temporal logic - sematics and tableaux part 2 - cs402

Temporal Logic - Sematics and Tableaux Part 2CS402, Spring 2018

Shin Yoo

Shin Yoo Temporal Logic - Sematics and Tableaux Part 2

Distributivity

�©(p ∧ q)↔ (©p ∧©q)

�©(p ∨ q)↔ (©p ∨©q)

� �(p ∧ q)↔ (�p ∧�q)

� (�p ∨�q)→ �(p ∨ q)

� ♦(p ∨ q)↔ (♦p ∨ ♦q)

� ♦(p ∧ q)→ (♦p ∧ ♦q)

�©(p → q)↔ (©p →©q)

� �(p → q)→ (�p → �q)

� (♦p → ♦q)→ ♦(p → q)


Commutativity

� �© p ↔©�p

� ♦© p ↔©♦p

� ♦�p → �♦p

�♦p: infinitely often.

¬p ¬p p ¬p ¬p p

♦�p: for all but a finite number of states

¬p ¬p ¬p p p p

Theorem 1

� (♦�p ∧�♦q)→ �♦(p ∧ q)

Once p becomes true, it will be true in the infinite number ofstates in which q is true.


Collapsing

In a formula without the © operator, no more than two temporaloperators need appear in a sequence. A sequence of identicaloperators � or ♦ is equivalent to a single occurrence and asequence of three non-identical operators collapses to a pair ofoperators:

� ��p ↔ �p

� ♦♦p ↔ ♦p

� �♦�p ↔ ♦�p

� ♦�♦p ↔ �♦p


Semantic Tableaux

There are two complications in the construction of semantictableaux for LTL.

In propositional logic, one needs to find a single assignment toeach atomic proposition; in LTL, there are many differentassignments to one atomic propositions, i.e. one per eachstate. For example, if ©p is true in state s, it has to be truein state s ′ that follows s, but it can be either true or false in s.

Unlike existential quantifiers ∃, which was resolved bychoosing a fresh symbol from a countable set, future formulassuch as ♦p requires the graph of states to be analysed (i.e.whether such a state that fulfills the condition exists in thefuture, or not).


Semantic Tableaux

α α1 α2

�A A ©�A¬♦A ¬A ¬© ♦A

β β1 β2

♦A A ©♦A¬�A ¬A ¬©�A

X X1

©A A¬© A ¬A


Sematic Tableaux: X -rules

Consider A = (p ∨ q) ∧©(¬p ∧ ¬q). Once we apply the α- andβ-rules:

(p ∨ q) ∧©(¬p ∧ ¬q)

(p ∨ q), ©(¬p ∧ ¬q)

q,©(¬p ∧ ¬q)p,©(¬p ∧ ¬q)

In a model ρ for A, either νρ(p) = s0(p) = T , or νρ(q) = s0(q) = T , which areexpressed by the two leaves. These complete the information we can get aboutthe assignments in s0. These two nodes are marked with boxes to denote thefact that they define states .

The © also implies the next state, s1, which are generated by the X -rules.


Sematic Tableaux: X -rules

(p ∨ q) ∧©(¬p ∧ ¬q)

(p ∨ q), ©(¬p ∧ ¬q)

q,©(¬p ∧ ¬q)

¬p ∧ ¬q

¬p,¬q

p,©(¬p ∧ ¬q)

¬p ∧ ¬q

¬p,¬q

Note that literals in the nodes representing s0 are not copied; theseare not relevant to what happens in s1.


Semantic Tableaux: X -rules

We have two open branches: p,©(¬p ∧ ¬q) . . . ¬p,¬q and

q,©(¬p ∧ ¬q) . . . ¬p,¬q . Therefore, we can conclude that any

model for A must be consistent with one of the following graphs:

p ¬p,¬q q ¬p,¬q

However, these are not interpretations. First, it is not total asthere is no transition from s1. This can be fixed by:

p ¬p,¬q q ¬p,¬q

More importantly, s0 does not assign truth values to all atopicpropositions. However these structures are Hintikka structures,which can be extended to interpretations by specifying the valuesof all atoms in each state.


Future Formulas and Hintikka Structures

Consider A = ¬(�(p ∧ q)→ �p), which is the negation of a validformula. Here is the semantic tableau, where ¬� is replaced with♦¬ for clarity:

¬(�(p ∧ q)→ �p)

�(p ∧ q),♦¬p

p ∧ q,©�(p ∧ q),♦¬p

p, q,©�(p ∧ q),♦¬p

p, q,©�(p ∧ q),©♦¬pp, q,©�(p ∧ q),¬p(×)

The left branch closes; the right branch creates a state, s0, in whichboth p and q need to be true. When X -rules are applied to thisnode, we create a new node labelled by {�(p ∧ q),♦¬p}, whichhas occurred previously! Hence the generation will not terminate.


Fulfillment

But this is wrong! A is unsatisfiable, and the tableau should close!This structure is a Hintikka structure (no node contains clashingliterals and for every α-, β- and X -formula, the Hintikka conditionshold). However, the structure cannot be extended to model for A,since the future subformula ♦¬p is not fulfilled; that is, thestructure promises to eventually produce a state in which ¬p istrue but defers forever the creation of such a state.

Steps forward

1 Formalise the construction of the tableaux

2 Show how Hintikka structures are defined by open tableaux

3 Extract linear structures which can be extended intointerpretations

4 Show how to determine fulfillment of future formulas


Construction of Semantic Tableaux

Definition 1 (13.35 State Node)

A state node in a tableau is a node l such that its label U(l)contains only literals and next formulas, and there are nocomplementary pairs of literals in U(l).


Construction of Semantic Tableaux

Input: An LTL formula AOutput: A semantic tableau T for A(1) while there exists an unmarked leaf l(2) if {p,¬p} ⊆ U(l) then mark l ×(3) if U(l) is a non-complementary set of lits then mark l �(4) if U(l) is not a set of literals and Aα ∈ U(l)(5) Create l ′ to be the child node of l(6) U(l ′)← (U(l)− {Aα})

⋃{α1, α2}

(7) if U(l) is not a set of literals and Aβ ∈ U(l)(8) Create l ′ and l ′′ to be the child nodes of l(9) U(l ′)← (U(l)− {Aβ})

⋃{β1}

(10) U(l ′′)← (U(l)− {Aβ})⋃{β2}

(11) if l is a state node with at least one ©(12) For set of next formulas {©A1, . . . ,©Am,¬© Am+1, . . . ,¬© An}(13) Create a new node l ′

(14) U(l ′)← {A1, . . . ,Am,¬Am+1, . . . ,¬An}(15) if ∃ l ′′ (U(l ′) = U(l ′′)) then Delete l ′ and connect l to l ′′

(16) else Put l ′ under l


Open and Closed Tableaux

Definition 2 (13.37 Open and Closed Tableaux)

A tableau whose construction has terminated is a completedtableau. A completed tableau is closed if all leaves are markedclosed and there are no cycles. Otherwise, it is open.

Example 1 (Tableau with no leaves)

l0 : �♦p

l1 : ♦p,©�♦p

l3 : ©♦p,©�♦p

l5 : ♦p,�♦p

l7 : ♦p,©�♦p

To l3To l2

l2 : p,©�♦p

l4 : �♦p

l6 : ♦p,©�♦p

To l3To l2


From Tableaux to Hintikka Structures

We define a new structure H : we begin by defining its states andtransitions.

Definition 3 (13.39 States)

A structure H for a formula A in LTL is a pair (S , ρ), whereS = {s1, . . . , sn} is a set of states each of which is labeled by asubset of formulas built from the atomic propositions in A and ρ isa binary relation on states, ρ ⊆ S ×S .

Definition 4 (13.41Transitions)

A state path is a path (l0, l1, . . . , lk1, lk) through connected nodesin the tableau, such that l0 is a state node or the root of thetableau, lk is a state node, and none of {l1, . . . , lk1} are statenodes. It is possible that l0 = lk so that the set {l1, . . . , lk1} isempty.


From Tableaux to Hintikka Structures

Now let us present the whole definition of H .

Definition 5 (13.42)

Let T be an open tableau for an LTL formula A. The structureH constructed from T is:

S is the set of state nodes (i.e. boxed tableau nodes)

Let s ∈ S . Then s = l for some node l in T . Letφi = (l i0, l

i1, . . . , l

iki

= l) be a state path, terminating in the

node l . Also let U i = U(l i1)⋃. . .

⋃U(l iki ), or

U i = U(l i0)⋃. . .

⋃U(l iki ) if l i0 is the tableau root. Label s

with the set of formulas Ui =⋃

i Ui , where the union is taken

over all i such that φi is a state path terminating in l = s.

s ′ ∈ ρ(s) iff there is a state path from s to s ′.


Optimised Tableau Construction

Based on the knowledge of the construction of structures, we canoptimise the tableau construction algorithm a little bit. Whencreating a cyclic connection, it is now possible to connect from anynodes (instead of state nodes), provided that this does not create acycle that does not contain any state node.

Example 2 (Tableau with optimised cycles)

l0 : �♦p

l1 : ♦p,©�♦p

l3 : ©♦p,©�♦p

To l1

l2 : p,©�♦p

To l0


Example Structure Construction

Example 3

l0 : �♦p

l1 : ♦p,©�♦p

l3 : ©♦p,©�♦p

To l1

l2 : p,©�♦p

To l0

s0 : p s1 :

Here, s0 = l2 and s1 = l3. Each state si is labelled only with thepositive literals in Ui .


Hintikka Structure


Let H = (S , ρ) be a structure for an LTL formula A. H is aHintikka structure for A iff A ∈ s0 and for all states si , thefollowing conditions hold for Ui , the set of formulas labeling si :

1 For all atomic propositions p ∈ A, either p /∈ Ui or ¬p /∈ Ui .

2 If α ∈ Ui , then α1 ∈ Ui and α2 ∈ Ui .

3 If β ∈ Ui , then β1 ∈ Ui or β2 ∈ Ui .

4 If X ∈ Ui , then for all sj ∈ ρ(si ), X1 ∈ Uj .


Linear fulfilling Hintikka Structures

Now we focus on deciding whether an interpretation for an LTLformula can be extracted from a Hintikka structure.


Let H be a Hintikka structure for an LTL formula A. H is a linearHintikka structure iff ρ is a total function, that is, if for each sithere is exactly one sj ∈ ρ(si ).

Lemma 1 (13.48)

Let H be a Hintikka structure for an LTL formula A and let H ’be an infinite path through H . Then H ’ is a linear Hintikkastructure.

Proof.

Clearly, H ’ is a linear structure. Conditions (1,2,3) of Definition 13.45 hold becausethey already held in H . Let s be an arbitrary state and let U be the label of s. If anext formula ©A′ occurs in U, then by condition (4) of Definition 13.45, A′ occurs inall states of ρ(s), in particular, for the one chosen in the construction of H ’.


Linear Fulfillment


Let H = (S , ρ) be a Hintikka structure. H is fulfilling iff thefollowing condition holds for all future formulas ♦A:

∀s ∈ S ,♦A ∈ Us → ∃s ′ ∈ ρ∗(s)(A ∈ Us′)

where ρ∗ is the transitive, reflexive closure of ρ. The state s ′ issaid to fulfill ♦A.

Theorem 2 (Hintikka’s Lemma for LTL)

Let H = (S , ρ) be a linear fulfilling Hintikka structure for anLTL formula A. Then A is satisfiable.


Linear Fulfillment

Proof.

An LTL interpretation is a path consisting of states labeled with atomicpropositions. The path is defined simply by taking the linear Hintikka structureand restricting the labels to atomic propositions. There is thus a naturalmapping between states of the interpretation and states of the Hintikkastructure, so for the propositional operators and next formulas, we can use theconditions on the structure to prove that A is satisfiable using structuralinduction.

For future formulas, the satisfiability follows from the assumption that theHintikka structure is fulfilling.

Consider now a formula of the form �A ∈ Usi . We must show thatνρj (A) = T for all j ≥ i . We generalize this for the inductive proof and showthat νρj (A) = T and νρj (©�A) = T for all j ≥ i . The base case is j = i . But�A ∈ Usi , so by Hintikka condition (2) A ∈ Usi and ©�A ∈ Usi . Let k ≥ i andassume the inductive hypothesis that νρk (A) = T and ©�A ∈ Usk . ByHintikka condition (4), �A ∈ Usk+1 , so using Hintikka condition (2) again,νρk+1 (A) = T and ©�A ∈ Usk+1 .


Exercise

Draw the semantic tableau T forA = �(♦(p ∧ q) ∧ ♦(¬p ∧ q) ∧ ♦(p ∧ ¬q)). Construct H for T .


temporal logic - sematics and tableaux part 2 - cs402

Documents