FG(7)2027 4435 y SDict begin H.R end 2027 4435 a 2027 4496 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 2027 4496 a FG(.)31 b(W)-7 b(e)23 b(use)i(unary)h(predicates)h(to)d(represent)j(program)150 4604 y(v)n(ariables)d(and)f(binary)g(predicates)i(to)d(represent)j (data-structure)h(\002elds.)i(Fig.)2674 4605 y SDict begin H.S end 2674 4605 a -1 x FG(7)2719 4543 y SDict begin H.R end 2719 4543 a 2719 4604 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 2719 4604 a FG(\(a\))22 b(de\002nes)h(some)f(shorthands.)150 4711 y(T)-7 b(o)26 b(specify)i(that)g(a)e(unary)i(predicate)i Fx(z)g FG(can)d(point)h(to)f(a)f(single)j(node)e(at)g(a)g(time)f(and)i (that)f(a)f(binary)j(predicate)150 4819 y Fx(f)43 b FG(of)34 b(a)h(node)g(can)g(point)g(to)g(at)f(most)h(one)g(node)g(\(i.e.,)i Fx(f)43 b FG(is)34 b(a)g(partial)i(function\),)k(we)33 b(use)i Fx(uniq)s(ue)p Fu([)p Fx(z)t Fu(])g FG(and)150 4927 y Fx(f)10 b(unc)p Fu([)p Fx(f)g Fu(])22 b FG(.)27 b(T)-7 b(o)23 b(specify)i(that)e(there)i(are)e(no)h(c)o(ycles)g(of)f Fx(f)10 b FG(-\002elds)23 b(in)g(the)h(graph,)g(we)f(use)g Fx(acy)s(cl)r(ic)p Fu([)p Fx(f)10 b Fu(])p FG(.)29 b(T)-7 b(o)22 b(specify)150 5035 y(that)29 b(the)g(graph)h(does)g(not)f (contain)h(nodes)g(shared)g(by)f Fx(f)10 b FG(-\002elds,)30 b(\(i.e.,)f(nodes)h(with)e Fu(2)h FG(or)f(more)h(incoming)h Fx(f)10 b FG(-)150 5143 y(\002elds\),)27 b(we)e(use)h Fx(unshar)s(ed)p Fu([)p Fx(f)10 b Fu(])p FG(.)35 b(T)-7 b(o)24 b(specify)k(that)e(all)g(nodes)i(in)d(the)h(graph)i(are)e (reachable)i(from)e Fx(z)3387 5157 y Fw(1)3452 5143 y FG(or)f Fx(z)3594 5157 y Fw(2)3659 5143 y FG(by)150 5251 y(follo)n(wing)d Fx(f)10 b FG(-\002elds,)21 b(we)f(use)i Fx(total)r Fu([)p Fx(z)1368 5265 y Fw(1)1407 5251 y Fx(;)15 b(z)1489 5265 y Fw(2)1529 5251 y Fx(;)g(f)10 b Fu(])p FG(.)27 b(Another)22 b(helpful)h(shorthand)h(is)c Fx(r)2795 5266 y Fr(x;f)2900 5251 y Fu(\()p Fx(v)s Fu(\))h FG(which)g (speci\002es)i(that)150 5359 y Fx(v)j FG(is)d(reachable)j(from)e(the)g (node)g(pointed)i(to)d(by)h Fx(x)e FG(using)j Fx(f)10 b FG(-edges.)p eop end end %%Page: 17 17 TeXDict begin HPSdict begin 17 16 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.17) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(17)316 448 y FG(The)34 b(precondition)j(of)d (the)h(re)n(v)o(erse)g(procedure)i(is)c(sho)n(wn)i(in)f(Fig.)2569 449 y SDict begin H.S end 2569 449 a -1 x FG(7)2614 387 y SDict begin H.R end 2614 387 a 2614 448 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 2614 448 a FG(\(b\).)61 b(W)-7 b(e)33 b(use)i(the)f(predicates)j Fx(xe)150 555 y FG(and)29 b Fx(ne)f FG(to)g(record)i(the)f(v)n(alues)h (of)e(the)h(v)n(ariable)h Fx(x)e FG(and)h(the)g(ne)o(xt)g(\002eld)f(at) h(the)f(be)o(ginning)j(of)e(the)g(procedure.)150 663 y(The)k(precondition)k(requires)e(that)f(the)f(list)g(pointed)j(to)d (by)g Fx(x)f FG(be)h(ac)o(yclic)i(and)e(unshared.)60 b(It)33 b(also)h(requires)150 771 y(that)25 b Fx(uniq)s(ue)p Fu([)p Fx(z)t Fu(])f FG(and)g Fx(f)10 b(unc)p Fu([)p Fx(f)g Fu(])23 b FG(hold)h(for)h(all)f(unary)h(predicates)i Fx(z)g FG(that)e(represent)h(program)f(v)n(ariables)i(and)d(all)150 879 y(binary)33 b(predicates)h Fx(f)40 b FG(that)32 b(represent)i (\002elds,)f(respecti)n(v)o(ely)-6 b(.)56 b(F)o(or)30 b(simplicity)-6 b(,)35 b(we)c(assume)h(that)g(there)h(is)e(no)150 987 y(garbage,)25 b(i.e.,)d(all)i(nodes)h(are)e(reachable)j(from)e Fx(x)p FG(.)316 1095 y(The)31 b(post-condition)36 b(is)c(sho)n(wn)f(in) h(Fig.)1678 1096 y SDict begin H.S end 1678 1096 a -1 x FG(7)1723 1034 y SDict begin H.R end 1723 1034 a 1723 1095 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 1723 1095 a FG(\(c\).)53 b(It)31 b(ensures)j(that)e(the)g(resulting)i(list)e(is)f(ac)o(yclic)i(and)f (un-)150 1203 y(shared.)70 b(Also,)39 b(it)e(ensures)h(that)g(the)f (nodes)h(reachable)h(from)d(the)h(formal)h(parameter)g Fx(x)e FG(on)h(entry)g(to)g(the)150 1311 y(procedure)27 b(are)d(e)o(xactly)h(the)f(nodes)i(reachable)g(from)e(the)g(return)h(v) n(alue)g Fx(y)h FG(at)e(the)g(e)o(xit.)31 b(Most)24 b(importantly)-6 b(,)26 b(we)150 1419 y(wish)d(to)h(sho)n(w)f(that)h(each)h(edge)f(in)f (the)h(original)i(list)e(is)f(re)n(v)o(ersed)i(in)f(the)f(returned)j (list)e(\(see)g(Eq.)e(\()3302 1421 y SDict begin H.S end 3302 1421 a -2 x FG(5.9)3416 1357 y SDict begin H.R end 3416 1357 a 3416 1419 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.9) cvn H.B /ANN pdfmark end 3416 1419 a FG(\)\).)316 1527 y(A)j(loop)h(in)l(v)n(ariant)j(is)c(gi)n(v)o(en)i (in)e(Fig.)1509 1528 y SDict begin H.S end 1509 1528 a -1 x FG(7)1555 1466 y SDict begin H.R end 1555 1466 a 1555 1527 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 1555 1527 a FG(\(d\).)36 b(It)25 b(describes)k(the)d(state)g(of)g(the)g(program)h(at)f(the)g(be)o (ginning)i(of)150 1635 y(each)22 b(loop)h(iteration.)30 b(Ev)o(ery)21 b(node)i(is)e(in)g(one)h(of)g(tw)o(o)f(disjoint)i(lists)f (pointed)i(to)d(by)h Fx(x)e FG(and)i Fx(y)i FG(\(Eq.)d(\()3339 1636 y SDict begin H.S end 3339 1636 a -1 x FG(5.10)3498 1573 y SDict begin H.R end 3498 1573 a 3498 1635 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.10) cvn H.B /ANN pdfmark end 3498 1635 a FG(\)\).)28 b(The)150 1743 y(lists)21 b(are)f(ac)o(yclic)i(and)e(unshared.)30 b(Ev)o(ery)20 b(edge)h(in)f(the)g(list)h(pointed)h(to)e(by)g Fx(x)f FG(is)h(e)o(xactly)i(an)e(edge)h(in)f(the)g(original)150 1851 y(list)27 b(\(Eq.)f(\()497 1852 y SDict begin H.S end 497 1852 a -1 x FG(5.12)657 1789 y SDict begin H.R end 657 1789 a 657 1851 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.10) cvn H.B /ANN pdfmark end 657 1851 a FG(\)\).)38 b(Ev)o(ery)27 b(edge)h(in)f(the)g(list)g(pointed)i(to)e(by) g Fx(y)i FG(is)d(the)i(re)n(v)o(erse)f(of)g(an)g(edge)h(in)f(the)g (original)i(list)150 1959 y(\(Eq.)23 b(\()357 1960 y SDict begin H.S end 357 1960 a -1 x FG(5.13)516 1897 y SDict begin H.R end 516 1897 a 516 1959 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.10) cvn H.B /ANN pdfmark end 516 1959 a FG(\)\).)29 b(The)23 b(only)h(original)i(edge)e(going)h (out)f(of)f Fx(y)j FG(is)d(to)g Fx(x)g FG(\(Eq.)g(\()2472 1960 y SDict begin H.S end 2472 1960 a -1 x FG(5.14)2631 1897 y SDict begin H.R end 2631 1897 a 2631 1959 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.10) cvn H.B /ANN pdfmark end 2631 1959 a FG(\)\).)316 2066 y(The)h(transformer)j(is)e (gi)n(v)o(en)g(in)f(Fig.)1498 2067 y SDict begin H.S end 1498 2067 a -1 x FG(7)1544 2006 y SDict begin H.R end 1544 2006 a 1544 2066 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.7) cvn H.B /ANN pdfmark end 1544 2066 a FG(\(e\),)g(using)i(the)f(primed)g(predicates)j Fx(n)2776 2033 y FM(0)2799 2066 y FG(,)c Fx(x)2898 2033 y FM(0)2921 2066 y FG(,)g(and)h Fx(y)3171 2033 y FM(0)3218 2066 y FG(to)f(describe)j(the)150 2174 y(v)n(alues)e(of)e(predicates)j Fx(n)p FG(,)c Fx(x)p FG(,)h(and)h Fx(y)s FG(,)e(respecti)n(v)o(ely)-6 b(,)26 b(at)e(the)g(end)g(of)f(the)h(iteration.)150 2324 y SDict begin H.S end 150 2324 a 150 2324 a SDict begin 13 H.A end 150 2324 a 150 2324 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.2) cvn /DEST pdfmark end 150 2324 a 88 x FG(5.2.)46 b FN(Pr)n(o)o(ving)26 b(F)n(ormulas)e(using)h(the)g (Coloring)g(Axioms.)46 b FG(All)25 b(the)g(coloring)j(axioms)e(ha)n(v)o (e)f(the)h(form)f Fx(A)j Fy(\021)150 2520 y Fx(P)208 2534 y Fr(A)302 2520 y Fy(!)36 b Fx(C)494 2534 y Fr(A)551 2520 y FG(,)30 b(where)g Fx(P)913 2534 y Fr(A)999 2520 y FG(and)g Fx(C)1224 2534 y Fr(A)1310 2520 y FG(are)g(closed)h (formulas.)48 b(W)-7 b(e)29 b(call)h Fx(P)2469 2534 y Fr(A)2555 2520 y FG(the)g(axiom')-5 b(s)31 b(premise)f(and)g Fx(C)3553 2534 y Fr(A)3639 2520 y FG(the)150 2628 y(axiom')-5 b(s)28 b(conclusion.)42 b(F)o(or)25 b(an)i(axiom)g(to)g(be)g(useful,)i (the)e(theorem)h(pro)o(v)o(er)f(will)g(ha)n(v)o(e)g(to)g(pro)o(v)o(e)g (the)g(premise)150 2736 y(\(as)34 b(a)g(subgoal\))i(and)f(then)g(use)f (the)g(conclusion)k(in)c(the)g(proof)h(of)f(the)h(goal)f(formula)h Fx(\037)p FG(.)60 b(F)o(or)33 b(each)i(of)f(the)150 2844 y(coloring)24 b(axioms,)e(we)f(no)n(w)g(e)o(xplain)i(when)f(the)g (premise)h(can)f(be)f(pro)o(v)o(ed,)i(ho)n(w)e(its)h(conclusion)i(can)e (help,)h(and)150 2951 y(gi)n(v)o(e)h(an)f(e)o(xample.)316 3059 y FN(NoExit)q(.)60 b FG(The)34 b(premise)i Fx(P)1227 3085 y Fl(NoExit)1480 3059 y Fu([)p Fx(C)q(;)15 b(f)10 b Fu(])34 b FG(states)i(that)f(there)g(are)g(no)f Fx(f)10 b FG(-edges)35 b(e)o(xiting)h(color)f(class)h Fx(C)7 b FG(.)150 3167 y(When)26 b Fx(C)32 b FG(is)25 b(a)h(unary)h(predicate) h(appearing)g(in)e(the)g(program,)h(the)g(premise)f(is)g(sometimes)h(a) e(direct)i(result)g(of)150 3275 y(the)j(loop)h(in)l(v)n(ariant.)51 b(Another)31 b(color)h(that)e(will)g(be)g(used)h(hea)n(vily)h (throughout)h(this)e(section)h(is)e(reachability)150 3383 y(from)37 b(a)g(unary)h(predicate,)43 b(i.e.,)d(unary)e (reachability)-6 b(,)44 b(formally)38 b(de\002ned)g(in)f(Eq.)g(\()2933 3384 y SDict begin H.S end 2933 3384 a -1 x FG(5.6)3046 3321 y SDict begin H.R end 3046 3321 a 3046 3383 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.1) cvn H.B /ANN pdfmark end 3046 3383 a FG(\).)70 b(Let)36 b(us)h(e)o(xamine)150 3491 y(tw)o(o)e(cases.)63 b Fx(P)654 3517 y Fl(NoExit)908 3491 y Fu([)p Fx(r)974 3506 y Fr(x;f)1079 3491 y Fx(;)15 b(f)10 b Fu(])34 b FG(is)h(immediate)g(from)g(the)g(de\002nition)i(of)e Fx(r)2635 3506 y Fr(x;f)2774 3491 y FG(and)g(the)g(transiti)n(vity)j (of)d Fx(f)3665 3505 y Fw(tc)3727 3491 y FG(.)150 3599 y Fx(P)208 3625 y Fl(NoExit)462 3599 y Fu([)p Fx(r)528 3614 y Fr(x;f)633 3599 y Fx(;)15 b(f)728 3566 y FM(0)751 3599 y Fu(])25 b FG(actually)i(states)g(that)f(there)g(is)g(no)f Fx(f)10 b FG(-path)26 b(from)g Fx(x)e FG(to)i(an)f(edge)i(for)f(which)g Fx(f)3288 3566 y FM(0)3335 3599 y FG(holds)h(b)n(ut)f Fx(f)150 3707 y FG(does)k(not,)g(i.e.,)f(a)f(change)j(in)d Fx(f)1183 3674 y FM(0)1234 3707 y FG(with)g(respect)j(to)d Fx(f)10 b FG(.)43 b(Thus,)30 b(we)e(use)h(the)g(absence)i(of)e Fx(f)10 b FG(-paths)29 b(to)g(pro)o(v)o(e)g(the)150 3815 y(absence)d(of)e Fx(f)615 3782 y FM(0)637 3815 y FG(-paths.)32 b(In)24 b(man)o(y)g(cases,)h(the)f(change)i(is)e(an)g(important)i(part) e(of)g(the)g(loop)h(in)l(v)n(ariant,)i(and)d(paths)150 3923 y(from)f(and)h(to)g(it)f(are)h(part)g(of)f(the)h(speci\002cation.) 316 4031 y(A)k(sk)o(etch)k(of)d(the)h(proof)h(by)e(refutation)k(of)c Fx(P)1805 4057 y Fl(NoExit)2059 4031 y Fu([)p Fx(r)2125 4046 y Fr(x)2165 4027 y FE(0)2187 4046 y Fr(;n)2254 4031 y Fx(;)15 b(n)2349 3998 y FM(0)2372 4031 y Fu(])29 b FG(that)h(arises)h(in)e(the)h(re)n(v)o(erse)h(e)o(xample)f(is)150 4139 y(gi)n(v)o(en)24 b(in)g(Fig.)631 4140 y SDict begin H.S end 631 4140 a -1 x FG(8)677 4077 y SDict begin H.R end 677 4077 a 677 4139 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.8) cvn H.B /ANN pdfmark end 677 4139 a FG(.)k(The)23 b(numbers)i(in)e(brack)o(ets)j(are)d(the)h(stages)h(of) f(the)f(proof.)150 4177 y SDict begin H.S end 150 4177 a 150 4177 a SDict begin 13 H.A end 150 4177 a 150 4177 a SDict begin [ /View [/XYZ H.V] /Dest (Item.36) cvn /DEST pdfmark end 150 4177 a 89 x FG(\(1\))43 b(The)23 b(ne)o(gation)i(of)e (the)h(premise)g(e)o(xpands)i(to:)821 4411 y Fy(9)p Fx(u)924 4425 y Fw(1)963 4411 y Fx(;)15 b(u)1055 4425 y Fw(2)1095 4411 y Fx(;)g(u)1187 4425 y Fw(3)1242 4411 y Fx(:)g(x)1334 4374 y FM(0)1358 4411 y Fu(\()p Fx(u)1445 4425 y Fw(1)1485 4411 y Fu(\))20 b Fy(^)g Fx(n)1676 4425 y Fw(tc)1739 4411 y Fu(\()p Fx(u)1826 4425 y Fw(1)1865 4411 y Fx(;)15 b(u)1957 4425 y Fw(2)1997 4411 y Fu(\))21 b Fy(^)f(:)p Fx(n)2250 4425 y Fw(tc)2312 4411 y Fu(\()p Fx(u)2399 4425 y Fw(1)2439 4411 y Fx(;)15 b(u)2531 4425 y Fw(3)2570 4411 y Fu(\))21 b Fy(^)f Fx(n)2762 4374 y FM(0)2785 4411 y Fu(\()p Fx(u)2872 4425 y Fw(2)2912 4411 y Fx(;)15 b(u)3004 4425 y Fw(3)3043 4411 y Fu(\))150 4472 y SDict begin H.S end 150 4472 a 150 4472 a SDict begin 13 H.A end 150 4472 a 150 4472 a SDict begin [ /View [/XYZ H.V] /Dest (Item.37) cvn /DEST pdfmark end 150 4472 a 85 x FG(\(2\))43 b(Since)23 b Fx(u)574 4571 y Fw(2)636 4557 y FG(is)h(reachable)i(from)d Fx(u)1342 4571 y Fw(1)1404 4557 y FG(and)h Fx(u)1610 4571 y Fw(3)1673 4557 y FG(is)f(not,)h(by)f Fx(T)2084 4571 y Fw(2)2124 4557 y FG(,)f(we)h(ha)n(v)o(e)h Fy(:)p Fx(n)p Fu(\()p Fx(u)2692 4571 y Fw(2)2731 4557 y Fx(;)15 b(u)2823 4571 y Fw(3)2863 4557 y Fu(\))p FG(.)150 4580 y SDict begin H.S end 150 4580 a 150 4580 a SDict begin 13 H.A end 150 4580 a 150 4580 a SDict begin [ /View [/XYZ H.V] /Dest (Item.38) cvn /DEST pdfmark end 150 4580 a 85 x FG(\(3\))43 b(By)26 b(the)h(de\002nition)h(of)f Fx(n)1098 4632 y FM(0)1147 4665 y FG(in)g(the)g(transformer)l(,)j(the)d (only)h(edge)g(in)f(which)g Fx(n)e FG(dif)n(fers)k(from)d Fx(n)3318 4632 y FM(0)3367 4665 y FG(is)h(out)g(of)g Fx(x)298 4773 y FG(\(one)21 b(of)f(the)h(clauses)h(generated)h(from)e (Eq.)e(\()1730 4774 y SDict begin H.S end 1730 4774 a -1 x FG(5.15)1889 4711 y SDict begin H.R end 1889 4711 a 1889 4773 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.15) cvn H.B /ANN pdfmark end 1889 4773 a FG(\))h(is)h Fy(8)p Fx(v)2115 4787 y Fw(1)2154 4773 y Fx(;)15 b(v)2238 4787 y Fw(2)2293 4773 y Fx(:)g Fy(:)p Fx(n)2449 4740 y FM(0)2472 4773 y Fu(\()p Fx(v)2551 4787 y Fw(1)2590 4773 y Fx(;)g(v)2674 4787 y Fw(2)2714 4773 y Fu(\))9 b Fy(_)g Fx(n)p Fu(\()p Fx(v)2962 4787 y Fw(1)3002 4773 y Fx(;)15 b(v)3086 4787 y Fw(2)3126 4773 y Fu(\))9 b Fy(_)g Fx(x)p Fu(\()p Fx(v)3371 4787 y Fw(1)3410 4773 y Fu(\))p FG(\))21 b(.)26 b(Thus,)298 4881 y Fx(x)p Fu(\()p Fx(u)437 4895 y Fw(2)476 4881 y Fu(\))d FG(holds.)150 4903 y SDict begin H.S end 150 4903 a 150 4903 a SDict begin 13 H.A end 150 4903 a 150 4903 a SDict begin [ /View [/XYZ H.V] /Dest (Item.39) cvn /DEST pdfmark end 150 4903 a 86 x FG(\(4\))43 b(By)22 b(the)i(de\002nition)h(of)f Fx(x)1082 4956 y FM(0)1128 4989 y FG(it)f(has)h(an)g(incoming)h Fx(n)d FG(edge)i(from)g Fx(x)p FG(.)k(Thus,)23 b Fx(n)p Fu(\()p Fx(u)2763 5003 y Fw(2)2802 4989 y Fx(;)15 b(u)2894 5003 y Fw(1)2934 4989 y Fu(\))23 b FG(holds.)150 5115 y(The)h(list)g(pointed)i(to)e(by)g Fx(x)f FG(must)i(be)f(ac)o(yclic,)h(whereas)g(we)e(ha)n(v)o(e)i(a)f(c)o (ycle)g(between)h Fx(u)2937 5129 y Fw(1)3000 5115 y FG(and)g Fx(u)3207 5129 y Fw(2)3246 5115 y FG(;)f(i.e.,)f(we)h(ha)n(v)o(e)150 5223 y(a)f(contradiction.)33 b(Thus,)23 b Fx(P)1029 5249 y Fl(NoExit)1283 5223 y Fu([)p Fx(r)1349 5239 y Fr(x)1389 5220 y FE(0)1411 5239 y Fr(;n)1478 5223 y Fx(;)15 b(n)1573 5190 y FM(0)1596 5223 y Fu(])23 b FG(must)g(hold.)316 5331 y Fx(C)381 5357 y Fl(NoExit)634 5331 y Fu([)p Fx(C)q(;)15 b(f)10 b Fu(])23 b FG(states)h(there)g(are)f(no)g Fx(f)32 b FG(paths)24 b(\()p Fx(f)1908 5345 y Fw(tc)1993 5331 y FG(edges\))g(e)o(xiting)h Fx(C)7 b FG(.)27 b(This)c(is)f(useful)j (because)g(pro)o(ving)150 5439 y(the)f(absence)h(of)f(paths)g(is)g(the) g(dif)n(\002cult)g(part)g(of)f(pro)o(ving)j(formulas)f(with)e Fu(TC)o FG(.)p eop end end %%Page: 18 18 TeXDict begin HPSdict begin 18 17 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.18) cvn /DEST pdfmark end 150 82 a Fz(18)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)p 411 370 3078 4 v 409 1524 4 1154 v 453 970 a FG(\(a\))1035 516 y SDict begin H.S end 1035 516 a 1035 516 a SDict begin 13 H.A end 1035 516 a 1035 516 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.1) cvn /DEST pdfmark end 1035 516 a Fx(uniq)s(ue)p Fu([)p Fx(z)t Fu(])1491 465 y Fk(def)1493 516 y Fu(=)84 b Fy(8)p Fx(v)1743 530 y Fw(1)1782 516 y Fx(;)15 b(v)1866 530 y Fw(2)1906 516 y Fx(:z)t Fu(\()p Fx(v)2056 530 y Fw(1)2096 516 y Fu(\))21 b Fy(^)f Fx(z)t Fu(\()p Fx(v)2358 530 y Fw(2)2398 516 y Fu(\))26 b Fy(!)f Fx(v)2619 530 y Fw(1)2683 516 y Fu(=)g Fx(v)2823 530 y Fw(2)3273 516 y FG(\(5.1\))1103 675 y Fx(f)10 b(unc)p Fu([)p Fx(f)g Fu(])1491 623 y Fk(def)1493 675 y Fu(=)84 b Fy(8)p Fx(v)1743 689 y Fw(1)1782 675 y Fx(;)15 b(v)1866 689 y Fw(2)1906 675 y Fx(;)g(v)s(:f)10 b Fu(\()p Fx(v)s(;)15 b(v)2239 689 y Fw(1)2280 675 y Fu(\))20 b Fy(^)g Fx(f)10 b Fu(\()p Fx(v)s(;)15 b(v)2637 689 y Fw(2)2677 675 y Fu(\))26 b Fy(!)f Fx(v)2898 689 y Fw(1)2963 675 y Fu(=)g Fx(v)3103 689 y Fw(2)3273 675 y FG(\(5.2\))1029 833 y Fx(acy)s(cl)r(ic)p Fu([)p Fx(f)10 b Fu(])1491 781 y Fk(def)1493 833 y Fu(=)84 b Fy(8)p Fx(v)1743 847 y Fw(1)1782 833 y Fx(;)15 b(v)1866 847 y Fw(2)1906 833 y Fx(:)p Fy(:)p Fx(f)10 b Fu(\()p Fx(v)2126 847 y Fw(1)2165 833 y Fx(;)15 b(v)2249 847 y Fw(2)2289 833 y Fu(\))21 b Fy(_)e(:)p Fu(TC)o([)p Fx(f)10 b Fu(]\()p Fx(v)2801 847 y Fw(2)2841 833 y Fx(;)15 b(v)2925 847 y Fw(1)2965 833 y Fu(\))273 b FG(\(5.3\))920 991 y Fx(unshar)s(ed)p Fu([)p Fx(f)10 b Fu(])1491 940 y Fk(def)1493 991 y Fu(=)84 b Fy(8)p Fx(v)1743 1005 y Fw(1)1782 991 y Fx(;)15 b(v)1866 1005 y Fw(2)1906 991 y Fx(;)g(v)s(:f)10 b Fu(\()p Fx(v)2152 1005 y Fw(1)2192 991 y Fx(;)15 b(v)s Fu(\))21 b Fy(^)f Fx(f)10 b Fu(\()p Fx(v)2550 1005 y Fw(2)2589 991 y Fx(;)15 b(v)s Fu(\))27 b Fy(!)e Fx(v)2898 1005 y Fw(1)2963 991 y Fu(=)g Fx(v)3103 1005 y Fw(2)3273 991 y FG(\(5.4\))872 1150 y Fx(total)r Fu([)p Fx(z)1126 1164 y Fw(1)1166 1150 y Fx(;)15 b(z)1248 1164 y Fw(2)1288 1150 y Fx(;)g(f)10 b Fu(])1491 1098 y Fk(def)1493 1150 y Fu(=)84 b Fy(8)p Fx(v)s(:)p Fy(9)p Fx(w)r(:)p Fu(\()p Fx(z)1991 1164 y Fw(1)2032 1150 y Fu(\()p Fx(w)r Fu(\))21 b Fy(_)f Fx(z)2313 1164 y Fw(2)2353 1150 y Fu(\()p Fx(w)r Fu(\)\))h Fy(^)f Fu(TC)o([)p Fx(f)10 b Fu(]\()p Fx(w)r(;)15 b(v)s Fu(\))186 b FG(\(5.5\))1144 1308 y Fx(r)1185 1323 y Fr(x;f)1290 1308 y Fu(\()p Fx(v)s Fu(\))1491 1256 y Fk(def)1493 1308 y Fu(=)84 b Fy(9)p Fx(w)17 b(:)e(x)p Fu(\()p Fx(w)r Fu(\))22 b Fy(^)e Fu(TC)o([)p Fx(f)10 b Fu(]\()p Fx(w)r(;)15 b(v)s Fu(\))700 b FG(\(5.6\))1115 1471 y Fx(r)1156 1511 y Fr(x;)1216 1465 y FM( )-55 b(\000)1230 1511 y Fr(f)1290 1471 y Fu(\()p Fx(v)s Fu(\))1491 1420 y Fk(def)1493 1471 y Fu(=)84 b Fy(9)p Fx(w)17 b(:)e(x)p Fu(\()p Fx(w)r Fu(\))22 b Fy(^)e Fu(TC)o([)p Fx(f)10 b Fu(]\()p Fx(v)s(;)15 b(w)r Fu(\))700 b FG(\(5.7\))p 3487 1524 4 1154 v 411 1527 3078 4 v 409 1831 4 304 v 453 1702 a(\(b\))892 1674 y SDict begin H.S end 892 1674 a 892 1674 a SDict begin 13 H.A end 892 1674 a 892 1674 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.8) cvn /DEST pdfmark end 892 1674 a Fx(pr)s(e)1107 1622 y Fk(def)1108 1674 y Fu(=)85 b Fx(total)r Fu([)p Fx(xe;)15 b(xe;)g(ne)p Fu(])22 b Fy(^)d Fx(acy)s(cl)r(ic)p Fu([)p Fx(ne)p Fu(])j Fy(^)e Fx(unshar)s(ed)p Fu([)p Fx(ne)p Fu(])g Fy(^)171 b FG(\(5.8\))1264 1808 y Fx(uniq)s(ue)p Fu([)p Fx(xe)p Fu(])21 b Fy(^)f Fx(f)10 b(unc)p Fu([)p Fx(ne)p Fu(])p 3487 1831 4 304 v 411 1835 3078 4 v 409 2139 4 304 v 453 2009 a FG(\(c\))985 1981 y SDict begin H.S end 985 1981 a 985 1981 a SDict begin 13 H.A end 985 1981 a 985 1981 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.9) cvn /DEST pdfmark end 985 1981 a Fx(post)1233 1929 y Fk(def)1235 1981 y Fu(=)85 b Fx(total)r Fu([)p Fx(y)s(;)15 b(y)s(;)g(n)p Fu(])20 b Fy(^)g Fx(acy)s(cl)r(ic)p Fu([)p Fx(n)p Fu(])h Fy(^)f Fx(unshar)s(ed)p Fu([)p Fx(n)p Fu(])g Fy(^)264 b FG(\(5.9\))1391 2116 y Fy(8)p Fx(v)1486 2130 y Fw(1)1525 2116 y Fx(;)15 b(v)1609 2130 y Fw(2)1649 2116 y Fx(:ne)p Fu(\()p Fx(v)1850 2130 y Fw(1)1890 2116 y Fx(;)g(v)1974 2130 y Fw(2)2014 2116 y Fu(\))25 b Fy($)g Fx(n)p Fu(\()p Fx(v)2324 2130 y Fw(2)2364 2116 y Fx(;)15 b(v)2448 2130 y Fw(1)2488 2116 y Fu(\))p 3487 2139 4 304 v 411 2142 3078 4 v 409 2985 4 844 v 453 2586 a FG(\(d\))855 2288 y SDict begin H.S end 855 2288 a 855 2288 a SDict begin 13 H.A end 855 2288 a 855 2288 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.10) cvn /DEST pdfmark end 855 2288 a Fx(LI)7 b Fu([)p Fx(x;)15 b(y)s(;)g(n)p Fu(])1275 2237 y Fk(def)1276 2288 y Fu(=)27 b Fx(total)r Fu([)p Fx(x;)15 b(y)s(;)g(n)p Fu(])99 b Fy(^)e(8)p Fx(v)s(:)p Fu(\()p Fy(:)p Fx(r)2363 2302 y Fr(x;n)2470 2288 y Fu(\()p Fx(v)s Fu(\))21 b Fy(_)f(:)p Fx(r)2791 2302 y Fr(y)r(;n)2894 2288 y Fu(\()p Fx(v)s Fu(\)\))i Fy(^)99 b FG(\(5.10\))1467 2423 y Fx(acy)s(cl)r(ic)p Fu([)p Fx(n)p Fu(])h Fy(^)d Fx(unshar)s(ed)p Fu([)p Fx(n)p Fu(])1468 2558 y Fx(uniq)s(ue)p Fu([)p Fx(x)p Fu(])i Fy(^)e Fx(uniq)s(ue)p Fu([)p Fx(y)s Fu(])21 b Fy(^)f Fx(f)10 b(unc)p Fu([)p Fx(n)p Fu(])19 b Fy(^)263 b FG(\(5.11\))1226 2693 y Fy(8)p Fx(v)1321 2707 y Fw(1)1360 2693 y Fx(;)15 b(v)1444 2707 y Fw(2)1484 2693 y Fx(:)p Fu(\()p Fx(r)1585 2707 y Fr(x;n)1692 2693 y Fu(\()p Fx(v)1771 2707 y Fw(1)1811 2693 y Fu(\))83 b Fy(!)g Fu(\()p Fx(ne)p Fu(\()p Fx(v)2314 2707 y Fw(1)2354 2693 y Fx(;)15 b(v)2438 2707 y Fw(2)2478 2693 y Fu(\))26 b Fy($)f Fx(n)p Fu(\()p Fx(v)2789 2707 y Fw(1)2829 2693 y Fx(;)15 b(v)2913 2707 y Fw(2)2953 2693 y Fu(\)\)\))21 b Fy(^)88 b FG(\(5.12\))865 2828 y Fy(8)p Fx(v)960 2842 y Fw(1)999 2828 y Fx(;)15 b(v)1083 2842 y Fw(2)1123 2828 y Fx(:)p Fu(\()p Fx(r)1224 2842 y Fr(y)r(;n)1329 2828 y Fu(\()p Fx(v)1408 2842 y Fw(2)1447 2828 y Fu(\))21 b Fy(^)f(:)p Fx(y)s Fu(\()p Fx(v)1772 2842 y Fw(1)1811 2828 y Fu(\))83 b Fy(!)g Fu(\()p Fx(ne)p Fu(\()p Fx(v)2314 2842 y Fw(1)2354 2828 y Fx(;)15 b(v)2438 2842 y Fw(2)2478 2828 y Fu(\))26 b Fy($)f Fx(n)p Fu(\()p Fx(v)2789 2842 y Fw(2)2829 2828 y Fx(;)15 b(v)2913 2842 y Fw(1)2953 2828 y Fu(\)\)\))21 b Fy(^)88 b FG(\(5.13\))1274 2963 y Fy(8)p Fx(v)1369 2977 y Fw(1)1408 2963 y Fx(;)15 b(v)1492 2977 y Fw(2)1531 2963 y Fx(;)g(v)s(:y)s Fu(\()p Fx(v)1770 2977 y Fw(1)1811 2963 y Fu(\))83 b Fy(!)g Fu(\()p Fx(x)p Fu(\()p Fx(v)2269 2977 y Fw(2)2310 2963 y Fu(\))25 b Fy($)g Fx(ne)p Fu(\()p Fx(v)2662 2977 y Fw(1)2702 2963 y Fx(;)15 b(v)2786 2977 y Fw(2)2826 2963 y Fu(\)\))332 b FG(\(5.14\))p 3487 2985 4 844 v 411 2989 3078 4 v 409 3428 4 439 v 453 3231 a(\(e\))764 3135 y SDict begin H.S end 764 3135 a 764 3135 a SDict begin 13 H.A end 764 3135 a 764 3135 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.15) cvn /DEST pdfmark end 764 3135 a Fx(T)855 3084 y Fk(def)857 3135 y Fu(=)26 b Fy(8)p Fx(v)s(:)p Fu(\()p Fx(y)1160 3098 y FM(0)1184 3135 y Fu(\()p Fx(v)s Fu(\))g Fy($)f Fx(x)p Fu(\()p Fx(v)s Fu(\)\))100 b Fy(^)e(8)p Fx(v)s(:)p Fu(\()p Fx(x)2116 3098 y FM(0)2139 3135 y Fu(\()p Fx(v)s Fu(\))27 b Fy($)e(9)p Fx(w)r(:x)p Fu(\()p Fx(w)r Fu(\))d Fy(^)d Fx(n)p Fu(\()p Fx(w)r(;)c(v)s Fu(\)\))22 b Fy(^)1010 3270 y(8)p Fx(v)1105 3284 y Fw(1)1144 3270 y Fx(;)15 b(v)1228 3284 y Fw(2)1268 3270 y Fx(:n)1348 3232 y FM(0)1371 3270 y Fu(\()p Fx(v)1450 3284 y Fw(1)1490 3270 y Fx(;)g(v)1574 3284 y Fw(2)1613 3270 y Fu(\))84 b Fy($)842 3405 y Fu(\(\()p Fx(n)p Fu(\()p Fx(v)1046 3419 y Fw(1)1086 3405 y Fx(;)15 b(v)1170 3419 y Fw(2)1210 3405 y Fu(\))21 b Fy(^)f(:)p Fx(x)p Fu(\()p Fx(v)1539 3419 y Fw(1)1578 3405 y Fu(\)\))99 b Fy(_)f Fu(\()p Fx(x)p Fu(\()p Fx(v)2072 3419 y Fw(1)2112 3405 y Fu(\))20 b Fy(^)g Fx(y)s Fu(\()p Fx(v)2375 3419 y Fw(2)2415 3405 y Fu(\)\)\))708 b FG(\(5.15\))p 3487 3428 4 439 v 411 3431 3078 4 v 150 3603 a(Figure)24 b(7:)522 3603 y SDict begin H.S end 522 3603 a 522 3603 a SDict begin H.R end 522 3603 a 522 3603 a SDict begin [ /View [/XYZ H.V] /Dest (figure.7) cvn /DEST pdfmark end 522 3603 a FG(Example)37 b(speci\002cation)j(of)c(re)n(v)o(erse)i(procedure:)58 b(\(a\))37 b(shorthands,)42 b(\(b\))37 b(precondition)k Fx(pr)s(e)p FG(,)d(\(c\))522 3711 y(postcondition)e Fx(post)p FG(,)31 b(\(d\))g(loop)h(in)l(v)n(ariant)i Fx(LI)7 b Fu([)p Fx(x;)15 b(y)s(;)g(n)p Fu(])p FG(,)33 b(\(e\))e(transformer)i Fx(T)44 b FG(\(ef)n(fect)32 b(of)f(the)g(loop)522 3819 y(body\).)p 1029 3979 1842 4 v 1029 4673 4 694 v 1107 4341 a Fr(x)1147 4322 y FE(0)1169 4341 y Fw([1])1474 4324 y Fj(/)p Fi(/)p 1275 4326 200 4 v 1491 4322 a Fh(GFED)-166 b(@ABC)1528 4337 y Fx(u)1580 4351 y Fw(1)1886 4280 y Fr(n)1929 4288 y Fn(tc)1984 4280 y Fw([1])2272 4324 y Fj(/)p Fi(/)p 1674 4326 598 4 v 1747 4402 a FM(:)p Fr(n)1837 4410 y Fn(tc)1892 4402 y Fw([1])1894 4518 y Fj(\045)p Fi(\045)1859 4498 y Fg(K)1824 4477 y(K)1790 4456 y(K)1756 4435 y(K)1721 4414 y(K)1687 4393 y(K)1652 4372 y(K)2288 4322 y Fh(GFED)g(@ABC)2325 4337 y Fx(u)2377 4351 y Fw(2)1914 4081 y Fr(n)p Fw([4])1665 4244 y Fj({)p Fi({)p 2303 4264 4 4 v 2301 4263 V 2299 4262 V 2298 4260 V 2296 4259 V 2295 4258 V 2293 4257 V 2292 4255 V 2290 4254 V 2289 4253 V 2287 4252 V 2285 4250 V 2284 4249 V 2282 4248 V 2281 4247 V 2279 4246 V 2278 4244 V 2276 4243 V 2275 4242 V 2273 4241 V 2271 4240 V 2270 4238 V 2268 4237 V 2267 4236 V 2265 4235 V 2264 4234 V 2262 4233 V 2261 4232 V 2259 4230 V 2257 4229 V 2256 4228 V 2254 4227 V 2253 4226 V 2251 4225 V 2250 4224 V 2248 4223 V 2247 4222 V 2245 4221 V 2243 4220 V 2242 4218 V 2240 4217 V 2239 4216 V 2237 4215 V 2236 4214 V 2234 4213 V 2233 4212 V 2231 4211 V 2229 4210 V 2228 4209 V 2226 4208 V 2225 4207 V 2223 4206 V 2222 4205 V 2220 4204 V 2218 4203 V 2217 4202 V 2215 4201 V 2214 4200 V 2212 4199 V 2211 4198 V 2209 4198 V 2208 4197 V 2206 4196 V 2204 4195 V 2203 4194 V 2201 4193 V 2200 4192 V 2198 4191 V 2197 4190 V 2195 4189 V 2194 4189 V 2192 4188 V 2190 4187 V 2189 4186 V 2187 4185 V 2186 4184 V 2184 4183 V 2183 4183 V 2181 4182 V 2180 4181 V 2178 4180 V 2176 4179 V 2175 4179 V 2173 4178 V 2172 4177 V 2170 4176 V 2169 4175 V 2167 4175 V 2166 4174 V 2164 4173 V 2162 4172 V 2161 4172 V 2159 4171 V 2158 4170 V 2156 4169 V 2155 4169 V 2153 4168 V 2152 4167 V 2150 4167 V 2148 4166 V 2147 4165 V 2145 4165 V 2144 4164 V 2142 4163 V 2141 4163 V 2139 4162 V 2138 4161 V 2136 4161 V 2134 4160 V 2133 4159 V 2131 4159 V 2130 4158 V 2128 4157 V 2127 4157 V 2125 4156 V 2124 4156 V 2122 4155 V 2120 4154 V 2119 4154 V 2117 4153 V 2114 4152 V 2111 4151 V 2108 4150 V 2105 4149 V 2102 4148 V 2099 4147 V 2095 4146 V 2092 4145 V 2089 4144 V 2086 4143 V 2083 4142 V 2080 4141 V 2077 4140 V 2074 4140 V 2071 4139 V 2067 4138 V 2064 4137 V 2061 4137 V 2058 4136 V 2055 4135 V 2052 4135 V 2049 4134 V 2046 4133 V 2043 4133 V 2039 4132 V 2036 4132 V 2033 4131 V 2030 4131 V 2027 4130 V 2024 4130 V 2021 4130 V 2018 4129 V 2014 4129 V 2011 4128 V 2008 4128 V 2005 4128 V 2002 4128 V 1999 4127 V 1996 4127 V 1993 4127 V 1990 4127 V 1986 4127 V 1983 4127 V 1980 4126 V 1977 4126 V 1974 4126 V 1971 4126 V 1968 4126 V 1965 4126 V 1962 4126 V 1958 4127 V 1955 4127 V 1952 4127 V 1949 4127 V 1946 4127 V 1943 4127 V 1940 4128 V 1937 4128 V 1934 4128 V 1930 4128 V 1927 4129 V 1924 4129 V 1921 4130 V 1918 4130 V 1915 4130 V 1912 4131 V 1909 4131 V 1905 4132 V 1902 4132 V 1899 4133 V 1896 4133 V 1893 4134 V 1890 4135 V 1887 4135 V 1884 4136 V 1881 4137 V 1877 4137 V 1874 4138 V 1871 4139 V 1868 4140 V 1865 4140 V 1862 4141 V 1859 4142 V 1856 4143 V 1853 4144 V 1849 4145 V 1846 4146 V 1843 4147 V 1840 4148 V 1837 4149 V 1834 4150 V 1831 4151 V 1828 4152 V 1825 4153 V 1823 4154 V 1821 4154 V 1820 4155 V 1818 4156 V 1817 4156 V 1815 4157 V 1814 4157 V 1812 4158 V 1810 4159 V 1809 4159 V 1807 4160 V 1806 4161 V 1804 4161 V 1803 4162 V 1801 4163 V 1800 4163 V 1798 4164 V 1796 4165 V 1795 4165 V 1793 4166 V 1792 4167 V 1790 4167 V 1789 4168 V 1787 4169 V 1786 4169 V 1784 4170 V 1782 4171 V 1781 4172 V 1779 4172 V 1778 4173 V 1776 4174 V 1775 4175 V 1773 4175 V 1772 4176 V 1770 4177 V 1768 4178 V 1767 4179 V 1765 4179 V 1764 4180 V 1762 4181 V 1761 4182 V 1759 4183 V 1758 4183 V 1756 4184 V 1754 4185 V 1753 4186 V 1751 4187 V 1750 4188 V 1748 4189 V 1747 4189 V 1745 4190 V 1744 4191 V 1742 4192 V 1740 4193 V 1739 4194 V 1737 4195 V 1736 4196 V 1734 4197 V 1733 4198 V 1731 4198 V 1730 4199 V 1728 4200 V 1726 4201 V 1725 4202 V 1723 4203 V 1722 4204 V 1720 4205 V 1719 4206 V 1717 4207 V 1715 4208 V 1714 4209 V 1712 4210 V 1711 4211 V 1709 4212 V 1708 4213 V 1706 4214 V 1705 4215 V 1703 4216 V 1701 4217 V 1700 4218 V 1698 4220 V 1697 4221 V 1695 4222 V 1694 4223 V 1692 4224 V 1691 4225 V 1689 4226 V 1687 4227 V 1686 4228 V 1684 4229 V 1683 4230 V 1681 4232 V 1680 4233 V 1678 4234 V 1677 4235 V 1675 4236 V 1673 4237 V 1672 4238 V 1670 4240 V 1669 4241 V 1667 4242 V 1666 4243 V 1664 4244 V 2043 4402 a Fr(n)2086 4379 y FE(0)2108 4402 y Fw([1])2051 4518 y Fj(y)p Fi(y)2051 4520 y Fg(s)2085 4499 y(s)2120 4478 y(s)2154 4457 y(s)2189 4436 y(s)2223 4415 y(s)2257 4394 y(s)2129 4571 y FM(:)p Fr(n)p Fw([2])2072 4612 y Fj(i)p Fi(i)p 2368 4406 V 2368 4409 V 2368 4412 V 2367 4415 V 2367 4418 V 2367 4421 V 2367 4424 V 2366 4427 V 2366 4430 V 2366 4433 V 2365 4436 V 2365 4439 V 2365 4442 V 2364 4444 V 2364 4447 V 2363 4450 V 2363 4453 V 2363 4456 V 2362 4458 V 2362 4461 V 2361 4464 V 2361 4466 V 2360 4469 V 2360 4472 V 2359 4474 V 2359 4477 V 2358 4479 V 2358 4482 V 2357 4485 V 2356 4487 V 2356 4490 V 2355 4492 V 2355 4494 V 2354 4497 V 2353 4499 V 2353 4502 V 2352 4504 V 2351 4506 V 2351 4509 V 2350 4511 V 2349 4513 V 2348 4516 V 2348 4518 V 2347 4520 V 2346 4522 V 2345 4524 V 2344 4527 V 2344 4529 V 2343 4531 V 2342 4533 V 2341 4535 V 2340 4537 V 2339 4539 V 2338 4541 V 2338 4543 V 2337 4545 V 2336 4547 V 2335 4549 V 2334 4551 V 2333 4553 V 2332 4555 V 2331 4556 V 2330 4558 V 2329 4560 V 2328 4562 V 2327 4564 V 2326 4565 V 2325 4567 V 2324 4569 V 2322 4570 V 2321 4572 V 2320 4574 V 2319 4575 V 2318 4577 V 2317 4579 V 2316 4580 V 2314 4582 V 2313 4583 V 2312 4585 V 2311 4586 V 2309 4588 V 2308 4589 V 2307 4591 V 2306 4592 V 2304 4593 V 2303 4595 V 2302 4596 V 2300 4597 V 2299 4599 V 2298 4600 V 2296 4601 V 2295 4602 V 2294 4604 V 2292 4605 V 2291 4606 V 2289 4607 V 2288 4608 V 2286 4609 V 2285 4610 V 2283 4611 V 2282 4612 V 2280 4614 V 2279 4615 V 2277 4615 V 2276 4616 V 2274 4617 V 2273 4618 V 2271 4619 V 2269 4620 V 2268 4621 V 2266 4622 V 2265 4623 V 2263 4623 V 2261 4624 V 2260 4625 V 2258 4626 V 2256 4626 V 2254 4627 V 2253 4628 V 2251 4628 V 2249 4629 V 2247 4630 V 2246 4630 V 2244 4631 V 2242 4631 V 2240 4632 V 2238 4632 V 2237 4633 V 2235 4633 V 2233 4634 V 2231 4634 V 2229 4635 V 2227 4635 V 2225 4635 V 2223 4636 V 2221 4636 V 2219 4636 V 2217 4637 V 2215 4637 V 2213 4637 V 2211 4637 V 2209 4638 V 2207 4638 V 2205 4638 V 2203 4638 V 2201 4638 V 2199 4638 V 2197 4638 V 2195 4638 V 2193 4638 V 2191 4638 V 2188 4638 V 2186 4638 V 2184 4638 V 2182 4638 V 2180 4638 V 2177 4638 V 2175 4638 V 2173 4638 V 2171 4638 V 2168 4637 V 2166 4637 V 2164 4637 V 2161 4637 V 2159 4636 V 2157 4636 V 2154 4636 V 2152 4636 V 2150 4635 V 2147 4635 V 2145 4634 V 2143 4634 V 2140 4634 V 2138 4633 V 2135 4633 V 2133 4632 V 2130 4632 V 2128 4631 V 2125 4630 V 2123 4630 V 2120 4629 V 2118 4629 V 2115 4628 V 2113 4627 V 2110 4627 V 2107 4626 V 2105 4625 V 2102 4624 V 2100 4624 V 2097 4623 V 2094 4622 V 2092 4621 V 2089 4620 V 2086 4620 V 2083 4619 V 2081 4618 V 2078 4617 V 2075 4616 V 2072 4615 V 2697 4341 a Fr(x)p Fw([3])2471 4324 y Fj(o)p Fi(o)p 2471 4326 200 4 v 1890 4566 a Fh(GFED)g(@ABC)1927 4580 y Fx(u)1979 4594 y Fw(3)p 2867 4673 4 694 v 1029 4676 1842 4 v 1291 4856 a FG(Figure)24 b(8:)1650 4856 y SDict begin H.S end 1650 4856 a 1650 4856 a SDict begin H.R end 1650 4856 a 1650 4856 a SDict begin [ /View [/XYZ H.V] /Dest (figure.8) cvn /DEST pdfmark end 1650 4856 a FG(Pro)o(ving)g Fx(P)2017 4882 y Fl(NoExit)2271 4856 y Fu([)p Fx(r)2337 4870 y Fr(x;n)2443 4856 y Fx(;)15 b(n)2538 4823 y FM(0)2561 4856 y Fu(])p FG(.)316 5108 y FN(GoOut.)29 b FG(The)23 b(premise)i Fx(P)1169 5134 y Fl(GoOut)1418 5108 y Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])23 b FG(states)i(that)f(all)g Fx(f)33 b FG(edges)25 b(going)g(out)f(of)g(color)h(class)f Fx(A)p FG(,)f(go)h(to)150 5216 y Fx(B)5 b FG(.)41 b(When)28 b Fx(A)g FG(and)g Fx(B)k FG(are)c(unary)i(predicates)g(that)f(appear)h(in)e(the)g(program,)i (again)f(the)f(premise)h(sometimes)150 5324 y(holds)j(as)e(a)g(direct)h (result)h(of)e(the)h(loop)g(in)l(v)n(ariant.)51 b(An)30 b(interesting)j(special)f(case)f(is)f(when)h Fx(B)j FG(is)c(de\002ned)h (as)p eop end end %%Page: 19 19 TeXDict begin HPSdict begin 19 18 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.19) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(19)150 448 y Fy(9)p Fx(w)17 b(:)e(A)p Fu(\()p Fx(w)r Fu(\))30 b Fy(^)d Fx(f)10 b Fu(\()p Fx(w)r(;)15 b(v)s Fu(\))p FG(.)61 b(In)33 b(this)i(case)f(the)h (premise)g(is)e(immediate.)61 b(Note)34 b(that)g(in)g(this)h(case)f (the)g(conclu-)150 555 y(sion)29 b(is)f(pro)o(v)n(able)i(also)g(from)e Fx(T)1191 569 y Fw(1)1230 555 y FG(.)43 b(Ho)n(we)n(v)o(er)l(,)29 b(from)g(e)o(xperience,)i(the)e(axiom)g(is)f(v)o(ery)h(useful)h(for)f (impro)o(ving)150 663 y(performance)d(\(2)e(orders)g(of)g(magnitude)h (when)f(pro)o(ving)h(the)f(ac)o(yclic)h(part)f(of)f(re)n(v)o(erse')-5 b(s)26 b(postcondition\).)316 771 y Fx(C)381 797 y Fl(GoOut)630 771 y Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])25 b FG(states)i(that)g(all)f(paths)h(out)f(of)g Fx(A)g FG(must)g(pass)h (through)h Fx(B)5 b FG(.)34 b(Thus,)27 b(under)g(the)f(premise)150 879 y Fx(P)208 905 y Fl(GoOut)457 879 y Fu([)p Fx(A;)15 b(B)5 b(;)15 b(f)10 b Fu(])p FG(,)23 b(if)g(we)f(kno)n(w)i(that)g (there)g(is)f(a)g(path)i(from)e Fx(A)g FG(to)g(some)n(where)h(outside)i (of)d Fx(A)p FG(,)g(we)f(kno)n(w)i(that)150 987 y(there)k(is)e(a)h (path)g(to)g(there)g(from)g Fx(B)5 b FG(.)37 b(In)27 b(case)g(all)g(nodes)h(in)f Fx(B)j FG(are)d(reachable)i(from)e(all)g (nodes)h(in)e Fx(A)p FG(,)h(together)150 1095 y(with)c(the)g(transiti)n (vity)i(of)e Fx(f)1023 1109 y Fw(tc)1107 1095 y FG(this)h(means)f(that) g(the)g(nodes)h(reachable)h(from)e Fx(B)j FG(are)d(e)o(xactly)h(the)f (nodes)h(outside)150 1203 y(of)f Fx(A)g FG(that)h(are)g(reachable)i (from)e Fx(A)p FG(.)316 1311 y(F)o(or)h(e)o(xample,)i Fx(C)886 1337 y Fl(GoOut)1135 1311 y Fu([)p Fx(y)1208 1278 y FM(0)1231 1311 y Fx(;)15 b(y)s(;)g(n)1414 1278 y FM(0)1437 1311 y Fu(])26 b FG(allo)n(ws)g(us)g(to)f(pro)o(v)o(e)i (that)f(only)h(the)f(original)i(list)e(pointed)i(to)e(by)f Fx(y)j FG(is)150 1419 y(reachable)e(from)d Fx(y)768 1386 y FM(0)814 1419 y FG(\(in)h(addition)i(to)d Fx(y)1400 1386 y FM(0)1446 1419 y FG(itself\).)316 1527 y FN(NewStart)q(.)k FG(The)c(premise)i Fx(P)1268 1553 y Fl(NewStart)1609 1527 y Fu([)p Fx(C)q(;)15 b(g)s(;)g(h)p Fu(])25 b FG(states)f(that)g (all)f Fx(g)k FG(edges)d(between)g(nodes)h(in)e Fx(C)29 b FG(are)24 b(also)150 1635 y Fx(h)d FG(edges.)30 b(This)21 b(can)h(mean)g(the)g(iteration)i(has)e(not)g(added)h(edges)f(or)g(has)g (not)g(remo)o(v)o(ed)g(edges)h(according)h(to)e(the)150 1743 y(selection)29 b(of)e Fx(h)f FG(and)h Fx(g)s FG(.)38 b(In)27 b(some)g(cases,)h(the)f(premise)h(holds)g(as)e(a)h(direct)h (result)g(of)e(the)h(de\002nition)i(of)d Fx(C)33 b FG(and)150 1851 y(the)24 b(loop)g(in)l(v)n(ariant.)316 1959 y Fx(C)381 1984 y Fl(NewStart)722 1959 y Fu([)p Fx(C)q(;)15 b(g)s(;)g(h)p Fu(])29 b FG(means)f(that)g(e)n(v)o(ery)f Fx(g)k FG(path)d(that)f(is)h (not)f(an)h Fx(h)e FG(path)j(must)e(pass)h(outside)h(of)e Fx(C)7 b FG(.)39 b(T)-7 b(o-)150 2066 y(gether)25 b(with)e Fx(C)649 2092 y Fl(NoExit)902 2066 y Fu([)p Fx(C)q(;)15 b(g)s Fu(])p FG(,)25 b(it)e(pro)o(v)o(es)i(there)f(are)g(no)f(ne)n(w)g (paths)i(within)f Fx(C)7 b FG(.)316 2174 y(F)o(or)22 b(e)o(xample,)h(in)f(re)n(v)o(erse)i(the)f FN(NewStart)f FG(scheme)h(can)g(be)g(used)g(as)g(follo)n(ws.)29 b(No)22 b(outgoing)j(edges)e(were)150 2282 y(added)h(to)g(nodes)g(reachable)i (from)d Fx(y)s FG(.)k(There)d(are)f(no)h Fx(n)d FG(or)j Fx(n)2097 2249 y FM(0)2142 2282 y FG(edges)g(from)f(nodes)i(reachable)g (from)f Fx(y)h FG(to)e(nodes)150 2390 y(not)29 b(reachable)i(from)d Fx(y)s FG(.)42 b(Thus,)29 b(no)g(paths)g(were)g(added)g(between)h (nodes)f(reachable)i(from)d Fx(y)s FG(.)43 b(Since)28 b(the)h(list)150 2498 y(pointed)c(to)f(by)g Fx(y)h FG(is)f(ac)o(yclic)h (before)g(the)e(loop)i(body)-6 b(,)24 b(we)f(can)h(pro)o(v)o(e)g(that)g (it)f(is)h(ac)o(yclic)h(at)e(the)h(end)g(of)g(the)f(loop)150 2606 y(body)-6 b(.)316 2714 y(W)f(e)24 b(can)g(see)h(that)g FN(NewStart)f FG(allo)n(ws)h(the)f(theorem)i(pro)o(v)o(er)f(to)f (reason)i(about)g(paths)f(within)g(a)f(color)l(,)i(and)150 2822 y(the)j(other)h(axioms)f(allo)n(w)g(the)g(theorem)h(pro)o(v)o(er)f (to)g(reason)h(about)g(paths)g(between)g(colors.)45 b(T)-7 b(ogether)l(,)32 b(gi)n(v)o(en)150 2930 y(enough)f(colors,)h(the)d (theorem)h(pro)o(v)o(er)g(can)g(often)g(pro)o(v)o(e)g(all)f(the)g(f)o (acts)h(that)g(it)f(needs)h(about)h(paths)f(and)f(thus)150 3038 y(pro)o(v)o(e)24 b(the)g(formula)g(of)g(interest.)150 3187 y SDict begin H.S end 150 3187 a 150 3187 a SDict begin 13 H.A end 150 3187 a 150 3187 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.3) cvn /DEST pdfmark end 150 3187 a 88 x FG(5.3.)46 b FN(The)33 b(Sear)n(ch)i(Space)f(of)g(P)n (ossible)h(Axioms.)46 b FG(T)-7 b(o)34 b(answer)h(the)g(question)i(of)d (when)h(we)f(should)i(use)f(a)150 3383 y(speci\002c)30 b(instance)h(of)d(a)h(coloring)h(axiom)g(when)f(attempting)h(to)f(pro)o (v)o(e)g(the)g(tar)n(get)i(formula,)f(we)e(\002rst)h(de\002ne)150 3491 y(the)20 b(search)h(space)g(in)f(which)g(we)f(are)h(looking)i(for) e(such)g(instances.)30 b(The)20 b(axioms)g(can)g(be)g(instantiated)j (with)d(the)150 3599 y(colors)29 b(de\002ned)g(by)f(an)f(arbitrary)j (unary)f(formula)g(\(one)g(free)f(v)n(ariable\))i(and)e(one)g(or)g(tw)o (o)f(binary)j(predicates.)150 3707 y(First,)g(we)e(limit)g(ourselv)o (es)j(to)e(binary)h(predicates)h(for)e(which)g Fu(TC)f FG(w)o(as)g(used)i(in)e(the)h(tar)n(get)h(formula.)46 b(No)n(w)-6 b(,)150 3815 y(since)28 b(it)f(is)g(infeasible)i(to)e (consider)i(all)f(arbitrary)h(unary)f(formulas,)h(we)d(start)i (limiting)g(the)f(set)h(of)f(colors)h(we)150 3923 y(consider)-5 b(.)316 4031 y(The)27 b(initial)i(set)f(of)g(colors)h(to)e(consider)j (are)e(unary)h(predicates)h(that)e(occur)h(in)e(the)h(formula)h(we)e(w) o(ant)g(to)150 4139 y(pro)o(v)o(e.)48 b(Interestingly)33 b(enough,)g(these)e(colors)g(are)f(enough)h(to)f(pro)o(v)o(e)g(that)g (the)g(postcondition)k(of)c(mark)g(and)150 4247 y(sweep)24 b(is)f(implied)i(by)e(the)h(loop)h(in)l(v)n(ariant,)g(because)h(the)e (only)g(axiom)g(we)f(need)h(is)f FN(NoExit)q Fu([)p Fx(mar)s(k)s(ed;)15 b(f)10 b Fu(])p FG(.)316 4355 y(An)22 b(immediate)h(e)o(xtension)h (that)f(is)f(v)o(ery)h(ef)n(fecti)n(v)o(e)g(is)f(forw)o(ard)i(and)e (backw)o(ard)i(reachability)i(from)c(unary)150 4462 y(predicates,)j(as) d(de\002ned)i(in)e(Eq.)g(\()1218 4463 y SDict begin H.S end 1218 4463 a -1 x FG(5.6)1331 4400 y SDict begin H.R end 1331 4400 a 1331 4462 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.1) cvn H.B /ANN pdfmark end 1331 4462 a FG(\))g(and)h(Eq.)f(\()1712 4463 y SDict begin H.S end 1712 4463 a -1 x FG(5.7)1826 4400 y SDict begin H.R end 1826 4400 a 1826 4462 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (equation.5.1) cvn H.B /ANN pdfmark end 1826 4462 a FG(\),)f(respecti)n(v)o(ely)-6 b(.)32 b(Instantiating)26 b(all)c(possible)j(axioms)e(from)150 4570 y(the)c(unary)i(predicates)g (appearing)h(in)d(the)g(formula)h(and)g(their)g(unary)g(forw)o(ard)g (reachability)j(predicates,)f(allo)n(ws)150 4678 y(us)h(to)g(pro)o(v)o (e)h(re)n(v)o(erse.)29 b(F)o(or)22 b(a)h(list)g(of)g(the)h(axioms)g (needed)g(to)f(pro)o(v)o(e)h(re)n(v)o(erse,)g(see)f(Fig.)2949 4680 y SDict begin H.S end 2949 4680 a -2 x FG(9)2995 4616 y SDict begin H.R end 2995 4616 a 2995 4678 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.9) cvn H.B /ANN pdfmark end 2995 4678 a FG(.)k(Other)d(e)o(xamples)g(are)150 4786 y(presented)29 b(in)e(Section)920 4787 y SDict begin H.S end 920 4787 a -1 x FG(5.6)1033 4724 y SDict begin H.R end 1033 4724 a 1033 4786 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.6) cvn H.B /ANN pdfmark end 1033 4786 a FG(.)38 b(Finally)-6 b(,)28 b(we)e(consider)j(Boolean)f (combinations)i(of)c(the)h(abo)o(v)o(e)g(colors.)40 b(Though)150 4894 y(not)22 b(used)h(in)f(the)h(e)o(xamples)g(sho)n(wn)g(in)f(this)g (paper)l(,)i(this)f(is)f(needed,)h(for)g(e)o(xample,)g(in)f(the)g (presence)i(of)e(sharing)150 5002 y(or)h(when)h(splicing)i(tw)o(o)d (lists)h(together)-5 b(.)316 5110 y(All)26 b(the)h(colors)h(abo)o(v)o (e)g(are)f(based)h(on)e(the)h(unary)h(predicates)i(that)d(appear)h(in)f (the)g(original)i(formula.)39 b(T)-7 b(o)150 5218 y(pro)o(v)o(e)28 b(the)h(re)n(v)o(erse)g(e)o(xample,)g(we)e(needed)j Fx(x)1633 5185 y FM(0)1683 5218 y FG(as)e(part)h(of)f(the)g(initial)h(colors.)43 b(T)-7 b(able)2948 5219 y SDict begin H.S end 2948 5219 a -1 x FG(5)2994 5156 y SDict begin H.R end 2994 5156 a 2994 5218 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (table.5) cvn H.B /ANN pdfmark end 2994 5218 a 27 w FG(gi)n(v)o(es)28 b(a)g(heuristic)i(for)150 5326 y(\002nding)25 b(the)f(initial)h(colors) g(we)e(need)h(in)g(cases)h(when)e(the)o(y)i(cannot)g(be)f(deduced)h (from)f(the)g(formula,)h(and)f(ho)n(w)150 5434 y(it)f(applies)j(to)d (re)n(v)o(erse.)p eop end end %%Page: 20 20 TeXDict begin HPSdict begin 20 19 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.20) cvn /DEST pdfmark end 150 82 a Fz(20)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)p 426 351 3048 4 v 424 459 4 108 v 469 427 a FN(NoExit)p Fu([)p Fx(r)807 442 y Fr(x)847 423 y FE(0)870 442 y Fr(;n)936 427 y Fx(;)f(n)1031 394 y FM(0)1055 427 y Fu(])41 b FN(GoOut)o Fu([)p Fx(x;)15 b(x)1557 394 y FM(0)1581 427 y Fx(;)g(n)p Fu(])41 b FN(NewStart)q Fu([)p Fx(r)2177 442 y Fr(x)2217 423 y FE(0)2239 442 y Fr(;n)2306 427 y Fx(;)d(n;)15 b(n)2519 394 y FM(0)2542 427 y Fu(])41 b FN(NewStart)q Fu([)p Fx(r)3043 442 y Fr(x)3083 423 y FE(0)3105 442 y Fr(;n)3172 427 y Fx(;)15 b(n)3267 394 y FM(0)3290 427 y Fx(;)g(n)p Fu(])p 3472 459 V 424 567 V 469 535 a FN(NoExit)p Fu([)p Fx(r)807 550 y Fr(x)847 531 y FE(0)870 550 y Fr(;n)933 531 y FE(0)959 535 y Fx(;)g(n)p Fu(])42 b FN(GoOut)o Fu([)p Fx(x;)15 b(y)s(;)g(n)1648 502 y FM(0)1672 535 y Fu(])45 b FN(NewStart)q Fu([)p Fx(r)2177 550 y Fr(x)2217 531 y FE(0)2239 550 y Fr(;n)2302 531 y FE(0)2328 535 y Fx(;)15 b(n;)g(n)2518 502 y FM(0)2542 535 y Fu(])41 b FN(NewStart)q Fu([)p Fx(r)3043 550 y Fr(x)3083 531 y FE(0)3105 550 y Fr(;n)3168 531 y FE(0)3194 535 y Fx(;)15 b(n)3289 502 y FM(0)3312 535 y Fx(;)g(n)p Fu(])p 3472 567 V 424 675 V 469 643 a FN(NoExit)p Fu([)p Fx(r)807 657 y Fr(y)r(;n)911 643 y Fx(;)g(n)1006 610 y FM(0)1030 643 y Fu(])687 b FN(NewStart)q Fu([)p Fx(r)2177 657 y Fr(y)r(;n)2281 643 y Fx(;)53 b(n;)15 b(n)2509 610 y FM(0)2532 643 y Fu(])51 b FN(NewStart)q Fu([)p Fx(r)3043 657 y Fr(y)r(;n)3147 643 y Fx(;)15 b(n)3242 610 y FM(0)3265 643 y Fx(;)g(n)p Fu(])p 3472 675 V 424 783 V 469 751 a FN(NoExit)p Fu([)p Fx(r)807 766 y Fr(y)r(;n)907 747 y FE(0)934 751 y Fx(;)g(n)p Fu(])688 b FN(NewStart)q Fu([)p Fx(r)2177 766 y Fr(y)r(;n)2277 747 y FE(0)2303 751 y Fx(;)15 b(n;)g(n)2493 718 y FM(0)2517 751 y Fu(])66 b FN(NewStart)q Fu([)p Fx(r)3043 766 y Fr(y)r(;n)3143 747 y FE(0)3169 751 y Fx(;)15 b(n)3264 718 y FM(0)3287 751 y Fx(;)g(n)p Fu(])p 3472 783 V 426 786 3048 4 v 721 940 a FG(Figure)25 b(9:)1080 940 y SDict begin H.S end 1080 940 a 1080 940 a SDict begin H.R end 1080 940 a 1080 940 a SDict begin [ /View [/XYZ H.V] /Dest (figure.9) cvn /DEST pdfmark end 1080 940 a FG(The)f(instances)i(of)d(coloring)j (axioms)e(used)g(in)g(pro)o(ving)h(re)n(v)o(erse.)p 450 1095 3183 4 v 448 1203 4 108 v 492 1171 a FN(Gr)n(oup)p 1140 1203 V 412 w(Criteria)p 3631 1203 V 450 1207 3183 4 v 448 1315 4 108 v 492 1282 a FG(Roots[f])p 1140 1315 V 367 w(All)e(changes)i(are)f(reachable)i(from)d(one)h(of)g(the)g (colors)h(using)f Fx(f)3214 1296 y Fw(tc)p 3631 1315 V 450 1318 3183 4 v 448 1426 4 108 v 492 1393 a FG(StartChange[f,g])p 1140 1426 V 63 w(All)f(edges)h(for)g(which)g Fx(f)32 b FG(and)24 b Fx(g)i FG(dif)n(fer)f(start)f(from)f(a)h(node)g(in)f (these)i(colors)p 3631 1426 V 450 1429 3183 4 v 448 1537 4 108 v 492 1505 a(EndChange[f,g])p 1140 1537 V 88 w(All)e(edges)h(for) g(which)g Fx(f)32 b FG(and)24 b Fx(g)i FG(dif)n(fer)f(end)f(at)f(a)g (node)i(in)e(these)i(colors)p 3631 1537 V 450 1540 3183 4 v 450 1616 a(\(a\))p 450 1760 1395 4 v 448 1868 4 108 v 492 1835 a FN(Gr)n(oup)p 1288 1868 V 627 w(Colors)p 1842 1868 V 450 1871 1395 4 v 448 1979 4 108 v 492 1946 a Fx(R)q(oots)p Fu([)p Fx(n)p Fu(])p 1288 1979 V 544 w Fx(x)p Fu(\()p Fx(v)s Fu(\))p FG(,)e Fx(y)s Fu(\()p Fx(v)s Fu(\))p 1842 1979 V 450 1982 1395 4 v 448 2090 4 108 v 492 2058 a Fx(R)q(oots)p Fu([)p Fx(n)806 2025 y FM(0)828 2058 y Fu(])p 1288 2090 V 522 w Fx(x)1427 2025 y FM(0)1450 2058 y Fu(\()p Fx(v)s Fu(\))p FG(,)g Fx(y)1661 2025 y FM(0)1685 2058 y Fu(\()p Fx(v)s Fu(\))p 1842 2090 V 450 2093 1395 4 v 448 2201 4 108 v 492 2169 a Fx(S)5 b(tar)s(tC)i(hang)s(e)p Fu([)p Fx(n;)15 b(n)1201 2136 y FM(0)1223 2169 y Fu(])p 1288 2201 V 127 w Fx(x)p Fu(\()p Fx(v)s Fu(\))p 1842 2201 V 450 2205 1395 4 v 448 2313 4 108 v 492 2280 a Fx(E)5 b(ndC)i(hang)s(e)p Fu([)p Fx(n;)15 b(n)1156 2247 y FM(0)1179 2280 y Fu(])p 1288 2313 V 171 w Fx(y)s Fu(\()p Fx(v)s Fu(\))p FG(,)23 b Fx(x)1638 2247 y FM(0)1661 2280 y Fu(\()p Fx(v)s Fu(\))p 1842 2313 V 450 2316 1395 4 v 450 2391 a FG(\(b\))194 2596 y(T)-7 b(able)23 b(5:)515 2596 y SDict begin H.S end 515 2596 a 515 2596 a SDict begin H.R end 515 2596 a 515 2596 a SDict begin [ /View [/XYZ H.V] /Dest (table.5) cvn /DEST pdfmark end 515 2596 a FG(\(a\))h(Heuristic)h(for)f (choosing)i(initial)f(colors.)30 b(\(b\))23 b(Results)i(of)e(applying)j (the)e(heuristic)i(on)d(re)n(v)o(erse.)316 2840 y(An)31 b(interesting)36 b(observ)n(ation)f(is)d(that)g(the)h(initial)g(colors) h(we)d(need)i(can,)h(in)e(man)o(y)g(cases,)j(be)d(deduced)150 2948 y(from)21 b(the)h(program)g(code.)29 b(As)20 b(in)h(the)h(pre)n (vious)h(section,)g(we)e(ha)n(v)o(e)h(a)e(good)j(w)o(ay)e(for)g (deducing)j(paths)e(between)150 3056 y(colors)31 b(and)f(within)g (colors)h(in)e(which)h(the)g(edges)h(ha)n(v)o(e)f(not)g(changed.)49 b(The)29 b(program)h(usually)i(manipulates)150 3164 y(\002elds)23 b(using)g(pointers,)i(and)e(can)g(tra)n(v)o(erse)h(an)f(edge)g(only)g (in)g(one)g(direction.)30 b(Thus,)23 b(the)g(unary)g(predicates)j(that) 150 3272 y(represent)d(the)e(program)h(v)n(ariables)h(\(including)g (the)e(temporary)i(v)n(ariables\))g(are)e(in)g(man)o(y)f(cases)i(what)e (we)g(need)150 3379 y(as)j(initial)i(colors.)150 3510 y SDict begin H.S end 150 3510 a 150 3510 a SDict begin 13 H.A end 150 3510 a 150 3510 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.4) cvn /DEST pdfmark end 150 3510 a 107 x FG(5.4.)46 b FN(Exploring)31 b(the)f(Sear)n(ch)i(Space.)45 b FG(When)31 b(trying)i(to)e(automate)h(the)g(process)g(of)f(choosing)j (colors,)g(the)150 3725 y(problem)f(is)e(that)h(the)g(set)f(of)h (possible)h(colors)g(to)f(choose)h(from)e(is)g(doubly-e)o(xponentia)q (l)37 b(in)31 b(the)h(number)g(of)150 3833 y(initial)c(colors;)h(gi)n (ving)f(all)f(the)f(axioms)i(directly)g(to)e(the)h(theorem)h(pro)o(v)o (er)f(is)f(infeasible.)40 b(In)26 b(this)h(section,)i(we)150 3941 y(de\002ne)21 b(a)e(heuristic)k(algorithm)f(for)e(e)o(xploring)i (a)e(limited)h(number)g(of)f(axioms)h(in)f(a)g(directed)i(w)o(ay)-6 b(.)28 b(Pseudocode)150 4049 y(for)c(this)g(algorithm)h(is)e(sho)n(wn)h (in)g(Fig.)1410 4050 y SDict begin H.S end 1410 4050 a -1 x FG(10)1501 3987 y SDict begin H.R end 1501 3987 a 1501 4049 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.10) cvn H.B /ANN pdfmark end 1501 4049 a FG(.)k(The)23 b(operator)j Fy(`)c FG(is)i(implemented)h(as)f(a)f(call)h(to)f(a)g(theorem)i(pro)o (v)o(er)-5 b(.)316 4157 y(Because)22 b(the)g(coloring)i(axioms)e(ha)n (v)o(e)g(the)f(form)h Fx(A)j Fy(\021)g Fx(P)2143 4171 y Fr(A)2226 4157 y Fy(!)g Fx(C)2407 4171 y Fr(A)2464 4157 y FG(,)20 b(the)i(theorem)g(pro)o(v)o(er)h(must)e(pro)o(v)o(e)h Fx(P)3693 4171 y Fr(A)150 4265 y FG(or)i(the)g(axiom)g(is)f(of)h(no)g (use.)29 b(Therefore,)c(the)f(pseudocode)j(w)o(orks)d(iterati)n(v)o (ely)-6 b(,)26 b(trying)f(to)f(pro)o(v)o(e)g Fx(P)3359 4279 y Fr(A)3439 4265 y FG(from)g(the)150 4372 y(current)h Fx( )f Fy(^)c Fu(\006)p FG(,)i(and)i(if)f(successful)j(it)e(adds)g Fx(C)1661 4386 y Fr(A)1741 4372 y FG(to)f Fu(\006)p FG(.)316 4480 y(The)k(algorithm)i(tries)f(colors)g(in)f(increasing)j(le)n(v)o (els)e(of)f(comple)o(xity)-6 b(.)41 b Fx(B)5 b(C)i Fu(\()p Fx(i;)15 b(C)7 b Fu(\))27 b FG(gi)n(v)o(es)g(all)h(the)f(Boolean)150 4588 y(combinations)38 b(of)d(the)g(predicates)j(in)d Fx(C)41 b FG(up)35 b(to)g(size)g Fx(i)p FG(.)63 b(After)35 b(each)h(iteration)h(we)d(try)i(to)f(pro)o(v)o(e)g(the)g(goal)150 4696 y(formula.)51 b(Sometimes)31 b(we)f(need)h(the)g(conclusion)j(of)d (one)g(axiom)g(to)f(pro)o(v)o(e)i(the)e(premise)i(of)f(another)-5 b(.)52 b(The)150 4804 y FN(NoExit)28 b FG(axioms)g(are)g(particularly)j (useful)e(for)f(pro)o(ving)h Fx(P)2071 4830 y Fl(NewStart)2412 4804 y FG(.)41 b(Therefore,)30 b(we)c(need)j(a)e(w)o(ay)h(to)f(order) 150 4912 y(instantiations)39 b(so)c(that)h(axioms)f(useful)i(for)e(pro) o(ving)h(the)g(premises)g(of)f(other)h(axioms)g(are)f(acquired)i (\002rst.)150 5020 y(The)26 b(ordering)j(we)d(chose)j(is)d(based)i(on)f (phases:)38 b(First,)27 b(try)g(to)g(instantiate)i(axioms)f(from)f(the) g(axiom)g(scheme)150 5128 y FN(GoOut)p FG(.)g(Second,)c(try)f(to)g (instantiate)i(axioms)f(from)f(the)g(axiom)g(scheme)h FN(NoExit)p FG(.)28 b(Finally)-6 b(,)23 b(try)f(to)f(instantiate)150 5236 y(axioms)28 b(from)f(the)h(axiom)g(scheme)g FN(NewStart)p FG(.)40 b(F)o(or)26 b FN(NewStart)q Fu([)p Fx(c;)15 b(f)5 b(;)15 b(g)s Fu(])28 b FG(to)f(be)g(useful,)i(we)e(need)h(to)f(be)h (able)p eop end end %%Page: 21 21 TeXDict begin HPSdict begin 21 20 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.21) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(21)p 1028 351 1845 4 v 1028 2993 4 2642 v 1077 446 a Ff(explore\()p Fe(I)7 b(nit)p Ff(,)48 b Fe(\037)p Ff(\))h Fd(f)1226 546 y Ff(Let)h Fe(\037)23 b Fc(=)f Fe( )k Fd(!)e Fe(')1226 645 y Fc(\006)f(:=)g Fd(f)p Fl(T)-6 b(rans)p Fc([)p Fe(f)9 b Fc(])p Fe(;)14 b Fl(Order)o Fc([)p Fe(f)9 b Fc(])14 b Fd(j)g Fe(f)31 b Fd(2)23 b Fe(F)12 b Fd(g)1226 745 y Fc(\006)23 b(:=)g(\006)c Fd([)f(f)p Fe(T)1663 757 y Fb(1)1700 745 y Fc([)p Fe(f)9 b Fc(])p Fe(;)14 b(T)1882 757 y Fb(2)1918 745 y Fc([)p Fe(f)9 b Fc(])14 b Fd(j)g Fe(f)31 b Fd(2)23 b Fe(F)12 b Fd(g)1226 844 y Fe(C)30 b Fc(:=)22 b Fd(f)p Fe(r)1504 856 y Fp(c;f)1597 844 y Fc(\()p Fe(v)s Fc(\))14 b Fd(j)g Fe(c)23 b Fd(2)h Fe(I)7 b(nit;)14 b(f)31 b Fd(2)23 b Fe(F)12 b Fd(g)1226 944 y Fe(C)30 b Fc(:=)22 b Fe(C)j Fd([)19 b Fe(I)7 b(nit)1226 1044 y(i)23 b Fc(:=)g(1)1226 1143 y Ff(forever)49 b Fd(f)1376 1243 y Fe(C)1441 1213 y Fo(0)1487 1243 y Fc(:=)23 b Fe(B)t(C)6 b Fc(\()p Fe(i;)14 b(C)6 b Fc(\))1376 1343 y Ff(//)49 b(Phase)g(1)1376 1442 y(foreach)f Fe(f)32 b Fd(2)23 b Fe(F)r(;)14 b(c)2053 1454 y Fp(s)2112 1442 y Fd(6)p Fc(=)23 b Fe(c)2236 1454 y Fp(e)2295 1442 y Fd(2)g Fe(C)2438 1412 y Fo(0)1475 1542 y Ff(if)50 b Fc(\006)18 b Fd(^)h Fe( )26 b Fd(`)d Fe(P)1984 1570 y Fl(GoOut)2233 1542 y Fc([)p Fe(c)2292 1554 y Fp(s)2327 1542 y Fe(;)14 b(c)2400 1554 y Fp(e)2436 1542 y Fe(;)g(f)9 b Fc(])1575 1642 y(\006)23 b(:=)g(\006)18 b Fd([)h(f)p Fe(C)2022 1670 y Fl(GoOut)2271 1642 y Fc([)p Fe(c)2330 1654 y Fp(s)2365 1642 y Fe(;)14 b(c)2438 1654 y Fp(e)2473 1642 y Fe(;)g(f)9 b Fc(])p Fd(g)1376 1742 y Ff(//)49 b(Phase)g(2)1376 1841 y(foreach)f Fe(f)32 b Fd(2)23 b Fe(F)r(;)14 b(c)24 b Fd(2)f Fe(C)2220 1811 y Fo(0)1475 1941 y Ff(if)50 b Fc(\006)18 b Fd(^)h Fe( )26 b Fd(`)d Fe(P)1984 1969 y Fl(NoExit)2238 1941 y Fc([)p Fe(c;)14 b(f)9 b Fc(])1575 2041 y(\006)23 b(:=)g(\006)18 b Fd([)h(f)p Fe(C)2022 2069 y Fl(NoExit)2275 2041 y Fc([)p Fe(c;)14 b(f)9 b Fc(])p Fd(g)1376 2141 y Ff(//)49 b(Phase)g(3)1376 2240 y(foreach)f Fe(C)1833 2269 y Fl(NoExit)2087 2240 y Fc([)p Fe(c;)14 b(f)9 b Fc(])23 b Fd(2)g Fc(\006)p Fe(;)14 b(g)25 b Fd(6)p Fc(=)e Fe(f)32 b Fd(2)23 b Fe(F)1475 2340 y Ff(if)50 b Fc(\006)18 b Fd(^)h Fe( )26 b Fd(`)d Fe(P)1984 2369 y Fl(NewStart)2325 2340 y Fc([)p Fe(c;)14 b(f)t(;)g(g)s Fc(])1575 2440 y(\006)23 b(:=)g(\006)18 b Fd([)h(f)p Fe(C)2022 2469 y Fl(NewStart)2363 2440 y Fc([)p Fe(c;)14 b(f)t(;)g(g)s Fc(])p Fd(g)1376 2540 y Ff(if)49 b Fc(\006)19 b Fd(^)g Fe( )26 b Fd(`)c Fe(')1525 2639 y Ff(return)49 b(SUCCESS)1376 2739 y Fe(i)23 b Fc(:=)f Fe(i)c Fc(+)g(1)1226 2839 y Fd(g)1077 2938 y(g)p 2869 2993 V 1028 2996 1845 4 v 150 3150 a FG(Figure)24 b(10:)568 3150 y SDict begin H.S end 568 3150 a 568 3150 a SDict begin H.R end 568 3150 a 568 3150 a SDict begin [ /View [/XYZ H.V] /Dest (figure.10) cvn /DEST pdfmark end 568 3150 a FG(An)30 b(iterati)n(v)o(e)i(algorithm)h(for)e(instantiating)j (the)d(axiom)h(schemes.)52 b(Each)30 b(iteration)j(consists)g(of)568 3258 y(three)24 b(phases)h(that)f(augment)h(the)f(axiom)g(set)g Fu(\006)150 3520 y FG(to)f(sho)n(w)h(that)g(there)g(are)g(either)h(no)e (incoming)j Fx(f)10 b FG(-paths)24 b(or)f(no)h(outgoing)i Fx(f)10 b FG(-paths)24 b(from)f Fx(c)p FG(.)29 b(Thus,)23 b(we)g(only)h(try)150 3628 y(to)f(instantiate)k(such)d(an)g(axiom)g (when)f(either)i Fx(P)1695 3654 y Fl(NoExit)1949 3628 y Fu([)p Fx(c;)15 b(f)10 b Fu(])23 b FG(or)g Fx(P)2312 3654 y Fl(NoExit)2566 3628 y Fu([)p Fy(:)p Fx(c;)15 b(f)10 b Fu(])23 b FG(has)h(been)g(pro)o(v)o(en.)150 3785 y SDict begin H.S end 150 3785 a 150 3785 a SDict begin 13 H.A end 150 3785 a 150 3785 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.5) cvn /DEST pdfmark end 150 3785 a 81 x FG(5.5.)46 b FN(Implementation.)g FG(The)33 b(algorithm)i (presented)h(here)e(w)o(as)f(implemented)i(using)g(a)e Fm(Perl)d FG(script)35 b(and)150 3974 y(the)26 b(S)t FF(P)m(A)t(S)t(S)j FG(theorem)c(pro)o(v)o(er)g([)1157 3976 y SDict begin H.S end 1157 3976 a -2 x FG(WGR96)1460 3912 y SDict begin H.R end 1460 3912 a 1460 3974 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CADE:SPASS96) cvn H.B /ANN pdfmark end 1460 3974 a FG(])f(and)g(used)h(successfully)j(to)c(v)o (erify)h(the)f(e)o(xample)h(programs)g(of)f(Sec-)150 4082 y(tion)314 4083 y SDict begin H.S end 314 4083 a -1 x FG(5.1)428 4020 y SDict begin H.R end 428 4020 a 428 4082 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.1) cvn H.B /ANN pdfmark end 428 4082 a 23 w FG(and)g(Section)900 4083 y SDict begin H.S end 900 4083 a -1 x FG(5.6)1014 4020 y SDict begin H.R end 1014 4020 a 1014 4082 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.5.6) cvn H.B /ANN pdfmark end 1014 4082 a FG(.)316 4190 y(The)i(method)g(described)j(abo) o(v)o(e)d(can)h(be)f(optimized.)37 b(F)o(or)25 b(instance,)k(if)c Fx(C)2719 4204 y Fr(A)2801 4190 y FG(has)i(already)g(been)g(added)g(to) 150 4297 y(the)d(axioms,)h(we)e(do)h(not)h(try)f(to)g(pro)o(v)o(e)h Fx(P)1480 4311 y Fr(A)1560 4297 y FG(again.)31 b(These)25 b(details)g(are)f(important)i(in)e(practice,)i(b)n(ut)f(ha)n(v)o(e)f (been)150 4405 y(omitted)h(for)e(bre)n(vity)-6 b(.)316 4513 y(When)25 b(trying)h(to)f(pro)o(v)o(e)g(the)g(dif)n(ferent)i (premises,)h(S)t FF(P)m(A)t(S)t(S)i FG(may)24 b(f)o(ail)h(to)g (terminate)i(if)d(the)h(formula)h(that)f(it)150 4621 y(is)f(trying)h(to)g(pro)o(v)o(e)f(is)g(in)l(v)n(alid.)32 b(Thus,)24 b(we)g(limit)g(the)g(time)g(that)j(S)t FF(P)m(A)t(S)t(S)h FG(can)d(spend)g(pro)o(ving)h(each)f(formula.)31 b(It)150 4729 y(is)23 b(possible)j(that)e(we)f(will)g(f)o(ail)h(to)g(acquire)h (useful)g(axioms)f(this)g(w)o(ay)-6 b(.)150 4878 y SDict begin H.S end 150 4878 a 150 4878 a SDict begin 13 H.A end 150 4878 a 150 4878 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.5.6) cvn /DEST pdfmark end 150 4878 a 89 x FG(5.6.)46 b FN(Further)27 b(Examples.)46 b FG(This)28 b(section)i(sho)n(ws)f(the)g(code)g(\(Fig.)2380 4967 y SDict begin H.S end 2380 4967 a FG(11)2471 4905 y SDict begin H.R end 2471 4905 a 2471 4967 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.11) cvn H.B /ANN pdfmark end 2471 4967 a FG(\))f(and)h(the)f(complete)i(speci\002cation)h(of)150 5075 y(tw)o(o)i(additional)k(e)o(xamples:)51 b(appending)36 b(tw)o(o)d(link)o(ed)j(lists,)g(and)e(the)g(mark)g(phase)h(of)f(a)f (simple)h(mark)g(and)150 5183 y(sweep)24 b(garbage)h(collector)-5 b(.)p eop end end %%Page: 22 22 TeXDict begin HPSdict begin 22 21 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.22) cvn /DEST pdfmark end 150 82 a Fz(22)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)p 708 370 2484 4 v 706 1558 4 1189 v 833 479 a Fm(Node)53 b(append\(Node)c(x,)54 b(Node)f(y\))g Fy(f)942 587 y Fm([0])g(Node)g(last)g(=)h(x;)942 695 y([1])f(if)h(\(last)e(==)i(null\))942 803 y([2])217 b(return)52 b(y;)942 911 y([3])h(while)g(\(last.next)d(!=)j(null\))f Fy(f)942 1019 y Fm([4])217 b(last)53 b(=)h(last.next;)942 1126 y([5])f Fy(g)942 1234 y Fm([6])g(last.next)e(=)j(y;)942 1342 y([7])f(return)f(x;)833 1450 y Fy(g)p 3190 1558 V 708 1561 2484 4 v 708 1637 a FG(\(a\))p 708 1673 V 706 3724 4 2052 v 750 1782 a Fm(void)h(mark\(NodeSet)c(root,)j(NodeSet) f(marked\))h Fy(f)859 1889 y Fm([0])h(Node)g(x;)859 1997 y([1])g(if\(!root.isEmpt)o(y\(\))o(\))p Fy(f)859 2105 y Fm([2])217 b(NodeSet)51 b(pending)h(=)i(new)f(NodeSet\(\);)859 2213 y([3])217 b(pending.addAll\()o(ro)o(ot)o(\);)859 2321 y([4])g(marked.clear\(\);)859 2429 y([5])g(while)52 b(\(!pending.isEmp)o(ty)o(\(\)\))c Fy(f)859 2537 y Fm([6])381 b(x)54 b(=)g(pending.select)o(An)o(dRe)o(mo)o(ve)o(\(\))o(;)859 2645 y([7])381 b(marked.add\(x\);)859 2753 y([8])g(if)53 b(\(x.car)f(!=)i(null)e(&&)859 2861 y([9])653 b(!marked.contain)o(s\(x) o(.c)o(ar)o(\)\))859 2969 y([10])489 b(pending.add\(x.c)o(ar)o(\);)859 3077 y([11])326 b(if)53 b(\(x.cdr)f(!=)i(null)e(&&)859 3185 y([12])598 b(!marked.contain)o(s\(x)o(.c)o(dr)o(\)\))859 3293 y([13])489 b(pending.add\(x.c)o(dr)o(\);)1241 3400 y Fy(g)1077 3508 y(g)859 3616 y(g)p 3190 3724 V 708 3728 2484 4 v 708 3803 a FG(\(b\))150 4008 y(Figure)24 b(11:)568 4008 y SDict begin H.S end 568 4008 a 568 4008 a SDict begin H.R end 568 4008 a 568 4008 a SDict begin [ /View [/XYZ H.V] /Dest (figure.11) cvn /DEST pdfmark end 568 4008 a FG(A)29 b(simple)j(Ja)n(v)n(a-lik)o(e)h(implementation)h(of)d (\(a\))f(the)i(concatenation)j(procedure)e(for)e(tw)o(o)f(singly-)568 4116 y(link)o(ed)25 b(lists;)f(\(b\))g(the)g(mark)f(phase)i(of)f(a)f (mark-and-sweep)j(garbage)f(collector)-5 b(.)150 4279 y SDict begin H.S end 150 4279 a 150 4279 a SDict begin 13 H.A end 150 4279 a 150 4279 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.5.6.1) cvn /DEST pdfmark end 150 4279 a 99 x FG(5.6.1.)46 b Fv(Speci\002cation)25 b(of)c(append.)48 b FG(The)21 b(speci\002cation)j(of)d(append)i(\(see)f(Fig.)2669 4378 y SDict begin H.S end 2669 4378 a FG(11)2760 4316 y SDict begin H.R end 2760 4316 a 2760 4378 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.11) cvn H.B /ANN pdfmark end 2760 4378 a FG(\(a\)\))g(is)f(gi)n(v)o(en)h(in)f(Fig.)3468 4378 y SDict begin H.S end 3468 4378 a FG(12)3558 4316 y SDict begin H.R end 3558 4316 a 3558 4378 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.12) cvn H.B /ANN pdfmark end 3558 4378 a FG(.)28 b(The)150 4486 y(speci\002cation)h(includes) g(procedure')-5 b(s)30 b(pre-condition,)h(a)26 b(transformer)j(of)e (the)f(procedure')-5 b(s)30 b(body)e(ef)n(fect,)g(and)150 4594 y(the)34 b(procedure')-5 b(s)38 b(post-condition.)64 b(The)34 b(pre-condition)k(\(Fig.)2265 4594 y SDict begin H.S end 2265 4594 a FG(12)2356 4532 y SDict begin H.R end 2356 4532 a 2356 4594 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.12) cvn H.B /ANN pdfmark end 2356 4594 a FG(\(a\)\))c(states)h(that)g(the)f(lists)h(pointed)h(to)e(by)150 4702 y Fx(x)29 b FG(and)i Fx(y)h FG(are)f(ac)o(yclic,)i(unshared)g(and) d(disjoint.)51 b(It)30 b(also)h(states)h(there)f(is)f(no)g(garbage.)51 b(The)30 b(post)h(condition)150 4810 y(\(Fig.)349 4810 y SDict begin H.S end 349 4810 a FG(12)439 4748 y SDict begin H.R end 439 4748 a 439 4810 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.12) cvn H.B /ANN pdfmark end 439 4810 a FG(\(b\)\))26 b(states)g(that)g(after)g(the)f(procedure')-5 b(s)28 b(e)o(x)o(ecution,)g(the)d(list)g(pointed)i(to)e(by)h Fx(x)2990 4777 y FM(0)3037 4810 y FG(is)f(e)o(xactly)i(the)e(union)150 4918 y(of)20 b(the)g(lists)h(pointed)h(to)e(by)g Fx(x)g FG(and)g Fx(y)s FG(.)27 b(Also,)20 b(the)h(list)f(is)g(still)h(ac)o (yclic)g(and)g(unshared.)30 b(The)19 b(transformer)k(is)d(gi)n(v)o(en) 150 5026 y(in)28 b(Fig.)420 5026 y SDict begin H.S end 420 5026 a FG(12)511 4964 y SDict begin H.R end 511 4964 a 511 5026 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.12) cvn H.B /ANN pdfmark end 511 5026 a FG(\(c\).)43 b(The)28 b(result)i(of)e(the)h(loop)g(in)f(the)h(procedure')-5 b(s)32 b(body)d(is)f(summarized)i(as)f(a)f(formula)h(de\002ning)150 5134 y(the)24 b Fx(l)r(ast)e FG(v)n(ariable.)30 b(The)23 b(only)i(change)g(to)e Fx(n)g FG(is)g(the)h(addition)i(of)d(an)h(edge)g (between)h Fx(l)r(ast)d FG(and)i Fx(y)s FG(.)316 5242 y(The)f(coloring)j(axioms)e(needed)h(to)f(pro)o(v)o(e)g(append)h(are)f (gi)n(v)o(en)g(in)f(Fig.)2592 5243 y SDict begin H.S end 2592 5243 a -1 x FG(13)2683 5180 y SDict begin H.R end 2683 5180 a 2683 5242 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.13) cvn H.B /ANN pdfmark end 2683 5242 a FG(.)p eop end end %%Page: 23 23 TeXDict begin HPSdict begin 23 22 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.23) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(23)p 404 370 3093 4 v 402 921 4 552 v 448 668 a FG(\(a\))960 516 y SDict begin H.S end 960 516 a 960 516 a SDict begin 13 H.A end 960 516 a 960 516 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.16) cvn /DEST pdfmark end 960 516 a Fx(pr)s(e)1174 465 y Fk(def)1176 516 y Fu(=)85 b Fx(acy)s(cl)r(ic)p Fu([)p Fx(n)p Fu(])21 b Fy(^)f Fx(unshar)s(ed)p Fu([)p Fx(n)p Fu(])g Fy(^)1332 651 y Fx(uniq)s(ue)p Fu([)p Fx(x)p Fu(])g Fy(^)g Fx(uniq)s(ue)p Fu([)p Fx(y)s Fu(])h Fy(^)f Fx(f)10 b(unc)p Fu([)p Fx(n)p Fu(])19 b Fy(^)1332 786 y Fu(\()p Fy(8)p Fx(v)s(:)p Fy(:)p Fx(r)1592 800 y Fr(x;n)1698 786 y Fu(\()p Fx(v)s Fu(\))i Fy(_)f(:)p Fx(r)2019 800 y Fr(y)r(;n)2123 786 y Fu(\()p Fx(v)s Fu(\)\))h Fy(^)f(8)p Fx(v)s(:r)2541 800 y Fr(x;n)2647 786 y Fu(\()p Fx(v)s Fu(\))i Fy(_)d Fx(r)2907 800 y Fr(y)r(;n)3011 786 y Fu(\()p Fx(v)s Fu(\))107 b FG(\(5.16\))p 3494 921 4 552 v 404 925 3093 4 v 402 1622 4 698 v 445 1296 a(\(b\))879 1079 y SDict begin H.S end 879 1079 a 879 1079 a SDict begin 13 H.A end 879 1079 a 879 1079 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.17) cvn /DEST pdfmark end 879 1079 a Fx(post)1128 1028 y Fk(def)1129 1079 y Fu(=)85 b Fx(acy)s(cl)r(ic)p Fu([)p Fx(n)1638 1042 y FM(0)1662 1079 y Fu(])21 b Fy(^)e Fx(unshar)s(ed)p Fu([)p Fx(n)2251 1042 y FM(0)2274 1079 y Fu(])i Fy(^)1285 1214 y Fx(uniq)s(ue)p Fu([)p Fx(x)1638 1177 y FM(0)1661 1214 y Fu(])g Fy(^)f Fx(uniq)s(ue)p Fu([)p Fx(l)r(ast)p Fu(])g Fy(^)g Fx(f)10 b(unc)p Fu([)p Fx(n)2649 1177 y FM(0)2671 1214 y Fu(])21 b Fy(^)1285 1349 y Fu(\()p Fy(8)p Fx(v)d(:)d(r)1514 1364 y Fr(x)1554 1345 y FE(0)1577 1364 y Fr(;n)1640 1345 y FE(0)1666 1349 y Fu(\()p Fx(v)s Fu(\))51 b Fy($)g Fu(\()p Fx(r)2052 1363 y Fr(x;n)2158 1349 y Fu(\()p Fx(v)s Fu(\))21 b Fy(_)f Fx(r)2418 1363 y Fr(y)r(;n)2522 1349 y Fu(\()p Fx(v)s Fu(\)\)\))i Fy(^)1285 1487 y(8)p Fx(v)1380 1501 y Fw(1)1419 1487 y Fx(;)15 b(v)1503 1501 y Fw(2)1558 1487 y Fx(:)g(n)1653 1449 y FM(0)1676 1487 y Fu(\()p Fx(v)1755 1501 y Fw(1)1795 1487 y Fx(;)g(v)1879 1501 y Fw(2)1919 1487 y Fu(\))25 b Fy($)h Fx(n)p Fu(\()p Fx(v)2230 1501 y Fw(1)2269 1487 y Fx(;)15 b(v)2353 1501 y Fw(2)2393 1487 y Fu(\))21 b Fy(_)e Fu(\()p Fx(l)r(ast)p Fu(\()p Fx(v)2796 1501 y Fw(1)2836 1487 y Fu(\))i Fy(^)e Fx(y)s Fu(\()p Fx(v)3099 1501 y Fw(2)3139 1487 y Fu(\)\))26 b FG(\(5.17\))p 3494 1622 4 698 v 404 1625 3093 4 v 402 2294 4 669 v 448 1982 a(\(c\))635 1720 y Fx(T)35 b FG(is)23 b(the)h(conjunction)j(of)d(the)f (follo)n(wing)i(formulas:)1346 1866 y SDict begin H.S end 1346 1866 a 1346 1866 a SDict begin 13 H.A end 1346 1866 a 1346 1866 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.18) cvn /DEST pdfmark end 1346 1866 a Fy(8)p Fx(v)s(:x)1521 1829 y FM(0)1544 1866 y Fu(\()p Fx(v)s Fu(\))101 b Fy($)e Fx(x)p Fu(\()p Fx(v)s Fu(\))1114 b FG(\(5.18\))1269 2001 y Fy(8)p Fx(v)s(:l)r(ast)p Fu(\()p Fx(v)s Fu(\))100 b Fy($)f Fx(r)1993 2015 y Fr(x;n)2099 2001 y Fu(\()p Fx(v)s Fu(\))21 b Fy(^)f(8)p Fx(u:)p Fy(:)p Fx(n)p Fu(\()p Fx(v)s(;)15 b(u)p Fu(\))464 b FG(\(5.19\))1746 2136 y Fy(9)p Fx(v)s(:)83 b(l)r(ast)p Fu(\()p Fx(v)s Fu(\))1013 b FG(\(5.20\))1023 2271 y Fy(8)p Fx(v)1118 2285 y Fw(1)1157 2271 y Fx(;)15 b(v)1241 2285 y Fw(2)1281 2271 y Fx(:n)1361 2233 y FM(0)1384 2271 y Fu(\()p Fx(v)1463 2285 y Fw(1)1503 2271 y Fx(;)g(v)1587 2285 y Fw(2)1627 2271 y Fu(\))100 b Fy($)f Fx(n)p Fu(\()p Fx(v)2086 2285 y Fw(1)2125 2271 y Fx(;)15 b(v)2209 2285 y Fw(2)2249 2271 y Fu(\))20 b Fy(_)g Fu(\()p Fx(l)r(ast)p Fu(\()p Fx(v)2652 2285 y Fw(1)2692 2271 y Fu(\))g Fy(^)g Fx(y)s Fu(\()p Fx(v)2955 2285 y Fw(2)2995 2271 y Fu(\)\))170 b FG(\(5.21\))p 3494 2294 4 669 v 404 2297 3093 4 v 150 2469 a(Figure)24 b(12:)568 2469 y SDict begin H.S end 568 2469 a 568 2469 a SDict begin H.R end 568 2469 a 568 2469 a SDict begin [ /View [/XYZ H.V] /Dest (figure.12) cvn /DEST pdfmark end 568 2469 a FG(Example)38 b(speci\002cation)j (of)c(append)j(procedure:)60 b(\(a\))38 b(precondition)k Fx(pr)s(e)p FG(,)e(\(b\))e(postcondition)568 2577 y Fx(post)p FG(,)21 b(\(c\))j(transformer)i Fx(T)35 b FG(\(ef)n(fect)25 b(of)e(the)h(procedure)i(body\).)p 1087 2719 1726 4 v 1085 2827 4 108 v 1129 2794 a FN(NoExit)q Fu([)p Fx(r)1468 2808 y Fr(y)r(;n)1572 2794 y Fx(;)15 b(n)1667 2761 y FM(0)1690 2794 y Fu(])277 b FN(GoOut)o Fu([)p Fx(l)r(ast;)15 b(y)s(;)g(n)2620 2761 y FM(0)2643 2794 y Fu(])p 2811 2827 V 1085 2934 V 1129 2902 a FN(NewStart)p Fu([)p Fx(r)1563 2916 y Fr(x;n)1670 2902 y Fx(;)g(n;)g(n)1860 2869 y FM(0)1883 2902 y Fu(])84 b FN(NewStart)p Fu([)p Fx(r)2426 2916 y Fr(x;n)2533 2902 y Fx(;)15 b(n)2628 2869 y FM(0)2651 2902 y Fx(;)g(n)p Fu(])p 2811 2934 V 1085 3042 V 1129 3010 a FN(NewStart)p Fu([)p Fx(r)1563 3024 y Fr(y)r(;n)1668 3010 y Fx(;)g(n;)g(n)1858 2977 y FM(0)1881 3010 y Fu(])86 b FN(NewStart)p Fu([)p Fx(r)2426 3024 y Fr(y)r(;n)2530 3010 y Fx(;)15 b(n)2625 2977 y FM(0)2648 3010 y Fx(;)g(n)p Fu(])p 2811 3042 V 1087 3046 1726 4 v 697 3199 a FG(Figure)24 b(13:)1101 3199 y SDict begin H.S end 1101 3199 a 1101 3199 a SDict begin H.R end 1101 3199 a 1101 3199 a SDict begin [ /View [/XYZ H.V] /Dest (figure.13) cvn /DEST pdfmark end 1101 3199 a FG(The)f(instances)j(of)e(coloring)i(axioms)e (used)g(in)g(pro)o(ving)h(append.)150 3343 y SDict begin H.S end 150 3343 a 150 3343 a SDict begin 13 H.A end 150 3343 a 150 3343 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.5.6.2) cvn /DEST pdfmark end 150 3343 a 100 x FG(5.6.2.)46 b Fv(Speci\002cation)29 b(of)c(the)h(mark)f(phase.)47 b FG(Another)26 b(e)o(xample)g(pro)o(v)o(en)g(is)f(the)h(mark)f(phase)i (of)e(a)f(mark-and-)150 3551 y(sweep)34 b(sequential)j(garbage)e (collector)l(,)k(sho)n(wn)c(in)e(Fig.)2055 3551 y SDict begin H.S end 2055 3551 a FG(11)2145 3489 y SDict begin H.R end 2145 3489 a 2145 3551 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.11) cvn H.B /ANN pdfmark end 2145 3551 a FG(\(b\).)61 b(The)33 b(e)o(xample)i(goes)g(be)o(yond)g(the)f (re)n(v)o(erse)150 3659 y(e)o(xample)g(in)f(that)g(it)g(manipulates)i (a)e(general)i(graph)f(and)f(not)h(just)f(a)g(link)o(ed)h(list.)58 b(Furthermore,)36 b(as)d(f)o(ar)g(as)150 3767 y(we)e(kno)n(w)-6 b(,)33 b(ESC/Ja)n(v)n(a)f([)947 3768 y SDict begin H.S end 947 3768 a -1 x FG(FLL)1110 3734 y Fw(+)1168 3767 y FG(02)1259 3694 y SDict begin H.R end 1259 3694 a 1259 3767 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.PLDI:FLLNSS02) cvn H.B /ANN pdfmark end 1259 3767 a FG(])f(w)o(as)g(not)h(able)h(pro) o(v)o(e)f(its)g(correctness)j(because)e(it)f(could)h(not)f(sho)n(w)g (that)150 3875 y(unreachable)22 b(elements)d(were)f(not)h(mark)o(ed.)28 b(Note)18 b(that)h(the)g(axiom)f(needed)i(to)e(pro)o(v)o(e)h(this)g (property)h(is)f FN(NoExit)p FG(,)150 3982 y(which)24 b(we)f(ha)n(v)o(e)h(sho)n(wn)g(to)f(be)h(be)o(yond)h(the)e(po)n(wer)h (of)g(Nelson')-5 b(s)24 b(axiomatization.)316 4090 y(The)c(loop)h(in)l (v)n(ariant)h(of)f Fm(mark)c FG(is)j(gi)n(v)o(en)h(in)f(Fig.)1879 4090 y SDict begin H.S end 1879 4090 a FG(14)1969 4028 y SDict begin H.R end 1969 4028 a 1969 4090 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.14) cvn H.B /ANN pdfmark end 1969 4090 a FG(\(a\).)28 b(The)20 b(\002rst)g(disjunct)i(of)e (the)h(formula)g(holds)g(only)g(in)150 4198 y(the)h(\002rst)g (iteration,)i(when)e(only)g(the)g(nodes)h(in)f(root)h(are)f(pending)h (and)g(nothing)g(is)f(mark)o(ed.)29 b(The)22 b(second)h(holds)150 4306 y(from)i(the)g(second)i(iteration)g(on.)33 b(Here,)25 b(the)g(nodes)h(in)f(root)g(are)h(mark)o(ed)f(or)g(pending)i(\(the)o(y) f(start)g(as)e(pending,)150 4414 y(and)e(the)g(only)h(w)o(ay)e(to)h (stop)g(being)h(pending)h(is)e(to)f(become)i(mark)o(ed\).)29 b(No)21 b(node)i(is)f(both)g(mark)o(ed)h(and)f(pending)150 4522 y(\(because)31 b(the)f(procedure)i(checks)f(if)e(the)h(node)g(is)f (mark)o(ed)h(before)h(adding)g(it)e(to)g(pending\).)48 b(All)29 b(nodes)i(that)150 4630 y(are)22 b(mark)o(ed)h(or)e(pending)j (are)e(reachable)i(from)e(the)g(root)g(set)g(\(we)g(start)g(with)g (only)g(the)g(root)h(nodes)g(as)e(pending,)150 4738 y(and)29 b(after)g(that)g(only)h(nodes)f(that)g(are)g(neighbors)i(of)e(pending)h (nodes)g(became)f(pending;)34 b(furthermore,)d(only)150 4846 y(pending)25 b(nodes)f(may)e(become)h(mark)o(ed\).)30 b(There)23 b(are)f(no)h(edges)h(between)g(mark)o(ed)f(nodes)h(and)f (nodes)h(that)f(are)150 4954 y(neither)32 b(mark)o(ed)g(nor)f(pending)i (\(because)g(when)d(we)g(mark)h(a)f(node)i(we)e(add)h(all)g(its)f (neighbors)k(to)c(pending,)150 5062 y(unless)d(the)o(y)f(are)f(mark)o (ed)i(already\).)36 b(Our)25 b(method)h(succeeded)i(in)e(pro)o(ving)h (the)e(loop)h(in)l(v)n(ariant)i(in)e(Fig.)3558 5062 y SDict begin H.S end 3558 5062 a FG(14)3649 5000 y SDict begin H.R end 3649 5000 a 3649 5062 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.14) cvn H.B /ANN pdfmark end 3649 5062 a FG(\(a\))150 5170 y(using)f(only)f(the)g(positi)n(v)o(e)h (axioms.)316 5278 y(The)32 b(post-condition)37 b(of)c Fm(mark)c FG(is)k(gi)n(v)o(en)g(in)f(Fig.)2004 5278 y SDict begin H.S end 2004 5278 a FG(14)2095 5216 y SDict begin H.R end 2095 5216 a 2095 5278 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.14) cvn H.B /ANN pdfmark end 2095 5278 a FG(\(b\).)56 b(T)-7 b(o)31 b(pro)o(v)o(e)i(it,)i(we)c(had)i (to)g(use)g(the)g(f)o(act)g(that)150 5386 y(there)25 b(are)f(no)g(edges)h(between)f(mark)o(ed)h(and)f(unmark)o(ed)i(nodes)f (\(i.e,)f(there)g(are)g(no)g(pending)i(nodes)f(at)f(the)g(end)p eop end end %%Page: 24 24 TeXDict begin HPSdict begin 24 23 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.24) cvn /DEST pdfmark end 150 82 a Fz(24)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)p 434 370 3033 4 v 432 1483 4 1113 v 478 949 a FG(\(a\))1234 516 y SDict begin H.S end 1234 516 a 1234 516 a SDict begin 13 H.A end 1234 516 a 1234 516 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.22) cvn /DEST pdfmark end 1234 516 a Fu(\(\()p Fy(8)p Fx(v)j(:)c(r)s(oot)p Fu(\()p Fx(v)s Fu(\))84 b Fy($)f Fx(pending)s Fu(\()p Fx(v)s Fu(\)\))22 b Fy(^)650 b FG(\(5.22\))1552 651 y Fu(\()p Fy(8)p Fx(v)19 b(:)113 b Fy(:)98 b Fx(mar)s(k)s(ed)p Fu(\()p Fx(v)s Fu(\)\)\))709 b FG(\(5.23\))1839 786 y Fy(_)1234 921 y Fu(\(\()p Fy(8)p Fx(v)19 b(:)c(r)s(oot)p Fu(\()p Fx(v)s Fu(\))84 b Fy(!)f Fx(mar)s(k)s(ed)p Fu(\()p Fx(v)s Fu(\))21 b Fy(_)f Fx(pending)s Fu(\()p Fx(v)s Fu(\)\))i Fy(^)120 b FG(\(5.24\))1051 1055 y Fu(\()p Fy(8)p Fx(v)18 b(:)d Fy(:)p Fx(pending)s Fu(\()p Fx(v)s Fu(\))100 b Fy(_)e(:)p Fx(mar)s(k)s(ed)p Fu(\()p Fx(v)s Fu(\)\))21 b Fy(^)601 b FG(\(5.25\))1112 1190 y Fu(\()p Fy(8)p Fx(v)18 b(:)d(pending)s Fu(\()p Fx(v)s Fu(\))100 b Fy(_)e Fx(mar)s(k)s(ed)p Fu(\()p Fx(v)s Fu(\))26 b Fy(!)g Fx(r)2610 1205 y Fr(r)r(oot;f)2802 1190 y Fu(\()p Fx(v)s Fu(\)\))c Fy(^)168 b FG(\(5.26\))927 1325 y Fu(\()p Fy(8)p Fx(v)1057 1339 y Fw(1)1096 1325 y Fx(;)15 b(v)1180 1339 y Fw(2)1235 1325 y Fx(:)g(mar)s(k)s(ed)p Fu(\()p Fx(v)1665 1339 y Fw(1)1706 1325 y Fu(\))98 b Fy(^)g(:)p Fx(mar)s(k)s(ed)p Fu(\()p Fx(v)2449 1339 y Fw(2)2489 1325 y Fu(\))20 b Fy(^)g(:)p Fx(pending)s Fu(\()p Fx(v)3087 1339 y Fw(2)3127 1325 y Fu(\))1824 1460 y Fy(!)83 b(:)p Fx(f)10 b Fu(\()p Fx(v)2193 1474 y Fw(1)2232 1460 y Fx(;)15 b(v)2316 1474 y Fw(2)2356 1460 y Fu(\)\)\))744 b FG(\(5.27\))p 3464 1483 4 1113 v 434 1486 3033 4 v 432 1767 4 281 v 475 1649 a(\(b\))1424 1632 y SDict begin H.S end 1424 1632 a 1424 1632 a SDict begin 13 H.A end 1424 1632 a 1424 1632 a SDict begin [ /View [/XYZ H.V] /Dest (equation.5.28) cvn /DEST pdfmark end 1424 1632 a Fy(8)p Fx(v)18 b(:)d(mar)s(k)s(ed)p Fu(\()p Fx(v)s Fu(\))27 b Fy($)e Fx(r)2189 1647 y Fr(r)r(oot;f)2381 1632 y Fu(\()p Fx(v)s Fu(\))707 b FG(\(5.28\))p 3464 1767 4 281 v 434 1770 3033 4 v 150 1942 a(Figure)24 b(14:)568 1942 y SDict begin H.S end 568 1942 a 568 1942 a SDict begin H.R end 568 1942 a 568 1942 a SDict begin [ /View [/XYZ H.V] /Dest (figure.14) cvn /DEST pdfmark end 568 1942 a FG(Example)h(speci\002cation)i(of)d(mark)g(procedure:)34 b(\(a\))24 b(The)g(loop)h(in)l(v)n(ariant)i(of)d(mark,)h(\(b\))f(The)g (post-)568 2050 y(condition)i(of)d(mark.)150 2294 y(of)29 b(the)h(loop\).)47 b(Thus,)30 b(we)f(instantiate)j(the)e(axiom)f FN(NoExit)q Fu([)p Fx(mar)s(k)s(ed;)15 b(f)10 b Fu(])p FG(,)30 b(and)g(this)g(is)f(enough)i(to)e(pro)o(v)o(e)h(the)150 2402 y(post-condition.)150 2573 y SDict begin H.S end 150 2573 a 150 2573 a SDict begin 13 H.A end 150 2573 a 150 2573 a SDict begin [ /View [/XYZ H.V] /Dest (section.6) cvn /DEST pdfmark end 150 2573 a 1038 2661 a FG(6.)47 b(A)t FF(P)t(P)t(L)t(I)t(C)t(A)t(B)t(I)t(L)t(I)t(T)5 b(Y)33 b(O)t(F)27 b(T)t(H)t(E)i FG(C)t FF(O)t(L)t(O)t(R)t(I)t(N)t(G)f FG(A)t FF(X)t(I)t(O)t(M)t(S)316 2823 y FG(The)c(coloring)j(axioms)e (are)g(applicable)j(to)c(a)g(wide)h(v)n(ariety)h(of)e(v)o (eri\002cation)j(problems.)33 b(T)-7 b(o)24 b(demonstrate)150 2931 y(this,)31 b(we)e(describe)j(the)d(reasoning)j(done)f(by)e(the)h (TVLA)d(system)j(and)g(ho)n(w)f(it)h(can)g(be)f(simulated)i(using)g (the)150 3039 y(coloring)25 b(axioms.)k(TVLA)20 b(is)i(based)i(on)f (the)f(theory)i(of)f(abstract)h(interpretation)j([)2806 3041 y SDict begin H.S end 2806 3041 a -2 x FG(CC79)3018 2977 y SDict begin H.R end 3018 2977 a 3018 3039 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.kn:CC79) cvn H.B /ANN pdfmark end 3018 3039 a FG(])22 b(and)h(speci\002cally)i(on)150 3147 y(canonical)e(abstraction)h([)967 3148 y SDict begin H.S end 967 3148 a -1 x FG(SR)-5 b(W02)1251 3085 y SDict begin H.R end 1251 3085 a 1251 3147 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.TOPLAS:SRW02) cvn H.B /ANN pdfmark end 1251 3147 a FG(].)27 b(TVLA)18 b(has)k(been)f(successfully)k(used)c (to)g(analyze)i(a)d(lar)n(ge)i(v)o(erity)g(of)f(small)150 3255 y(b)n(ut)i(intricate)i(heap)f(manipulating)i(programs)e(\(see)g (e.g.,)e([)2042 3256 y SDict begin H.S end 2042 3256 a -1 x FG(LAS00)2305 3193 y SDict begin H.R end 2305 3193 a 2305 3255 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.SAS:LS00) cvn H.B /ANN pdfmark end 2305 3255 a FG(,)2349 3256 y SDict begin H.S end 2349 3256 a -1 x FG(BLARS07)2733 3193 y SDict begin H.R end 2733 3193 a 2733 3255 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CAV:BLRS07) cvn H.B /ANN pdfmark end 2733 3255 a FG(]\),)h(including)i(the)e(v)o (eri\002cation)150 3363 y(of)30 b(se)n(v)o(eral)i(algorithms)g(\(see)f (e.g.,)g([)1348 3364 y SDict begin H.S end 1348 3364 a -1 x FG(LARSW00)1758 3301 y SDict begin H.R end 1758 3301 a 1758 3363 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.ISSTA:LRSW00) cvn H.B /ANN pdfmark end 1758 3363 a FG(,)1810 3364 y SDict begin H.S end 1810 3364 a -1 x FG(LRS06)2067 3301 y SDict begin H.R end 2067 3301 a 2067 3363 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.SAS:LRS06) cvn H.B /ANN pdfmark end 2067 3363 a FG(]\).)49 b(Furthermore,)34 b(the)c(axioms)h(described)i(in)e(this)150 3471 y(paper)h(ha)n(v)o(e)f (been)g(used)g(to)f(inte)o(grate)35 b(S)t FF(P)m(A)t(S)t(S)g FG(as)30 b(the)h(reasoning)i(engine)f(behind)g(the)f(TVLA)d(system.)50 b(The)150 3579 y(inte)o(grated)22 b(system)e(is)f(used)h(to)f(perform)h (backw)o(ard)h(analysis)g(on)e(heap)i(manipulating)h(programs)f(as)e (described)150 3687 y(in)k([)273 3688 y SDict begin H.S end 273 3688 a -1 x FG(LASR07)597 3625 y SDict begin H.R end 597 3625 a 597 3687 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.POPL:LSR07) cvn H.B /ANN pdfmark end 597 3687 a FG(].)316 3795 y(In)31 b([)452 3796 y SDict begin H.S end 452 3796 a -1 x FG(SR)-5 b(W02)735 3733 y SDict begin H.R end 735 3733 a 735 3795 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.TOPLAS:SRW02) cvn H.B /ANN pdfmark end 735 3795 a FG(],)33 b(logical)g(structures)g(are)f(used)g(to)f(represent)j (the)d(concrete)i(stores)g(of)e(the)h(program,)i(and)150 3903 y(FO\(TC\))16 b(is)i(used)h(to)f(specify)i(the)f(concrete)h (transformers.)30 b(This)18 b(pro)o(vides)i(great)f(\003e)o(xibility)h (in)e(what)g(program-)150 4010 y(ming-language)k(constructs)g(the)d (method)h(can)f(handle.)28 b(F)o(or)18 b(the)h(purpose)i(of)e(this)g (section,)i(we)d(assume)i(that)f(the)150 4118 y(v)n(ocab)n(ulary)25 b(used)d(is)f(\002x)o(ed)g(and)h(al)o(w)o(ays)g(contains)i(equality)-6 b(.)30 b(Furthermore,)23 b(we)e(assume)h(that)g(the)g(transformer)150 4226 y(cannot)h(change)g(the)e(uni)n(v)o(erse)i(of)e(the)h(concrete)h (store.)29 b(Allocation)24 b(and)d(deallocation)k(can)d(be)f(easily)i (modeled)150 4334 y(by)i(using)i(a)d(designated)k(unary)f(predicate)g (that)f(holds)g(for)g(the)f(allocated)j(heap)e(cells.)34 b(Similarly)-6 b(,)26 b(we)e(assume)150 4442 y(that)34 b(the)g(uni)n(v)o(erse)h(of)f(the)f(concrete)j(store)f(is)e(non-empty) -6 b(.)61 b(Abstract)35 b(stores)g(are)e(represented)k(as)d(\002nite)f Fu(3)p FG(-)150 4550 y(v)n(alued)27 b(logical)h(structures.)40 b(W)-7 b(e)25 b(shall)i(e)o(xplain)h(the)e(meaning)i(of)e(a)f (structure)k Fx(S)h FG(by)d(describing)i(the)d(formula)151 4658 y Fq(b)-52 b Fx(\015)5 b Fu(\()p Fx(S)g Fu(\))24 b FG(to)f(which)h(it)f(corresponds.)316 4766 y(The)28 b(indi)n(viduals)j(of)d(a)g Fu(3)p FG(-v)n(alued)i(logical)g(structure) h(are)d(called)h(abstract)i(nodes.)44 b(W)-7 b(e)27 b(use)i(an)f (auxiliary)150 4874 y(unary)h(predicate)h(for)d(each)i(abstract)g(node) g(to)e(capture)j(the)d(concrete)j(nodes)f(that)f(are)g(mapped)g(to)g (it.)41 b(F)o(or)26 b(an)150 4982 y(abstract)33 b(structure)g(with)e (uni)n(v)o(erse)i Fy(f)p Fx(node)1571 4996 y Fw(1)1611 4982 y Fx(;)15 b(:)g(:)g(:)i(;)e(node)2001 4996 y Fr(n)2048 4982 y Fy(g)p FG(,)33 b(let)e Fy(f)p Fx(a)2363 4996 y Fw(1)2403 4982 y Fx(;)15 b(:)g(:)g(:)h(a)2612 4996 y Fr(n)2659 4982 y Fy(g)31 b FG(be)g(the)h(corresponding)j(unary)150 5090 y(predicates.)316 5198 y(F)o(or)26 b(each)i Fx(k)s FG(-ary)g(predicate)i Fx(p)c FG(in)h(the)g(v)n(ocab)n(ulary)-6 b(,)32 b(each)27 b Fx(k)s FG(-tuple)i Fy(h)p Fx(node)2698 5212 y Fw(1)2738 5198 y Fx(;)15 b(:)g(:)g(:)i(;)e(node)3128 5213 y Fr(k)3171 5198 y Fy(i)27 b FG(in)g(the)g(abstract)150 5307 y(structure)f(\(called)f(an)e(abstract)j(tuple\))f(can)f(ha)n(v)o (e)g(one)g(of)f(the)h(follo)n(wing)h(truth)g(v)n(alues)f Fy(f)p Fu(0)p Fx(;)15 b Fu(1)p Fx(;)3184 5272 y Fw(1)p 3184 5287 36 4 v 3184 5339 a(2)3230 5307 y Fy(g)23 b FG(as)g(follo)n(ws:)p eop end end %%Page: 25 25 TeXDict begin HPSdict begin 25 24 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.25) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(25)150 348 y SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (Item.40) cvn /DEST pdfmark end 150 348 a 100 x Fy(\017)42 b FG(The)18 b(truth)i(v)n(alue)g Fu(1)e FG(means)i(that)f(the)g (predicate)j Fx(p)17 b FG(uni)n(v)o(ersally)22 b(holds)e(for)f(all)g (of)g(the)g(concrete)i(tuples)f(mapped)237 555 y(to)j(this)i(abstract)g (tuple,)f(i.e.,)997 701 y SDict begin H.S end 997 701 a 997 701 a SDict begin 13 H.A end 997 701 a 997 701 a SDict begin [ /View [/XYZ H.V] /Dest (Item.41) cvn /DEST pdfmark end 997 701 a Fy(8)p Fx(v)1092 715 y Fw(1)1131 701 y Fx(;)15 b(:)g(:)g(:)h(;)f(v)1376 716 y Fr(k)1435 701 y Fx(:)g(a)1523 715 y Fw(1)1563 701 y Fu(\()p Fx(v)1642 715 y Fw(1)1681 701 y Fu(\))21 b Fy(^)f Fx(:)15 b(:)g(:)21 b Fy(^)f Fx(a)2073 716 y Fr(k)2116 701 y Fu(\()p Fx(v)2195 716 y Fr(k)2238 701 y Fu(\))25 b Fy(!)g Fx(p)p Fu(\()p Fx(v)2539 715 y Fw(1)2579 701 y Fx(;)15 b(:)g(:)g(:)i(;)e(v)2825 716 y Fr(k)2868 701 y Fu(\))673 b FG(\(6.1\))150 762 y SDict begin H.S end 150 762 a 150 762 a SDict begin 13 H.A end 150 762 a 150 762 a SDict begin [ /View [/XYZ H.V] /Dest (Item.42) cvn /DEST pdfmark end 150 762 a 85 x Fy(\017)42 b FG(The)32 b(truth)i(v)n(alue)f Fu(0)f FG(means)h(that)g(the)g(predicate)i Fx(p)d FG(uni)n(v)o(ersally)j(does) e(not)g(hold,)i(for)e(all)g(of)f(the)h(concrete)237 955 y(tuples)25 b(mapped)f(to)g(this)g(abstract)h(tuple,)g(i.e.,)967 1101 y SDict begin H.S end 967 1101 a 967 1101 a SDict begin 13 H.A end 967 1101 a 967 1101 a SDict begin [ /View [/XYZ H.V] /Dest (Item.43) cvn /DEST pdfmark end 967 1101 a Fy(8)p Fx(v)1062 1115 y Fw(1)1101 1101 y Fx(;)15 b(:)g(:)g(:)h(;)f(v)1346 1116 y Fr(k)1404 1101 y Fx(:)g(a)1492 1115 y Fw(1)1532 1101 y Fu(\()p Fx(v)1611 1115 y Fw(1)1651 1101 y Fu(\))21 b Fy(^)f Fx(:)15 b(:)g(:)21 b Fy(^)f Fx(a)2043 1116 y Fr(k)2085 1101 y Fu(\()p Fx(v)2164 1116 y Fr(k)2207 1101 y Fu(\))26 b Fy(!)f(:)p Fx(p)p Fu(\()p Fx(v)2570 1115 y Fw(1)2609 1101 y Fx(;)15 b(:)g(:)g(:)i(;)e(v)2855 1116 y Fr(k)2898 1101 y Fu(\))643 b FG(\(6.2\))150 1161 y SDict begin H.S end 150 1161 a 150 1161 a SDict begin 13 H.A end 150 1161 a 150 1161 a SDict begin [ /View [/XYZ H.V] /Dest (Item.44) cvn /DEST pdfmark end 150 1161 a 87 x Fy(\017)42 b FG(The)23 b(truth)g(v)n(alue)821 1212 y Fw(1)p 821 1227 36 4 v 821 1279 a(2)889 1248 y FG(means)g(that)h(we)e(ha)n(v)o(e)i(no)f(information)i(about)f(this)g (abstract)h(tuple,)f(and)f(thus)h(the)f(v)n(alue)237 1356 y(of)g(the)h(predicate)i Fx(p)d FG(is)g(not)h(restricted.)316 1483 y(W)-7 b(e)31 b(use)h(a)f(designated)k(set)c(of)h(unary)h (predicates)h(called)f Fv(abstr)o(action)i(pr)m(edicates)f FG(to)d(control)j(the)e(dis-)150 1591 y(tinctions)26 b(among)e(concrete)h(nodes)g(that)f(can)f(be)h(made)f(in)h(an)f (abstract)i(element,)f(which)g(also)g(places)h(a)e(bound)150 1699 y(on)31 b(the)g(size)g(of)g(abstract)i(elements.)52 b(F)o(or)29 b(each)j(abstract)h(node)e Fx(node)2456 1713 y Fr(i)2485 1699 y FG(,)g Fx(A)2607 1713 y Fr(i)2666 1699 y FG(denotes)h(the)f(set)g(of)g(abstraction)150 1806 y(predicates)h(for)e(which)g Fx(node)1121 1820 y Fr(i)1178 1806 y FG(has)f(the)h(truth)h(v)n(alue)f Fu(1)p FG(,)g(and)p 2149 1733 69 4 v 30 w Fx(A)2217 1820 y Fr(i)2274 1806 y FG(denotes)h(the)f(set)g(of)f(abstraction)j(predicates)150 1914 y(for)f(which)f Fx(node)725 1928 y Fr(i)783 1914 y FG(has)h(the)f(truth)i(v)n(alue)f Fu(0)p FG(.)48 b(Ev)o(ery)31 b(pair)g Fx(node)2221 1928 y Fr(i)2249 1914 y Fx(;)15 b(node)2477 1928 y Fr(j)2544 1914 y FG(of)30 b(dif)n(ferent)i(abstract) g(nodes)g(either)150 2030 y Fx(A)218 2044 y Fr(i)254 2030 y Fy(\\)p 323 1957 V 8 w Fx(A)390 2044 y Fr(j)452 2030 y Fy(6)p Fu(=)25 b Fy(;)20 b FG(or)p 708 1957 V 20 w Fx(A)776 2044 y Fr(i)812 2030 y Fy(\\)8 b Fx(A)949 2044 y Fr(j)1010 2030 y Fy(6)p Fu(=)25 b Fy(;)p FG(.)i(In)20 b(addition,)j(we)d(require)h(that)g(the)f(abstract)i(nodes)g(in)e(the)g (structure)j(represent)150 2137 y(all)j(the)f(concrete)j(nodes,)f (i.e.,)e Fy(8)p Fx(v)18 b(:)1322 2069 y Fq(W)1397 2164 y Fr(i)1441 2137 y Fx(a)1489 2151 y Fr(i)1517 2137 y Fu(\()p Fx(v)s Fu(\))p FG(.)35 b(Thus,)25 b(the)h(abstract)i(nodes)e (form)g(a)f(bounded)j(partition)f(of)f(the)150 2245 y(concrete)g (nodes.)k(Finally)-6 b(,)24 b(each)g(node)h(must)e(represent)j(at)d (least)i(one)f(concrete)h(node,)g(i.e.,)d Fy(9)p Fx(v)c(:)d(a)3327 2259 y Fr(i)3356 2245 y Fu(\()p Fx(v)s Fu(\))p FG(.)316 2353 y(The)36 b(v)n(ocab)n(ulary)41 b(may)36 b(contain)j(additional)h (predicates)g(called)e Fv(derived)g(pr)m(edicates)p FG(,)43 b(which)37 b(are)g(e)o(x-)150 2461 y(plicitly)e(de\002ned)f(from)f (other)h(predicates)i(using)e(a)f(formula)h(in)f(FO\(TC\).)e(These)i (deri)n(v)o(ed)i(predicates)g(help)150 2569 y(the)c(precision)j(of)d (the)h(analysis)h(by)e(recording)j(correlations)g(not)e(captured)h(by)f (the)f(uni)n(v)o(ersal)i(information.)150 2677 y(Some)22 b(of)i(the)f(unary)i(deri)n(v)o(ed)f(predicates)i(may)d(also)h(be)f (abstraction)j(predicates,)g(and)e(thus)g(can)f(induce)i(\002ner)n(-) 150 2785 y(granularity)i(abstract)e(nodes.)316 2893 y(W)-7 b(e)35 b(say)h(that)g Fx(S)853 2907 y Fw(1)940 2893 y Fy(v)47 b Fx(S)1114 2907 y Fw(2)1188 2893 y FG(if)36 b(there)g(is)g(a)f(total)h(mapping)h Fx(m)e FG(between)i(the)f (abstract)h(nodes)g(of)f Fx(S)3545 2907 y Fw(1)3619 2893 y FG(and)150 3001 y(the)28 b(abstract)i(nodes)f(of)f Fx(S)996 3015 y Fw(2)1063 3001 y FG(such)g(that)h Fx(S)1476 3015 y Fw(2)1542 3001 y FG(represents)i(all)d(of)g(the)g(concrete)i (stores)g(that)e Fx(S)3091 3015 y Fw(1)3157 3001 y FG(represents)j (when)150 3109 y(considering)36 b(each)d(abstract)h(node)g(of)e Fx(S)1490 3123 y Fw(2)1561 3109 y FG(as)g(a)g(union)i(of)e(the)h (abstract)h(nodes)g(of)e Fx(S)2950 3123 y Fw(1)3021 3109 y FG(mapped)h(to)g(it)f(by)g Fx(m)p FG(.)150 3217 y(F)o(ormally)-6 b(,)24 b Fq(b)-51 b Fx(\015)5 b Fu(\()p Fx(S)665 3231 y Fw(1)704 3217 y Fu(\))21 b Fy(^)f Fx( )900 3231 y Fr(m)992 3217 y Fy(!)26 b Fq(b)-52 b Fx(\015)5 b Fu(\()p Fx(S)1251 3231 y Fw(2)1290 3217 y Fu(\))23 b FG(where)1104 3381 y SDict begin H.S end 1104 3381 a 1104 3381 a SDict begin 13 H.A end 1104 3381 a 1104 3381 a SDict begin [ /View [/XYZ H.V] /Dest (equation.6.3) cvn /DEST pdfmark end 1104 3381 a Fx( )1163 3395 y Fr(m)1255 3381 y Fu(=)1670 3295 y Fq(^)1525 3516 y Fe(node)1697 3528 y Fp(i)1748 3516 y Fd(2)h Fe(S)1878 3528 y Fb(1)1393 3616 y Fe(m)p Fc(\()p Fe(node)1670 3628 y Fp(i)1698 3616 y Fc(\))f(=)f Fe(node)2012 3585 y Fo(0)2012 3637 y Fp(j)2104 3381 y Fy(8)p Fx(v)c(:)d(a)2305 3395 y Fr(i)2334 3381 y Fu(\()p Fx(v)s Fu(\))26 b Fy(!)f Fx(a)2641 3343 y FM(0)2641 3403 y Fr(j)2678 3381 y Fu(\()p Fx(v)s Fu(\))150 3766 y FG(The)i(order)i(is)f(e)o(xtended)i(to)e(sets)g (using)h(the)f(induced)i(Hoare)e(order)h(\(i.e.,)f(XS)2694 3780 y Fw(1)2766 3766 y Fy(v)33 b FG(XS)2986 3780 y Fw(2)3053 3766 y FG(if)28 b(for)g(each)g(element)150 3874 y Fx(S)206 3888 y Fw(1)270 3874 y Fy(2)d FG(XS)472 3888 y Fw(1)535 3874 y FG(there)f(e)o(xists)h(an)e(element)i Fx(S)1443 3888 y Fw(2)1507 3874 y Fy(2)g FG(XS)1709 3888 y Fw(2)1771 3874 y FG(such)g(that)f Fx(S)2176 3888 y Fw(1)2240 3874 y Fy(v)h Fx(S)2392 3888 y Fw(2)2431 3874 y FG(\).)316 3981 y(In)d(the)h(original)h(TVLA)c(implementation)25 b([)1736 3982 y SDict begin H.S end 1736 3982 a -1 x FG(LAS00)1999 3919 y SDict begin H.R end 1999 3919 a 1999 3981 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.SAS:LS00) cvn H.B /ANN pdfmark end 1999 3981 a FG(])c(the)i(abstract)h (transformer)g(is)e(computed)i(by)f(a)e(three)150 4089 y(step)j(process:)150 4128 y SDict begin H.S end 150 4128 a 150 4128 a SDict begin 13 H.A end 150 4128 a 150 4128 a SDict begin [ /View [/XYZ H.V] /Dest (Item.45) cvn /DEST pdfmark end 150 4128 a 88 x Fy(\017)42 b FG(First,)22 b(a)h(heuristic)h(is)f(used)g(to)g(perform)h(case)f(splits)h(by)e (re\002ning)i(the)f(partition)i(induced)f(by)f(the)g(abstraction)237 4324 y(predicates.)31 b(This)24 b(process)h(is)e(called)i Fv(F)-10 b(ocus)p FG(.)150 4344 y SDict begin H.S end 150 4344 a 150 4344 a SDict begin 13 H.A end 150 4344 a 150 4344 a SDict begin [ /View [/XYZ H.V] /Dest (Item.46) cvn /DEST pdfmark end 150 4344 a 88 x Fy(\017)42 b FG(Second,)21 b(the)f(formulas)h(comprising)h(the)e(concrete)i (transformer)g(are)e(used)h(to)e(conserv)n(ati)n(v)o(ely)24 b(approximate)237 4540 y(the)h(ef)n(fect)g(of)g(the)g(concrete)i (transformer)g(on)e(all)f(the)h(represented)j(memory)d(states.)34 b(Update)25 b(formulas)h(are)237 4648 y(either)f(handwritten)h(or)d (deri)n(v)o(ed)i(using)g(\002nite)e(dif)n(ferencing)k([)2238 4649 y SDict begin H.S end 2238 4649 a -1 x FG(RSL03)2496 4586 y SDict begin H.R end 2496 4586 a 2496 4648 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.finite-differencing) cvn H.B /ANN pdfmark end 2496 4648 a FG(].)150 4668 y SDict begin H.S end 150 4668 a 150 4668 a SDict begin 13 H.A end 150 4668 a 150 4668 a SDict begin [ /View [/XYZ H.V] /Dest (Item.47) cvn /DEST pdfmark end 150 4668 a 88 x Fy(\017)42 b FG(Third,)28 b(a)e(constraint)k(solv)o(er)e(called)g Fv(Coer)m(ce)f FG(is)g(used)h(to)e(impro)o(v)o(e)i(the)f(precision)i (of)e(the)g(abstract)i(element)237 4864 y(by)k(taking)i(adv)n(antage)g (of)e(the)g(inter)n(-dependencie)q(s)38 b(between)c(the)g(predicates)i (dictated)f(by)e(the)g(de\002ning)237 4972 y(formulas)25 b(of)e(the)h(deri)n(v)o(ed)h(predicates)h(and)e(constraints)j(of)c(the) h(programming)i(language)g(semantics.)316 5099 y(Most)19 b(of)g(the)h(logical)g(reasoning)i(performed)f(by)e(TVLA)e(is)h (\002rst)h(order)h(in)f(nature.)29 b(The)18 b(transiti)n(v)o(e-closure) 150 5206 y(reasoning)26 b(is)e(comprised)h(of)e(three)i(parts:)150 5245 y SDict begin H.S end 150 5245 a 150 5245 a SDict begin 13 H.A end 150 5245 a 150 5245 a SDict begin [ /View [/XYZ H.V] /Dest (Item.48) cvn /DEST pdfmark end 150 5245 a 88 x FG(\(1\))43 b(The)25 b(update)i(formulas)g(for)f(deri)n(v)o (ed)h(predicates)h(based)f(on)f(transiti)n(v)o(e)i(closure)f(use)f (\002rst-order)i(formulas)298 5441 y(to)23 b(update)i(the)f(transiti)n (v)o(e-closure)k(relation,)d(as)f(e)o(xplained)i(in)d(Section)2625 5442 y SDict begin H.S end 2625 5442 a -1 x FG(6.1)2739 5379 y SDict begin H.R end 2739 5379 a 2739 5441 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.6.1) cvn H.B /ANN pdfmark end 2739 5441 a FG(.)p eop end end %%Page: 26 26 TeXDict begin HPSdict begin 26 25 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.26) cvn /DEST pdfmark end 150 82 a Fz(26)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 348 y SDict begin H.S end 150 348 a 150 348 a SDict begin 13 H.A end 150 348 a 150 348 a SDict begin [ /View [/XYZ H.V] /Dest (Item.49) cvn /DEST pdfmark end 150 348 a 100 x FG(\(2\))43 b(The)30 b(Coerce)i(procedure)h(relates)f(the)g(de\002nition)g(of)f(the)g(edge)h (relation)h(with)e(its)g(transiti)n(v)o(e)h(closure)h(by)298 555 y(performing)25 b Fv(Kleene)f(e)o(valuation)j FG(\(see)d(belo)n (w\).)150 575 y SDict begin H.S end 150 575 a 150 575 a SDict begin 13 H.A end 150 575 a 150 575 a SDict begin [ /View [/XYZ H.V] /Dest (Item.50) cvn /DEST pdfmark end 150 575 a 88 x FG(\(3\))43 b(Handwritten)26 b(axioms)g(are)f(gi)n(v)o (en)h(to)f(Coerce)g(to)g(allo)n(w)g(additional)j(transiti)n(v)o (e-closure)i(reasoning.)36 b(The)o(y)298 771 y(are)23 b(usually)j(written)e(once)g(and)g(for)g(all)g(per)f(data-structure)28 b(analyzed)e(by)d(the)h(system.)316 898 y(T)-7 b(o)32 b(compare)j(the)e(transiti)n(v)o(e-closure)38 b(reasoning)e(of)e(TVLA)c (and)k(the)g(coloring)h(axioms)f(presented)i(in)150 1006 y(this)29 b(paper)l(,)j(we)c(concentrate)k(on)d(programs)h(that)g (manipulate)h(singly-link)o(ed)i(lists)d(and)f(trees,)i(although)g(the) 150 1114 y(basic)24 b(ar)n(gument)h(holds)g(for)e(other)h (data-structures)k(analyzed)d(by)f(TVLA)c(as)k(well.)k(The)23 b(handwritten)i(axioms)150 1222 y(used)31 b(by)f(TVLA)d(for)j(these)h (cases)g(are)f(all)g(co)o(v)o(ered)h(by)f(the)g(axioms)h(described)i (in)c(Section)3214 1223 y SDict begin H.S end 3214 1223 a -1 x FG(3.2)3328 1160 y SDict begin H.R end 3328 1160 a 3328 1222 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.3.2) cvn H.B /ANN pdfmark end 3328 1222 a FG(.)47 b(The)29 b(issue)150 1330 y(of)d(update)i(formulas)g(is)e(co)o(v)o(ered)i(in)e (detail)i(in)e(Section)1984 1331 y SDict begin H.S end 1984 1331 a -1 x FG(6.1)2097 1268 y SDict begin H.R end 2097 1268 a 2097 1330 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (subsection.6.1) cvn H.B /ANN pdfmark end 2097 1330 a FG(.)37 b(A)25 b(detailed)k(description)g(of)e(Kleene)g(e)n(v)n(aluation)150 1438 y(is)k(be)o(yond)i(the)f(scope)h(of)e(this)h(paper)h(and)e(can)h (be)g(found)g(in)g([)2228 1439 y SDict begin H.S end 2228 1439 a -1 x FG(SR)-5 b(W02)2511 1376 y SDict begin H.R end 2511 1376 a 2511 1438 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.TOPLAS:SRW02) cvn H.B /ANN pdfmark end 2511 1438 a FG(].)52 b(Kleene)32 b(e)n(v)n(aluation)i(of)d(transiti)n(v)o(e)150 1546 y(closure)d(is)e(equi)n(v)n(alent)j(to)d(applying)j(transiti)n (vity)g(to)d(infer)i(the)e(e)o(xistence)j(of)d(paths,)i(and)e (\002nding)i(a)d(subset)j(of)150 1654 y(the)j(partition)j(that)e(has)f (no)g(outgoing)j(edges)e(to)g(infer)g(the)f(absence)i(of)e(paths.)53 b(The)31 b(latter)h(is)f(equi)n(v)n(alent)i(to)150 1762 y(applying)26 b(the)e FN(NoExit)f FG(axiom)h(on)g(the)g(formula)g(that) g(de\002nes)h(the)e(appropriate)k(partition.)150 1911 y SDict begin H.S end 150 1911 a 150 1911 a SDict begin 13 H.A end 150 1911 a 150 1911 a SDict begin [ /View [/XYZ H.V] /Dest (subsection.6.1) cvn /DEST pdfmark end 150 1911 a 88 x FG(6.1.)46 b FN(Pr)n(ecise)25 b(Update.)45 b FG(Maintenance)27 b(of)d(transiti)n(v)o(e)j(closure)f(through)g(updates)g(in)e(the)h (underlying)i(relation)150 2107 y(is)36 b(required)h(for)f(the)g(v)o (eri\002cation)i(of)d(heap-manipulating)41 b(programs.)67 b(In)35 b(general,)40 b(it)c(is)f(not)h(possible)i(to)150 2215 y(update)e(transiti)n(v)o(e)h(closure)f(for)f(arbitrary)i(change)g (using)f(\002rst-order)n(-logic)i(formulas.)64 b(Instead,)39 b(we)34 b(limit)150 2323 y(the)28 b(discussion)i(to)d(unit)h(changes)h (\(i.e.,)f(the)g(addition)h(or)e(remo)o(v)n(al)h(of)f(a)g(single)i (edge\).)41 b(W)-7 b(ork)27 b(in)h(descripti)n(v)o(e)150 2431 y(dynamic)c(comple)o(xity)g([)944 2433 y SDict begin H.S end 944 2433 a -2 x FG(PI97)1116 2369 y SDict begin H.R end 1116 2369 a 1116 2431 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.JCSS:PatnaikI1997) cvn H.B /ANN pdfmark end 1116 2431 a FG(,)1160 2432 y SDict begin H.S end 1160 2432 a -1 x FG(Hes03)1393 2369 y SDict begin H.R end 1393 2369 a 1393 2431 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Hesse-thesis) cvn H.B /ANN pdfmark end 1393 2431 a FG(])e(and)h(database)h (theory)g([)2216 2433 y SDict begin H.S end 2216 2433 a -2 x FG(DS95)2423 2369 y SDict begin H.R end 2423 2369 a 2423 2431 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.DS95) cvn H.B /ANN pdfmark end 2423 2431 a FG(])e(gi)n(v)o(es)h (\002rst-order)h(update)g(formulas)g(to)150 2539 y(unit)g(changes)i(in) d(se)n(v)o(eral)i(classes)g(of)e(graphs,)i(including)h(functional)h (graphs)e(and)f(ac)o(yclic)h(graphs.)316 2647 y(W)-7 b(e)24 b(demonstrate)j(the)d(applicability)29 b(of)24 b(the)h(proposed)i(axiom)e(schemes)g(by)g(sho)n(wing)h(ho)n(w)d(the)o (y)i(can)g(be)150 2755 y(used)f(to)g(pro)o(v)o(e)g(the)g(precise)h (update)g(formula)f(for)g(unit)g(changes)i(in)d(se)n(v)o(eral)i (classes)g(of)f(graphs.)150 2904 y SDict begin H.S end 150 2904 a 150 2904 a SDict begin 13 H.A end 150 2904 a 150 2904 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.6.1.1) cvn /DEST pdfmark end 150 2904 a 88 x FG(6.1.1.)46 b Fv(Edg)o(e)32 b(addition.)48 b FG(W)-7 b(e)31 b(refer)h(to)f(the)h (edge)g(relation)i(before)f(the)e(update)j(by)d Fx(e)g FG(and)h(the)g(edge)g(relation)150 3100 y(after)24 b(the)g(update)h(by) f Fx(e)894 3067 y FM(0)917 3100 y FG(.)k(Adding)d(an)e(edge)i(from)e Fx(s)f FG(to)i Fx(t)f FG(can)g(be)h(formulated)i(as)989 3246 y Fy(8)p Fx(v)1084 3260 y Fw(1)1123 3246 y Fx(;)15 b(v)1207 3260 y Fw(2)1262 3246 y Fx(:)g(e)1344 3208 y FM(0)1368 3246 y Fu(\()p Fx(v)1447 3260 y Fw(1)1487 3246 y Fx(;)g(v)1571 3260 y Fw(2)1611 3246 y Fu(\))51 b Fy($)f Fu(\()p Fx(e)p Fu(\()p Fx(v)1994 3260 y Fw(1)2035 3246 y Fx(;)15 b(v)2119 3260 y Fw(2)2159 3246 y Fu(\))20 b Fy(_)g Fu(\()p Fx(s)p Fu(\()p Fx(v)2452 3260 y Fw(1)2492 3246 y Fu(\))g Fy(^)g Fx(t)p Fu(\()p Fx(v)2740 3260 y Fw(2)2780 3246 y Fu(\)\)\))p Fx(:)150 3391 y FG(The)j(precise)i(update) g(formula)g(for)f(this)g(change)h(is)328 3537 y Fy(9)p Fx(v)423 3551 y Fr(s)459 3537 y Fx(;)15 b(v)543 3551 y Fr(t)588 3537 y Fx(:)g(s)p Fu(\()p Fx(v)750 3551 y Fr(s)788 3537 y Fu(\))20 b Fy(^)g Fx(t)p Fu(\()p Fx(v)1036 3551 y Fr(t)1066 3537 y Fu(\))g Fy(^)g(8)p Fx(v)1297 3551 y Fw(1)1336 3537 y Fx(;)15 b(v)1420 3551 y Fw(2)1475 3537 y Fx(:)g(e)1557 3499 y FM(0)1557 3559 y Fw(tc)1621 3537 y Fu(\()p Fx(v)1700 3551 y Fw(1)1740 3537 y Fx(;)g(v)1824 3551 y Fw(2)1864 3537 y Fu(\))51 b Fy($)f Fu(\()p Fx(e)2168 3551 y Fw(tc)2232 3537 y Fu(\()p Fx(v)2311 3551 y Fw(1)2351 3537 y Fx(;)15 b(v)2435 3551 y Fw(2)2474 3537 y Fu(\))21 b Fy(_)f Fu(\()p Fx(e)2688 3551 y Fw(tc)2751 3537 y Fu(\()p Fx(v)2830 3551 y Fw(1)2870 3537 y Fx(;)15 b(v)2954 3551 y Fr(s)2992 3537 y Fu(\))20 b Fy(^)g Fx(e)3170 3551 y Fw(tc)3233 3537 y Fu(\()p Fx(v)3312 3551 y Fr(t)3342 3537 y Fx(;)15 b(v)3426 3551 y Fw(2)3466 3537 y Fu(\)\)\))316 3683 y FG(W)-7 b(e)29 b(ha)n(v)o(e)i(used)i(S)t FF(P)m(A)t(S)t(S)h FG(to)c(pro)o(v)o(e)g(the)h(v)n(alidity)g(of)f(this)h(update)h(formula) f(using)g(the)f(color)h(axioms)g(de-)150 3791 y(scribed)e(in)e(this)g (paper)-5 b(.)40 b(The)27 b(basic)h(colors)g(needed)h(are)e Fx(r)2042 3805 y Fr(t;e)2124 3791 y FG(,)g(i.e.,)f(forw)o(ard)i (reachability)j(from)c(the)g(tar)n(get)h(of)150 3899 y(the)g(ne)n(w)f(edge,)j(and)e Fx(r)886 3921 y Fr(s;)939 3892 y FM( )-55 b(\000)957 3921 y Fr(e)1013 3899 y FG(,)28 b(i.e.,)f(backw)o(ard)j(reachability)h(from)d(the)g(source)h(of)f(the)g (ne)n(w)f(edge.)42 b(The)27 b(axioms)150 4006 y(instantiated)g(in)c (the)h(proof)h(are)f(gi)n(v)o(en)g(in)f(T)-7 b(able)1710 4007 y SDict begin H.S end 1710 4007 a -1 x FG(6)1755 3944 y SDict begin H.R end 1755 3944 a 1755 4006 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (table.6) cvn H.B /ANN pdfmark end 1755 4006 a FG(\(a\).)150 4156 y SDict begin H.S end 150 4156 a 150 4156 a SDict begin 13 H.A end 150 4156 a 150 4156 a SDict begin [ /View [/XYZ H.V] /Dest (subsubsection.6.1.2) cvn /DEST pdfmark end 150 4156 a 88 x FG(6.1.2.)46 b Fv(Edg)o(e)32 b(r)m(emo)o(val.)46 b FG(There)32 b(is)g(no)f(kno)n(wn) h(precise)h(formula)g(for)f(updating)i(the)d(transiti)n(v)o(e)j (closure)f(of)f(a)150 4352 y(general)37 b(graph.)64 b(F)o(or)35 b(general)h(ac)o(yclic)h(graphs,)i(Dong)c(and)h(Su)e([)2360 4354 y SDict begin H.S end 2360 4354 a -2 x FG(DS95)2567 4290 y SDict begin H.R end 2567 4290 a 2567 4352 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.DS95) cvn H.B /ANN pdfmark end 2567 4352 a FG(])h(gi)n(v)o(e)g(a)g(precise)i(update)f (formula)150 4460 y(that)30 b(is)f(be)o(yond)i(the)e(scope)i(of)e(this) h(w)o(ork.)46 b(F)o(or)29 b(functional)j(graphs,)g(Hesse)e([)2714 4461 y SDict begin H.S end 2714 4461 a -1 x FG(Hes03)2946 4398 y SDict begin H.R end 2946 4398 a 2946 4460 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Hesse-thesis) cvn H.B /ANN pdfmark end 2946 4460 a FG(])f(gi)n(v)o(es)h(precise)h(update)150 4568 y(formulas)22 b(based)h(on)e(either)h(an)f(auxiliary)j(binary)f (relation,)g(or)e(by)g(using)h(a)f(ternary)i(relation)g(to)e(describe)i (paths)150 4676 y(in)i(the)h(graph)g(that)g(pass)g(through)h(each)g (node.)34 b(W)l(ithout)27 b(these)g(additions,)h(it)d(is)g(not)g (possible)j(to)d(gi)n(v)o(e)h(precise)150 4784 y(update)f(formulas)g (in)e(the)h(presence)i(of)d(c)o(yclicity)-6 b(.)316 4892 y(When)21 b(limiting)g(the)g(discussion)i(to)d(ac)o(yclic)i(graphs)g (in)e(which)g(between)i(an)o(y)e(tw)o(o)g(nodes)i(there)f(is)f(at)g (most)150 4999 y(one)26 b(path)h(\(such)g(as)e(ac)o(yclic)i(functional) i(graphs)e(and)f(trees\))h(it)f(is)f(possible)j(to)e(gi)n(v)o(e)g(a)f (simple)h(precise)i(update)150 5107 y(formula.)43 b(As)28 b(before,)i(let)e Fx(s)f FG(be)h(the)g(source)i(of)e(the)g(edge)h(to)f (be)g(remo)o(v)o(ed)h(and)f Fx(t)f FG(be)h(the)h(tar)n(get)g(of)f(the)h (edge.)150 5215 y(The)23 b(formula)i(for)e(remo)o(ving)i(an)f(edge)g (is)959 5361 y Fy(8)p Fx(v)1054 5375 y Fw(1)1093 5361 y Fx(;)15 b(v)1177 5375 y Fw(2)1232 5361 y Fx(:)g(e)1314 5323 y FM(0)1338 5361 y Fu(\()p Fx(v)1417 5375 y Fw(1)1457 5361 y Fx(;)g(v)1541 5375 y Fw(2)1580 5361 y Fu(\))51 b Fy($)g Fu(\()p Fx(e)p Fu(\()p Fx(v)1964 5375 y Fw(1)2004 5361 y Fx(;)15 b(v)2088 5375 y Fw(2)2128 5361 y Fu(\))21 b Fy(^)f(:)p Fu(\()p Fx(s)p Fu(\()p Fx(v)2483 5375 y Fw(1)2522 5361 y Fu(\))h Fy(^)e Fx(t)p Fu(\()p Fx(v)2770 5375 y Fw(2)2810 5361 y Fu(\)\)\))p Fx(:)p eop end end %%Page: 27 27 TeXDict begin HPSdict begin 27 26 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.27) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(27)p 192 351 1144 4 v 190 459 4 108 v 233 427 a FN(NewStart)q Fu([)p Fx(tr)s(ue;)15 b(e;)g(e)962 394 y FM(0)986 427 y Fu(])p 1333 459 V 190 570 4 111 v 233 535 a FN(NewStart)q Fu([)p Fx(r)668 549 y Fr(t;e)770 535 y Fy(^)20 b(:)p Fx(r)953 557 y Fr(s;)1006 529 y FM( )-55 b(\000)1024 557 y Fr(e)1079 535 y Fx(;)15 b(e)1161 502 y FM(0)1185 535 y Fx(;)g(e)p Fu(])p 1333 570 V 190 681 V 233 646 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)729 660 y Fr(t;e)831 646 y Fy(^)k Fx(r)952 668 y Fr(s;)1005 639 y FM( )-55 b(\000)1024 668 y Fr(e)1079 646 y Fx(;)15 b(e)1161 613 y FM(0)1185 646 y Fx(;)g(e)p Fu(])p 1333 681 V 190 789 4 108 v 233 756 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)729 770 y Fr(t;e)810 756 y Fx(;)g(e)892 723 y FM(0)916 756 y Fx(;)g(e)p Fu(])p 1333 789 V 190 900 4 111 v 233 864 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)729 887 y Fr(s;)782 858 y FM( )-55 b(\000)800 887 y Fr(e)855 864 y Fx(;)15 b(e)937 831 y FM(0)961 864 y Fx(;)g(e)p Fu(])p 1333 900 V 190 1011 V 233 975 a FN(NoExit)q Fu([)p Fy(:)p Fx(r)633 998 y Fr(s;)686 969 y FM( )-55 b(\000)704 998 y Fr(e)760 975 y Fx(;)15 b(e)842 942 y FM(0)866 975 y Fu(])p 1333 1011 V 190 1118 4 108 v 233 1086 a FN(NoExit)q Fu([)p Fx(r)572 1100 y Fr(t;e)654 1086 y Fx(;)g(e)736 1053 y FM(0)760 1086 y Fu(])p 1333 1118 V 192 1122 1144 4 v 1595 407 920 4 v 1593 515 4 108 v 1636 482 a FN(NewStart)q Fu([)p Fx(tr)s(ue;)g(e)2283 449 y FM(0)2307 482 y Fx(;)g(e)p Fu(])p 2512 515 V 1593 623 V 1636 590 a FN(NewStart)q Fu([)p Fx(r)2071 604 y Fr(t;e)2153 590 y Fx(;)g(e;)g(e)2317 557 y FM(0)2342 590 y Fu(])p 2512 623 V 1593 733 4 111 v 1636 698 a FN(NewStart)q Fu([)p Fx(r)2071 720 y Fr(s;)2124 692 y FM( )-55 b(\000)2142 720 y Fr(e)2198 698 y Fx(;)15 b(e;)g(e)2362 665 y FM(0)2387 698 y Fu(])p 2512 733 V 1593 841 4 108 v 1636 809 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)2132 823 y Fr(t;e)2213 809 y Fx(;)g(e;)g(e)2377 776 y FM(0)2402 809 y Fu(])p 2512 841 V 1593 952 4 111 v 1636 917 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)2132 939 y Fr(s;)2185 911 y FM( )-55 b(\000)2203 939 y Fr(e)2258 917 y Fx(;)15 b(e;)g(e)2422 884 y FM(0)2447 917 y Fu(])p 2512 952 V 1593 1063 V 1636 1028 a FN(NoExit)q Fu([)p Fx(r)1975 1050 y Fr(s;)2028 1022 y FM( )-55 b(\000)2046 1050 y Fr(e)2102 1028 y Fx(;)15 b(e)2184 995 y FM(0)2208 1028 y Fu(])p 2512 1063 V 1595 1066 920 4 v 2758 408 V 2756 516 4 108 v 2799 484 a FN(NewStart)q Fu([)p Fx(tr)s(ue;)g(e)3446 451 y FM(0)3470 484 y Fx(;)g(e)p Fu(])p 3675 516 V 2756 624 V 2799 592 a FN(NewStart)q Fu([)p Fx(r)3234 606 y Fr(t;e)3316 592 y Fx(;)g(e;)g(e)3480 559 y FM(0)3505 592 y Fu(])p 3675 624 V 2756 735 4 111 v 2799 700 a FN(NewStart)q Fu([)p Fx(r)3234 722 y Fr(s;)3287 693 y FM( )-55 b(\000)3305 722 y Fr(e)3361 700 y Fx(;)15 b(e;)g(e)3525 667 y FM(0)3550 700 y Fu(])p 3675 735 V 2756 843 4 108 v 2799 810 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)3295 824 y Fr(t;e)3376 810 y Fx(;)g(e;)g(e)3540 777 y FM(0)3565 810 y Fu(])p 3675 843 V 2756 954 4 111 v 2799 918 a FN(NewStart)q Fu([)p Fy(:)p Fx(r)3295 941 y Fr(s;)3348 912 y FM( )-55 b(\000)3366 941 y Fr(e)3421 918 y Fx(;)15 b(e;)g(e)3585 885 y FM(0)3610 918 y Fu(])p 3675 954 V 2756 1062 4 108 v 2799 1029 a FN(NoExit)q Fu([)p Fy(:)p Fx(r)3199 1043 y Fr(t;e)3281 1029 y Fx(;)g(e)3363 996 y FM(0)3387 1029 y Fu(])p 3675 1062 V 2758 1065 920 4 v 801 1197 a FG(\(a\))1181 b(\(b\))1120 b(\(c\))150 1383 y(T)-7 b(able)23 b(6:)485 1383 y SDict begin H.S end 485 1383 a 485 1383 a SDict begin H.R end 485 1383 a 485 1383 a SDict begin [ /View [/XYZ H.V] /Dest (table.6) cvn /DEST pdfmark end 485 1383 a FG(Axioms)j(instantiated)k(for) d(the)f(proof)i(of)e(the)h(precise)h(update)g(formula)f(of:)35 b(\(a\))27 b(adding)h(an)e(edge)h(to)485 1491 y(a)c(general)i(graph,)g (\(b\))f(remo)o(ving)h(an)f(edge)g(from)g(an)g(ac)o(yclic)h(functional) h(graph,)f(and)f(\(c\))g(remo)o(ving)485 1599 y(an)f(edge)i(from)e(a)g (tree.)150 1862 y(The)g(precise)i(update)g(formula)g(for)f(this)g (change)h(is)285 2007 y Fy(9)p Fx(v)380 2021 y Fr(s)416 2007 y Fx(;)15 b(v)500 2021 y Fr(t)545 2007 y Fx(:)g(s)p Fu(\()p Fx(v)707 2021 y Fr(s)745 2007 y Fu(\))20 b Fy(^)g Fx(t)p Fu(\()p Fx(v)993 2021 y Fr(t)1023 2007 y Fu(\))g Fy(^)g(8)p Fx(v)1254 2021 y Fw(1)1293 2007 y Fx(;)15 b(v)1377 2021 y Fw(2)1432 2007 y Fx(:)g(e)1514 1970 y FM(0)1514 2030 y Fw(tc)1578 2007 y Fu(\()p Fx(v)1657 2021 y Fw(1)1697 2007 y Fx(;)g(v)1781 2021 y Fw(2)1821 2007 y Fu(\))51 b Fy($)f Fu(\()p Fx(e)2125 2021 y Fw(tc)2189 2007 y Fu(\()p Fx(v)2268 2021 y Fw(1)2308 2007 y Fx(;)15 b(v)2392 2021 y Fw(2)2431 2007 y Fu(\))21 b Fy(^)f(:)p Fu(\()p Fx(e)2706 2021 y Fw(tc)2769 2007 y Fu(\()p Fx(v)2848 2021 y Fw(1)2888 2007 y Fx(;)15 b(v)2972 2021 y Fr(s)3009 2007 y Fu(\))21 b Fy(^)f Fx(e)3188 2021 y Fw(tc)3251 2007 y Fu(\()p Fx(v)3330 2021 y Fr(t)3360 2007 y Fx(;)15 b(v)3444 2021 y Fw(2)3484 2007 y Fu(\)\)\))p Fx(:)316 2153 y FG(W)-7 b(e)26 b(ha)n(v)o(e)i(used)h(S)t FF(P)m(A)t(S)t(S)j FG(to)26 b(pro)o(v)o(e)i(the)f(v)n(alidity)i(of)d(this)i(update)g (formula)g(for)f(the)h(case)f(of)g(ac)o(yclic)h(func-)150 2261 y(tional)g(graphs)g(and)f(the)f(case)h(of)g(trees.)38 b(As)26 b(in)g(edge)h(addition,)i Fx(r)2267 2275 y Fr(t;e)2375 2261 y FG(and)e Fx(r)2573 2283 y Fr(s;)2626 2255 y FM( )-55 b(\000)2644 2283 y Fr(e)2726 2261 y FG(are)26 b(used)i(as)e(the)h (basic)g(colors.)150 2369 y(The)c(axioms)h(instantiated)j(in)d(the)g (proof)g(are)g(gi)n(v)o(en)g(in)g(T)-7 b(able)2159 2370 y SDict begin H.S end 2159 2370 a -1 x FG(6)2204 2307 y SDict begin H.R end 2204 2307 a 2204 2369 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (table.6) cvn H.B /ANN pdfmark end 2204 2369 a FG(\(b\))24 b(and)g(T)-7 b(able)2710 2370 y SDict begin H.S end 2710 2370 a -1 x FG(6)2755 2307 y SDict begin H.R end 2755 2307 a 2755 2369 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (table.6) cvn H.B /ANN pdfmark end 2755 2369 a FG(\(c\).)150 2540 y SDict begin H.S end 150 2540 a 150 2540 a SDict begin 13 H.A end 150 2540 a 150 2540 a SDict begin [ /View [/XYZ H.V] /Dest (section.7) cvn /DEST pdfmark end 150 2540 a 1570 2628 a FG(7.)48 b(R)t FF(E)t(L)t(A)l(T)t(E)t(D)30 b FG(W)s FF(O)t(R)t(K)316 2790 y FN(Shape)d(Analysis.)42 b FG(This)27 b(w)o(ork)h(w)o(as)g(moti)n(v)n(ated)h(by)f(our)g(e)o(xperience)i(with) e(TVLA)d([)3101 2791 y SDict begin H.S end 3101 2791 a -1 x FG(LAS00)3364 2728 y SDict begin H.R end 3364 2728 a 3364 2790 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.SAS:LS00) cvn H.B /ANN pdfmark end 3364 2790 a FG(,)3414 2791 y SDict begin H.S end 3414 2791 a -1 x FG(SR)-5 b(W02)3697 2728 y SDict begin H.R end 3697 2728 a 3697 2790 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.TOPLAS:SRW02) cvn H.B /ANN pdfmark end 3697 2790 a FG(],)150 2898 y(which)25 b(is)f(a)h(generic)h(system)f(for)g(abstract)h(interpretation)j([)2092 2899 y SDict begin H.S end 2092 2899 a -1 x FG(CC77)2304 2836 y SDict begin H.R end 2304 2836 a 2304 2898 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.POPL:CC77) cvn H.B /ANN pdfmark end 2304 2898 a FG(].)j(The)24 b(TVLA)e(system)j(is)g(more)f (automatic)150 3006 y(than)35 b(the)f(methods)h(described)h(in)e(this)g (paper)h(since)g(it)e(does)i(not)f(rely)g(on)g(user)n(-supplied)k(loop) d(in)l(v)n(ariants.)150 3114 y(Ho)n(we)n(v)o(er)l(,)26 b(the)h(techniques)i(presented)g(in)d(the)g(present)i(paper)f(are)g (potentially)i(more)d(precise)i(due)e(to)g(the)h(use)150 3221 y(of)18 b(full)h(\002rst-order)i(reasoning.)29 b(It)19 b(can)f(be)h(sho)n(wn)g(that)g(the)g FN(NoExit)f FG(scheme)h(allo)n(ws) g(us)g(to)f(infer)h(reachability)j(at)150 3329 y(least)d(as)f (precisely)j(as)d(e)n(v)n(aluation)j(rules)e(for)f Fu(3)p FG(-v)n(alued)j(logic)e(with)f(Kleene)h(semantics.)29 b(In)18 b(the)g(future,)j(we)c(hope)150 3437 y(to)28 b(de)n(v)o(elop)h(an)e(ef)n(\002cient)i(non-interacti)n(v)o(e)i (theorem)e(pro)o(v)o(er)f(that)h(enjo)o(ys)g(the)f(bene\002ts)g(of)g (both)g(approaches.)150 3545 y(An)h(interesting)k(observ)n(ation)g(is)d (that)g(the)g(colors)i(needed)f(in)f(our)g(e)o(xamples)i(to)d(pro)o(v)o (e)i(the)f(formula)h(are)f(the)150 3653 y(same)f(unary)g(predicates)i (used)f(by)e(TVLA)e(to)j(de\002ne)g(its)f(abstraction.)47 b(This)28 b(similarity)j(may)-6 b(,)29 b(in)f(the)h(future,)150 3761 y(help)j(us)e(\002nd)h(better)h(w)o(ays)f(to)f(automatically)k (instantiate)g(the)d(required)i(axioms.)51 b(In)31 b(particular)l(,)k (inducti)n(v)o(e)150 3869 y(logic)24 b(programming)i(has)d(recently)j (been)e(used)g(to)f(learn)i(formulas)f(to)f(use)h(in)f(TVLA)e (abstractions)27 b([)3439 3870 y SDict begin H.S end 3439 3870 a -1 x FG(LRS05)3697 3807 y SDict begin H.R end 3697 3807 a 3697 3869 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CAV:LRS05) cvn H.B /ANN pdfmark end 3697 3869 a FG(],)150 3977 y(which)d(holds)g(out)g(the)f(possibility)k(of)c(applying)j (similar)e(methods)g(to)g(further)h(automate)f(the)g(approach)i(of)d (the)150 4085 y(present)i(paper)-5 b(.)316 4193 y FN(Decidable)24 b(Logics.)29 b FG(Decidable)d(logics)f(can)f(be)g(emplo)o(yed)h(to)f (de\002ne)g(properties)i(of)e(link)o(ed)h(data)f(struc-)150 4301 y(tures:)37 b(W)-7 b(eak)28 b(monadic)g(second-order)j(logic)d (has)g(been)g(used)g(in)f([)2333 4302 y SDict begin H.S end 2333 4302 a -1 x FG(EMS00)2611 4239 y SDict begin H.R end 2611 4239 a 2611 4301 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.ESOP:EMS00) cvn H.B /ANN pdfmark end 2611 4301 a FG(,)2660 4302 y SDict begin H.S end 2660 4302 a -1 x FG(MS01)2882 4239 y SDict begin H.R end 2882 4239 a 2882 4301 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.PLDI:MS01) cvn H.B /ANN pdfmark end 2882 4301 a FG(])g(to)g(de\002ne)g (properties)j(of)150 4409 y(heap-allocated)h(data)c(structures,)j(and)d (to)f(conduct)j(Hoare-style)g(v)o(eri\002cation)f(using)g(programmer)n (-supplied)150 4517 y(loop)d(in)l(v)n(ariants)h(in)e(the)g(P)-8 b(ALE)21 b(system)j([)1485 4518 y SDict begin H.S end 1485 4518 a -1 x FG(MS01)1708 4455 y SDict begin H.R end 1708 4455 a 1708 4517 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.PLDI:MS01) cvn H.B /ANN pdfmark end 1708 4517 a FG(].)29 b(A)23 b(decidable)j(logic)f(called)g Fx(L)2757 4531 y Fr(r)2818 4517 y FG(\(for)f(\223logic)h(of)f(reachability)150 4625 y(e)o(xpressions\224\))31 b(w)o(as)d(de\002ned)g(in)g([)1260 4627 y SDict begin H.S end 1260 4627 a -2 x FG(BRS99)1523 4563 y SDict begin H.R end 1523 4563 a 1523 4625 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.ESOP:BRS99) cvn H.B /ANN pdfmark end 1523 4625 a FG(].)41 b Fx(L)1679 4639 y Fr(r)1743 4625 y FG(is)28 b(rich)g(enough)i(to)d(e)o(xpress)j(the)e (shape)h(descriptors)h(studied)150 4732 y(in)j([)283 4734 y SDict begin H.S end 283 4734 a -2 x FG(SR)-5 b(W98)566 4670 y SDict begin H.R end 566 4670 a 566 4732 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.kn:SRW98) cvn H.B /ANN pdfmark end 566 4732 a FG(])32 b(and)i(the)f(path)h(matrices)g (introduced)i(in)c([)2017 4734 y SDict begin H.S end 2017 4734 a -2 x FG(Hen90)2260 4670 y SDict begin H.R end 2260 4670 a 2260 4732 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.kn:Hendren) cvn H.B /ANN pdfmark end 2260 4732 a FG(].)56 b(More)33 b(recent)i(decidable)g(logics)f(include)150 4840 y(Logic)24 b(of)f(Reachable)i(P)o(atterns)g([)1229 4841 y SDict begin H.S end 1229 4841 a -1 x FG(YRS)1407 4807 y Fw(+)1465 4840 y FG(06)1556 4767 y SDict begin H.R end 1556 4767 a 1556 4840 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.FOSSACS:YRSMB06) cvn H.B /ANN pdfmark end 1556 4840 a FG(])d(and)i(a)f(decision)j (procedure)g(for)e(link)o(ed)h(data)f(structures)i(that)e(can)150 4948 y(handle)h(singly)g(link)o(ed)g(lists)f([)1108 4949 y SDict begin H.S end 1108 4949 a -1 x FG(BR06)1321 4886 y SDict begin H.R end 1321 4886 a 1321 4948 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.VMCAI:BR06) cvn H.B /ANN pdfmark end 1321 4948 a FG(].)316 5056 y(The)e(present)j(paper)f(does)f(not) h(de)n(v)o(elop)g(decision)h(procedures,)g(b)n(ut)f(instead)g(suggests) h(methods)f(that)g(can)150 5164 y(be)34 b(used)h(in)e(conjunction)38 b(with)33 b(e)o(xisting)j(theorem)f(pro)o(v)o(ers.)61 b(Thus,)36 b(the)e(techniques)j(are)d(incomplete)i(and)150 5272 y(the)26 b(theorem)g(pro)o(v)o(ers)h(need)f(not)g(terminate.)36 b(Ho)n(we)n(v)o(er)l(,)25 b(our)h(initial)h(e)o(xperience)h(is)d(that)h (the)g(e)o(xtra)g(\003e)o(xibility)150 5380 y(gained)21 b(by)f(the)g(use)g(of)g(\002rst-order)h(logic)g(with)f(transiti)n(v)o (e)h(closure)h(is)d(promising.)30 b(F)o(or)19 b(e)o(xample,)i(we)e(can) h(pro)o(v)o(e)p eop end end %%Page: 28 28 TeXDict begin HPSdict begin 28 27 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.28) cvn /DEST pdfmark end 150 82 a Fz(28)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 448 y FG(the)25 b(correctness)j(of)c (imperati)n(v)o(e)i(destructi)n(v)o(e)h(list-re)n(v)o(ersal)h (speci\002ed)e(in)e(a)g(natural)j(w)o(ay)d(and)h(the)g(correctness)150 555 y(of)e(mark)h(and)g(sweep)g(garbage)h(collectors,)h(which)e(are)f (be)o(yond)i(the)f(scope)h(of)e(Mona)h(and)g Fx(L)3151 569 y Fr(r)3189 555 y FG(.)316 663 y(Indeed,)g(in)f([)731 664 y SDict begin H.S end 731 664 a -1 x FG(IRR)883 630 y Fw(+)942 663 y FG(04b)1079 590 y SDict begin H.R end 1079 590 a 1079 663 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.CAV:IRRSY04) cvn H.B /ANN pdfmark end 1079 663 a FG(],)f(we)g(ha)n(v) o(e)i(tried)g(to)f(simulate)h(e)o(xisting)h(data)e(structures)j(using)e (decidable)i(logics)150 771 y(and)c(realized)i(that)f(this)f(can)g(be)g (trick)o(y)h(because)h(the)e(programmer)h(may)f(need)h(to)f(pro)o(v)o (e)g(a)f(speci\002c)i(simulation)150 879 y(in)l(v)n(ariant)i(for)d(a)g (gi)n(v)o(en)h(program.)30 b(Gi)n(ving)22 b(an)h(inaccurate)i (simulation)f(in)l(v)n(ariant)h(causes)f(the)e(simulation)j(to)d(be)150 987 y(unsound.)31 b(One)23 b(of)g(the)g(adv)n(antages)j(of)d(the)h (technique)h(described)h(in)d(the)h(present)g(paper)h(is)e(that)g (soundness)j(is)150 1095 y(guaranteed)g(no)c(matter)i(which)f(axioms)g (are)g(instantiated.)32 b(Moreo)o(v)o(er)l(,)24 b(the)f(simulation)h (requirements)i(are)d(not)150 1203 y(necessarily)k(e)o(xpressible)f(in) d(the)h(decidable)i(logic.)316 1311 y FN(Other)33 b(First-Order)h (Axiomatizations)h(of)e(Link)o(ed)f(Data)h(Structur)n(es.)58 b FG(The)33 b(closest)i(approach)g(to)150 1419 y(ours)d(that)g(we)e (are)h(a)o(w)o(are)g(of)g(w)o(as)g(tak)o(en)i(by)e(Nelson)h(as)f(we)f (describe)j(in)e(Section)2919 1419 y SDict begin H.S end 2919 1419 a FG(4)2964 1357 y SDict begin H.R end 2964 1357 a 2964 1419 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.4) cvn H.B /ANN pdfmark end 2964 1419 a FG(.)51 b(This)31 b(also)h(has)f(some)150 1527 y(follo)n(w-up)e(w)o(ork)e(by)g(Leino)h (and)g(Joshi)g([)1502 1529 y SDict begin H.S end 1502 1529 a -2 x FG(Lei98)1714 1465 y SDict begin H.R end 1714 1465 a 1714 1527 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Leino) cvn H.B /ANN pdfmark end 1714 1527 a FG(].)40 b(Our)26 b(impression)k(from)d(their)h(write-up)g(is)f(that)h(Leino)g(and)150 1635 y(Joshi')-5 b(s)25 b(w)o(ork)f(can)g(be)f(pushed)j(forw)o(ard)e (by)g(using)h(our)e(coloring)j(axioms.)316 1743 y(A)h(more)g(recent)i (w)o(ork)f(by)g(Lahiri)g(and)g(Qadeer)g([)1928 1759 y SDict begin H.S end 1928 1759 a -16 x FG(LQ06)2141 1681 y SDict begin H.R end 2141 1681 a 2141 1743 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.POPL:LQ06) cvn H.B /ANN pdfmark end 2141 1743 a FG(])f(uses)h(\002rst-order)i(axiomatization.)45 b(This)27 b(w)o(ork)150 1851 y(can)d(be)f(seen)i(as)e(a)g (specialization)28 b(of)23 b(ours)i(to)e(the)h(case)g(of)g(\(c)o (yclic\))h(singly)g(link)o(ed)g(lists.)316 1959 y FN(Dynamic)c (Maintenance)g(of)h(T)-7 b(ransiti)o(v)o(e)22 b(Closur)n(e.)29 b FG(Another)22 b(orthogonal)j(b)n(ut)c(promising)j(approach)f(to)150 2066 y(transiti)n(v)o(e)i(closure)h(is)d(to)g(maintain)i(reachability)i (relations)f(incrementally)g(as)e(we)e(mak)o(e)i(unit)g(changes)i(in)d (the)150 2174 y(data)e(structure.)30 b(It)20 b(is)g(kno)n(wn)h(that)g (in)f(man)o(y)g(cases,)i(reachability)i(can)c(be)h(maintained)h(by)f (\002rst-order)h(formulas)150 2282 y([)180 2284 y SDict begin H.S end 180 2284 a -2 x FG(DS95)387 2220 y SDict begin H.R end 387 2220 a 387 2282 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.DS95) cvn H.B /ANN pdfmark end 387 2282 a FG(,)431 2284 y SDict begin H.S end 431 2284 a -2 x FG(PI97)602 2220 y SDict begin H.R end 602 2220 a 602 2282 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.JCSS:PatnaikI1997) cvn H.B /ANN pdfmark end 602 2282 a FG(])f(and)h(e)n(v)o(en)f (sometimes)h(by)g(quanti\002er)n(-free)i(formulas)f([)2426 2283 y SDict begin H.S end 2426 2283 a -1 x FG(Hes03)2659 2220 y SDict begin H.R end 2659 2220 a 2659 2282 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Hesse-thesis) cvn H.B /ANN pdfmark end 2659 2282 a FG(].)k(Furthermore,)c(in)e(these)h(cases,) 150 2390 y(it)27 b(is)h(often)g(possible)i(to)e(automatically)j(deri)n (v)o(e)d(the)g(\002rst-order)h(update)g(formulas)g(using)g(\002nite)f (dif)n(ferencing)150 2498 y([)180 2499 y SDict begin H.S end 180 2499 a -1 x FG(RSL03)438 2436 y SDict begin H.R end 438 2436 a 438 2498 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.finite-differencing) cvn H.B /ANN pdfmark end 438 2498 a FG(].)150 2663 y SDict begin H.S end 150 2663 a 150 2663 a SDict begin 13 H.A end 150 2663 a 150 2663 a SDict begin [ /View [/XYZ H.V] /Dest (section.8) cvn /DEST pdfmark end 150 2663 a 1630 2757 a FG(8.)48 b(C)t FF(O)t(N)t(C)t(L)t(U)t(S)t (I)t(O)t(N)316 2919 y FG(This)34 b(paper)h(reports)g(on)f(our)g (proposal)i(of)e(a)f(ne)n(w)h(methodology)i(for)e(using)h(of)n (f-the-shelf)i(\002rst-order)150 3027 y(theorem)21 b(pro)o(v)o(ers)h (to)e(reason)i(about)f(reachability)j(in)c(programs.)30 b(W)-7 b(e)19 b(ha)n(v)o(e)i(e)o(xplored)h(man)o(y)e(of)h(the)f (theoretical)150 3135 y(issues)h(as)f(well)g(as)g(presenting)j(e)o (xamples)e(that,)h(while)e(still)g(preliminary)-6 b(,)23 b(suggest)f(that)f(this)g(is)f(indeed)h(a)f(viable)150 3243 y(approach.)316 3351 y(As)33 b(mentioned)k(earlier)l(,)h(pro)o (ving)e(the)f(absence)h(of)e(paths)h(is)f(the)h(dif)n(\002cult)g(part)g (of)f(pro)o(ving)i(formulas)150 3459 y(with)31 b Fu(TC)p FG(.)51 b(The)32 b(promise)g(of)g(our)f(approach)j(is)e(that)g(it)f(is) g(able)h(to)g(handle)h(such)f(formulas)h(ef)n(fecti)n(v)o(ely)h(and)150 3567 y(reasonably)21 b(automatically)-6 b(,)22 b(as)c(sho)n(wn)h(by)f (the)g(f)o(act)h(that)g(it)f(can)g(successfully)k(handle)e(the)e (programs)i(described)150 3675 y(in)26 b(Section)544 3676 y SDict begin H.S end 544 3676 a -1 x FG(5)590 3613 y SDict begin H.R end 590 3613 a 590 3675 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (section.5) cvn H.B /ANN pdfmark end 590 3675 a 25 w FG(and)h(the)f(success)i(of)f(the)f(TVLA)e (system,)j(which)g(uses)g(similar)g(transiti)n(v)o(e-closure)k (reasoning.)150 3783 y(Of)23 b(course,)h(much)g(further)h(w)o(ork)f(is) f(needed)i(including)i(the)c(follo)n(wing:)150 3821 y SDict begin H.S end 150 3821 a 150 3821 a SDict begin 13 H.A end 150 3821 a 150 3821 a SDict begin [ /View [/XYZ H.V] /Dest (Item.51) cvn /DEST pdfmark end 150 3821 a 88 x Fy(\017)42 b FG(Exploring)25 b(other)g(heuristics)h(for)e (identifying)i(color)f(classes.)150 3929 y SDict begin H.S end 150 3929 a 150 3929 a SDict begin 13 H.A end 150 3929 a 150 3929 a SDict begin [ /View [/XYZ H.V] /Dest (Item.52) cvn /DEST pdfmark end 150 3929 a 88 x Fy(\017)42 b FG(Exploring)25 b(v)n(ariations)h(of)e(the)g(algorithm)h(gi)n(v)o(en) f(in)f(Fig.)2092 4018 y SDict begin H.S end 2092 4018 a -1 x FG(10)2183 3955 y SDict begin H.R end 2183 3955 a 2183 4017 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (figure.10) cvn H.B /ANN pdfmark end 2183 4017 a 23 w FG(for)g(instantiating)28 b(coloring)d(axioms.)150 4037 y SDict begin H.S end 150 4037 a 150 4037 a SDict begin 13 H.A end 150 4037 a 150 4037 a SDict begin [ /View [/XYZ H.V] /Dest (Item.53) cvn /DEST pdfmark end 150 4037 a 88 x Fy(\017)42 b FG(Exploring)25 b(the)f(use)g(of)g(additional)i(axiom)f(schemes,)f(such)h(as)e(tw)o(o)h (of)f(the)h(schemes)h(from)e([)3229 4126 y SDict begin H.S end 3229 4126 a -1 x FG(Nel83)3452 4063 y SDict begin H.R end 3452 4063 a 3452 4125 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.Nelson) cvn H.B /ANN pdfmark end 3452 4125 a FG(],)g(which)237 4233 y(are)30 b(lik)o(ely)i(to)e(be)h(useful)g (when)g(dealing)h(with)e(predicates)j(that)e(are)f(partial)i (functions.)51 b(Such)30 b(predicates)237 4341 y(arise)e(in)g(programs) h(that)f(manipulate)i(singly-link)o(ed)i(or)c(doubly-link)o(ed)k (lists\227or)l(,)e(more)e(generally)-6 b(,)31 b(data)237 4449 y(structures)39 b(that)f(are)f(ac)o(yclic)h(in)f(one)g(or)g(more)g (\223dimensions\224)i([)2407 4451 y SDict begin H.S end 2407 4451 a -2 x FG(HHN92)2696 4387 y SDict begin H.R end 2696 4387 a 2696 4449 a SDict begin [ /Color [0 1 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (cite.kn:HHN92) cvn H.B /ANN pdfmark end 2696 4449 a FG(])d(\(i.e.,)j(in)e(which)g(the)g(iterated)237 4557 y(application)27 b(of)c(a)g(gi)n(v)o(en)h(\002eld)g(selector)h(can)f (ne)n(v)o(er)g(return)h(to)e(a)g(pre)n(viously)k(visited)e(node\).)150 4577 y SDict begin H.S end 150 4577 a 150 4577 a SDict begin 13 H.A end 150 4577 a 150 4577 a SDict begin [ /View [/XYZ H.V] /Dest (Item.54) cvn /DEST pdfmark end 150 4577 a 88 x Fy(\017)42 b FG(Additional)22 b(w)o(ork)e(should)i(be)e (done)g(on)h(the)f(theoretical)j(po)n(wer)d(of)g Fx(T)2448 4679 y Fw(1)2494 4665 y Fu(+)7 b FN(IND)18 b FG(and)j(related)g (axiomatizations)237 4773 y(of)i(transiti)n(v)o(e)j(closure.)k(W)-7 b(e)23 b(conjecture,)j(for)e(e)o(xample,)g(that)g Fx(T)2265 4787 y Fw(1)2325 4773 y Fu(+)c FN(IND)i FG(is)h(TC-complete)i(for)f (trees.)150 4941 y SDict begin H.S end 150 4941 a 150 4941 a SDict begin 13 H.A end 150 4941 a 150 4941 a SDict begin [ /View [/XYZ H.V] /Dest (section*.1) cvn /DEST pdfmark end 150 4941 a 88 x FN(Ackno)o(wledgements.)46 b FG(Thanks)30 b(to)f(Aharon)h(Abadi)f(and)h(Roman)f(Mane)n(vich)i(for)e(interesting)j (suggestions.)150 5137 y(Thanks)c(to)f(V)-5 b(iktor)27 b(K)o(uncak)h(for)f(useful)i(con)l(v)o(ersations)i(including)f(his)d (observ)n(ation)j(and)e(proof)g(of)f(Proposi-)150 5245 y(tion)314 5246 y SDict begin H.S end 314 5246 a -1 x FG(4.4)428 5183 y SDict begin H.R end 428 5183 a 428 5245 a SDict begin [ /Color [1 0 0] /H /I /Border [0 0 1]BorderArrayPatch /BS <> /Subtype /Link /Dest (thm.4.4) cvn H.B /ANN pdfmark end 428 5245 a FG(.)p eop end end %%Page: 29 29 TeXDict begin HPSdict begin 29 28 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.29) cvn /DEST pdfmark end 150 82 a 896 w Fz(SIMULA)-7 b(TING)20 b(REA)m(CHABILITY)i(USING)g(FIRST)-6 b(-ORDER)21 b(LOGIC)830 b(29)1695 448 y FG(R)t FF(E)t(F)t(E)t(R)t(E)t (N)t(C)t(E)t(S)150 503 y SDict begin H.S end 150 503 a 150 503 a SDict begin 13 H.A end 150 503 a 150 503 a SDict begin [ /View [/XYZ H.V] /Dest (section*.2) cvn /DEST pdfmark end 150 503 a 150 593 a SDict begin H.S end 150 593 a FL([A)-6 b(vr03])384 593 y SDict begin 11 H.A end 384 593 a 384 593 a SDict begin [ /View [/XYZ H.V] /Dest (cite.Avron) cvn /DEST pdfmark end 384 593 a 189 w FL(A.)25 b(A)-6 b(vron.)26 b(T)m(ransiti)n(v)o(e)g(closure)f(and)h(the)g(mechanization) h(of)e(mathematics.)g(In)h FJ(Thirty)e(F)m(ive)h(Y)-7 b(ear)o(s)26 b(of)f(A)o(utomating)573 684 y(Mathematics)p FL(,)20 b(pages)g(149\226171.)g(Kluwer)f(Academic)h(Publishers,)e (2003.)150 775 y SDict begin H.S end 150 775 a FL([BLARS07])516 775 y SDict begin 11 H.A end 516 775 a 516 775 a SDict begin [ /View [/XYZ H.V] /Dest (cite.CAV:BLRS07) cvn /DEST pdfmark end 516 775 a 57 w FL(I.)29 b(Bogudlo)o(v)-5 b(,)34 b(T)-6 b(.)30 b(Le)n(v-Ami,)i(T)-6 b(.)29 b(Reps,)j(and)f(M.)f (Sagi)n(v)-5 b(.)29 b(Re)n(v)n(amping)j(tvla:)44 b(Making)31 b(parametric)g(shape)f(analysis)573 867 y(competiti)n(v)o(e.)20 b(In)e FJ(CA)-8 b(V)p FL(,)18 b(2007.)150 958 y SDict begin H.S end 150 958 a FL([BR06])374 958 y SDict begin 11 H.A end 374 958 a 374 958 a SDict begin [ /View [/XYZ H.V] /Dest (cite.VMCAI:BR06) cvn /DEST pdfmark end 374 958 a 199 w FL(J.)40 b(Bingham)i(and)f(Z.)f(Rakamaric.)g(A)g(logic)h(and)g (decision)h(procedure)g(for)e(predicate)h(abstraction)h(of)e(heap-)573 1049 y(manipulating)20 b(programs.)g(In)f FJ(VMCAI)p FL(,)f(pages)h(207\226221,)i(2006.)150 1141 y SDict begin H.S end 150 1141 a FL([BRS99])416 1141 y SDict begin 11 H.A end 416 1141 a 416 1141 a SDict begin [ /View [/XYZ H.V] /Dest (cite.ESOP:BRS99) cvn /DEST pdfmark end 416 1141 a 157 w FL(M.)h(Benedikt,)g(T)-6 b(.)21 b(Reps,)h(and)g(M.)f(Sagi)n(v) -5 b(.)21 b(A)g(decidable)i(logic)e(for)h(describing)g(link)o(ed)g (data)g(structures.)f(In)h FJ(Eur)m(opean)573 1232 y(Symp.)e(On)f(Pr)m (o)o(gr)o(amming)p FL(,)g(pages)h(2\22619,)g(March)f(1999.)150 1323 y SDict begin H.S end 150 1323 a FL([CC77])374 1323 y SDict begin 11 H.A end 374 1323 a 374 1323 a SDict begin [ /View [/XYZ H.V] /Dest (cite.POPL:CC77) cvn /DEST pdfmark end 374 1323 a 199 w FL(P)o(atrick)d(Cousot)h(and)f(Radhia)h (Cousot.)g(Abstract)f(interpretation:)22 b(a)16 b(uni\002ed)g(lattice)g (model)h(for)f(static)g(analysis)g(of)h(pro-)573 1415 y(grams)j(by)g(construction)h(or)f(approximation)h(of)e(\002xpoints.)h (In)f FJ(POPL)g('77:)25 b(Pr)m(oceedings)20 b(of)f(the)h(4th)g(A)n(CM)f (SIGA)n(CT)-6 b(-)573 1506 y(SIGPLAN)18 b(symposium)i(on)f(Principles)g (of)g(pr)m(o)o(gr)o(amming)h(langua)o(g)o(es)p FL(,)h(pages)f (238\226252.)h(A)m(CM)e(Press,)f(1977.)150 1597 y SDict begin H.S end 150 1597 a FL([CC79])374 1597 y SDict begin 11 H.A end 374 1597 a 374 1597 a SDict begin [ /View [/XYZ H.V] /Dest (cite.kn:CC79) cvn /DEST pdfmark end 374 1597 a 199 w FL(P)-8 b(.)20 b(Cousot)h(and)h(R.)e(Cousot.)h(Systematic) g(design)h(of)f(program)g(analysis)h(frame)n(w)o(orks.)f(In)g FJ(Symp.)h(on)f(Princ.)f(of)h(Pr)m(o)o(g)o(.)573 1689 y(Lang)o(.)p FL(,)e(pages)h(269\226282,)h(Ne)n(w)d(Y)-8 b(ork,)19 b(NY)-10 b(,)19 b(1979.)h(A)m(CM)e(Press.)150 1780 y SDict begin H.S end 150 1780 a FL([DS95])370 1780 y SDict begin 11 H.A end 370 1780 a 370 1780 a SDict begin [ /View [/XYZ H.V] /Dest (cite.DS95) cvn /DEST pdfmark end 370 1780 a 203 w FL(G.)h(Dong)h(and)g(J.)f(Su.)f(Incremental)i (and)g(decremental)g(e)n(v)n(aluation)h(of)e(transiti)n(v)o(e)g (closure)h(by)g(\002rst-order)f(queries.)g FJ(Inf)o(.)573 1871 y(&)g(Comput.)p FL(,)g(120:101\226106,)j(1995.)150 1963 y SDict begin H.S end 150 1963 a FL([EMS00])428 1963 y SDict begin 11 H.A end 428 1963 a 428 1963 a SDict begin [ /View [/XYZ H.V] /Dest (cite.ESOP:EMS00) cvn /DEST pdfmark end 428 1963 a 145 w FL(J.)g(Elgaard,)g(A.)g(M\370ller)m(,)g(and)h (M.I.)e(Schw)o(artzbach.)i(Compile-time)f(deb)o(ugging)i(of)e(C)g (programs)h(w)o(orking)g(on)f(trees.)573 2054 y(In)d FJ(Eur)m(opean)h(Symp.)f(On)g(Pr)m(o)o(gr)o(amming)p FL(,)h(pages)g(119\226134,)h(2000.)150 2145 y SDict begin H.S end 150 2145 a FL([FLL)309 2114 y Fn(+)358 2145 y FL(02])457 2145 y SDict begin 11 H.A end 457 2145 a 457 2145 a SDict begin [ /View [/XYZ H.V] /Dest (cite.PLDI:FLLNSS02) cvn /DEST pdfmark end 457 2145 a 116 w FL(C.)h(Flanagan,)h(K.R.M.)f (Leino,)h(M.)f(Lillibridge,)g(G.)g(Nelson,)i(J.B.)d(Sax)o(e,)i(and)g (R.)f(Stata.)f(Extended)i(static)f(checking)573 2237 y(for)d(ja)o(v)n(a.)g(In)g FJ(SIGPLAN)e(Conf)o(.)i(on)g(Pr)m(o)o(g)o(.) g(Lang)o(.)g(Design)g(and)h(Impl.)p FL(,)e(2002.)150 2328 y SDict begin H.S end 150 2328 a FL([GME99])440 2328 y SDict begin 11 H.A end 440 2328 a 440 2328 a SDict begin [ /View [/XYZ H.V] /Dest (cite.GOR99) cvn /DEST pdfmark end 440 2328 a 133 w FL(E.)25 b(Gr)t(\250)-29 b(adel,)28 b(M.Otto,)f(and)g(E.Rosen.)e(Undecidability)i(results)f(on)h(tw)o(o-v)n (ariable)g(logics.)e FJ(Ar)m(c)o(hive)i(of)f(Math.)g(Lo)o(gic)p FL(,)573 2419 y(38:313\226354,)c(1999.)150 2511 y SDict begin H.S end 150 2511 a FL([Hen90])398 2511 y SDict begin 11 H.A end 398 2511 a 398 2511 a SDict begin [ /View [/XYZ H.V] /Dest (cite.kn:Hendren) cvn /DEST pdfmark end 398 2511 a 175 w FL(L.)17 b(Hendren.)g FJ(P)-6 b(ar)o(allelizing)17 b(Pr)m(o)o(gr)o(ams)h(with)e(Recur)o(sive)i(Data)g(Structur)m(es)p FL(.)f(PhD)g(thesis,)g(Cornell)g(Uni)n(v)-5 b(.,)18 b(Ithaca,)f(NY)-10 b(,)573 2602 y(Jan)20 b(1990.)150 2693 y SDict begin H.S end 150 2693 a FL([Hes03])390 2693 y SDict begin 11 H.A end 390 2693 a 390 2693 a SDict begin [ /View [/XYZ H.V] /Dest (cite.Hesse-thesis) cvn /DEST pdfmark end 390 2693 a 183 w FL(W)-7 b(.)27 b(Hesse.)g FJ(Dynamic)h(Computational)h(Comple)o(xity)p FL(.)e(PhD)g(thesis,)i(Department)f(of)g(Computer)g(Science,)i(UMass,) 573 2785 y(Amherst,)19 b(July)g(2003.)150 2876 y SDict begin H.S end 150 2876 a FL([HHN92])436 2876 y SDict begin 11 H.A end 436 2876 a 436 2876 a SDict begin [ /View [/XYZ H.V] /Dest (cite.kn:HHN92) cvn /DEST pdfmark end 436 2876 a 137 w FL(L.)h(Hendren,)h(J.)e(Hummel,)h(and)h(A.)f(Nicolau.)g (Abstractions)g(for)g(recursi)n(v)o(e)h(pointer)f(data)h(structures:)26 b(Impro)o(ving)21 b(the)573 2967 y(analysis)27 b(and)f(the)h (transformation)f(of)g(imperati)n(v)o(e)h(programs.)f(In)g FJ(SIGPLAN)f(Conf)o(.)g(on)i(Pr)m(o)o(g)o(.)f(Lang)o(.)f(Design)i(and) 573 3059 y(Impl.)p FL(,)18 b(pages)i(249\226260,)h(Ne)n(w)e(Y)-8 b(ork,)19 b(NY)-10 b(,)18 b(June)i(1992.)g(A)m(CM)f(Press.)150 3150 y SDict begin H.S end 150 3150 a FL([Hoa75])398 3150 y SDict begin 11 H.A end 398 3150 a 398 3150 a SDict begin [ /View [/XYZ H.V] /Dest (cite.kn:Hoare75) cvn /DEST pdfmark end 398 3150 a 175 w FL(C.A.R.)f(Hoare.)h(Recursi)n(v)o(e)g(data)g (structures.)g FJ(Int.)f(J)n(.)h(of)g(Comp.)g(and)h(Inf)o(.)e(Sci.)p FL(,)g(4\(2\):105\226132,)j(1975.)150 3241 y SDict begin H.S end 150 3241 a FL([IRR)300 3209 y Fn(+)350 3241 y FL(04a])482 3241 y SDict begin 11 H.A end 482 3241 a 482 3241 a SDict begin [ /View [/XYZ H.V] /Dest (cite.eadtc) cvn /DEST pdfmark end 482 3241 a 91 w FL(N.)i(Immerman,)h(A.)f (Rabino)o(vich,)i(T)-6 b(.)22 b(Reps,)i(M.)f(Sagi)n(v)-5 b(,)24 b(and)g(G.)f(Y)-8 b(orsh.)23 b(The)g(boundary)i(between)e (decidability)h(and)573 3333 y(undecidability)d(of)e(transiti)n(v)o(e)f (closure)i(logics.)f(In)g FJ(CSL)m('04)p FL(,)f(2004.)150 3424 y SDict begin H.S end 150 3424 a FL([IRR)300 3392 y Fn(+)350 3424 y FL(04b])486 3424 y SDict begin 11 H.A end 486 3424 a 486 3424 a SDict begin [ /View [/XYZ H.V] /Dest (cite.CAV:IRRSY04) cvn /DEST pdfmark end 486 3424 a 87 w FL(N.)23 b(Immerman,)j(A.)d(Rabino)o(vich,)j(T)-6 b(.)23 b(Reps,)i(M.)e(Sagi)n(v)-5 b(,)25 b(and)g(G.)e(Y)-8 b(orsh.)23 b(V)-8 b(eri\002cation)23 b(via)h(structure)g(simulation.)g(In)573 3515 y FJ(Pr)m(oc.)19 b(Computer)o(-Aided)g(V)-8 b(erif)o(.)p FL(,)17 b(pages)j(281\226294,)h(2004.)150 3607 y SDict begin H.S end 150 3607 a FL([LARSW00])537 3607 y SDict begin 11 H.A end 537 3607 a 537 3607 a SDict begin [ /View [/XYZ H.V] /Dest (cite.ISSTA:LRSW00) cvn /DEST pdfmark end 537 3607 a 36 w FL(T)-6 b(.)24 b(Le)n(v-Ami,)i(T)-6 b(.)23 b(Reps,)j(M.)e(Sagi)n(v)-5 b(,)26 b(and)f(R.)f(W)m(ilhelm.)f(Putting)h (static)g(analysis)h(to)f(w)o(ork)h(for)f(v)o(eri\002cation:)34 b(A)24 b(case)573 3698 y(study)-5 b(.)20 b(In)f FJ(ISST)l(A)f(2000:)25 b(Pr)m(oc.)18 b(of)h(the)g(Int.)f(Symp.)i(on)f(Softwar)m(e)h(T)-7 b(esting)18 b(and)i(Analysis)p FL(,)f(pages)h(26\22638,)g(2000.)150 3789 y SDict begin H.S end 150 3789 a FL([LAS00])416 3789 y SDict begin 11 H.A end 416 3789 a 416 3789 a SDict begin [ /View [/XYZ H.V] /Dest (cite.SAS:LS00) cvn /DEST pdfmark end 416 3789 a 157 w FL(T)-6 b(.)25 b(Le)n(v-Ami)g(and)h(M.)f(Sagi)n (v)-5 b(.)25 b(TVLA:)e(A)i(system)h(for)e(implementing)i(static)f (analyses.)h(In)f FJ(Static)g(Analysis)g(Symp.)p FL(,)573 3881 y(pages)20 b(280\226301,)h(2000.)150 3972 y SDict begin H.S end 150 3972 a FL([LASR07])466 3972 y SDict begin 11 H.A end 466 3972 a 466 3972 a SDict begin [ /View [/XYZ H.V] /Dest (cite.POPL:LSR07) cvn /DEST pdfmark end 466 3972 a 107 w FL(T)-6 b(.)23 b(Le)n(v-Ami,)h(M.)f(Sagi)n(v)-5 b(,)25 b(and)f(T)-6 b(.)22 b(Reps.)i(Backw)o(ard)g(analysis)g(for)f (inferring)g(quanti\002ed)h(preconditions.)h(Submitted)573 4063 y(for)19 b(publication,)h(2007.)150 4154 y SDict begin H.S end 150 4154 a FL([Lei98])374 4154 y SDict begin 11 H.A end 374 4154 a 374 4154 a SDict begin [ /View [/XYZ H.V] /Dest (cite.Leino) cvn /DEST pdfmark end 374 4154 a 199 w FL(R.)15 b(Leino.)f(Recursi)n(v)o(e)i(object)f(types)g(in)g(a)g (logic)g(of)g(object-oriented)h(programs.)g FJ(Nor)m(dic)f(J)n(.)g(of)f (Computing)p FL(,)j(5:330\226360,)573 4246 y(1998.)150 4337 y SDict begin H.S end 150 4337 a FL([LQ06])374 4337 y SDict begin 11 H.A end 374 4337 a 374 4337 a SDict begin [ /View [/XYZ H.V] /Dest (cite.POPL:LQ06) cvn /DEST pdfmark end 374 4337 a 199 w FL(S.)25 b(K.)g(Lahiri)f(and)i(S.)f(Qadeer)l(.) g(V)-8 b(erifying)26 b(properties)g(of)f(well-founded)i(link)o(ed)f (lists.)e(In)i FJ(POPL)p FL(,)d(pages)k(115\226126,)573 4428 y(2006.)150 4520 y SDict begin H.S end 150 4520 a FL([LRS05])412 4520 y SDict begin 11 H.A end 412 4520 a 412 4520 a SDict begin [ /View [/XYZ H.V] /Dest (cite.CAV:LRS05) cvn /DEST pdfmark end 412 4520 a 161 w FL(A.)15 b(Logino)o(v)-5 b(,)18 b(T)-6 b(.)15 b(Reps,)h(and)h(M.)e(Sagi)n(v)-5 b(.)16 b(Abstraction)g(re\002nement)g(via)g(inducti)n(v)o(e)h (learning.)f(In)f FJ(Pr)m(oc.)g(Computer)o(-Aided)573 4611 y(V)-8 b(erif)o(.)p FL(,)17 b(2005.)150 4702 y SDict begin H.S end 150 4702 a FL([LRS06])412 4702 y SDict begin 11 H.A end 412 4702 a 412 4702 a SDict begin [ /View [/XYZ H.V] /Dest (cite.SAS:LRS06) cvn /DEST pdfmark end 412 4702 a 161 w FL(A.)22 b(Logino)o(v)-5 b(,)24 b(T)-6 b(.)21 b(Reps,)i(and)g(M.)f(Sagi)n(v)-5 b(.)22 b(Automatic)g(v)o (eri\002cation)h(of)f(the)g(Deutsch-Schorr)o(-Waite)g(tree-tra)o(v)o (ersal)f(al-)573 4794 y(gorithm.)e(In)g FJ(SAS)p FL(,)g(2006.)150 4885 y SDict begin H.S end 150 4885 a FL([MP71])382 4885 y SDict begin 11 H.A end 382 4885 a 382 4885 a SDict begin [ /View [/XYZ H.V] /Dest (cite.mcnaughton) cvn /DEST pdfmark end 382 4885 a 191 w FL(R.)g(McNaughton)i(and)e(S.)f(P)o(apert.)g FJ(Counter)o(-F)l(r)m(ee)h(A)o(utomata.)g FL(MIT)f(Press,)h(1971.)150 4976 y SDict begin H.S end 150 4976 a FL([MS01])382 4976 y SDict begin 11 H.A end 382 4976 a 382 4976 a SDict begin [ /View [/XYZ H.V] /Dest (cite.PLDI:MS01) cvn /DEST pdfmark end 382 4976 a 191 w FL(A.)j(M\370ller)h(and)g(M.I.)f(Schw)o (artzbach.)h(The)g(pointer)f(assertion)h(logic)g(engine.)g(In)g FJ(SIGPLAN)e(Conf)o(.)h(on)h(Pr)m(o)o(g)o(.)f(Lang)o(.)573 5068 y(Design)e(and)f(Impl.)p FL(,)f(pages)i(221\226231,)h(2001.)150 5159 y SDict begin H.S end 150 5159 a FL([Nel83])382 5159 y SDict begin 11 H.A end 382 5159 a 382 5159 a SDict begin [ /View [/XYZ H.V] /Dest (cite.Nelson) cvn /DEST pdfmark end 382 5159 a 191 w FL(G.)g(Nelson.)f(V)-8 b(erifying)21 b(reachability)g(in)m(v)n(ariants)h(of)e(link)o(ed)i(structures.)f(In)f FJ(Symp.)i(on)f(Princ.)f(of)h(Pr)m(o)o(g)o(.)f(Lang)o(.)p FL(,)h(pages)573 5250 y(38\22647,)g(1983.)150 5342 y SDict begin H.S end 150 5342 a FL([PI97])341 5342 y SDict begin 11 H.A end 341 5342 a 341 5342 a SDict begin [ /View [/XYZ H.V] /Dest (cite.JCSS:PatnaikI1997) cvn /DEST pdfmark end 341 5342 a 232 w FL(S.)j(P)o(atnaik)h(and)g(N.)f(Immerman.)h(Dyn-FO:)f (A)h(parallel,)g(dynamic)h(comple)o(xity)g(class.)e FJ(J)n(ournal)i(of) f(Computer)g(and)573 5433 y(System)20 b(Sciences)p FL(,)f (55\(2\):199\226209,)j(October)d(1997.)p eop end end %%Page: 30 30 TeXDict begin HPSdict begin 30 29 bop 0 420 a SDict begin /product where{pop product(Distiller)search{pop pop pop version(.)search{exch pop exch pop(3011)eq{gsave newpath 0 0 moveto closepath clip/Courier findfont 10 scalefont setfont 72 72 moveto(.)show grestore}if}{pop}ifelse}{pop}ifelse}if end 0 420 a 150 82 a SDict begin H.S end 150 82 a 150 82 a SDict begin H.R end 150 82 a 150 82 a SDict begin [ /View [/XYZ H.V] /Dest (page.30) cvn /DEST pdfmark end 150 82 a Fz(30)528 b(T)-5 b(.)16 b(LEV)-7 b(-AMI,)16 b(N.)g(IMMERMAN,)g(T)-5 b(.)16 b(REPS,)g(M.)g(SA)m(GIV,)h(S.)f(SRIV)-9 b(AST)j(A)d(V)g(A,)15 b(AND)i(G.)f(Y)n(ORSH)150 448 y SDict begin H.S end 150 448 a FL([RSL03])412 448 y SDict begin 11 H.A end 412 448 a 412 448 a SDict begin [ /View [/XYZ H.V] /Dest (cite.finite-differencing) cvn /DEST pdfmark end 412 448 a 161 w FL(T)-6 b(.)19 b(Reps,)h(M.)f(Sagi)n(v)-5 b(,)20 b(and)g(A.)f(Logino)o(v)-5 b(.)20 b(Finite)f(dif)n(ferencing)i(of)e(logical)h(formulas)g(for)f (static)g(analysis.)h(In)g FJ(Eur)m(opean)573 539 y(Symp.)g(On)f(Pr)m (o)o(gr)o(amming)p FL(,)g(pages)h(380\226398,)h(2003.)150 630 y SDict begin H.S end 150 630 a FL([RSW04])437 630 y SDict begin 11 H.A end 437 630 a 437 630 a SDict begin [ /View [/XYZ H.V] /Dest (cite.CAV:RSW04) cvn /DEST pdfmark end 437 630 a 136 w FL(T)-6 b(.)17 b(Reps,)g(M.)g(Sagi)n(v)-5 b(,)18 b(and)f(R.)g(W)m(ilhelm.)f(Static)g(program)i(analysis)g(via)f (3-v)n(alued)h(logic.)f(In)g FJ(CA)-8 b(V)p FL(,)16 b(pages)i (15\22630,)h(2004.)150 722 y SDict begin H.S end 150 722 a FL([SR)l(W98])433 722 y SDict begin 11 H.A end 433 722 a 433 722 a SDict begin [ /View [/XYZ H.V] /Dest (cite.kn:SRW98) cvn /DEST pdfmark end 433 722 a 140 w FL(M.)h(Sagi)n(v)-5 b(,)20 b(T)-6 b(.)20 b(Reps,)g(and)h(R.)e(W)m(ilhelm.)g(Solving)h (shape-analysis)i(problems)e(in)g(languages)i(with)d(destructi)n(v)o(e) i(updat-)573 813 y(ing.)e FJ(T)l(r)o(ans.)g(on)g(Pr)m(o)o(g)o(.)g(Lang) o(.)g(and)g(Syst.)p FL(,)g(20\(1\):1\22650,)h(January)g(1998.)150 904 y SDict begin H.S end 150 904 a FL([SR)l(W02])433 904 y SDict begin 11 H.A end 433 904 a 433 904 a SDict begin [ /View [/XYZ H.V] /Dest (cite.TOPLAS:SRW02) cvn /DEST pdfmark end 433 904 a 140 w FL(M.)k(Sagi)n(v)-5 b(,)25 b(T)-6 b(.)23 b(Reps,)i(and)g(R.)e(W)m(ilhelm.)g(P)o(arametric)g(shape)i (analysis)f(via)g(3-v)n(alued)h(logic.)f FJ(T)l(r)o(ans.)f(on)h(Pr)m(o) o(g)o(.)g(Lang)o(.)573 995 y(and)c(Syst.)p FL(,)f(2002.)150 1087 y SDict begin H.S end 150 1087 a FL([WGR96])449 1087 y SDict begin 11 H.A end 449 1087 a 449 1087 a SDict begin [ /View [/XYZ H.V] /Dest (cite.CADE:SPASS96) cvn /DEST pdfmark end 449 1087 a 124 w FL(Christoph)25 b(W)-6 b(eidenbach,)26 b(Bernd)e(Gaede,)i(and)e(Geor)o(g)g(Rock.)g(Spass)g(&)g(\003otter)f(v)o (ersion)i(0.42.)f(In)g FJ(CADE-13:)32 b(Pr)m(o-)573 1178 y(ceedings)22 b(of)f(the)g(13th)g(International)h(Confer)m(ence)g(on)f (A)o(utomated)g(Deduction)p FL(,)g(pages)h(141\226145.)h(Springer)o(-V) -8 b(erlag,)573 1269 y(1996.)150 1361 y SDict begin H.S end 150 1361 a FL([YRS)321 1329 y Fn(+)371 1361 y FL(06])470 1361 y SDict begin 11 H.A end 470 1361 a 470 1361 a SDict begin [ /View [/XYZ H.V] /Dest (cite.FOSSACS:YRSMB06) cvn /DEST pdfmark end 470 1361 a 103 w FL(G.)23 b(Y)-8 b(orsh,)25 b(A.)e(Rabino)o (vich,)j(M.)e(Sagi)n(v)-5 b(,)25 b(A.)e(Me)o(yer)m(,)i(and)f(A.)g (Bouajjani.)f(A)h(logic)g(of)g(reachable)g(patterns)g(in)g(link)o(ed) 573 1452 y(data-structures.)c(In)f FJ(FOSSA)n(CS)p FL(,)f(2006.)1698 5584 y FD(This)j(wor)q(k)e(is)h(licensed)g(under)f(the)h(Creativ)o(e)f (Commons)h(Attr)q(ib)o(ution-NoDer)q(ivs)d(License)o(.)37 b(T)-6 b(o)20 b(vie)o(w)1698 5642 y(a)e(cop)o(y)f(of)h(this)f(license)o (,)i(visit)f Fa(http://creativecommons.org/licenses/by-nd/2.0/)13 b FD(or)1698 5700 y(send)19 b(a)g(letter)f(to)i(Creativ)o(e)e(Commons)o (,)j(171)d(Second)h(St,)i(Suite)e(300,)h(San)g(F)n(rancisco)n(,)f(CA)h (94105,)1698 5758 y(USA,)14 b(or)f(Eisenacher)f(Strasse)g(2,)i(10777)e (Ber)q(lin,)h(Ger)q(man)o(y)p eop end end %%Trailer end userdict /end-hook known{end-hook}if %%EOF/krisrose@brics.dk/krisrose@brics.dk/krisrose@brics.dk/krisrose@brics.dk