TEMPORAL LOGICS

VL Formal Models
Martina Seidl
SS 2022
Temporal Logic

 allows to relate properties at different time points

 “tomorrow the weather is nice”
 “reactor is not going to overheat”
 “central locking of a car opens immediately after a crash”
 “airbag only inflates if a car crash happens”
 “acknowledge (ack) has to be preceded by a request (req)”
 “if the elevator is called it will show up eventually”
 often used to specify properties of concurrent and reactive systems
 granularity of time steps has to be defined

1
Kripke Structures
 classical semantic model for temporal logic
 only states, no actions
 LTS with exactly one action (|Σ| = 1)
 additionally annotation of states with atomic propositions
 has its roots in modal logics

2
Kripke Structures
 classical semantic model for temporal logic
 only states, no actions
 LTS with exactly one action (|Σ| = 1)
 additionally annotation of states with atomic propositions
 has its roots in modal logics

Let A be the set of atomic propositions (boolean predicates).

Definition a Kripke structure K = (S , I, T, L) consists of the following components:

 set of states S
 initial states I ⊆ S with I , ∅
 a total transition relation T ⊆ S × S (T total iff ∀s ∈ S ∃t ∈ S : (s, t) ∈ T )
 labelling/marking/annotation L : S → P(A).

Labelling maps a state s on to the set of atomic propositions that hold in s

Note often S ⊆ Bn , A = {a1 , . . . , an }, and L((s1 , . . . , sn )) = {ai | si = 1}
2
Example of a Kripke Structure
Given two processes P and Q which share a resource R.

 If R is accessed by P, then property p is true.

 If R is accessed by Q, then property q is true.
The behavior of P and Q is modeled by this Kripke structure:

p, q̄ p̄, q̄ p̄, q

B A C

p, q

3
LTS as Kripke Structure

Definition the Kripke structure K = (S K , IK , T K , L) for a complete LTS L = (S L , IL , Σ, T L ) is

defined with the following components

A=Σ SK = SL × Σ IK = IL × Σ L : (s, a) 7→ a

((s, a), (s0 , a0 )) ∈ T K iff (s, a, s0 ) ∈ T L and a0 arbitrary

similar construction as the oracle automaton

Proposition Let L be an LTS and K be the Kripke structure of L. Then

a0 a1 an−1
s0 → s1 → · · · → sn is a path in L
iff
(s0 , a0 ) → (s1 , a1 ) · · · → (sn , an ) is a path in K

4
2-Bit Counter as Kripke Structure

a
D Q b
D Q
S = B2
I = B2
T = {((0, 0), (0, 1)),
we assume that circuits abstracted to netlists
((0, 1), (1, 0)), . . .}
do not have an initial state
a ∈ L(s) iff s ∈ {(0, 1), (1, 1)}
b ∈ L(s) iff s ∈ {(1, 0), (1, 1)}

5
2-Bit Counter as Kripke Structure

a
D Q b
D Q
S = B2
I = B2
T = {((0, 0), (0, 1)),
we assume that circuits abstracted to netlists
((0, 1), (1, 0)), . . .}
do not have an initial state
a ∈ L(s) iff s ∈ {(0, 1), (1, 1)}
00 01 10 11
b ∈ L(s) iff s ∈ {(1, 0), (1, 1)}

5
2-Bit Counter with Reset as Kripke Structure
b
D Q

a
D Q

S = B3
r I = B3

we assume that circuits abstracted to netlists

T = ...
do not have an initial state a ∈ L(s) iff s ∈ {(−, −, 1)}
b ∈ L(s) iff s ∈ {(−, 1, −)}
r ∈ L(s) iff s ∈ {(1, −, −)}

6
2-Bit Counter with Reset as Kripke Structure
b
D Q

a
D Q

S = B3
r I = B3

we assume that circuits abstracted to netlists

T = ...
do not have an initial state a ∈ L(s) iff s ∈ {(−, −, 1)}
b ∈ L(s) iff s ∈ {(−, 1, −)}
100 101 110 111
r ∈ L(s) iff s ∈ {(1, −, −)}

6
2-Bit Counter with Reset as Kripke Structure
b
D Q

a
D Q

S = B3
r I = B3

we assume that circuits abstracted to netlists

T = ...
do not have an initial state a ∈ L(s) iff s ∈ {(−, −, 1)}
b ∈ L(s) iff s ∈ {(−, 1, −)}
100 101 110 111
r ∈ L(s) iff s ∈ {(1, −, −)}

000 001 010 011

6
2-Bit Counter with Reset as Kripke Structure
b
D Q

a
D Q

S = B3
r I = B3

we assume that circuits abstracted to netlists

T = ...
do not have an initial state a ∈ L(s) iff s ∈ {(−, −, 1)}
b ∈ L(s) iff s ∈ {(−, 1, −)}
100 101 110 111
r ∈ L(s) iff s ∈ {(1, −, −)}

000 001 010 011

6
2-Bit Counter with Reset as Kripke Structure
b
D Q

a
D Q

S = B3
r I = B3

we assume that circuits abstracted to netlists

T = ...
do not have an initial state a ∈ L(s) iff s ∈ {(−, −, 1)}
b ∈ L(s) iff s ∈ {(−, 1, −)}
100 101 110 111
r ∈ L(s) iff s ∈ {(1, −, −)}

000 001 010 011

6
Finite and Infinite Traces
Let K = (S , I, T, L) be a Kripke structure.
Definition A Trace π of K is a finite or infinite sequence of states

π = (s0 , s1 , . . .)

such that for each pair (si , si+1 ) in π there is (si , si+1 ) ∈ T . Therefore there exists a path in K with

s0 → s1 → s2 → . . .

7
Finite and Infinite Traces
Let K = (S , I, T, L) be a Kripke structure.
Definition A Trace π of K is a finite or infinite sequence of states

π = (s0 , s1 , . . .)

such that for each pair (si , si+1 ) in π there is (si , si+1 ) ∈ T . Therefore there exists a path in K with

s0 → s1 → s2 → . . .

 |π| is the length of π, e.g. |π| = 2 for π = (s0 , s1 , s2 ), and |π| = ∞ for infinite traces.
 π(i) is the i’th state si of π for i ≤ |π|
 πi = (si , si+1 , . . .) denotes the suffix of π starting with the i’th state si for i ≤ |π|
Note: if |π| = ∞ then |πi | = ∞ for all i ∈ N
 inifinite repititions are indicated by ω, e.g., for (a, b, c, a, b, c, a, b, c, . . .) we write (a, b, c)ω

7
Linear Temporal Logic (LTL): Syntax
LTL extends propositional logic by temporal operators next X, globally G, finally F, until U.
Definition Let A be a set of propositional variables. Then

 every propositional formula over A is an LTL formula;

 if f is an LTL formula, then X f is an LTL formula;
 if f is an LTL formula, then G f is an LTL formula;
 if f is an LTL formula, then F f is an LTL formula;
 if f, g are LTL formulas, then f U g is an LTL formula.

8
Linear Temporal Logic (LTL): Syntax
LTL extends propositional logic by temporal operators next X, globally G, finally F, until U.
Definition Let A be a set of propositional variables. Then

 every propositional formula over A is an LTL formula;

 if f is an LTL formula, then X f is an LTL formula;
 if f is an LTL formula, then G f is an LTL formula;
 if f is an LTL formula, then F f is an LTL formula;
 if f, g are LTL formulas, then f U g is an LTL formula.

Examples (referring to previous example on processes)

 G¬(p ∧ q) Processes P and Q never access R at the same time

 (GFp) ∧ (GFq) Processes P and Q can infinitely often access R
 G(p → ¬Xp) Once process P has R, it cannot have it immediately after

8
Linear Temporal Logic (LTL): Semantics

Definition LTL semantics defined recursively along infinite paths π in K :

π |= p iff p ∈ L(π(0))
π |= ¬g iff π 6|= g
π |= g ∧ h iff π |= g and π |= h
π |= Xg iff π1 |= g
π |= Fg iff πi |= g for at least one i
π |= Gg iff πi |= g for all i
π |= g U h iff exists i with πi |= h and π j |= g for all j < i

Definition K |= f iff π |= f for all infinite paths π in K with π(0) ∈ I