A derivation formfd/Courses/Temporal_logic/lecture3.pdf · Past Linear Temporal Logic PLTL...

A derivation for p ⇒ p

1 p ⇒ ((p ⇒ p)︸︷︷︸Q

⇒ p) axiom

2 (p ⇒ ((p ⇒ p)︸︷︷︸Q

⇒ p︸︷︷︸R

)) ⇒ ((p ⇒ (p ⇒ p)︸︷︷︸Q

) ⇒ (p ⇒ p︸︷︷︸R

)) axiom

3 (p ⇒ (p ⇒ p)) ⇒ (p ⇒ p) 1, 2, MP

4 p ⇒ ( p︸︷︷︸Q

⇒ p) axiom

5 p ⇒ p 3, 4, MP

1

Past Linear Temporal Logic PLTL

Expressive completeness of LTL

2

The definition of PLTL:

(.U.) and (.S.) under the strict interpretation

ϕ ::= ⊥ | p | ϕ ⇒ ϕ | (ϕUϕ) | (ϕSϕ)

s, n |= (ϕUψ) if there exists a k > 0 s.t.

s, n + i |= ϕ for i ∈ {1, . . . , k − 1} and s, n + k |= ψ

s, n |= (ϕSψ) if there exists a k ∈ {1, . . . , n} s.t.

s, n− i |= ϕ for i ∈ {1, . . . , k − 1}, and s, n− k |= ψ

{1, . . . , 0} stands for ∅.

◦ϕ (⊥Uϕ)

(.ULTL.) - (.U.) under the non-strict interpretation.

(ϕULTLψ) ψ ∨ (ϕ ∧ (ϕUψ)), (ϕUψ) ◦(ϕULTLψ).

3

Abbreviations and variants of the notation

2 and 3 have strict variants too:

3ϕ (>Uϕ), 2ϕ ¬3¬ϕ

The beginning of time:

I ¬(>S>)

Abbreviations about the past:

ªA (⊥SA), 3−A (>SA), ¯A ¬3−¬A

Alternative ”computer” notation for the temporal operators:

◦ 3 2 ª 3− ¯X F G Y P H

Exercise 1 Describe the extensions to be made to the model-checking

algorithm in order to enable model-checking past LTL formulas.

4

Gabbay’s separation theorem

A formula is

past (future) if it is (.U.)-free ((.S.)-free);

strictly future (past) if it has the form ◦ϕ (ªϕ) with a future (past) ϕ;

boolean combination of ϕ1, . . . , ϕn if it has the form

ϕ ::= ⊥ | ϕ1 | . . . | ϕn | ϕ ⇒ ϕ;

separated if it is a boolean combination of past and future formulas.

Exercise 2 Every future (past) formula is equivalent to a boolean combination

of propositional variables and strictly future (past) formulas.

Theorem 1 (Gabbay’s separation theorem) Every PLTL formula is equivalent

to a separated formula.

Remark 1 The theorem applies to models with unbounded past as well.

5

Proof of Gabbay’s separation theorem: lemmata

Lemma 1 The following equivalences are valid in PLTL:

(α ∧ βUγ) ⇔ (αUγ) ∧ (βUγ)

(α ∧ βSγ) ⇔ (αSγ) ∧ (βSγ)

(γUα ∨ β) ⇔ (γUα) ∨ (γUβ)

(γSα ∨ β) ⇔ (γSα) ∨ (γSβ)

Proof: Direct check. a

6

Proof of Gabbay’s separation theorem: Lemmata

Lemma 2 [key lemma] a, q, α and β be propositional variables. Then each of

the formulas

(qSa ∧ (αUβ))

(qSa ∧ ¬(αUβ))

(q ∨ (αUβ)Sa)

(q ∨ ¬(αUβ)Sa)

(q ∨ (αUβ)Sa ∧ (αUβ))

(q ∨ (αUβ)Sa ∧ ¬(αUβ))

(q ∨ ¬(αUβ)Sa ∧ (αUβ))

(q ∨ ¬(αUβ)Sa ∧ ¬(αUβ))

has an equivalent one in which (.U.) occurs only in the subformula (αUβ)which itself is not in the scope of a (.S.).

Corollary 1 Let α and β be purely propositional, and χ and θ be boolean

combinations of (αUβ) and past formulas. Then (θSχ) is equivalent to a

boolean combination of (αUβ) and past formulas.

Proof: Convert θ, χ to CNF, DNF, resp., apply Lemma 1, then Lemma 2. a

7

Proof the key lemma, (1): (qSa ∧ (αUβ))

(qSa ∧ (αUβ)) is equivalent to

[(qSa) ∧ (αSa) ∧ α ∧ (αUβ)]∨[β ∧ (αSa) ∧ (qSa)]∨(qSβ ∧ q ∧ (αSa) ∧ (qSa))

Proof: t0 |= (qSa ∧ (αUβ)) iff there exist t1 < t0 and t2 > t1 such that

t1 |= a, t2 |= β, t |= q for x ∈ (t1, t0), and t |= α for t ∈ (t1, t2). 3 possibilities:

t2 > t0 : a︸︷︷︸t1

, α ∧ q, . . . , α ∧ q, α︸︷︷︸t0

, α, . . . , α, β︸︷︷︸t2

(α ∧ qSa) ∧ α ∧ (αUβ)

t2 = t0 : a︸︷︷︸t1

, α ∧ q, . . . , α ∧ q, β︸︷︷︸t2=t0

β ∧ (α ∧ qSa)

t2 < t0 : a︸︷︷︸t1

, α ∧ q, . . . , α ∧ q, β ∧ q︸︷︷︸t2

, q . . . , q, .︸︷︷︸t0

(qSβ ∧ q ∧ (α ∧ qSa))

a8

Some more equivalences for the proof of the key lemma

|=PLTL ¬(αUβ) ⇔ 2¬β ∨ (¬βU¬β ∧ ¬α)

⇔ 2¬β ∨ (α ∧ ¬βU¬β ∧ ¬α)

|=PLTL ¬(αSβ) ⇔ ¯¬β ∨ (¬βS¬β ∧ ¬α)

⇔ ¯¬β ∨ (α ∧ ¬βS¬β ∧ ¬α)

9

Proof of the key lemma (2): (qSa ∧ ¬(αUβ))

|=PLTL (qSa ∧ ¬(αUβ)) ⇔ (qSa ∧2¬β)︸︷︷︸A

∨ (qSa ∧ (¬βU¬β ∧ ¬α))︸︷︷︸B

A direct check shows that |=PLTL A ⇔ (¬β ∧ qSa) ∧ ¬β ∧2¬β.

By the equivalence (1) about (qSa ∧ (XUY )),

|=PLTL B ⇔ [(qSa) ∧ (¬βSa) ∧ ¬β ∧ (¬βU¬β ∧ ¬α)]︸︷︷︸C

∨

[¬β ∧ ¬α ∧ (¬βSa) ∧ (qSa)]∨(qS¬β ∧ ¬α ∧ q ∧ (¬βSa) ∧ (qSa))

By distributivity, |= A ∨ C ⇔ (¬β ∧ qSa) ∧ ¬β ∧ (2¬β ∨ (¬βU¬β ∧ ¬α)),which is equivalent to (¬β ∧ qSa) ∧ ¬β ∧ ¬(αUβ). Hence

|=PLTL (qSa ∧ ¬(αUβ)) ⇔ [(q ∧ ¬βSa) ∧ ¬β ∧ ¬(αUβ)]∨[¬β ∧ ¬α ∧ (¬β ∧ qSa)]∨(qS¬β ∧ ¬α ∧ q ∧ (q ∧ ¬βSa))

10

Proof of the key lemma (3): (q ∨ (αUβ)Sa):

|=PLTL ¬(q ∨ (αUβ)Sa) ⇔ ¯¬a ∨ (¬aS¬a ∧ ¬q ∧ ¬(αUβ))︸︷︷︸F

and F is an instance of (QUA ∧ ¬(αUβ)), already considered as case (2).

(4): (q ∨ ¬(αUβ)Sa):

A direct chech shows that

(q ∨ ¬(αUβ)Sa) ⇔ (¬a ∧ [(¬a ∧ αS¬q ∧ ¬a) ⇒ ¬β]Sa)∧((¬a ∧ αS¬q ∧ ¬a) ⇒ ¬[β ∨ (α ∧ (αUβ))]).

11

Proof of the key lemma (5): (q ∨ (αUβ)Sa ∧ (αUβ)):

(q ∨ (αUβ)Sa ∧ (αUβ)) ⇔ (αSa) ∧ [β ∨ (α ∧ (αUβ))]∨ (β ∨ α ∨ ¬(¬βS¬q)Sβ ∧ (αSa))∧{[β ∨ (α ∧ (αUβ))] ∨ ¬(¬βS¬q)}

(6): (q ∨ (αUβ)Sa ∧ ¬(αUβ)):

(q ∨ (αUβ)Sa ∧ ¬(αUβ)) is equivalent to

[(q ∧ ¬βSa) ∧ ¬β ∧ ¬(α ∧ (αUβ))]∨(q ∨ (αUβ)S¬α ∧ ¬β ∧ (q ∨ (αUβ)) ∧ (q ∧ ¬βSa)).

which can be given the required form using the equivalences (3) and (5).

12

Proof of the key lemma (8): (q ∨ ¬(αUβ)Sa ∧ ¬(αUβ))

By |=PLTL ¬(ASB) ⇔ ¯¬B ∨ (A ∧ ¬BS¬B ∧ ¬A) we have

|=PLTL ¬(q ∨ ySa ∧ x) ⇔ ¯(¬a ∨ ¬x)∨(¬a ∨ ¬xS¬q ∧ ¬y ∧ ¬a)∨(¬a ∨ ¬xS¬q ∧ ¬y ∧ ¬x),

For x.= y

.= ¬(αUβ), we derive

|=PLTL (q ∨ ¬(αUβ)Sa ∧ ¬(αUβ)) ⇔ ¯(¬a ∨ (αUβ))∨(¬a ∨ (αUβ)S¬q ∧ (αUβ) ∧ ¬a)∨(¬a ∨ (αUβ)S¬q ∧ (αUβ)).

The middle disjunctive member of this formula can be excluded. The first

disjunctive member is, by definition, ¬(>Sa ∧ ¬(αUβ)) and can be given the

required form using case (2). The second can be handled using case (5).

13

Proof of the key lemma (7): (q ∨ ¬(αUβ)Sa ∧ (αUβ))

(q ∨ ¬(αUβ)Sa ∧ (αUβ)) ⇔(q ∨ ¬(αUβ)Sβ ∧ (q ∨ ¬(αUβ)) ∧ (α ∧ qSa))∨[(α ∧ qSa) ∧ β]∨[(α ∧ qSa) ∧ (αUβ)]

By distributivity, the first disjunctive member is equivalent to

(q ∨ ¬(αUβ)Sβ ∧ q ∧ (α ∧ qSa))∨(q ∨ ¬(αUβ)Sβ ∧ (α ∧ qSa)) ∧ ¬(αUβ)

and can be given the required form using cases (4) and (8).

14

Sources for the proof of the key lemma

This proof:

Dov Gabbay, Ian Hodkinson and Mark Reynolds, Temporal Logic:

Mathematical Foundations and Computational Aspects. Volume I, OUP,

1994

For another proof of the key lemma see:

E. Clarke and B.-H. Schlingloff, Model Checking, Chapter 24 of Handbook of

Automated Reasoning, A. Robinson and A. Voronkov (eds), Elsevier, 2001.

also available at:

http://www2.informatik.hu-berlin.de/~hs/Publikationen/

2000 Handbook-of-Automated-Reasoning Clarke-Schlingloff

Model-Checking.ps

15

Proof of Gabbay’s separation theorem: more lemmata

Lemma 3 Let α and β be purely propositional and the only (.U.)-subformula

of θ be (αUβ). Then θ is equivalent to a boolean combination of (αUβ) and

past formulas.

Proof: Induction on the nesting depth of the occurrences of (αUβ) in

(.S.)-subformulas of θ. a

Lemma 4 Let αi and βi be purely propositional, i = 1, . . . , n. Let the only

(.U.)-subformulas of θ be (α1Uβ1), . . . , (αnUβn). Then θ is equivalent to a

boolean combination of (α1Uβ1), . . . (αnUβn) and past formulas.

Proof: Induction on n. Apply the previous lemma to

θ′ [ui/(αiUβi) : i = 2, . . . , n]θ

to obtain a b. c. of (α1Uβ1) and past formulas containing u2, . . . , un. a

16

Gabbay’s separation theorem:

last lemma and proof of the theorem

Lemma 5 Formulas θ with no occurrences of (.S.) in the scope of (.U.) are

separable.

Proof: Obtain θ′ from θ by substituting (aiUbi) for the occurrences of

(αiUβi) which are not in the scope of (.U.) themselves. Separate θ′ first and

then replace ai, bi by αi, βi. aExchanging (.S.) and (.U.) preserves the validity of all the lemmata.

Proof: [ of the separation theorem] Induction on the alternating depth of

the nesting of (.U.) and (.S.) in the given formula ϕ. ϕ is either separated or

ϕ has subformulas ψ of the form (αUβ) ((αSβ)) where α and β are

past (future) and at least one of them has an occurrence of (.S.) (.U.).

In the latter case alternation depth can be decreased by replacing the ψs with

equivalent separated formulas. a17

Elimination of (.S.) in PLTL

Theorem 2 Let ϕ be a PLTL formula. Then there exists a future PLTLformula ψ such that for all models σ

σ, 0 |= ϕ ⇔ ψ.

Proof: Obtain ψ by replacing all the (.S.)-subformulas by ⊥ in a separated

equivalent of ϕ. a

18

Expressive completeness of PLTL

σ : ω → L can be viewed as a model for the monadic first order theory of the

linear order 〈ω,<〉 with a unary predicate symbols P for every p ∈ L:

P σ(n) ↔ p ∈ σ(n) for all n < ω.

A PLTL formula ϕ defines the unary predicate σ, n |= ϕ on n. This predicate

is definable in the first order theory via the standard translation ST:

ST(⊥) ⊥, ST(p) P (n), ST(ϕ ⇒ ψ) ST(ϕ) ⇒ ST(ψ)

ST((ϕUψ)) ∃k(n < k ∧ [k/n]ST(ψ) ∧ ∀i(n < i ∧ i < k ⇒ [i/n]ST(ϕ)))

ST((ϕSψ)) ∃k(k < n ∧ [k/n]ST(ψ) ∧ ∀i(k < i ∧ i < n ⇒ [i/n]ST(ϕ)))

where k and i do not occur ST(ϕ), ST(ψ).

Q: Is every f.o.-defined unary predicate definable in PLTL too?

19

Expressive completeness of PLTL (Hans Kamp, 1968)

Theorem 3 Every f.o. definable unary predicate is definable in PLTL.

Definition 1 A temporal connective # of arity k is f.o. definable, if there is a

f.o. formula α# with just one free variable t and possibly having occurrences of

P1, . . . , Pk such that

σ, n |= #p1 . . . pk ↔ 〈ω, <〉, λi.(σ, i |= p1), . . . , λi.(σ, i |= pk), n |= α#.

ST can be defined for such connectives # in the obvious way.

Corollary 2 All f.o.-definable connectives can be regarded as derived in PLTLwith (.S.) and (.U.) as the basic connectives.

Proof: Since α#(n, P1, . . . , Pk) is equivalent to some temporal formula ϕ[α#]written with (.S.) and (.U.) using p1, . . . , pk, we can define # by the clause

#(p1, . . . , pk) ϕ[α#]. a

20

Expressive completeness of PLTL: proof

predicate formula α(t) → temporal formula ϕ[α] s.t.

σ, i |= ϕ[α] ↔ 〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), i |= α

Induction on the ∃-height d∃(α) of α.

ϕ[t < t] ⊥, ϕ[Pi(t)] pi, ϕ[α1 ⇒ α2] ϕ[α1] ⇒ ϕ[α2] (1)

Let α be ∃xβ. We can assume t 6∈ BV (β). Then, by the equivalences

β ⇔ Pi(t) ∧ [>/Pi(t)]β ∨ ¬Pi(t) ∧ [⊥/Pi(t)]β, i = 1, . . . , k,

β is equivalent to a∨i

δi ∧ βi where δi are ∃-free, x 6∈ FV (δi), d∃(βi) ≤ d∃(β),

and the only occurrences of t in βi have the forms t < y and y < t for some

y ∈ BV (βi) ∪ {x}. We only need to handle ∃xβi, because

|= ∃x(δi ∧ βi) ⇔ δi ∧ ∃xβi.

21

Expressive completeness of PLTL: Proof

∃xβ; t occurs in β only in y < t, t < y

We introduce fresh predicate symbols Rt<., R.<t. Let

β′ [Rt<.(y)/t < y, R.<t(y)/y < t]β

Then

〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), λn.(i < n), λn.(n < i), i |= ∃xβ ⇔ ∃xβ′

FV (β′) = {x} and d∃(β′) < d∃(α). By the induction hypothesis there exists a

temporal ϕ[β′] such that for σ′ : ω → P({p1, . . . , pk, rt<., r.<t})σ′, i |= ϕ[β′] iff

〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(rt<. ∈ σ′n), λn.(r.<t ∈ σ′n), i |= β′

We put ϕ[∃xβ′] 3−ϕ[β′] ∨ ϕ[β′] ∨3ϕ[β′]

22


We have σ′, i |= ϕ[∃xβ′] iff

〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(rt<. ∈ σ′n), λn.(r.<t ∈ σ′n), i |= ∃xβ′

and

〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(i < n), λn.(n < i), i |= ∃xβ′ ⇔ ∃xβ.

Hence

〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(i < n), λn.(n < i), i |= ∃xβ

is equivalent to

σ′, i |= ϕ[∃xβ′], (ϕ[∃xβ′] is 3−ϕ[β′] ∨ ϕ[β′] ∨3ϕ[β′])

provided that for all n we have rt<. ∈ σ′n ↔ i < n, r.<t ∈ σ′n ↔ n < i.

23


The only remaining problem is that rt<., r.<t ∈ Var(ϕ[∃xβ′]).

ψ - a separated equivalent to ϕ[∃xβ′]

Let ψ′ is the result of applying the substitutions

[⊥/rt<.,⊥/r.<t] to the variables in ψ not in the scope of (.S.) and (.U.),

[⊥/rt<.,>/r.<t] to the (.S.)-subformulas of ψ

and

[>/rt<.,⊥/r.<t] to the (.U.)-subformulas of ψ, respectively.

If rt<. ∈ σ′n ↔ i < n and r.<t ∈ σ′n ↔ n < i for all n, then σ′, i |= ψ ⇔ ψ′.

Finally, σ′, i |= ψ′ iff σ, i |= ψ′, because rt<., r.<t 6∈ Var(ψ′). Hence

〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), i |= ∃xβ iff σ, i |= ψ′

and we can define ϕ[∃xβ] as ψ′.

24

Interval temporal logic: a more expressive linear temporal

logic

PLTL is as expressive as the MFO theory of 〈ω, <〉.MSO theory of 〈ω, <〉 is decidable too. It is captured by

automata on infinite words

(ω-)regular expressions, whose general form is

⋃

i

Li ·Mωi .

where Li and Mi denote regular expressions and

Lω = {α0 · α1 · . . . · αn · . . . : αi ∈ L for all i < ω}.

Interval Temporal Logic (ITL, Moszkowski, 1985).

Two variants: finite or infinite intervals of time.

25

ITL on finite intervals

ϕ ::= ⊥ | p | ϕ ⇒ ϕ | ◦ϕ | (ϕ;ϕ) | ϕ∗.Models finite sequences σ ∈ (P(L))+.

|σ| - the length of σ minus 1. σ = σ0σ1 . . . σ|σ|.

σ 6|= ⊥σ |= p iff p ∈ σ0

σ |= ϕ ⇒ ψ iff σ 6|= ϕ or σ |= ψ

σ |= ◦ϕ iff |σ| > 0 and σ1 . . . σ|σ| |= ϕ

σ |= (ϕ;ψ) iff there exists an i ∈ {0, . . . , |σ|} such that

σ0 . . . σi |= ϕ and σi . . . σ|σ| |= ψ

σ |= ϕ∗ iff either |σ| = 0 or there exists an n < ω

and a finite sequence 0 = i0 < . . . < in = |σ|such that σik−1 . . . σik

|= ϕ for k = 1, . . . , n.

26

Derived constructs in ITL

empty ¬ ◦ >skip ◦empty

3ϕ (>; ϕ)

2ϕ ¬3¬ϕ

ϕ+ (ϕ;ϕ∗)

27

Guarded normal form in ITL

Exercise 3 Prove that every ITL formula has an equivalent one of the form

ξ ∧ empty ∨∨

i

αi ∧ ◦ψi

where ξ and the αis have no occurrences of temporal operators and the αis

form a full system.

Fact 1 Given an arbitrary formula ϕ, there exists a finite set of formulas X

such that ϕ ∈ X and a system of purely propositional formulas ξψ, ψ ∈ X and

αψ,χ, ψ, χ ∈ X such that {αψ,χ : χ ∈ X} is a full system for each ψ ∈ X and

|=ITL ψ ⇔ ξχ ∧ empty ∨∨

χ∈X

αψ,χ ∧ ◦χ. (2)

28

Propositional quantification in ITL

σ |= ∃pϕ iff there exists a σ′ ∈ (P(L))|σ|+1 such that

σ′i \ {p} = σi \ {p} for all i = 0, . . . , |σ| and σ′ |= ϕ

Theorem 4 Propositional existential quantification is definable in ITL, that is,

every formula of the form ∃pϕ is equivalent to a quantifier-free formula.

29

Propositional quantifier elimination in ITL

We assume that ϕ is quantifier-free. Let X be as in Fact 1. Then for ψ ∈ X

|=ITL ∃pψ ⇔ ([⊥/p]ξχ∨[>/p]ξχ)∧empty∨∨

χ∈X

([⊥/p]αψ,χ∨[>/p]αψ,χ)∧◦∃pχ.

This is equivalent to

∃pψ ⇔ ηχ ∧ empty ∨∨

χ∈X

(βψ,χ ∧ skip; ∃pχ).

which is a system of equations wrt the unknowns ∃pχ.

σ |= βψ,χ ∧ skip does not depend on σ|σ|.

If δ1, δ2 have this property, then so do δ1 ∨ δ2, (δ1; δ2) and δ∗1 .

30

Propositional quantifier elimination in ITL

Assume a system of equations

∃pψ ⇔ γχ ∨∨

χ∈X

(δψ,χ; ∃pχ). (3)

where δψ,χ are s.t. σ |= δψ,χ does not depend on σ|σ|.

Then we can solve the system wrt any chosen ∃pψ:

∃pψ ⇔ (δ∗ψ,ψ; γχ) ∨∨

χ∈X\{ψ}(δ∗ψ,ψ; (δψ,χ; ∃pχ)).

Substituting this formula for ∃pψ elsewhere in the system and using that

|=ITL (α;β1 ∨ β2) ⇔ (α; β)1 ∨ (α;β)2,

we obtain system of the same form with fewer equations. Finally we reach a

defining formula for ∃pϕ.

Note that ¬ and ∧ occur only in the purely propositional subformulas of the

quantifier-free formula for ∃pϕ. The price for this is the heavy use of (.)∗.

31

Infinite intervals

The clauses for |=ITL on infinite intervals differs only for (.; .) and (.)∗:

σ |= (ϕ; ψ) iff either σ |= ϕ or

there exists an i < ω such that

σ0 . . . σi |= ϕ and σi . . . |= ψ

σ |= ϕ∗ iff there exists a finite sequence 0 = i0 < . . . < in

s. t. σik−1 . . . σik|= ϕ for k = 1, . . . , n, and σin . . . |= ϕ

The definition for (ϕ; ψ) allows the class of the infinite intervals to be defined

by the constant

inf (>;⊥).

32

The End

33

A derivation formfd/Courses/Temporal_logic/lecture3.pdf · Past Linear Temporal Logic PLTL...

Documents

Transcript of A derivation formfd/Courses/Temporal_logic/lecture3.pdf · Past Linear Temporal Logic PLTL...