On the Expressive Power of the Normal Form for Branching-Time Temporal Logics

Automata theoretic methods are fundamental in study of branching-time logics, they are widely used in the investigations into the expressiveness of branching-time formalisms and their decidability, and are in the centre of the model-checking techniques [22], being widely used in the framework of formal verification. With the emerging applications that involve complex distributed systems deployed in heterogeneous environment, for example, robotics systems [21], branching-time specifications are becoming even more important. These specifications reflect the dynamic and non-deterministic nature of such applications and one can envisage the obvious need for efficient techniques to reason about them [11]. Tree structures are the underlying models for these specifications and tree automata are well established techniques to reason about tree structures, again, widely used in modern model-checking. On the other hand, it is useful to have direct methods of deductive reasoning applied to temporal specifications that enable carrying proof. Clausal temporal resolution is one of such techniques [11]. The method is based on the concept of the separated normal form initially developed for resolution based deductive verification in the linear-time framework (see full account of the method in [19] and an overview of various developments within this framework in [11]) and later extended to Computation Tree Logic CTL [3], [7], ECTL [5] and ECTL+ [4]. These branching-time logics differ in their expressiveness, with CTL allowing only a single temporal operator preceded by a path quantifier, ECTL extending CTL by allowing combinations of temporal operators that express fairness constraints and ECTL+ allowing Boolean combinations of temporal operators and ECTL fairness constraints (but not permitting their nesting). Yet, the same formalism serves as the normal form for all these logics. For simplicity, here we call this formalism ${\sf BNF}$. The refinement and implementation of the clausal resolution in branching-time setting is given in [23, 24].

In [8] it was shown that the normal form for linear time is as expressive as Büchi automata on infinite words [10] while [12] defined the translation from an alternating automaton to this normal form and vice versa. In this paper we consider the analogous problem, in the branching-time setup, namely we show how ${\sf BNF}$ can represent, syntactically, Büchi tree automata in a high-level way. Note that in translating a branching-time problem specification into BNF, we actually derive clauses within a fragment of Quantified Computation Tree Logic (EQCTL) [20]. In particular, formulae within BNF are existentially quantified, moreover, this quantification is external to CTL formulae themselves. Thus, clauses of the BNF satisfy the criteria of the prenex normal form ([20]), and, translating the given branching-time specification into BNF we stay within this fragment. In order to utilize the normal form as part of proof in the branching-time framework, we effectively skolemize the normal form producing temporal formulae without any quantification.

Having established this relationship between ${\sf BNF}$ and Büchi tree automata, we justify, theoretically, that ${\sf BNF}$ is applicable to a wider class of branching-time specifications, and a resolution based verification technique can be used as reasoning tool for the obtained specification. One important contribution of this paper is that ${\sf BNF}$ specifications obtained from the initial automaton give a good insight into the temporal context, as these specifications are defined with the use of the standard future time temporal operators:   (always),   (next time), ${\diamondsuit}$ (eventually) and, additionally, path quantifiers ${\sf A}$ (on all future paths) and ${\sf E}$ (on some future path). Finally, we note that the result of this paper enables one of the core components of the resolution method - the loop searching ([6, 11]) - to be used to extract (again syntactically) hidden invariants in a wide range of complex temporal specifications.

The rest of the paper is organised as follows. In §2 main technical terms of tree structures relevant to the paper are introduced. In §3 we overview ${\sf BNF}$ outlining its syntax in §3.1 and its semantics, in §3.2, together with an example, §3.3. In §4 we define Büchi tree automata. In §5, we show how to translate these automata into ${\sf BNF}$ and establish the correctness while in §6 the reverse translation from ${\sf BNF}$ into Büchi tree automata and its correctness are given. In §7 we give an example of the syntactical representation of a small Büchi tree automaton in $\sf BNF$. Finally, in §8, we provide concluding remarks and discuss future work.

In this section we introduce main concepts of tree structures that are needed for the definition of Büchi Automata and BNF.

Given a tree $T=(N,E)$ the edge relation $E$ is called total (or connected) if each node $x_{\_}i\in N$ belongs to some fullpath. We will concentrate on such trees where each node is connected with the root. Now the connectivity property of a tree $(N,E)$ can be viewed as the following requirement: for any state $x_{\_}i\in N$ there must be a fullpath $\pi_{\_}{x_{\_}0}$ such that $x_{\_}i\in\pi_{\_}{x_{\_}0}$, i.e. a path exists which connects this node $x_{\_}i$ with the root $x_{\_}0$ of a tree.

We will utilise the concepts of prefix and suffix in defining the closure properties below.

Closure properties of CTL models. When trees are considered as models for distributed systems, paths through a tree are viewed as computations. The natural requirements for such models would be suffix and fusion closures. Following [13], the former means that every suffix of a path is itself a path. The latter requires that a system, following the prefix of a computation $\gamma$, at any point $s_{\_}j\in\gamma$, is able to follow any computation $\pi_{\_}{s_{\_}j}$ originating from $s_{\_}j$.

Finally, we require that “if a system can follow a path arbitrarily long, then it can be followed forever” [13]. This corresponds to limit closure property, meaning that for any fullpath $\gamma_{\_}{s_{\_}0}$ and any paths $\pi_{\_}{s_{\_}j},\phi_{\_}{s_{\_}k},\dots$ such that $\gamma_{\_}{s_{\_}0}$ has the prefix $[s_{\_}0,s_{\_}j]$, $\pi_{\_}{s_{\_}j}$ has the prefix $[s_{\_}j,s_{\_}k]$, $\phi_{\_}{s_{\_}k}$ has the prefix $[s_{\_}k,s_{\_}l]$, etc, and $0<j<k<l$, the following holds: there exists an infinite path $\alpha_{\_}{s_{\_}0}$ that is a limit of the prefixes $[s_{\_}0,s_{\_}j],[s_{\_}j,s_{\_}k],[s_{\_}k,s_{\_}l],\dots$. Closure properties, especially, limit closure, are reflected in the formulation of the ${\sf BNF}$, namely, in the introduction of labels for the clauses of the ${\sf BNF}$.

We assume that underlying tree models are of at most countable branching factor. However, following ([13], page 1011) trees with arbitrary, even uncountable, branching, ‘as far as our branching temporal logic are concerned, are indistinguishable from trees with finite, even bounded, branching’. This makes tree automata applicable in the branching-time framework. We will also use this result to justify the labelling of BNF clauses.

Now, following [16], given that a CTL model structure ${\cal M}$ (see §3.2 for the definition of a model structure) has its branching factor at most $d$, there exists a $d$-ary tree canonical model ${\cal M}^{\prime}$ such that for any formula $A$, ${\cal M}$ satisfies $A$ if, and only if, ${\cal M}^{\prime}$ satisfies $A$. Informally, a canonical model is an unwinding of an arbitrary model ${\cal M}$ into an infinite tree $T$ [16]. One of the essential properties of canonical models, which we will utilise here, is that the number of successors for every state is canonicalised by $d$.

Normal form BNF which we are considering, is a formalism that has been developed as part of the clausal resolution method developed initially for linear-time temporal logic [18, 19] and then defined for branching-time temporal logics, CTL [7] and its extensions, ECTL [5] and ${\sf ECTL}^{+}$ [4]. As one would expect from clausal resolution, formulae of a given logic are first translated into normal form, which is a collection of clauses, to which a resolution method is applied. The idea behind the resolution procedure in temporal context is to extract for some given formula $A$ a set of clauses that capture three types of ‘knowledge’ about $A$ - what is happening at the beginning of the computation, what are the ‘steps’ of the computation, and what are the eventualities to be fulfilled during the computation.

For a formula $A$ of a CTL-type branching-time logic, we will abbreviate its clausal normal form as ${\sf BNF}(A)$. Note that the standard formulation of CTL-type logics is based upon classical connectives, future time temporal operators   and $\mathcal{U}$ (until) (which is sufficient to introduce   and ${\diamondsuit}$) and path quantifiers ${\sf A}$ and ${\sf E}$. The BNF, however, is formulated using  ,   and ${\diamondsuit}$, and start (which is only true at the beginning of the computation) but not utilising the $\mathcal{U}$ operator as it is removed during the translation to the normal form based on its fixpoint definition [7].

The transition function $\delta(s,\sigma,d)$ is the set of all tuples of states to which the automaton may evolve from state $s\in S$ of the arity $d\in D$ when it reads the symbol $\sigma\in\Sigma$.

A run, $\tau_{\_}{\cal B}:T\longrightarrow S$, of a Büchi tree automaton ${\cal B}$ over the input $\Sigma$-labelled tree $(T,L)$ is an $S$ labelled tree such that the root is labelled by a member of $F_{\_}0$ and the transitions conform with the transition function $\delta$. Namely, visiting a state $s_{\_}i\in S$ with the branching degree $d$ and reading $\sigma\in\Sigma$, an automaton makes a non-deterministic choice of a tuple $s_{\_}0,\dots s_{\_}d\in\delta(s,\sigma,d)$, $1\leq d\leq k$, makes $d$ copies of itself and moves to the node $s_{\_}i\cdot s_{\_}j~{}(1\leq j\leq d)$.

A run, $\tau_{\_}{\cal B}$, is successful if for every infinite branch of $\tau_{\_}{\cal B}$, there is an accepting state $s\in F_{\_}B$ that occurs infinitely often in this branch. An automaton ${\cal B}$ accepts the infinite tree $T$ (in other terms, the language recognised by ${\cal B}$ is not empty) if it has a successful run $\tau_{\_}{\cal B}$.

Here, given a Büchi tree automaton ${\cal B}$, we construct its characteristic formula, ${\sf BNF}_{\_}{\cal B}$, as a set of ${\sf BNF}$ clauses, following the main stages similar to those in [8]: encoding of the set of the initial states, representing the run of the automaton, the labelling, and the acceptance condition.

Let ${\cal B}=\langle\Sigma,~{}D,~{}S,\delta,F_{\_}0,~{}F_{\_}B\rangle$ be a Büchi tree automaton with the states labelled as follows. For every proposition $p\in Prop$, for $\sigma\in\Sigma$, given $s_{\_}i\cdot s_{\_}k\in\delta(s_{\_}i,\sigma,d)$ (for $1\leq k\leq d$), if $p\in\sigma$ then $p\in L(s_{\_}i\cdot s_{\_}k)$ else if $p\not\in\sigma$ then $\lnot p\in L(s_{\_}i\cdot s_{\_}k)$. In our translation we will explicitly encode this labelling. Now, we introduce formulae (1)–(4), which represent the main stages of the translation. Note that to simplify reading we will omit writing the outer ${\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,$, and will write a set of ${\sf BNF}_{\_}{\cal B}$ clauses rather than their conjunction; in some cases we will alos give the formulation of the components of the translation not in the exact form of ${\sf BNF}_{\_}{\cal B}$ clauses to make the idea behind the translation more explicit. Each of these cases, where we need further simple manipulations to obtain the required BNF form, will be marked with $\{\star\}$.

$$\begin{array}[t]{ll}{{\sf BNF}}_{\_}{tran_{\_}{\cal B}}:&\quad(\ref{run-snf-direct-translation}.1)q_{\_}i\Rightarrow{\sf E}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,{q_{\_}n}_{\_}{ind_{\_}j}\\ \end{array}$$

(2)

Next, we represent the unique labelling of the states of the automaton by the following set of clauses, constructed for every $q_{\_}i$ and every $x_{\_}i\in L(s_{\_}i)$.

$$\begin{array}[t]{ll}{BNF}_{\_}{lab_{\_}{\cal B}}:&\begin{array}[t]{rlrclr}&(\ref{labels-snf-direct-translation}.1)&\hbox{\bf start}&\Rightarrow&\lnot q_{\_}i\vee\displaystyle{\left[\left(\bigwedge_{\_}{x_{\_}i\in L(s_{\_}i)}x_{\_}i\right)\wedge\left(\bigwedge_{\_}{x_{\_}j\not\in L(s_{\_}i)}\lnot x_{\_}j\right)\right]}&\{\star\}\\ \\ &(\ref{labels-snf-direct-translation}.2)&{\bf\scriptstyle T}&\Rightarrow&{\sf A}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,(\lnot q_{\_}i\vee v)\\ \\ &((\ref{labels-snf-direct-translation}.3)&v&\Rightarrow&\displaystyle{\left[\left(\bigwedge_{\_}{x_{\_}i\in L(s_{\_}i)}x_{\_}i\right)\wedge\left(\bigwedge_{\_}{x_{\_}j\not\in L(s_{\_}i)}\lnot x_{\_}j\right)\right]}&\{\star\}\end{array}\end{array}$$

(3)

The Büchi acceptance condition is given by the following set of ${\sf BNF}$ clauses constructred for each $ind_{\_}i\in IND$.

$$\begin{array}[t]{ll}{BNF}_{\_}{acc_{\_}{\cal B}}:&\begin{array}[t]{rlrcl}&(\ref{acceptance-formula-snf-direct}.1)&\hbox{\bf start}&\Rightarrow&y\\ &(\ref{acceptance-formula-snf-direct}.2)&y&\Rightarrow&{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,u\quad\quad\{\star\}\\ &(\ref{acceptance-formula-snf-direct}.3)&u&\Rightarrow&{\sf E}{\diamondsuit}l_{\_}{ind_{\_}i}\\ &(\ref{acceptance-formula-snf-direct}.4)&l&\Rightarrow&{\sf E}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,w_{\_}{ind)i}\\ &(\ref{acceptance-formula-snf-direct}.5)&w&\Rightarrow&{\sf E}{\diamondsuit}l_{\_}{ind)i}\\ &(\ref{acceptance-formula-snf-direct}.6)&\hbox{\bf start}&\Rightarrow&\lnot l\vee q_{\_}n\vee\dots\vee q_{\_}r\\ &(\ref{acceptance-formula-snf-direct}.7)&{\bf\scriptstyle T}&\Rightarrow&{\sf A}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,(\lnot l\vee q_{\_}n\vee\dots\vee q_{\_}r)\\ \end{array}\end{array}$$

(4)

where

• •

  $q_{\_}n\dots q_{\_}r$ encode the accepting states of the automaton and $y,~{}w,~{}l$ and $z$ are new propositions. This condition ensures that every path of the run hits an accepting state from $F_{\_}B$ infinitely often. The use of the indices guarantees that we are staying in the ‘context of a chosen path’ when verifying the acceptance condition.

• •

  Constraint 2 of the ${BNF}_{\_}{acc_{\_}{\cal B}}$ marked with ‘$\star$’ is the abbreviation of the ‘loop’ in $u$. This loop in the BNF is represented by the following two clauses $({\sf i})~{}y\Rightarrow(z\wedge u),({\sf ii})~{}z\Rightarrow{\sf A}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,(u\wedge z)$ (recall that all clauses are in the scope of the ${\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,$): from $({\sf i})$ we know that $u$ is true at the state where $y$ is true, and also that $z$ is also true at that state, while from $({\sf ii})$ we derive that the every successor state should satisfy both $u$ and $z$. This second clause $({\sf i})$ ensures the recurrent presence of $z$ in every subsequent state along every path, which, in turn, ensures that each subsequent state along every path also satisfies $u$.
  

Finally, let ${\sf BNF}_{\_}{init_{\_}{\cal B}}^{\prime}$,  ${\sf BNF}_{\_}{tran_{\_}{\cal B}}^{\prime}$,  ${\sf BNF}_{\_}{lab_{\_}{\cal B}}$ and ${\sf BNF}_{\_}{acc^{B}_{\_}{\cal B}}$ be obtained from ${\sf BNF}_{\_}{init_{\_}{\cal B}}$, ${\sf BNF}_{\_}{tran_{\_}{\cal B}}$,
  ${\sf BNF}_{\_}{lab_{\_}{\cal B}}$ and ${\sf BNF}_{\_}{acc^{B}_{\_}{\cal B}}$, respectively, by translating their components into the required form of ${\sf BNF}$ clauses. Now, a Büchi tree automaton $\cal B$ is characterized by the following ${\sf BNF}$ expression known as a characteristic clause set and abbreviated by ${\sf BNF}_{\_}{\cal B}$:

$${\sf BNF}_{\_}{{init_{\_}{\cal B}}}^{\prime}\wedge{\sf BNF}_{\_}{{tran_{\_}{\cal B}}}^{\prime}\wedge{\sf BNF}_{\_}{{lab_{\_}{\cal B}}}\wedge{\sf BNF}_{\_}{{acc^{B}_{\_}{\cal B}}}^{\prime}$$

(5)

In this section we show how to effectively construct a Büchi Tree automaton from a given set ${\cal C}$ of ${\sf BNF}$ clauses. First, let us distinguish among ${\sf BNF}$ clauses the initial clauses and the global (step and sometime) clauses. The ideology is as follows. First we apply the augmentation technique developed for the clausal resolution for CTL [3] deriving ${\cal C}_{\_}{Aug}$ an augmented ${\sf BNF}$. Then we show how to construct a model for ${\cal C}_{\_}{Aug}$. This technique involves a construction of a tableau as a labelled finite directed graph. The states of the graph are labelled by the sets of subformulae of ${\cal C}_{\_}{Aug}$. Let $Prop({\cal C}_{\_}{Aug})$ be a set of all (different) propositions that occur within the clauses of ${\cal C}_{\_}{Aug}$. The important features of the underlying transition function for the construction of the tableau is that the formula ${\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$, where $\phi$ is a conjunction of all global clauses of ${\cal C}_{\_}{Aug}$, occurs within each state. Thus, global clauses play the role of a guide for the transitions. A transition from a state $s_{\_}i$ to a state $s_{\_}j$ is provided if a label for $s_{\_}j$ is consistent.

Once a tableau ${\cal G}_{\_}{{\cal C}_{\_}{Aug}}$ is constructed, labels of some states might contain formulae of the type $\hbox{\rm\bf P}{\diamondsuit}l$. Thus, we check if such an eventuality is satisfied. During this procedure we delete those states (and their successors) of a graph ${\cal G}_{\_}{{\cal C}_{\_}{Aug}}$ which contain unsatisfied eventualities. As some states of a graph now might be without any successor, we will delete such states. The resulting graph, ${\cal R}$, is called a reduced tableau.

It has been shown that the set of ${\sf BNF}$ clauses is unsatisfiable, if, and only if, its reduced tableau is empty [3].

Let ${\cal C}_{\_}{Aug}$ be an augmented set of ${\sf BNF}$ clauses. Abbreviating by $In$ the conjunction of the right hand sides of the initial clauses of ${\cal C}_{\_}{Aug}$ and by $\phi$ the conjunction of its step and eventuality clauses, we can represent a set, ${\cal C}_{\_}{Aug}$ as a formula $In\wedge{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$. It is easy to show from the BNF semantics that the following holds: $\langle{\cal M},s_{\_}0\rangle\models$ $\cal C$ $\Leftrightarrow\langle{\cal M},s_{\_}0\rangle\models In\wedge{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$.

Let an elementary formula be either a literal, or has its main connective as P  . Each non-elementary formula is further classified as either a conjunctive, $\alpha$-formula, or a disjunctive, $\beta$-formula.

A basic ${\sf BNF}$ modality now is qualified according to its fixpoint definition (in the equations below $\mu$ and $\nu$ stand for ‘minimal fixpoint’ and ‘maximal fixpoint’ operators, respectively)

$$\begin{array}[]{l}{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\varphi=\nu\rho(\varphi\wedge{\sf A}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,\rho)\\ {\sf E}{\diamondsuit}\varphi=\mu\rho(\varphi\vee{\sf E}\!\raisebox{-1.03331pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,\rho)\\ {\sf A}{\diamondsuit}\varphi=\mu\rho(\varphi\vee{\sf A}\!\raisebox{-1.03331pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,\rho)\end{array}$$

(8)

The only ${\sf BNF}$ modality that occurs within ${\sf BNF}$ clauses as a maximal fixpoint is ${\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$ and in our representation of a set of ${\sf BNF}$ clauses as $In\wedge{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$, it has the only occurrence as the main connective in ${\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,\phi$, hence, the following $\alpha$-expansion rules will be appropriate:

$$\begin{array}[]{l|l|l}\alpha&\alpha_{\_}1&\alpha_{\_}2\\ \hline\cr B\wedge C&B&C\\ {\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,B&B&{\sf A}\!\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(1.0,1.0){\circle{2.0}} \end{picture}}}\,{\sf A}\raisebox{-0.86108pt}{ \mbox{\begin{picture}(2.0,2.0) \put(0.0,0.0){\line(1,0){2.0}} \put(0.0,2.0){\line(1,0){2.0}} \put(0.0,0.0){\line(0,1){2.0}} \put(2.0,0.0){\line(0,1){2.0}} \end{picture}}}\,B\\ \lnot(B\vee C)&\lnot B&\lnot C\\ \end{array}$$

(9)