a derivation formfd/courses/temporal_logic/lecture3.pdf · past linear temporal logic pltl...
TRANSCRIPT
A derivation for p ⇒ p
1 p ⇒ ((p ⇒ p)︸ ︷︷ ︸Q
⇒ p) axiom
2 (p ⇒ ((p ⇒ p)︸ ︷︷ ︸Q
⇒ p︸︷︷︸R
)) ⇒ ((p ⇒ (p ⇒ p)︸ ︷︷ ︸Q
) ⇒ (p ⇒ p︸︷︷︸R
)) axiom
3 (p ⇒ (p ⇒ p)) ⇒ (p ⇒ p) 1, 2, MP
4 p ⇒ ( p︸︷︷︸Q
⇒ p) axiom
5 p ⇒ p 3, 4, MP
1
Past Linear Temporal Logic PLTL
Expressive completeness of LTL
2
The definition of PLTL:
(.U.) and (.S.) under the strict interpretation
ϕ ::= ⊥ | p | ϕ ⇒ ϕ | (ϕUϕ) | (ϕSϕ)
s, n |= (ϕUψ) if there exists a k > 0 s.t.
s, n + i |= ϕ for i ∈ {1, . . . , k − 1} and s, n + k |= ψ
s, n |= (ϕSψ) if there exists a k ∈ {1, . . . , n} s.t.
s, n− i |= ϕ for i ∈ {1, . . . , k − 1}, and s, n− k |= ψ
{1, . . . , 0} stands for ∅.
◦ϕ (⊥Uϕ)
(.ULTL.) - (.U.) under the non-strict interpretation.
(ϕULTLψ) ψ ∨ (ϕ ∧ (ϕUψ)), (ϕUψ) ◦(ϕULTLψ).
3
Abbreviations and variants of the notation
2 and 3 have strict variants too:
3ϕ (>Uϕ), 2ϕ ¬3¬ϕ
The beginning of time:
I ¬(>S>)
Abbreviations about the past:
ªA (⊥SA), 3−A (>SA), ¯A ¬3−¬A
Alternative ”computer” notation for the temporal operators:
◦ 3 2 ª 3− ¯X F G Y P H
Exercise 1 Describe the extensions to be made to the model-checking
algorithm in order to enable model-checking past LTL formulas.
4
Gabbay’s separation theorem
A formula is
past (future) if it is (.U.)-free ((.S.)-free);
strictly future (past) if it has the form ◦ϕ (ªϕ) with a future (past) ϕ;
boolean combination of ϕ1, . . . , ϕn if it has the form
ϕ ::= ⊥ | ϕ1 | . . . | ϕn | ϕ ⇒ ϕ;
separated if it is a boolean combination of past and future formulas.
Exercise 2 Every future (past) formula is equivalent to a boolean combination
of propositional variables and strictly future (past) formulas.
Theorem 1 (Gabbay’s separation theorem) Every PLTL formula is equivalent
to a separated formula.
Remark 1 The theorem applies to models with unbounded past as well.
5
Proof of Gabbay’s separation theorem: lemmata
Lemma 1 The following equivalences are valid in PLTL:
(α ∧ βUγ) ⇔ (αUγ) ∧ (βUγ)
(α ∧ βSγ) ⇔ (αSγ) ∧ (βSγ)
(γUα ∨ β) ⇔ (γUα) ∨ (γUβ)
(γSα ∨ β) ⇔ (γSα) ∨ (γSβ)
Proof: Direct check. a
6
Proof of Gabbay’s separation theorem: Lemmata
Lemma 2 [key lemma] a, q, α and β be propositional variables. Then each of
the formulas
(qSa ∧ (αUβ))
(qSa ∧ ¬(αUβ))
(q ∨ (αUβ)Sa)
(q ∨ ¬(αUβ)Sa)
(q ∨ (αUβ)Sa ∧ (αUβ))
(q ∨ (αUβ)Sa ∧ ¬(αUβ))
(q ∨ ¬(αUβ)Sa ∧ (αUβ))
(q ∨ ¬(αUβ)Sa ∧ ¬(αUβ))
has an equivalent one in which (.U.) occurs only in the subformula (αUβ)which itself is not in the scope of a (.S.).
Corollary 1 Let α and β be purely propositional, and χ and θ be boolean
combinations of (αUβ) and past formulas. Then (θSχ) is equivalent to a
boolean combination of (αUβ) and past formulas.
Proof: Convert θ, χ to CNF, DNF, resp., apply Lemma 1, then Lemma 2. a
7
Proof the key lemma, (1): (qSa ∧ (αUβ))
(qSa ∧ (αUβ)) is equivalent to
[(qSa) ∧ (αSa) ∧ α ∧ (αUβ)]∨[β ∧ (αSa) ∧ (qSa)]∨(qSβ ∧ q ∧ (αSa) ∧ (qSa))
Proof: t0 |= (qSa ∧ (αUβ)) iff there exist t1 < t0 and t2 > t1 such that
t1 |= a, t2 |= β, t |= q for x ∈ (t1, t0), and t |= α for t ∈ (t1, t2). 3 possibilities:
t2 > t0 : a︸︷︷︸t1
, α ∧ q, . . . , α ∧ q, α︸︷︷︸t0
, α, . . . , α, β︸︷︷︸t2
(α ∧ qSa) ∧ α ∧ (αUβ)
t2 = t0 : a︸︷︷︸t1
, α ∧ q, . . . , α ∧ q, β︸︷︷︸t2=t0
β ∧ (α ∧ qSa)
t2 < t0 : a︸︷︷︸t1
, α ∧ q, . . . , α ∧ q, β ∧ q︸ ︷︷ ︸t2
, q . . . , q, .︸︷︷︸t0
(qSβ ∧ q ∧ (α ∧ qSa))
a8
Some more equivalences for the proof of the key lemma
|=PLTL ¬(αUβ) ⇔ 2¬β ∨ (¬βU¬β ∧ ¬α)
⇔ 2¬β ∨ (α ∧ ¬βU¬β ∧ ¬α)
|=PLTL ¬(αSβ) ⇔ ¯¬β ∨ (¬βS¬β ∧ ¬α)
⇔ ¯¬β ∨ (α ∧ ¬βS¬β ∧ ¬α)
9
Proof of the key lemma (2): (qSa ∧ ¬(αUβ))
|=PLTL (qSa ∧ ¬(αUβ)) ⇔ (qSa ∧2¬β)︸ ︷︷ ︸A
∨ (qSa ∧ (¬βU¬β ∧ ¬α))︸ ︷︷ ︸B
A direct check shows that |=PLTL A ⇔ (¬β ∧ qSa) ∧ ¬β ∧2¬β.
By the equivalence (1) about (qSa ∧ (XUY )),
|=PLTL B ⇔ [(qSa) ∧ (¬βSa) ∧ ¬β ∧ (¬βU¬β ∧ ¬α)]︸ ︷︷ ︸C
∨
[¬β ∧ ¬α ∧ (¬βSa) ∧ (qSa)]∨(qS¬β ∧ ¬α ∧ q ∧ (¬βSa) ∧ (qSa))
By distributivity, |= A ∨ C ⇔ (¬β ∧ qSa) ∧ ¬β ∧ (2¬β ∨ (¬βU¬β ∧ ¬α)),which is equivalent to (¬β ∧ qSa) ∧ ¬β ∧ ¬(αUβ). Hence
|=PLTL (qSa ∧ ¬(αUβ)) ⇔ [(q ∧ ¬βSa) ∧ ¬β ∧ ¬(αUβ)]∨[¬β ∧ ¬α ∧ (¬β ∧ qSa)]∨(qS¬β ∧ ¬α ∧ q ∧ (q ∧ ¬βSa))
10
Proof of the key lemma (3): (q ∨ (αUβ)Sa):
|=PLTL ¬(q ∨ (αUβ)Sa) ⇔ ¯¬a ∨ (¬aS¬a ∧ ¬q ∧ ¬(αUβ))︸ ︷︷ ︸F
and F is an instance of (QUA ∧ ¬(αUβ)), already considered as case (2).
(4): (q ∨ ¬(αUβ)Sa):
A direct chech shows that
(q ∨ ¬(αUβ)Sa) ⇔ (¬a ∧ [(¬a ∧ αS¬q ∧ ¬a) ⇒ ¬β]Sa)∧((¬a ∧ αS¬q ∧ ¬a) ⇒ ¬[β ∨ (α ∧ (αUβ))]).
11
Proof of the key lemma (5): (q ∨ (αUβ)Sa ∧ (αUβ)):
(q ∨ (αUβ)Sa ∧ (αUβ)) ⇔ (αSa) ∧ [β ∨ (α ∧ (αUβ))]∨ (β ∨ α ∨ ¬(¬βS¬q)Sβ ∧ (αSa))∧{[β ∨ (α ∧ (αUβ))] ∨ ¬(¬βS¬q)}
(6): (q ∨ (αUβ)Sa ∧ ¬(αUβ)):
(q ∨ (αUβ)Sa ∧ ¬(αUβ)) is equivalent to
[(q ∧ ¬βSa) ∧ ¬β ∧ ¬(α ∧ (αUβ))]∨(q ∨ (αUβ)S¬α ∧ ¬β ∧ (q ∨ (αUβ)) ∧ (q ∧ ¬βSa)).
which can be given the required form using the equivalences (3) and (5).
12
Proof of the key lemma (8): (q ∨ ¬(αUβ)Sa ∧ ¬(αUβ))
By |=PLTL ¬(ASB) ⇔ ¯¬B ∨ (A ∧ ¬BS¬B ∧ ¬A) we have
|=PLTL ¬(q ∨ ySa ∧ x) ⇔ ¯(¬a ∨ ¬x)∨(¬a ∨ ¬xS¬q ∧ ¬y ∧ ¬a)∨(¬a ∨ ¬xS¬q ∧ ¬y ∧ ¬x),
For x.= y
.= ¬(αUβ), we derive
|=PLTL (q ∨ ¬(αUβ)Sa ∧ ¬(αUβ)) ⇔ ¯(¬a ∨ (αUβ))∨(¬a ∨ (αUβ)S¬q ∧ (αUβ) ∧ ¬a)∨(¬a ∨ (αUβ)S¬q ∧ (αUβ)).
The middle disjunctive member of this formula can be excluded. The first
disjunctive member is, by definition, ¬(>Sa ∧ ¬(αUβ)) and can be given the
required form using case (2). The second can be handled using case (5).
13
Proof of the key lemma (7): (q ∨ ¬(αUβ)Sa ∧ (αUβ))
(q ∨ ¬(αUβ)Sa ∧ (αUβ)) ⇔(q ∨ ¬(αUβ)Sβ ∧ (q ∨ ¬(αUβ)) ∧ (α ∧ qSa))∨[(α ∧ qSa) ∧ β]∨[(α ∧ qSa) ∧ (αUβ)]
By distributivity, the first disjunctive member is equivalent to
(q ∨ ¬(αUβ)Sβ ∧ q ∧ (α ∧ qSa))∨(q ∨ ¬(αUβ)Sβ ∧ (α ∧ qSa)) ∧ ¬(αUβ)
and can be given the required form using cases (4) and (8).
14
Sources for the proof of the key lemma
This proof:
Dov Gabbay, Ian Hodkinson and Mark Reynolds, Temporal Logic:
Mathematical Foundations and Computational Aspects. Volume I, OUP,
1994
For another proof of the key lemma see:
E. Clarke and B.-H. Schlingloff, Model Checking, Chapter 24 of Handbook of
Automated Reasoning, A. Robinson and A. Voronkov (eds), Elsevier, 2001.
also available at:
http://www2.informatik.hu-berlin.de/~hs/Publikationen/
2000 Handbook-of-Automated-Reasoning Clarke-Schlingloff
Model-Checking.ps
15
Proof of Gabbay’s separation theorem: more lemmata
Lemma 3 Let α and β be purely propositional and the only (.U.)-subformula
of θ be (αUβ). Then θ is equivalent to a boolean combination of (αUβ) and
past formulas.
Proof: Induction on the nesting depth of the occurrences of (αUβ) in
(.S.)-subformulas of θ. a
Lemma 4 Let αi and βi be purely propositional, i = 1, . . . , n. Let the only
(.U.)-subformulas of θ be (α1Uβ1), . . . , (αnUβn). Then θ is equivalent to a
boolean combination of (α1Uβ1), . . . (αnUβn) and past formulas.
Proof: Induction on n. Apply the previous lemma to
θ′ [ui/(αiUβi) : i = 2, . . . , n]θ
to obtain a b. c. of (α1Uβ1) and past formulas containing u2, . . . , un. a
16
Gabbay’s separation theorem:
last lemma and proof of the theorem
Lemma 5 Formulas θ with no occurrences of (.S.) in the scope of (.U.) are
separable.
Proof: Obtain θ′ from θ by substituting (aiUbi) for the occurrences of
(αiUβi) which are not in the scope of (.U.) themselves. Separate θ′ first and
then replace ai, bi by αi, βi. aExchanging (.S.) and (.U.) preserves the validity of all the lemmata.
Proof: [ of the separation theorem] Induction on the alternating depth of
the nesting of (.U.) and (.S.) in the given formula ϕ. ϕ is either separated or
ϕ has subformulas ψ of the form (αUβ) ((αSβ)) where α and β are
past (future) and at least one of them has an occurrence of (.S.) (.U.).
In the latter case alternation depth can be decreased by replacing the ψs with
equivalent separated formulas. a17
Elimination of (.S.) in PLTL
Theorem 2 Let ϕ be a PLTL formula. Then there exists a future PLTLformula ψ such that for all models σ
σ, 0 |= ϕ ⇔ ψ.
Proof: Obtain ψ by replacing all the (.S.)-subformulas by ⊥ in a separated
equivalent of ϕ. a
18
Expressive completeness of PLTL
σ : ω → L can be viewed as a model for the monadic first order theory of the
linear order 〈ω,<〉 with a unary predicate symbols P for every p ∈ L:
P σ(n) ↔ p ∈ σ(n) for all n < ω.
A PLTL formula ϕ defines the unary predicate σ, n |= ϕ on n. This predicate
is definable in the first order theory via the standard translation ST:
ST(⊥) ⊥, ST(p) P (n), ST(ϕ ⇒ ψ) ST(ϕ) ⇒ ST(ψ)
ST((ϕUψ)) ∃k(n < k ∧ [k/n]ST(ψ) ∧ ∀i(n < i ∧ i < k ⇒ [i/n]ST(ϕ)))
ST((ϕSψ)) ∃k(k < n ∧ [k/n]ST(ψ) ∧ ∀i(k < i ∧ i < n ⇒ [i/n]ST(ϕ)))
where k and i do not occur ST(ϕ), ST(ψ).
Q: Is every f.o.-defined unary predicate definable in PLTL too?
19
Expressive completeness of PLTL (Hans Kamp, 1968)
Theorem 3 Every f.o. definable unary predicate is definable in PLTL.
Definition 1 A temporal connective # of arity k is f.o. definable, if there is a
f.o. formula α# with just one free variable t and possibly having occurrences of
P1, . . . , Pk such that
σ, n |= #p1 . . . pk ↔ 〈ω, <〉, λi.(σ, i |= p1), . . . , λi.(σ, i |= pk), n |= α#.
ST can be defined for such connectives # in the obvious way.
Corollary 2 All f.o.-definable connectives can be regarded as derived in PLTLwith (.S.) and (.U.) as the basic connectives.
Proof: Since α#(n, P1, . . . , Pk) is equivalent to some temporal formula ϕ[α#]written with (.S.) and (.U.) using p1, . . . , pk, we can define # by the clause
#(p1, . . . , pk) ϕ[α#]. a
20
Expressive completeness of PLTL: proof
predicate formula α(t) → temporal formula ϕ[α] s.t.
σ, i |= ϕ[α] ↔ 〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), i |= α
Induction on the ∃-height d∃(α) of α.
ϕ[t < t] ⊥, ϕ[Pi(t)] pi, ϕ[α1 ⇒ α2] ϕ[α1] ⇒ ϕ[α2] (1)
Let α be ∃xβ. We can assume t 6∈ BV (β). Then, by the equivalences
β ⇔ Pi(t) ∧ [>/Pi(t)]β ∨ ¬Pi(t) ∧ [⊥/Pi(t)]β, i = 1, . . . , k,
β is equivalent to a∨i
δi ∧ βi where δi are ∃-free, x 6∈ FV (δi), d∃(βi) ≤ d∃(β),
and the only occurrences of t in βi have the forms t < y and y < t for some
y ∈ BV (βi) ∪ {x}. We only need to handle ∃xβi, because
|= ∃x(δi ∧ βi) ⇔ δi ∧ ∃xβi.
21
Expressive completeness of PLTL: Proof
∃xβ; t occurs in β only in y < t, t < y
We introduce fresh predicate symbols Rt<., R.<t. Let
β′ [Rt<.(y)/t < y, R.<t(y)/y < t]β
Then
〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), λn.(i < n), λn.(n < i), i |= ∃xβ ⇔ ∃xβ′
FV (β′) = {x} and d∃(β′) < d∃(α). By the induction hypothesis there exists a
temporal ϕ[β′] such that for σ′ : ω → P({p1, . . . , pk, rt<., r.<t})σ′, i |= ϕ[β′] iff
〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(rt<. ∈ σ′n), λn.(r.<t ∈ σ′n), i |= β′
We put ϕ[∃xβ′] 3−ϕ[β′] ∨ ϕ[β′] ∨3ϕ[β′]
22
Expressive completeness of PLTL: Proof
We have σ′, i |= ϕ[∃xβ′] iff
〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(rt<. ∈ σ′n), λn.(r.<t ∈ σ′n), i |= ∃xβ′
and
〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(i < n), λn.(n < i), i |= ∃xβ′ ⇔ ∃xβ.
Hence
〈ω, <〉, λn.(p1 ∈ σ′n), . . . , λn.(pk ∈ σ′n), λn.(i < n), λn.(n < i), i |= ∃xβ
is equivalent to
σ′, i |= ϕ[∃xβ′], (ϕ[∃xβ′] is 3−ϕ[β′] ∨ ϕ[β′] ∨3ϕ[β′])
provided that for all n we have rt<. ∈ σ′n ↔ i < n, r.<t ∈ σ′n ↔ n < i.
23
Expressive completeness of PLTL: Proof
The only remaining problem is that rt<., r.<t ∈ Var(ϕ[∃xβ′]).
ψ - a separated equivalent to ϕ[∃xβ′]
Let ψ′ is the result of applying the substitutions
[⊥/rt<.,⊥/r.<t] to the variables in ψ not in the scope of (.S.) and (.U.),
[⊥/rt<.,>/r.<t] to the (.S.)-subformulas of ψ
and
[>/rt<.,⊥/r.<t] to the (.U.)-subformulas of ψ, respectively.
If rt<. ∈ σ′n ↔ i < n and r.<t ∈ σ′n ↔ n < i for all n, then σ′, i |= ψ ⇔ ψ′.
Finally, σ′, i |= ψ′ iff σ, i |= ψ′, because rt<., r.<t 6∈ Var(ψ′). Hence
〈ω, <〉, λn.(p1 ∈ σn), . . . , λn.(pk ∈ σn), i |= ∃xβ iff σ, i |= ψ′
and we can define ϕ[∃xβ] as ψ′.
24
Interval temporal logic: a more expressive linear temporal
logic
PLTL is as expressive as the MFO theory of 〈ω, <〉.MSO theory of 〈ω, <〉 is decidable too. It is captured by
automata on infinite words
(ω-)regular expressions, whose general form is
⋃
i
Li ·Mωi .
where Li and Mi denote regular expressions and
Lω = {α0 · α1 · . . . · αn · . . . : αi ∈ L for all i < ω}.
Interval Temporal Logic (ITL, Moszkowski, 1985).
Two variants: finite or infinite intervals of time.
25
ITL on finite intervals
ϕ ::= ⊥ | p | ϕ ⇒ ϕ | ◦ϕ | (ϕ;ϕ) | ϕ∗.Models finite sequences σ ∈ (P(L))+.
|σ| - the length of σ minus 1. σ = σ0σ1 . . . σ|σ|.
σ 6|= ⊥σ |= p iff p ∈ σ0
σ |= ϕ ⇒ ψ iff σ 6|= ϕ or σ |= ψ
σ |= ◦ϕ iff |σ| > 0 and σ1 . . . σ|σ| |= ϕ
σ |= (ϕ;ψ) iff there exists an i ∈ {0, . . . , |σ|} such that
σ0 . . . σi |= ϕ and σi . . . σ|σ| |= ψ
σ |= ϕ∗ iff either |σ| = 0 or there exists an n < ω
and a finite sequence 0 = i0 < . . . < in = |σ|such that σik−1 . . . σik
|= ϕ for k = 1, . . . , n.
26
Derived constructs in ITL
empty ¬ ◦ >skip ◦empty
3ϕ (>; ϕ)
2ϕ ¬3¬ϕ
ϕ+ (ϕ;ϕ∗)
27
Guarded normal form in ITL
Exercise 3 Prove that every ITL formula has an equivalent one of the form
ξ ∧ empty ∨∨
i
αi ∧ ◦ψi
where ξ and the αis have no occurrences of temporal operators and the αis
form a full system.
Fact 1 Given an arbitrary formula ϕ, there exists a finite set of formulas X
such that ϕ ∈ X and a system of purely propositional formulas ξψ, ψ ∈ X and
αψ,χ, ψ, χ ∈ X such that {αψ,χ : χ ∈ X} is a full system for each ψ ∈ X and
|=ITL ψ ⇔ ξχ ∧ empty ∨∨
χ∈X
αψ,χ ∧ ◦χ. (2)
28
Propositional quantification in ITL
σ |= ∃pϕ iff there exists a σ′ ∈ (P(L))|σ|+1 such that
σ′i \ {p} = σi \ {p} for all i = 0, . . . , |σ| and σ′ |= ϕ
Theorem 4 Propositional existential quantification is definable in ITL, that is,
every formula of the form ∃pϕ is equivalent to a quantifier-free formula.
29
Propositional quantifier elimination in ITL
We assume that ϕ is quantifier-free. Let X be as in Fact 1. Then for ψ ∈ X
|=ITL ∃pψ ⇔ ([⊥/p]ξχ∨[>/p]ξχ)∧empty∨∨
χ∈X
([⊥/p]αψ,χ∨[>/p]αψ,χ)∧◦∃pχ.
This is equivalent to
∃pψ ⇔ ηχ ∧ empty ∨∨
χ∈X
(βψ,χ ∧ skip; ∃pχ).
which is a system of equations wrt the unknowns ∃pχ.
σ |= βψ,χ ∧ skip does not depend on σ|σ|.
If δ1, δ2 have this property, then so do δ1 ∨ δ2, (δ1; δ2) and δ∗1 .
30
Propositional quantifier elimination in ITL
Assume a system of equations
∃pψ ⇔ γχ ∨∨
χ∈X
(δψ,χ; ∃pχ). (3)
where δψ,χ are s.t. σ |= δψ,χ does not depend on σ|σ|.
Then we can solve the system wrt any chosen ∃pψ:
∃pψ ⇔ (δ∗ψ,ψ; γχ) ∨∨
χ∈X\{ψ}(δ∗ψ,ψ; (δψ,χ; ∃pχ)).
Substituting this formula for ∃pψ elsewhere in the system and using that
|=ITL (α;β1 ∨ β2) ⇔ (α; β)1 ∨ (α;β)2,
we obtain system of the same form with fewer equations. Finally we reach a
defining formula for ∃pϕ.
Note that ¬ and ∧ occur only in the purely propositional subformulas of the
quantifier-free formula for ∃pϕ. The price for this is the heavy use of (.)∗.
31
Infinite intervals
The clauses for |=ITL on infinite intervals differs only for (.; .) and (.)∗:
σ |= (ϕ; ψ) iff either σ |= ϕ or
there exists an i < ω such that
σ0 . . . σi |= ϕ and σi . . . |= ψ
σ |= ϕ∗ iff there exists a finite sequence 0 = i0 < . . . < in
s. t. σik−1 . . . σik|= ϕ for k = 1, . . . , n, and σin . . . |= ϕ
The definition for (ϕ; ψ) allows the class of the infinite intervals to be defined
by the constant
inf (>;⊥).
32
The End
33