Declarative Programming with Temporal Constraints, in the Language CG

Specifying and interpreting temporal constraints are key elements of knowledge representation and reasoning, with applications in temporal databases, agent programming, and ambient intelligence. We present and formally characterize the language CG, which tackles this issue. In CG, users are able to develop time-dependent programs, in a flexible and straightforward manner. Such programs can, in turn, be coupled with evolving environments, thus empowering users to control the environment's evolution. CG relies on a structure for storing temporal information, together with a dedicated query mechanism. Hence, we explore the computational complexity of our query satisfaction problem. We discuss previous implementation attempts of CG and introduce a novel prototype which relies on logic programming. Finally, we address the issue of consistency and correctness of CG program execution, using the Event-B modeling approach.


Introduction
Specifying and reasoning about phenomena that evolve in time are essential traits of any intelligent system. Their key components are usually identified as (i) representing the temporal behaviour of a system and (ii) extracting information which is otherwise implicit in the system representation. In the traditional line of research, temporal representation and reasoning are deployed for (program) verification [1]. Thus, the entire system behaviour is encoded by some form of labelled transition graph (Kripke Structure), and temporal logic is used for expressing specific properties of the underlying system. Finally, model checking [2] is employed for verifying whether the property is entailed by the system at hand. Unlike the traditional approach, we focus on capturing nonnecessarily deterministic evolutions of a system. Thus, instead of characterizing all possible behaviours, by unfolding, for example, a transition system and examining all paths, we look at a single "evolution path. " We consider that our approach has interesting advantages with respect to the traditional line of research based on temporal logics such as LTL, CTL (for a more detailed motivation see, e.g., [3]). We are less interested in eventuality (e.g., fairness constraints) or maintenance (e.g., safety constraints) of properties, which are typical for model checking [4][5][6][7] and for deductive reasoning [8][9][10][11] in temporal logics. Instead, we would like to identify temporal relations in the occurrence of properties, in the spirit of Allen's Interval Algebra [12]. As an example, consider identifying "those individuals which were married at least twice. " This amounts to finding those properties "married" which occur one after the other and which enrol the same individual.
Our framework consists of (i) a representation of an evolution path of a system, one which is specifically tailored for capturing temporal relations between the system properties, (ii) a temporal language which we employ for expressing complex temporal constraints between properties, as shown in the above example, and (iii) a rule-based programming language, CG, which allows the programmer to specify time-dependent programming. Rule-based programming languages operate on a working memory of factual information: they check rule applicability against the working memory and subsequently modify the latter, by effectively applying the rules. CG follows the same principle; only here the working memory has a temporal structure, which is precisely (i). Specifying when a rule is applicable is done using (ii). Applying the rule means executing actions which are aimed at coercing the system evolution according to the programmer's intentions. CG can be highly effective in specifying intelligent device behaviour in intelligent houses, as illustrated in [13][14][15][16]. Also, CG has been employed for temporal data mining [3]; finally, (i) and (ii) were also used as a means for representing game outcomes of multiagent systems [17].
The aim of this paper is to (a) build an all-encompassing view of our approach, (b) present our already established main theoretical results, (c) introduce a novel implementation based on Prolog, and, finally, (d) examine aspects pertaining to correctness of our approach. (a) has already been discussed in different variants, in [3,[13][14][15][16][17]; (b) has been the subject of [3,14,17]. (c) and (d) however are new contributions which, to our knowledge, have not been considered yet.
The rest of the paper is structured as follows. In Section 2, we introduce the main primitives of our modeling approach. In Section 3, we review the temporal language H and its computational properties. In Section 4 we illustrate the rulebased language CG and in Section 5 we examine aspects pertaining to its correctness. In Section 6 we illustrate a lightweight implementation for CG and finally, in Section 7, we conclude.

Modeling Evolving Applications
Our approach relies on describing the state of the modelled domain as a set of relationships between the actors of the domain, relationships called qualities in what follows: quality relation instances of the form ( 1 , . . . , ) where designates the property at hand, is the arity of , and 1 , . . . , are the individuals enrolled in the relationship. For instance, the quality Married(John,Alice) designates a binary relationship between two individuals, while On(ac) designates a property of the device ac (air conditioner).
A state, as seen in the conventional approach, is unpacked into a set of qualities, which portrays the status of the domain over a finite time interval, given that no changes are present during the interval at hand. A state transition corresponds to a change in the domain: the commencement of new qualities or the termination of existing ones. Such a change is triggered by actions. An action is also an instance of the form ( 1 , . . . , ), which designates an instantaneous event of type , which enrols individuals 1 , . . . , . For instance, Marries(John,Alice) is an action which changes the status of John and Alice: having been initially single, they now become married. Similarly, TurnOn(ac) is an action which changes the status of the air conditioner.
State unpacking is illustrated in Figure 1. Above, a conventional transition system is used to describe the evolution of a domain: John and Alice are initially single, they become married, and Alice awaits a child that also comes later on. Below, we use a quality-oriented description: the focus shifts from states labelled with certain properties to qualities introduced and terminated by actions. In the former approach, the lifespan of properties is implicit: one must examine the sequence of states on which the property continuously holds. For example, Married(John,Alice) holds from 2 to 4 . In our approach, the lifespan of qualities is represented explicitly, by their initiating and terminating actions. For instance, Married(John,Alice) holds from the moment 3 was executed until 6 was executed. We assume 3 designates the marriage action while 6 is a special action belonging to the current moment. We have not labelled actions to avoid cluttering the figure.
It is easy to see that the two description styles are equivalent. Nevertheless, we argue that our quality-oriented description suits better applications where the timing is important and, moreover, where the temporal relationship between qualities is an essential issue. Also, by avoiding unnecessary relabellings of sequences of states, we obtain a more compact representation which speeds up processing and saves space.

Domain Representation.
In what follows, we distinguish between an ontological representation of a domain itself and a temporal one. The former is temporally flat and provides the taxonomy which characterizes the domain. The latter is, in essence, a temporal structure which instantiates the taxonomy, as we will further show.
2.1.1. Individuals. The actors of a described domain are individuals. They are atomic, unique, and identifiable by themselves. They are used to represent entities from the domain (John and Alice or the air conditioner, in the above examples), as well as primitive values of use in the language (e.g., 20 degrees, the time-stamp 18:50:00, etc.) or even the environment seen as an entity in itself. Seen from the programming perspective, individuals behave much like atoms in the language of Prolog: they are string literals without an explicit type.

2.1.2.
Actions. An action corresponds to an instantaneous stimulus applied to one or more individuals. Actions are represented as relation instances ( 1 , . . . , ) where designates the action type, is the arity of , and 1 , . . . , are the individuals that the action enrols.

Time.
Individuals, actions, and qualities are merely taxonomical entities. In what follows, we add temporal dimension to each one. First, we consider individuals as perennial. Their existence is unaltered by the evolution of the domain. The temporal dimension of an action is an action node. A group of action nodes uniquely identify a moment of time when they occur, provided that their occurrence is simultaneous. We call a collection of such action nodes a hypernode. The temporal dimension of a quality = ( 1 , . . . , ) is a quality edge ( , ) which spans action nodes and . models the event which has initiated the enrolment of ( 1 , . . . , ) in , while models the event responsible for its termination. The lifespan of is given by the temporal moments when and occur, respectively.
These temporal components are glued together in a structure called temporal graph (short t-graph).
Definition 1 (temporal graph). A temporal graph is an oriented graph H = ( , ), where designates the set of action nodes and that of quality edges, together with a partition over . One denotes the elements ℎ ∈ as hypernodes. One assumes elements of and have a unique label of the form ( 1 , . . . , ), which one denotes by L( ) for ∈ and L( , ) for ( , ) ∈ , respectively. For a more rigorous treatment, one refers the reader to [3].
The domain evolution described in Figure 1 is captured by the t-graph from Figure 2 (we have omitted the representation of the quality AwaitsChild(Alice), due to limited space). We have represented action labels in blue. Also, in order to make the figure more legible, we have only labelled those actions subject to our discussion.
Definition 2 (temporal ordering, precedence). A hypernode ℎ immediately precedes another (ℎ ) in a t-graph, if and only if there exists a quality edge ( , ) such that ∈ ℎ and ∈ ℎ . Immediate precedence is a partial ordering of hypernodes, as illustrated in Figure 2. For instance, ℎ 1 immediately precedes ℎ 2 and ℎ 3 immediately precedes ℎ 4 ; however the same cannot be said about ℎ 2 and ℎ 3 . Although represented in sequence in Figure 2, ℎ 2 and ℎ 3 need not occur in this particular order. Thus, it might be the case that Alice has a child prior to the marriage to John or that the child comes after the marriage. Such information is absent from H 1 and neither conclusion could be made. However, in Figure 3, the ambiguity is lifted by the presence of the quality ( 3 , 5 ), labelled AwaitChild(John,Alice). We denote by ≻ the transitive closure of the immediate precedence relationship, described previously. If ℎ ≻ ℎ , we say ℎ precedes ℎ .
An action node ∈ ℎ (immediately) precedes ∈ ℎ if and only if ℎ ≻ ℎ . Let = ( , ) and = ( , ) be two quality edges. occurs before (after) if and only if precedes ( precedes ); occurs just before (just after) if and only if precedes and precedes ( precedes and precedes ); overlaps with if and only if , and , are simultaneous, respectively; meets if and only if , are simultaneous or coincide; contains if and only if precedes and precedes . The relationships between quality edges are inspired from Allen's Interval Algebra [12].

Asking Temporal Questions: Queries
3.1. The Language H . Temporal graphs store time-dependent information. They act as a temporal knowledge base for an ever changing domain. In what follows, we present a means for interrogating the knowledge base, the language H .
Consider a possible query such as Married(John,Alice). Intuitively, the question intended here is whether John is married to Alice. Judged with respect to time, the question becomes as follows: "Is it the case that John was married to Alice, at any point in the evolution of the domain?" The answer to such a query formulated with respect to a temporal graph H will return all the quality edges which satisfy it, that is, all quality edges ( , ) from H such that L( , ) = ( ℎ , ). Next, consider the query Married(X,Alice). Here, is a variable. We use the Prolog-style convention and denote variables by capitals. The query encodes the following question: "Was Alice ever married to someone?" The answer will produce a possibly empty set of records. If the set is nonempty, then each record is a (different) witness that the answer to the above question is yes. In our case, each record will contain a substitution = (e.g., = ℎ ) as well as the quality edge ( , ) such that L( , ) = ( , ). Further on, consider the query Married(X,Y) after Married(Y,John). The query will identify all marriages of some individual to which precede those of to John. In this case, each record will store the individual values for and , together with the quality edges labelled accordingly.
Also, we have The evaluation of query (a) (in H 1 ) will produce two records, each containing the quality edge which satisfies the label. The evaluation of query (b) (in H 1 ) will produce one record of two qualities, one for each label which occurs in the formula. The evaluation of query (c) will produce no record, while that of query (d) will produce one record of three qualities. Each record implicitly contains a mapping function between each satisfied label and its corresponding quality. Since such a function is not vital for the discussion of our approach in this paper, we have chosen to omit it.
The Scientific World Journal 5 where ∝ designates any temporal precedence relations between quality edges specified in Definition 2, is some quality type of arity , and 1 , . . . , are terms.
We denote by ‖ ‖ H the set of records which satisfy the query in the temporal graph H. ‖ ⋅ ‖ H constitutes the semantics of H , which we will not discuss in detail. Instead, we refer the reader to [3].
Negation and conjunction require some clarifications. The formula ¬ , interpreted in a t-graph H, should be interpreted as is not true in H; hence ‖ ‖ H = 0. Hence, a (sub)formula of the type ¬ will not generate a record, when satisfied.
Conjunction is used to express multiple temporal constraints over the same quality. For instance, the formula Single(X) before hasChild(X) ∧ Single(X) meets Married(X,John) expresses two constraints on the quality Single(X), which must be simultaneously satisfied by each quality edge from the record of Single(X).

H Complexity
Proposition 4 (see [3,18]). Let H be a t-graph and a formula of H . Checking ‖ ‖ H ̸ = 0 is NP-complete.
As a reduction, we use the conjunctive query problem [19]: given a structure and a sentence of the form where each is an atomic formula containing no free variables, the problem asks if makes the formula true. From we build an H formula as follows: for each we build the H formula (gadget): V ( ). is the conjunction of such gadgets. Next, from the structure , we build a t-graph H: (i) we create a quality edge = ( , ) labelled Fix(e); (ii) for each relation instance ( ) in , we build the quality edge = ( , ) labelled ( ), such that overlaps with .
(⇒). Assume makes true. In particular, makes ∃ 1 ⋅ ⋅ ⋅ ∃ . true, for each . Hence, there exists a quality edge in H which satisfies the query V ( ), for each . Thus, ‖ ‖ H is nonempty.
(⇐). Assume ‖ ‖ H is nonempty and let be some record of ‖ ‖ H . must contain, for each H subformula V ( ), a quality edge ( , ) which satisfies it; hence one labelled ( ), which is also a relation instance of . Therefore, for all , are evidence that the conjunctive query is true in . The computational complexity of the query satisfaction problem may seem discouraging at first sight. However, the source of complexity can be found in the maximal arity of the underlying qualities. For instance, given a formula Q(X,Y,Z), substitution would require building 3 possible labels Q(i,j,k), where is the total number of individuals. For formulae where the arity is an unbounded , the possible labels become exponential: . However, in practice, it is less likely that queries will be formulated with qualities of arity larger than 4. Thus, under this assumption, the computational complexity of satisfying queries becomes manageable.

Updating Temporal Graphs.
As illustrated up to this point, the language H is a means for investigating the evolution of a domain described as a temporal graph. The latter acts as a structured log and offers no means of interfering with the domain's current and future evolution. In this section we make a step forward and describe a means of achieving this.
We introduce yet another language, which we call CG, which can be used to make changes to a domain. Unlike H , CG is not a logical/temporal language, but a programming language, operating on a knowledge base which constitutes a temporal graph. The basic programming unit of CG is the rule. A rule consists of (i) a set of preconditions, (ii) an action, and (iii) a set of effects. An example is given below (in what follows, we abandon our "John and Alice" example theme for a more practical one, related to the field of application of CG, namely, that of agent programming): rule r1: On(X) as q OperatesUnderCG(X) => turnOff(X) as a => terminate q in a, create Off(X) from a.
Each precondition is given as an H -formula, where qualities can be named for later use (e.g., On(X) as q). The action (ii) specifies a stimulus under which the rule-athand is activated. In our example, turnOff is the respective action. Once a rule is activated, each precondition must be evaluated, in order to establish whether the rule should be applied or not. Let 1 ⋅ ⋅ ⋅ be the preconditions of a rule. By evaluating 1 we obtain the set ‖ 1 ‖ H , which contains a list of records. Each such record will contain the qualities which have satisfied 1 , together with a substitution for each variable occurring in 1 . The evaluation of the next precondition ( 2 ) will be achieved with respect to the substitution in each . When evaluating the last precondition with respect to all previous records, we will obtain complete substitutions of all variables occurring in the preconditions. Each such substitution, together with the matched qualities, is an activation record.
If at least one activation record exists for a rule, we say it is applicable, which means the effects (iii) can be enforced on the temporal graph. The effects of a rule consist in adding new qualities to the temporal graph or terminating existing ones. Both initiation and termination are relative to existing qualities from the temporal graph and to the current moment. For instance, terminate q in a will have the effect of terminating the matched quality q, in the action node corresponding to a. Similarly, create Off(x) from a will create a new quality edge labelled Off(x), which spans and a special current action, belonging to the current moment of time and which implicitly terminates all qualities which are known to hold at the current moment. The Scientific World Journal Rules such as r1 model ontological knowledge. They maintain temporal graphs by making implicit information explicit. In the previous example, the occurrence of a signal turnOff(a) will produce the disconnection of the device a, provided that it is controlled by the application (OperatesUnderCG(a) is true). The rule explicitly states this, by adding the Off(a) quality, starting from the exact time when turnOff(a) is executed. Such rules are reactive to actions only.
We also allow programmers to execute their own actions and thus steer the evolution of the domain in the desired way. For instance, the very simple rule rule r2: On(X),AirConditioner(X),Open(win) => turnOff(X) will turn off all air conditioners, whenever the window is opened.
In what follows we provide a grammar for the language CG: We have denoted by pl and el precondition list and effect list. Act and qual designate the action and quality tokens, while eff designates an effect. id is a program identifier used to denominate rules, matched qualities, and/or actions.

Checking the Correctness of CG Programs
Rule-based programs are usually validated by submitting some sample results to human experts. While it can be helpful it obviously does not provide enough coverage. A formal specification provides an independent standard of accuracy that can be used to check the program output. Our goal is to develop a formal specification for CG programs. We have avoided defining new action logics based on H -in the spirit of PDI (propositional dynamic logics) [20] or situation calculus [21]-for specifying rules, their preconditions, and effects and opted for existing methods. To this end we will use Event-B specification method [22] and the Rodin platform [23]. A rule-based program has two components: a database of rules and a rule interpreter. The correctness of the rulebased program involves the correctness of the database and the correctness of the interpreter. A correct database of rules is a database where the rules do not contradict. A correct rule interpreter infers all the pertinent conclusions entailed by its facts and rules and does not infer any conclusions that are not justified by them. In order to fit into the Event-B modeling framework, in this section, we have opted for viewing preconditions, actions, and effects as facts, thus ignoring the differences between them. This abstraction does not affect the generality of our results and merely serves to make our model more legible.

Event-B Modeling of Facts and Rules.
We model the facts by the abstract set FACT. Rules associate a set of facts-the premises-with another fact-the conclusion. If the premises all hold, the conclusion will also hold. In our model we represent the rule database as a relation from the set of facts to facts: New facts are generated by examining the whole set of facts, applying all the applicable rules, and adding all the new facts to the set. The whole process is repeated until no new facts appear. We model this process as an application of the function infer: having as domain the initial set of facts and codomain the final set of facts. While the initial set of facts also appears in the final set, may add new facts: The expression [P( )] is the set of all the conclusions of all the rules whose premises match some combination of the initial set of facts, where P( ) is the set of all combinations of the initial facts. The expression rules [P( )] use the relational image brackets [⋅] in order to get the set of conclusions of all the pairs in the relation rules whose premises appear in the set P( ). The function should be applied until no more conclusions can be inferred. We model the repetitive application of by the function , the transitive closure of , defined by the following axioms: that specify the characteristic properties of the irreflexive transitive closure. Given a relation from a set to itself, the irreflexive transitive closure of , denoted by ( ), is also a relation from to . The characteristic properties of ( ) are as follows: (i) relation is included in ( ); (ii) the forward composition of ( ) with is included in ( ); (iii) relation ( ) is the smallest relation dealing with (i) and (ii).

Rule Consistency.
We assume that rules are consistent if, starting from a consistent set of facts, there is no way to infer inconsistent facts. In order to model the inconsistency of facts we use the set containing mutually exclusive categories, that is, sets of facts that we know are inconsistent: ∈ P (P (FACT)) .
A consistent set of facts contains no more than one element from each set of mutually exclusive categories: where ranges over all sets of consistent facts and V ranges over all sets of inconsistent facts.

Specification of Rule-Based Programs.
A rule-based program infers conclusions relevant to some goal based on some data. We model the inference process by the event (see Specification 1). The variables and represent the state of the system before and after the execution of the event. The nondeterministic assignment operator :| expresses that a modification is possible using a before-after-predicate (expressed in the above specification immediately after the first occurrence of :|, from the act1 action). The data are the new facts that are introduced, and conclusions are the facts that are inferred. The expression ( ( ))( ∪ data) denotes the set of valid facts that can be inferred from the initial set of facts and the new data; ⊆ models the assumption that the program never retracts any conclusions; ⊆ ( ( ))( ∪data) expresses that all new facts are valid inferences; conclusions ⊆ models the inference of valid goals.
The complete specification is shown in Specification 2.
Our model is an abstract one that can be further refined by refining the event, by explicitly specifying control methods (e.g., backward/forward chaining), which explicitly specify how new facts are deduced.

Model Validation.
The model has been specified and validated using Rodin, an Eclipse-based IDE for Event-B that provides support for refinement and mathematical proofs [23]. The model is validated by discharging proof obligations. The state of development is described in Table 1 with the required proof obligations.

Implementation
Our previous implementation efforts were either (i) driven by the application context [15,16,24,25] or (ii) attempted to follow closely the algorithm description, in order to highlight correctness [3,14,18]. There are lessons to be learned from either approach. For instance, approaches such as [16,25] are highly dependent on the web service (WS) architecture which is vital for communicating with intelligent devices. Although proficient for the envisaged scenario, (i) lacks portability as well as scalability. While the WS approach has its well-known advantages [26], the author believes WS development can occasionally be hardened by the platform, IDE, and other application constraints. On the other hand, approaches such as [18] which is split between two implementations in two different languages (Haskell/Frege [27] and CLIPS [28]) and is not application-dependent may lack usability. We believe (ii) to be highly dependent on the implementations of the two languages (the former, Frege, a rather experimental language, is known to have unintuitive dissimilarities from Haskell). Thus, we take a step back and opt for a new approach, one which preserves the application independence of (ii) but which is more user-friendly, easy to use, and reliant on a unique programming environment. The reader may have noticed some similarities between Prolog and CG. One common feature is the query (/clause) matching process which, essentially, is the same for both languages. ∈ P(FACT) → P(FACT) axm3: ∈ P(P(FACT)) axm9: ∈ P(P(FACT)) axm10: Actually, CG can be seen as a temporal layer on top Prolog: the flat knowledge base is replaced by a temporal one (a temporal graph). Each CG rule can be seen as a collection of Prolog clauses. Goal (re)satisfaction corresponds to rule execution for each found activation record.
In order to represent temporal graphs in Prolog, we use the following 5 metapredicates: The factual knowledge node(A) indicates that A is an action node, while action(A,a) assigns the label a to A. Similarly, edge(A,B). indicates that ( , ) is a quality edge, while quality(A,B,q) assigns the label q to ( , ). Both a and q are arbitrary Prolog predicates. Finally, in(H,A) indicates that H is the hypernode to which action node A belongs. Hypernodes are not prespecified by another predicates, since this would be superfluous. Thus, the set of hypernodes can be identified as the entities H satisfying the goal in(H, ).
The challenge when transforming a CG rule to a set of Prolog sequences is expressing temporal constraints between qualities. To achieve this, we compute the transitive closure of the appropriate direct precedence relation, introduced in Definition 2.
We illustrate this by a simple example, given by the following query: q(X,Y) before r(X).
Such a query is transformed into a clause of the following form: find(A,B):-quality(A,B,q(X, )), quality(C, ,r(X)), precedes(B,C).
Thus, in order to identify the quality edge(s) satisfying the above query, one must find a quality edge labelled r(X) whose initiating action node C must be preceded by B. Precedence is computed as the transitive closure of the edge and simultaneous relations: Note that we have used !(cuts), in order to avoid unnecessary explorations of the knowledge base, once precedence has been established. The simultaneous clause is defined as follows: And it is satisfied if the two action nodes X and Y belong to the same hypernode.
Specifying more complicated queries is achieved compositionally, following the scheme presented above. Executing the effects of a rule reduces to enriching the metarelations defined at the beginning of this section, in a transactional manner, in the spirit of [14]. This means, in short, that all effects resulting from rules which are applicable at the same moment of time are added to the knowledge base in a manner which is perceived as simultaneous by the programmer. This implies that the effects of one rule cannot invalidate another, if both rules have been applicable at the same moment.

Conclusion
Temporal graphs coupled with H in CG are a powerful method for performing temporal reasoning and for enforcing time-dependent behaviour within intelligent systems. One major advantage of CG is that time is not encoded explicitly in other program-dependent structures. Time is a language primitive in itself, and this design choice makes program development straightforward, even for the inexperienced programmer. Besides being easy to read, declarative programs can also be easy to verify, as illustrated in Section 5. The prototype described in Section 6 relies on the cost-expensive resolution of Prolog; however more efficient implementations are possible. We leave such an endeavour for future work.