Locally Tight Programs

Program completion is a translation from the language of logic programs into the language of ﬁrst-order theories. Its original deﬁnition has been extended to programs that include integer arithmetic, accept input, and distinguish between output predicates and auxiliary predicates. For tight programs, that generalization of completion is known to match the stable model semantics, which is the basis of answer set programming. We show that the tightness condition in this theorem can be replaced by a less restrictive “local tightness” requirement. From this fact we conclude that the proof assistant anthem-p2p can be used to verify equivalence between locally tight programs.


Introduction
Program completion (Clark 1978) is a translation from the language of logic programs into the language of first-order theories.If, for example, a program defines the predicate q/1 by the rules q(a), q(X) ← p(X), (1) then the completed definition of q/1 is ∀X(q(X) ↔ X = a ∨ p(X)). (2) Program (1) and formula (2) express, in different languages, the same idea: the set q consists of a and all elements of p.
François Fages (1994) identified a class of programs for which the completion semantics is equivalent to the stable model semantics.Programs in this class are now called tight.This relationship between completion and stable models plays an important role in the theory of answer set programming (ASP).It is used in the design of the answer set solvers cmodels (Lierler and Maratea 2004), assat (Lin and Zhao 2004) and clasp (Gebser et al. 2007); and in the design of the proof assistants anthem (Fandinno et al. 2020) and anthem-p2p (Fandinno et al. 2023).Some constructs that are common in ASP programs are not covered by Clark's definition of program completion, and that definition had to be generalized.First, the original definition does not cover programs that involve integer arithmetic.To extend it to such programs, we distinguish, in the corresponding first-order formula, between "general" variables on the one hand, and variables for integers on the other (Lifschitz et al. 2019, Section 5).This is useful because function symbols in a first-order language are supposed to represent total functions, and arithmetical operations are not defined on symbolic constants.
Second, in ASP programs we often find auxiliary predicate symbols, which are not considered part of its output.Consider, for instance, the program in(P, R, 0) ← in 0 (P, R), (3) in(P, R, T + 1) ← goto(P, R, T ), (4) { in(P, R, T + 1) } ← in(P, R, T ) ∧ T = 0 .. h − 1, (5) in building(P, T ) ← in(P, R, T ), ← not in building(P, T ) ∧ person(P ) ∧ T = 0 .. h, which will be used as a running example.It describes the effect of an action-walking from one room to another-on the location of a person.We can read in(P, R, T ) as "person P is in room R at time T ," and goto(P, R, T ) as "person P goes to room R between times T and T + 1."The placeholder h represents the horizon-the length of scenarios under consideration.Choice rule (5) encodes the commonsense law of inertia for this dynamic system: in the absence of information to the contrary, the location of a person at time T + 1 is presumed to be the same as at time T .To run this program, we need to specify the value of h and the input predicates person/1, in 0 /2 and goto/3.The output is represented by the atoms in the stable model that contain in/3.The predicate symbol in bulding/2 is auxiliary; a file containing program (3)-( 8) may contain a directive that causes the solver not to display the atoms containing that symbol.For this program and other programs containing auxiliary symbols, we would like the completion to describe the "essential parts" of its stable models, with all auxiliary atoms removed.This can be accomplished by replacing the auxiliary symbols in Clark's completion by existentially quantified predicate variables (Fandinno et al. 2020, Section 6.2).The version of completion defined in that paper covers both integer arithmetic and the distinction between the entire stable model and its essential part.Standard models of the completion, in the sense of that paper, correspond to the essential parts of the program's stable models if the program is tight (Fandinno et al. 2020, Theorem 2, reproduced in Section 3.3 below).
That theorem is not applicable, however, to program (3)-( 8), because this program is not tight.Tightness is defined as the absence of certain cyclical dependencies between predicate symbols (see Section 3.3 for details).The two occurrences of the predicate in/3 in rule (5) create a dependency that is not allowed in a tight program.
In this article we propose the definition of a "locally tight" program and show that the above-mentioned theorem by Fandinno et al. can be extended to programs satisfying this less restrictive condition.Local tightness is defined in terms of dependencies between ground atoms.The last argument of in/3 in the head of rule (3)-( 8) is T + 1, and the last argument of in/3 in the body is T ; for this reason, the dependencies between ground atoms corresponding to this rule are not cyclic.ASP encodings of dynamic systems (Lifschitz 2019, Chapter 8) provide many examples of this kind.The tightness condition prohibits pretty much all uses of recursion in a program; local tightness, on the other hand, expresses the absence of "nonterminating" recursion.
The result of this article shows, for example, that the completion of program (3)-( 8) correctly describes the essential parts of its stable models.
Section 2 is a review of definitions and notation related to ASP programs with arithmetic.After defining program completion in Section 3, we introduce locally tight programs and state a theorem describing the relationship between stable models and completion under a local tightness assumption (Section 4).In Section 5, that theorem is used to justify the usability of the proof assistant anthem-p2p for verifying equivalence between programs in some cases that are not allowed in the original publication (Fandinno et al. 2023).Proofs of the theorems stated in these sections are based on a lemma of more general nature, which relates stable models to completion for a class of many-sorted first-order theories.This Main Lemma is stated in Section 6 and proved in Section 7. Proofs of the theorems are given in Sections 8-10.In two appendices, we review terminology and notation related to many-sorted formulas and their stable models.

Programs
The programming language mini-gringo, defined in this section, is a subset of the input language of the grounder gringo (Gebser et al. 2007).Most constructs included in this language are available also in the input language of the solver dlv (Leone et al. 2006).The description of mini-gringo programs below uses "abstract syntax," which disregards some details related to representing programs by strings of ASCII characters (Gebser et al. 2015).

Syntax
We assume that three countably infinite sets of symbols are selected: numerals, symbolic constants, and variables.We assume that a 1-1 correspondence between numerals and integers is chosen; the numeral corresponding to an integer n is denoted by n.In examples, we take the liberty to drop the overline in numerals.This convention is used, for instance, in rule (5), which should be written, strictly speaking, as Precomputed terms are numerals and symbolic constants.We assume that a total order on precomputed terms is chosen such that for all integers m and n, m < n iff m < n.
Terms allowed in a mini-gringo program are formed from precomputed terms and variables using the absolute value symbol | | and six binary operation names An atom is a symbolic constant optionally followed by a tuple of terms in parentheses.A literal is an atom possibly preceded by one or two occurrences of not.A comparison is an expression of the form t 1 rel t 2 , where t 1 , t 2 are terms and rel is = or one of the comparison symbols A rule is an expression of the form Head ← Body , where • Body is a conjunction (possibly empty) of literals and comparisons, and • Head is either an atom (then this is a basic rule), or an atom in braces (then this is a choice rule), or empty (then this is a constraint ).
A rule is ground if it does not contain variables.A ground rule of the form Head ←, where Head is an atom, will be identified with the atom Head and called a fact.
A program is a finite set of rules.
A predicate symbol is a pair p/n, where p is a symbolic constant, and n is a nonnegative integer.We say that p/n occurs in a literal l if l contains an atom of the form p(t 1 , . . ., t n ), and similarly for occurrences in rules and in other syntactic expressions.

Semantics
The semantics of ground terms is defined by assigning to every ground term t a finite set [t] of precomputed terms called its values.It is recursively defined as follows: • if t is a numeral or a symbolic constant, then [t] is the singleton set {t}; and and then [t] is the set of numerals m for all integers m such that, for some integers where the function round is defined as follows: The use of this function reflects the fact that the grounder gringo (Gebser et al. 2019) truncates non-integer quotients toward zero.This feature of gringo was not taken into account in earlier publications (Gebser et al. 2015, Section 4.2;Lifschitz et al. 2019, Section 6;Fandinno et al. 2020, Section 3), where the floor function was used.
For instance, For any ground terms t 1 , . . ., t n , by [t 1 , . . ., t n ] we denote the set of tuples r 1 , . . ., r n for all The semantics of programs is defined by rewriting rules in the syntax of propositional logic and referring to the definition of a stable model (answer set) of a propositional theory (Ferraris 2005).The transformation τ is defined as follows.For any ground atom p(t), where t is a tuple of terms, If R is a ground choice rule {p(t)} ← Body , then τ R is the propositional formula If R is a ground constraint ← Body, then τ R is ¬τ (Body ).
An instance of a rule is a ground rule obtained from it by substituting precomputed terms for variables.For any program Π, τ Π is the set of the formulas τ R for all instances R of the rules of Π.Thus τ Π is a set of propositional combinations of precomputed atoms.
Stable models of a program are defined as stable models of the set of formulas obtained from it by applying the transformation τ .Thus stable models of programs are sets of precomputed atoms.This definition is a special case of the definition proposed by Lifschitz et al. (2019, Section 3) for Abstract Gringo, except for the changes in the treatment of the division and modulo operations mentioned above.

Programs with input and output
A program with input and output, or an io-program, is a quadruple (Π, PH, In, Out) • v is a valuation on the set PH of its placeholdlers, and • I is a set of precomputed input atoms such that its members do not contain placeholders.
An input (v, I) represents a way to choose the values of placeholders and the extents of input predicates: for every placeholder c, specify v(c) as its value, and add the atoms I to the rules of the program as facts.If Π is a mini-gringo program then v(Π) stands for the program obtained from Π by replacing every occurrence of every constant c in the domain of v by v(c).Using this notation, we can say that choosing (v, I) as input for Π amounts to replacing Π by the program v(Π) ∪ I.About a set of precomputed atoms we say that it is an io-model of an io-program (10) for an input (v, I) if it is the set of all public atoms of some stable model of the program v(Π) ∪ I.If P is an io-model of an io-program for an input (v, I) then P in = I, because the only rules of v(Π) ∪ I containing input symbols in the head are the facts I.

Two-sorted formulas and standard interpretations
The two-sorted signature σ 0 includes • the sort general and its subsort integer ; • all precomputed terms of mini-gringo as object constants; an object constant is assigned the sort integer iff it is a numeral; • the symbol | | as a unary function constant; its argument and value have the sort integer ; • the symbols +, − and × as binary function constants; their arguments and values have the sort integer ; • predicate symbols p/n as n-ary predicate constants; their arguments have the sort general ; • symbols (9) as binary predicate constants; their arguments have the sort general.1 A formula of the form (p/n)(t) can be written also as p(t).This convention allows us to view precomputed atoms (Section 2.1.1)as sentences over σ 0 .Conjunctions of equalities and inequalities can be abbreviated as usual in algebra; for instance, An interpretation of the signature σ 0 is standard if (a) its domain of the sort general is the set of precomputed terms; (b) its domain of the sort integer is the set of numerals; (c) every object constant represents itself; (d) the absolute value symbol and the binary function constants are interpreted as usual in arithmetic; (e) predicate constants (9) are interpreted in accordance with the total order on precomputed terms chosen in the definition of mini-gringo (Section 2.1.1).
A standard interpretation will be uniquely determined if we specify the set J of precomputed atoms to which it assigns the value true.This interpretation will be denoted by J ↑ .When formulas over σ 0 are used in reasoning about io-programs with placeholders, we may need interpretations satisfying a condition different from (c).An interpretation is standard for a set PH of symbolic constants if it satisfies conditions (a), (b), (d), (e) above and the conditions (c ′ ) every object constant that belongs to PH represents a precomputed term that does not belong to PH ; (c ′′ ) every object constant that does not belong to PH represents itself.
An interpretation that is standard for PH will be uniquely determined if we specify (i) the valuation v that maps every element of PH to the precomputed term that it represents, and (ii) the set J of precomputed atoms to which it assigns the value true.This interpretation will be denoted by J v .

Representing rules by formulas
From now on, we assume that every symbol designated as a variable in mini-gringo is among general variables of the signature σ 0 .The transformation τ * , described in this section, converts mini-gringo rules into formulas over σ 0 .
First we define, for every mini-gringo term t, a formula val t (V ) over the signature σ 0 , where V is a general variable that does not occur in t.That formula expresses, informally speaking, that V is one of the values of t.The definition is recursive:2 where I, J, K are fresh integer variables.
If t is a tuple t 1 , . . ., t n of mini-gringo terms, and The next step is to define the transformation τ B , which converts literals and comparisons into formulas over σ 0 .(The superscript B reflects the fact that this translation is close to the meaning of expressions in bodies of rules.)It transforms Now we are ready to define the transformation τ * .It converts a basic rule where V is the list of alphabetically first general variables that do not occur in Π, and ∀ denotes universal closure (see Appendix A).A choice rule and a constraint ← Body becomes ∀(τ B (Body ) → ⊥).
By τ * Π we denote the set of sentences τ * R for all rules R of Π.
The transformation τ * can be used in place of the transformation τ (Section 2.1.2) to describe the stable models of a mini-gringo program, as shown by the theorem below.Its statement refers to stable models of many-sorted theories (Appendix B) for the case when the underlying signature is σ 0 , and all comparison symbols are classified as extensional.Its proof is given in Section 8.

Completion
This section describes the process of constructing the completion of an io-program.This construction involves the formulas τ * R for the rules R of the program, and it exploits the special syntactic form of these formulas, as discussed below.

Completable sets
Consider a many-sorted signature σ (see Appendix A) with its predicate constants partitioned into intensional symbols and extensional symbols, so that the set of intensional symbols is finite.A sentence over σ is completable if it has the form where G either contains no intensional symbols or has the form p(V), where p is an intensional symbol with argument sorts s 1 , . . ., s n , and V is a tuple of pairwise distinct variables of these sorts.A finite set Γ of sentences is completable if • every sentence in Γ is completable, and It is easy to see that for any mini-gringo program Π, the set τ * Π is completable.
3 In some publications, the result of applying τ * to a choice rule ( 15) is defined as The difference between this formula and formula ( 16) is not essential, because the two formulas are satisfied by the same HT-interpretations (see Appendix B).
The definition of an intensional symbol p in a completable set Γ is the set of members ( 17) of Γ such that p occurs in G.A first-order constraint is a completable sentence ( 17) such that G does not contain intensional symbols.Thus Γ is the union of the definitions of intensional symbols and a set of first-order constraints.
If the definition of p in Γ consists of the sentences ∀(F i (V) → p(V)) then the completed definition of p in Γ is the sentence where U i is the list of free variables of F i (V) that do not belong to V.
The completion COMP[Γ] of a completable set Γ is the conjunction of the completed definitions of all intensional symbols of σ in Γ and the constraints of Γ.

Completion of a program with input and output
The completion of an io-program ( 10) is the second-order sentence4 ∃P 1 • • • P l C, where C is obtained from the sentence COMP[τ * Π] by replacing all private symbols p 1 /n 1 , . . ., p l /n l with distinct predicate variables P 1 , . . ., P l .The completion of Ω will be denoted by COMP [Ω]. 5 In building COMP[Ω], we classify as extensional all comparison and input symbols.All output and private symbols are intensional.
Consider, for example, the io-program with the rules without input symbols and with the output symbol q/2.The translation τ * transforms these rules into the formulas The completed definition of p/1 in ( 19) is and the completed definition of q/2 is The completion of the program is ( 20) Formula ( 20) can be equivalently rewritten as Second-order quantifiers in completion formulas can often be eliminated.For instance, formula ( 20) is equivalent to the first-order formula

Review: tight programs
We are interested in cases when the sentence COMP[Ω] can be viewed as a description of the io-models of Ω.This is a review of one result of this kind.
The positive predicate dependency graph of a mini-gringo program Π is the directed graph defined as follows.Its vertices are the predicate symbols p/n that occur in Π.It has an edge from p/n to p ′ /n ′ iff p/n occurs in the head of a rule R of Π such that p ′ /n ′ occurs in an atom that is a conjunctive term of the body of R.
A mini-gringo program is tight if its positive predicate dependency graph is acyclic.For example, the positive predicate dependency graph of program (18) has a single edge, from q/2 to p/1; this program is tight.The positive predicate dependency graph of program (3)-( 8) includes a self-loop at in/3; this program is not tight.
Let Ω be an io-program (Π, PH, In, Out), and let P be a set of precomputed public atoms that do not contain placeholders of Ω.Under the assumption that Π is tight, P is an io-model of Ω for an input (v, I) iff P v satisfies COMP[Ω] and P in = I (Fandinno et al. 2020, Theorem 2).

Locally tight programs
For any tuple t 1 , . . ., t n of ground terms, [t 1 , . . ., t n ] stands for the set of tuples r 1 , . . ., r n of precomputed terms such that r The positive dependency graph of an io-program Ω for an input (v, I) is the directed graph defined as follows.Its vertices are the ground atoms p(r 1 , . . ., r n ) such that p/n is an output symbol or a private symbol of Ω, and each r i is a precomputed term different from the placeholders of Ω.It has an edge from p(r) to p ′ (r ′ ) iff there exists a ground instance R of one of the rules of v(Π) such that (a) the head of R has the form p(t) or {p(t)}, where t is a tuple of terms such that r ∈ [t]; (b) the body of R has a conjunctive term of the form p ′ (t), where t is a tuple of terms such that r ′ ∈ [t]; (c) for every conjunctive term of the body of R that contains an input symbol of Ω and has the form q(t) or not not q(t), the set [t] contains a tuple r such that q(r) ∈ I; (d) for every conjunctive term of the body of R that contains an input symbol of Ω and has the form not q(t), the set [t] contains a tuple r such that q(r) ∈ I; (e) for every comparison t 1 ≺ t 2 in the body of R, there exist terms r 1 , r 2 such that , and the relation ≺ holds for the pair (r 1 , r 2 ).
Recall that an infinite walk in a directed graph is an infinite sequence of edges which joins a sequence of vertices.If the positive dependency graph of Ω for an input (v, I) has no infinite walks, then we say that Ω is locally tight on that input.
Consider, for example, the positive dependency graph of the io-program Ω 1 (Section 2.2).Its vertices for an input (v, I) are atoms in(p, r, t) and in building (p, t), where p, r, t are precomputed terms different from h.The only rules of Ω 1 that contribute edges to the graph are ( 5) and ( 7), because all predicate symbols in the bodies of ( 3) and ( 4) are input symbols, and rules ( 6) and ( 8) are constraints.If R is (5) then v(R) is the rule Proof Assume that Π is tight, but the positive dependency graph of (Π, PH, In, Out) for some input has an infinite walk.If that graph has an edge from p(r 1 , . . ., r n ) to p ′ (r ′ 1 , . . ., r ′ n ′ ) then the positive predicate dependency graph of Π has an edge from p/n to p ′ /n ′ .Consequently this graph has an infinite walk as well.But that is impossible, because this graph is finite and acyclic.
The example of program Ω 1 shows that the converse of Proposition 1 does not hold.The theorem below generalizes the property of tight programs reviewed at the end of Section 3.3.For any formula F over σ 0 and any valuation v, v(F ) stands for the formula obtained from F by replacing every occurrence of every constant c in the domain of v by v(c).The proof of the following theorem is given in Section 9.

Theorem 2
For any io-program Ω, any set P of precomputed public atoms that do not contain placeholders of Ω, and any input (v, I) for which Ω is locally tight, the following conditions are equivalent: Take, for instance, the io-program Ω 1 and the input (v, I) defined by conditions (12).We observed in Section 2.2 that the set P obtained from I by adding atoms ( 13) is an io-model of Ω 1 for (v, I).According to Theorem 2, this observation is equivalent to the claim that the corresponding interpretation P ↑ satisfies the sentence obtained from COMP[Ω 1 ] by substituting 2 for the placeholder h.

Equivalence of io-programs
We begin with an example.Consider the io-program Ω 2 , obtained from Ω 1 by replacing inertia rule (5) with the pair of rules go(P, T ) ← goto(P, R, T ), ( 22) Here go/2 is a new private symbol.These rules express commonsense inertia in a different way, using the fact that goto actions are the only possible causes of change in the location of a person.Programs Ω 1 and Ω 2 describe the same dynamic system using two different approaches to encoding inertia.Are these programs equivalent, in some sense?The idea of equivalence with respect to a user guide (Fandinno et al. 2023) allows us to make this question precise.We present the details below.
About two io-programs we say that they are comparable to each other if they have the same placeholders, the same input symbols, and the same output symbols.For example, Ω 1 and Ω 2 are comparable.Any two comparable programs have the same inputs, because the definition of an input for Ω (Section 2.2) refers to only two components of Ω-to its placeholders and its input symbols.
We will define when comparable io-programs Ω, Ω ′ are equivalent to each other on a subset Dom of their inputs.Sets of inputs will be called domains.We need domains to express the idea that two io-programs can be equivalent even if they exhibit different behaviors on some inputs that we consider irrelevant.In an input for Ω 1 or Ω 2 , for example, the first argument of each of the predicate symbols in 0 /2, goto/3 is expected to be a person; we are not interested in inputs that contain in 0 (alice, hall ) but do not contain person(alice).
Domains are infinite sets, but there is a natural way to represent some domains by finite expressions.An assumption for an io-program Ω is a sentence over σ 0 such that every predicate symbol p/n occurring in it is an input symbol of Ω.The domain defined by an assumption A is the set of all inputs (v, I) such that the interpretation I v satisfies A. For example, the assumption ∀P R(in 0 (P, R) → person(P )), (24) where P and R are general variables, defines the set I of all inputs for Ω 1 such that person(p) ∈ I whenever in 0 (p, r) ∈ I.About comparable io-programs Ω, Ω ′ we say that they are equivalent on a domain Dom if, for every input (v, I) from Dom, Ω and Ω ′ have the same io-models for that input.
anthem-p2p (Fandinno et al. 2023) is a proof assistant designed for verifying equivalence of io-programs in the sense of this definition.It uses the following terminology.A user guide is a quadruple where PH, In and Out are as in the definition of an io-program (Section 2.2), and Dom is a domain.The assertion that io-programs (Π, PH, In, Out) and (Π ′ , PH, In, Out) are equivalent on a domain Dom can be expressed by saying that Π and Π ′ are equivalent with respect to user guide (25). 6e can say, for example, that replacing rule (5) in mini-gringo program (3)-( 8) with rules ( 22) is an equivalent transformation for the user guide (25) with PH, In and Out defined by formulas (11), and with Dom defined by the conjunction of assumption ( 24) and the assumption ∀P R T (goto(P, R, T ) → person(P )). (26) Theorem 3 below shows that using the anthem-p2p algorithm for verifying equivalence of io-programs can be justified under a local tightness condition.If an io-program is locally tight for all inputs satisfying an assumption A then we say that it is locally tight under the assumption A. If two comparable io-programs are equivalent on the domain defined by an assumption A then we say that they are equivalent under the assumption A. The proof of the following theorem is given in Section 10.

Theorem 3
Let Ω, Ω ′ be comparable io-programs with placeholders PH that are locally tight under an assumption A. Programs Ω, Ω ′ are equivalent to each other under the assumption A iff the sentence is satisfied by all interpretations that are standard for PH.
From Theorem 3 we can conclude that equivalence between Ω and Ω ′ will be established if formula ( 27) is derived from a set of axioms that are satisfied by all interpretations that are standard for PH.This is how anthem-p2p operates (Fandinno et al. 2023, Sections 7).
The claim that Ω 1 is equivalent to Ω 2 assuming ( 24) and ( 26) has been verified by anthem-p2p, with the resolution theorem prover vampire (Kovaćs and Voronkov 2013) used as the proof engine.We saw in Section 4 that Ω 1 is locally tight for all inputs.The positive dependency graph of Ω 2 has additional edges, from go(p, t) to goto(p, r, t).It is clear that this graph has no infinite walks either, so that Ω 2 is locally tight for all inputs as well.
The process of verifying equivalence in this case was interactive-we helped vampire find a proof by suggesing useful lemmas and an induction axiom, as usual in such experiments (Fandinno et al. 2023, Section 6;Fandinno et al. 2020, Figure 5).Induction was needed to prove the lemma ∀P R T (in(P, R, T ) → person(P )), with (24) used to justify the base case.

Main lemma
The Main Lemma, stated below, relates the completion of a completable set of sentences (Section 3.1) to its stable models (Appendix B).
As in Section 3.1, σ stands here for a many-sorted signature with its predicate constants partitioned into intensional and extensional.The symbols σ I , d * , used in this section, are introduced in Appendix A; I ↓ is defined in Appendix B.
We define, for an interpretation I of σ and a sentence F over σ I , the set Pos(F, I) of (strictly) positive atoms of F with respect to I. Elements of this set are formulas of the form p(d * ).This set is defined recursively, as follows.If F does not contain intensional symbols or is not satisfied by I then Pos(F, I) = ∅.Otherwise, It is easy to check by induction on F that Pos(F, I) is a subset of the set I ↓ .An instance of a completable sentence ∀(F → G) over σ I is a sentence obtained from F → G by substituting names d * for its free variables.For any completable set Γ of sentences over σ I , the positive dependency graph G sp I (Γ) is the directed graph defined as follows.Its vertices are elements of I ↓ .It has an edge from A to B iff, for some instance F → G of a member of Γ, A ∈ Pos(G, I) and B ∈ Pos(F, I).

Main Lemma
For any interpretation I of σ and any completable set Γ of sentences over σ I such that the graph G sp I (Γ) has no infinite walks, I is a stable model of Γ iff I |= COMP[Γ].Consider, for example, the signature consisting of a single sort, the object constants a, b, and the intensional unary predicate constant p.Let Γ be and let the interpretations I, J be defined by the conditions The set J ↓ of vertices of G sp J (Γ) is {p(0 * ), p(1 * )}.This graph has one edge-the self-loop at p(1 * ), because Consequently the Main Lemma is applicable to I, but not to J. It asserts that I is a stable model of Γ (which is true) iff I satisfies the completion of Γ (which is true as well).The interpretation J, on the other hand, satisfies the completion of Γ, but it is not a stable model.
The Main Lemma is similar to two results published earlier (Ferraris et al. 2011, Theorem 11;Lee and Meng 2011, Corollary 4).The former refers to dependencies between predicate constants, rather than ground atoms.The latter is applicable to formulas of different syntactic form.
About an interpretation I of σ we say that it is semi-Herbrand if • all elements of its domains are object constants of σ, and For example, every interpretation of σ 0 that is standard, or standard for some some set P H (Section 2.3), is semi-Herbrand.
If I is semi-Herbrand then the graph G sp I (Γ) can be modified by replacing each vertex p(d * ) by the atom p(d) over the signature σ.This modified positive dependency graph is isomorphic to G sp I (Γ) as defined above.It can be defined independently, by replacing clauses (i) and (iv) in the definition of Pos(F, I) above by

Proof of the Main Lemma
The Main Lemma expresses a property of the completion operator, and its proof below consists of two parts.We first prove a similar property of pointwise stable models, defined in Appendix B (Lemma 3); then we relate pointwise stable models to completion.As in Section 6, σ stands for a many-sorted signature with its predicate constants subdivided into intensional and extensional.
Then, from the assumption I |= F we conclude that I |= F i for i = 1, 2. On the other hand, By the induction hypothesis, it follows that H, I |= ht F i , and consequently H, By the induction hypothesis, it follows that H, where X is a variable of sort s.Then, for every element d of |I| s , I |= G(d * ) and By the induction hypothesis, it follows that H, I |= ht G(d * ).We can conclude that H, I |= ht ∀X G(X).Case 2.6: F is ∃X G(X).Similar to Case 2.5.
The definition of G sp I (Γ) in Section 6 is restricted to the case when Γ is a completable set of sentences over σ I .It can be generalized to arbitrary sets of sentences as follows.A rule subformula of a formula F is an occurrence of an implication in F that does not belong to the antecedent of any implication (Ferraris et al. 2011, Section 7.3;Lee and Meng 2011, Section 3.3).Let I be an interpretation of an arbitrary signature σ, and let Γ be a set of sentences over σ I .All vertices of G sp I (Γ) are elements of I ↓ .The graph has an edge from A to B iff, for some sentence F 1 → F 2 obtained from a rule subformula of a member of Γ by substituting names d * for its free variables, A ∈ Pos(F 2 , I) and B ∈ Pos(F 1 , I).
For any sentence F , G sp I (F ) stands for G sp I ({F }).

Lemma 2
For any HT-interpretation H, I , any atom M in I ↓ \ H, and any sentence F over σ I , if

Proof
By induction on the size of F .Sentence F is neither atomic nor ⊥.Indeed, in that case F would be an atomic sentence of the form p(t), where p is intensional, because, by (ii), Pos(F, I) is non-empty.Then, from (iii), p((t I ) * ) ∈ H. On the other hand, Pos(F, I) is {p((t I ) * )}, and from (ii) we conclude that M = p((t I ) * ).This contradicts the assumption that M ∈ I ↓ \ H. Thus five cases are possible.
Case 1: F is F 1 ∧F 2 .From (iii) we can conclude that H, I |= ht F i for i = 1, 2. It is sufficient to show that I ↓ \{M }, I |= ht F i ; then the conclusion that I ↓ \ {M }, I |= ht F will follow.Case 1.1: M ∈ Pos(F i , I), so that formula F i satisfies condition (ii).That formula satisfies condition (i) as well, because G sp I (F i ) is a subgraph of G sp I (F ), and it satisfies condition (iii).So the conclusion I ↓ \{M }, I |= ht F i follows by the induction hypothesis.Case 1.2: M ∈ Pos(F i , I).Since Pos(F i , I) is a subset of I ↓ , Pos(F i , I) ⊆ I ↓ \ {M }.On the other hand, from the fact that H, I |= ht F i we conclude, by Proposition 3(a), that Case 2: F is F 1 ∨F 2 .From (iii) we can conclude that H, I |= ht F i for i = 1 or i = 2.It is sufficient to show that I ↓ \ {M }, I |= ht F i ; then the conclusion that I ↓ \ {M }, I |= ht F will follow.The reasoning is the same as in Case 1.
Case 3: On the other hand, F is a rule subformula of itself, so that for every atom B in Pos(F 1 , I), (M, B) is an edge of the graph G sp I (F ).By (i), it follows that every such atom B belongs to H. Consequently Case 3.1: H, I |= ht F 2 , so that F 2 satisfies condition (iii).Since G sp I (F 2 ) is a subgraph of G sp I (F ), F 2 satisfies condition (i) as well.By (28), F 2 satisfies condition (ii).Then, by the induction hypothesis, I ↓ \ {M }, I |= ht F 2 .Consequently I ↓ \ {M }, I |= ht F .Case 3.2: H, I |= ht F 2 .Then, in view of (iii), H, I |= ht F 1 .From this fact and formula (29) we can conclude, by Lemma 1, that I |= F 1 .By Proposition 3(a), it follows that Case 4: F is ∀X G(X).From (iii) we can conclude that for every d the domain s , where s is the sort of X, H, Case 5: F is ∃X G(X).From (iii) we can conclude that for some d the domain s , where s is the sort of X, H, I |= ht G(d * ).It is sufficient to show that I ↓ \ {M }, I |= ht G(d * ); then the conclusion that I ↓ \ {M }, I |= ht F will follow.The reasoning is the same as in Case 4.

Lemma 3
For any interpretation I of σ and any set Γ of sentences over σ I such that the graph G sp I (Γ) has no infinite walks, I is a stable model of Γ iff I is pointwise stable.

Proof
We need to show that if I is a model of Γ such that the graph G sp I (Γ) has no infinite walks, and there exists a proper subset H of I ↓ such that H, I satisfies Γ, then a subset with this property can be obtained from I ↓ by removing a single element.
The set I ↓ \ H contains an atom M such that for every edge (M, B) of the graph G sp I (Γ), B ∈ I ↓ \ H. Indeed, otherwise this graph would have an infinite walk consisting of elements of I ↓ \ H. On the other hand, for every such edge, B ∈ I ↓ .Indeed, from the definition of the graph G sp I (Γ) we see that for every edge (M, B) of that graph, B belongs to the set Pos(F, I) for some sentence F , and that set is contained in I ↓ .Consequently for every edge (M, B) of G sp I (Γ), B ∈ H.We will show that I ↓ \ {M }, I satisfies Γ.Take a sentence F from Γ. Case 1: M ∈ Pos(F, I).Then, condition (ii) of Lemma 2 is satisfied for the HT-interpretation H, I .Condition (i) is satisfied for this HT-interpretation as well, because A model I of a set Γ of completable sentences over σ is supported if for every atom p(d * ) in I ↓ there exists an instance F → p(d * ) of a member of Γ such that I |= F .

Lemma 4
Every pointwise stable model of a completable set of sentences is supported.

Proof
Let I be a pointwise stable model of a completable set Γ of sentences.Take an atom p(d * ) from I ↓ .We need to find an instance F → p(d * ) of a completable sentence from Γ such that I |= F .
By the definition of a pointwise stable model, I ↓ \ {p(d * )}, I does not satisfy Γ.Then, one of the completable sentences from Γ has an instance F → G such that We will show that this instance has the required properties.Since I is a model of Γ, From ( 30) and ( 31) we conclude that and From (32) and Proposition 3(a), I |= F .Then, in view of (31), From ( 33), (34) and Proposition 3(c) we can conclude that formula Gd contains p, so that it has the form p(e * ) for some tuple of domain elements e.Then, from (34), p(e * ) ∈ I ↓ , and from (33), p(e * ) ∈ I ↓ \ {p(d * )}.Consequently p(e * ) is p(d * ), so that e = d.

Lemma 5
For any interpretation I of σ and any completable set Γ of sentences over σ such that the graph G sp I (Γ) has no infinite walks, I is a supported model of Γ iff I is stable.

Proof
The if part follows from Lemmas 3 and 4. For the only if part, consider a supported model I of a completable set Γ of sentences such that the graph G sp I (Γ) has no infinite walks; we need to prove that I is stable.According to Lemma 3, it is sufficient to check that I is pointwise stable.
Take any atom M in I ↓ ; we will show that I ↓ \ {M }, I is not an HT-model of Γ.Since I is supported, one of the completable sentences in Γ has an instance F → M such that I |= F .Atom M does not belong to Pos(F, I), because otherwise M, M, . . .would be an infinite walk in G sp I (Γ).Since the set Pos(F, I) is a subset of I ↓ , we can conclude that it is a subset of I ↓ \ {M }.By Lemma 1, it follows that I ↓ \ {M }, I |= ht F .Therefore

Proof
Let the sentences defining an intensional predicate symbol p in Γ be The completed definition of p is Hence, an interpretation I of σ satisfies COMP[Γ] iff the following three conditions hold: (a) for every intensional p, I satisfies the sentence (b) for every intensional p and for every i, I satisfies the sentence Since the members of Γ defining p are sentences of form ( 35), the last condition expresses that I is a supported model of Γ.
The assertion of the Main Lemma follows from Lemmas 5 and 6.
8 Proof of Theorem 1 The proof of Theorem 1 refers to infinitary propositional formulas and the strong equivalence relation between them (Harrison et al. 2017).
Translations τ and τ * are related by a third translation F → F prop (Lifschitz et al. 2019, Section 5), which transforms sentences over σ 0 into infinitary propositional combinations of precomputed atoms.This translation is defined as follows: • if F is p(t 1 , . . ., t n ), then F prop is obtained from F by replacing each t i by the value obtained after evaluating all arithmetic functions in t i ; • if F is t 1 rel t 2 , then F prop is ⊤ if the values of t 1 and t 2 are in the relation rel , and ⊥ otherwise; for every binary connective ⊙; • (∀X F (X)) prop is the conjunction of the formulas F (r) prop over all precomputed terms r if X is a general variable, and over all numerals r if X is an integer variable; • (∃X F (X)) prop is the disjunction of the formulas F (r) prop over all precomputed terms r if X is a general variable, and over all numerals r if X is an integer variable.
This translation is similar to the grounding operation defined by Truszczynski (2012, Section 2).The following proposition, analogous to Proposition 2 from Truszczynski's paper and to Proposition 3 by Lifschitz et al. (2019), relates the meaning of a sentence to the meaning of its propositional translation.It differs from the last result in view of the fact that the division and modulo operations are treated here in a different way (see Section 2.1.2and Footnote 2), but can be proved in a similar way.

Proposition 2
For any rule R, (τ * R) prop is strongly equivalent to τ R.
Since standard interpretations of σ 0 are semi-Herbrand (Section 6), the correpondence between tuples d of elements of domains of a standard interpretation and tuples d * of their names is one-to-one, and we take the liberty to identify them.Therefore, for a standard interpretation I of σ 0 , I ↓ is identified with the set of precomputed atoms that are satisfied by I.In view of this convention, the transformation I → I ↓ is the inverse of the transformation J → J ↑ , defined in Section 2.3: for any set J of precomputed atoms over σ 0 , (J ↑ ) ↓ = J . (37) Lemma 7 (Fandinno and Lifschitz 2023, Lemma 2(i)) A standard interpretation I of σ 0 satisfies a sentence F over σ 0 iff I ↓ satisfies F prop .
The lemma below relates the meaning of a sentence in the logic of here-and-there to the meaning of its grounding in the infinitary version of that logic (Truszczynski 2012, Section 2).It is similar to Proposition 4 from that paper and can be proved by induction in a similar way.

Lemma 8
A standard HT-interpretation H, I of σ 0 satisfies a sentence F over σ 0 iff H, I ↓ satisfies F prop .
The following lemma relates stable models of first-order formulas (as defined in Appendix B) to stable models of infinitary propositional formulas (Truszczynski 2012, Section 2).It is a generalization of Theorem 5 from that paper.
By Lemma 8, for any proper subset H of I ↓ , H, I satisfies Γ iff H, I ↓ satisfies {F prop : F ∈ Γ}.

Proof of Theorem 1
For any set J of precomputed atoms and any mini-gringo program Π, iff J is a stable model of Π (semantics of mini-gringo).

Proof of Theorem 2
The equivalence between conditions (b) and (c) in the statement of Theorem 2 follows from the fact that for every sentence F over σ 0 (first-order or second-order), P ↑ satisfies v(F ) iff P v satisfies F .The equivalence between conditions (a) and (b) will be derived from the Main Lemma.To this end, we need to relate the positive dependency graph of an io-program to the positive dependency graph of the corresponding completable set of sentences with respect to a standard interpretation of σ 0 .Such a relationship is described by Lemma 14 below.

Lemma 10
For any tuple t of ground terms in the language of mini-gringo and for any tuple r of precomputed terms of the same length, the formula val t (r) is equivalent to ⊤ if r ∈ [t], and to ⊥ otherwise.

Proof
The special case when t is a single term is Lemma 1 by Lifschitz et al. (2020).The general case easily follows.
The following lemma describes properties of the transformation τ B , defined in Section 2.4.

Lemma 11
For any set J of precomputed atoms and any ground literal L such that J ↑ |= τ B (L), (a) If L is p(t) or not not p(t) then, for some tuple r in [t], p(r) ∈ J .(b) If L is not p(t) then, for some tuple r in [t], p(r) ∈ J .

Proof
Consider the case when L is p(t).Then, τ B (L) is ∃V(val t (V) ∧ p(V)).Since J ↑ satisfies this formula, there exists a tuple r of precomputed terms such that J ↑ satisfies val t (r) and p(r).Since val t (r) is satisfiable, we can conclude by Lemma 10 that r ∈ [t].The other two cases are analogous.

Lemma 12
If U is a tuple of general variables, and u is a tuple of precomputed terms of the same length, then (a) for any term t(U) and any precomputed term r, the result of substituting u for U in val t(U) (r) is val t(u) (r); (b) for any conjunction Body (U) of literals and comparisons, the result of substituting u for U in τ B (Body (U)) is τ B (Body (u)).

Proof
Part (i) is easy to prove by induction.Part (ii) immediately follows.
In the rest of this section, v is a valuation on the set of placeholders of an io-program Ω, and J is a set of precomputed atoms that do not contain placeholders of Ω.Standard interpretations of σ 0 are semi-Herbrand, and the references to Pos and G sp below refer to the definitions modified as described at the end of Section 6.

Lemma 13
Let U be a list of distinct general variables, and let p(t(U)) ← Body(U) be a basic rule of Ω with all variables explicitly shown.For any tuple u of precomputed terms of the same length as U, any tuple r from [v(t(u))], and any precomputed atom A from Pos(τ B (v(Body (u))), J ↑ ), the positive dependency graph of Ω for the input (v, J in ) has an edge from p(r) to A.

Proof
We will show that the instance satisifies conditions (a)-(e) imposed on R in the definition of the positive dependency graph of an io-program (see Section 4).
Verification of condition (a): the argument of p in the head of R is v(t(u)), and r ∈ It follows that A = p ′ (r ′ ), so that A is a conjunctive term of the body required by condition (b).
Verification of conditions (c)-(e): let L be a conjunctive term of the body v(Body (u)) of R that contains an input symbol of Ω or is a comparison.Since Pos(τ B (v(Body (u))), J ↑ ) is non-empty, τ B (v(Body (u))) is satisfied by J ↑ .Therefore, the conjunctive term τ B (L) of that formula is satisfied by J ↑ as well.If L has the form q(t) or not not q(t) then, by Lemma 11(a), there exists a tuple r ′ in [t] such that q(r ′ ) ∈ J , and consequently q(r ′ ) ∈ J in .If L has the form not q(t) then, by Lemma 11(b), there exists a tuple r ′ in [t] such that q(r ′ ) ∈ J , and consequently q(r ′ ) / Since this formula is satisfied by J ↑ , the relation ≺ holds for a pair (r 1 , r 2 ) of precomputed terms such that val t1 (r 1 ) and val t2 (r 2 ) are satisfied by J ↑ .By Lemma 10, r 1 ∈ [t 1 ] and r 2 ∈ [t 2 ].

Lemma 14
Let Π be the set of rules of Ω.
(i) The positive dependency graph of Ω for the input (v, J in ) is a supergraph of the positive dependency graph of τ * (v(Π)).(ii) If Ω is locally tight for the input (v, J in ) then the graph G sp J ↑ (τ * (v(Π))) has no infinite walks.Proof (i) Replacing a choice rule {p(t)} ← Body in Ω by the basic rule p(t) ← Body affects neither the positive dependency graph of Ω nor the positive dependency graph of τ * (v(Π)).Consequently we can assume, without loss of generality, that Ω is an io-program without choice rules.
Pick any edge (p(r), A) of the (modified) graph G sp J ↑ (τ * (v(Π))).Then, there is an instance F → G of the completed sentence obtained by applying τ * to a basic rule of v(Π) such that p(r) ∈ Pos(G, J ↑ ) and A ∈ Pos(F, J ↑ ).That rule of v(Π) can be written as p(v(t(U))) ← v(Body (U)), (38) where is a rule of Π, and U is the list of its variables.The result of applying τ * to (38) is where V is a tuple of general variables.Let u, z be tuples of precomputed terms that are substituted for U, V in the process of forming the instance F → G.By Lemma 12, that instance can be written as val v(t(u)) (v) ∧ τ B (v(Body (u))) → p(v).
Consequently p(r) ∈ Pos(p(v), J ↑ ) and The first of these conditions implies v = r, so that the second can be rewritten as It follows that J ↑ satisfies val v(t(u)) (r).By Lemma 10, we can conclude that r ∈ v(t(u)).On the other hand, the set Pos(val v(t(u)) (r), J ↑ ) is empty, because the formula val v(t(u)) (r) does not contain intensional symbols.Consequently (39) implies that A ∈ Pos(τ B (v(Body (u))), J ↑ ).
By Lemma 13, it follows that (p(r), A) is an edge of the positive dependency graph of Ω for the input (v, J in ).
Now we are ready to prove that condition (a) in the statement of Theorem 2 is equivalent to condition (b).The assumption that P is an io-model of Ω for an input (v, I) implies that P in = I.Indeed, that assumption means that P is the set of public atoms of some stable model J of the program v(Π) ∪ I, where Π is the set of rules of Ω.In that program, the facts I are the only rules containing input symbols in the head, so that J in = I.Since all input symbols are public, it follows that P in = I.It remains to show that P is an io-model of Ω for (v, P in ) iff P ↑ satisfies v(COMP[Ω]) under the assumption that Ω is locally tight for (v, P in ).
Recall that COMP[Ω] is the second order sentence ∃P 1 • • • P l C, where C is obtained from the sentence COMP[τ * Π] by replacing the private symbols p 1 /n 1 , . . ., p l /n l of Ω with distinct predicate variables P 1 , . . ., P l .Then v(COMP[Ω]) is ∃P 1 • • • P l v(C).Hence, the condition in the right-hand side of (40) means that for some set J obtained from P by adding private precomputed atoms, J ↑ satisfies v(COMP[τ * Π]).It remains to observe that an interpretation of σ 0 is standard for P H iff it can be represented in the form P v for some P and v.

Conclusion
In this paper, we defined when an io-program is considered locally tight for an input, and proved two properties of locally tight programs: io-models can be characterized in terms of completion (Theorem 2), and the anthem-p2p algorithm can be used to verify equivalence (Theorem 3).The local tightness condition is satisfied for many nontight programs that describe dynamic domains.
Theorem 2 can be used also to justify using the anthem algorithm (Fandinno et al. 2020) for verifying a locally tight program with respect to a specification expressed by first-order sentences.
Future work will include extending the anthem-p2p algorithm and Theorem 3 to ASP programs that involve aggregate expressions, using the ideas of Fandinno et al. (2022) and Lifschitz (2022).About a model I of a set Γ of sentences over σ I we say it is stable if, for every proper subset H of I ↓ , HT-interpretation H, I does not satisfy Γ.In application to finite sets of formulas with a single sort, this definition of a stable model is equivalent to the definition in terms of the operator SM (Ferraris et al. 2011).
We say that I is pointwise stable if, for every element M of I ↓ , I ↓ \ {M }, I does not satisfy Γ.
and an instance in building (p, t) ← in(p, r, t) of v(R) contributes the edge in building (p, t) −→ in(p, r, t).(21) Consequently the edges of the positive dependency graph of Ω 1 are (21) and in(p, r, i + 1) −→ in(p, r, i) if v(h) = n and 0 ≤ i < n.It is clear that this graph has no infinite walks.Consequently Ω 1 is locally tight on all inputs.Proposition 1 If a mini-gringo program Π is tight then any io-program of the form (Π, PH, In, Out) is locally tight for all inputs.
(a) P is an io-model of Ω for (v, I), (b) P ↑ satisfies v(COMP[Ω]) and P in = I, (c) P v satisfies COMP[Ω] and P in = I.

Lemma 1
For any HT-interpretation H, I and any sentence F over σ I , if I |= F and Pos(F, I) ⊆ H then H, I |= ht F. Proof By induction on the size of F .Case 1 : F does not contain intensional symbols.The assertion of the lemma follows from Proposition 3(b) in Appendix B. Case 2 : F contains an intensional symbol.Since I |= F , the set Pos(F, I) is determined by the recursive clauses in the definition of Pos.Case 2.1: F is p(t), where p is intensional.Then, the assumption Pos(F, I) ⊆ H and the claim H, I |= ht F turn into the condition p((t and it satisfies condition (iii).So the conclusion I ↓ \ {M }, I |= ht G(d * ) follows by the induction hypothesis.Case 4.2: M ∈ Pos(G(d * ), I).Since Pos(G(d * ), I) is a subset of I ↓ , we can conclude that Pos(G(d * ), I) ⊆ I ↓ \ {M }.On the other hand, from the fact that H, I |= ht G(d * ) we conclude, by Proposition 3(a), that I |= G(d * ).By Lemma 1, it follows that I ↓ \ {M }, I |= ht G(d * ).

Lemma 6
For any interpretation I of σ and any completable set Γ sentences over σ, I is a supported model of Γ iff I |= COMP[Γ].
Note also that v(COMP[τ * Π]) = COMP[τ  *  (v(Π)].Thus the right-hand side of (40) is Hence, programs Ω and Ω ′ are equivalent to each other under assumption A iff the conditionP v satisfies COMP[Ω] ↔ COMP[Ω ′ ] (45)holds for every input (v, I) from the domain defined by A and every set P of precomputed public atoms such that P in = I; equivalently, iff (45) holds for every input (v, I) such that I v satisfies A and every set P of precomputed public atoms such that P in = I;equivalently, iff (45) holds for every input (v, I) and every set P of precomputed public atoms such that P in = I and P v satisfies A;equivalenly, iff (45) holds for every valuation v of PH and every set P of precomputed public atoms such that P v satisfies A; equivalently, iff for every valuation v of PH and every set P of precomputed public atoms, P v satisfies the sentenceA → (COMP[Ω] ↔ COMP[Ω ′ ]).
If H, I |= ht F then I |= F .(b) For any sentence F that does not contain intensional symbols, H, I |= ht F iff I |= F .(c) For any subset S of H such that the predicate symbols of its members do not occur in F , H \ S, I |= ht F iff H, I |= ht F .
) in I ↓ there exists i such thatI |= ∃U i F i (U i , d * ),or, equivalently, that for every atom p(d * ) in I ↓ there exist i and a tuple d i of domain elements such that I |= F i (d * i , d * ). *