Lecture Slides for MAT-60556 PART V: Temporal logic, with - PowerPoint PPT Presentation

Lecture Slides for MAT-60556 PART V: Temporal logic, with applications to program verification (and other sciences!) Henri Hansen October 10, 2013 1

Modal logics • We have seen first order logic as an extension of propositional logic, to make it more expressive • However, Herbrand theorem essentiall says that FOL is reducible to propositional logic, albeit in an infi- nite manner • Another way to increase expressiveness is through modalities , i.e., operators that need richer models than merely valuations of propositions 2

Temporal Logic • Temporal logic is a modal logic intended as a formal system for reasoning about “time”. • More accurately, the reasoning is about sequences of events or propositions, not real-time • We focus here on propositional temporal logic • We can think of temporal logics talking about things that can be expressed in propositional logic, but where propositions change their truth values over time 3

Temporal Logic (contd.) • Consider the following statements: – After the administration of sodium cyanide, cel- lular respiration halts – The output line maintains its value until the set-line is asserted. Afterwards they are com- plemented – The operating system never deadlocks • we use temporal modalities to express temporal ar- rangements such as those mentioned above 4

Syntax and Semantics (part I) • Propositional temporal logic (PTL) is defined with the syntax of propositional logic, with the addition of the following two operators – � , which means “always” – ⋄ , which means “eventually” • � p is true if p holds now and will never become false, and ⋄ p is true if p is true at any point in time in the future 5

Interpretation of PTL formulas • Interpretations of PTL formulas could be given over many different structures, but we restrict here to state-transition diagrams • An Interpretation for a formula A is a pair, ( I , ρ ) where I = { s 1 , . . . , s n } is a set of states, each of which is an assignment to truth values of the propo- sitions in A , i.e., s i : P → { T, F } and ρ is a binary relation ρ ⊆ S × S • we define ρ ( s ) = { s ′ | ( s, s ′ ) ∈ ρ } 6

Interpretation of PTL formulas (contd.) • Given an interpretation ( I , ρ ) and a state s , the truth value of a PTL formula A in a state s is de- fined as follows – If A is p ∈ P , then ν ( A, s ) = s ( p ) – If A is ¬ A ′ then ν ( A, s ) = T iff ν ( A ′ , s ) = F (etc, just like in propositional logic) – If A is � A ′ , then ν ( A, s ) = T iff ν ( A ′ , s ′ ) = T for all s ′ ∈ ρ ( s ) – If A is ⋄ A ′ , then ν ( A, s ) = T iff ν ( A ′ , s ′ ) = T for some s ′ ∈ ρ ( s ) 7

Satisfiability and validity • A PTL formula A is satisfiable iff there is an inter- pretation ( I , ρ ) such that for some state s , s | = A . • The formula is valid iff it is true in all states of all interpretations • Theorem (duality) � A ⇔ ¬ ⋄ ¬ A • Theorem: � ( p → q ) ⇒ � p → � q 8

Models of time • An interpretation ( I , ρ ) is said to be – Reflexive , iff for all s ∈ I , s ∈ ρ ( s ) – Transitive , iff s 2 ∈ ρ ( s 1 ) ∧ s 3 ∈ ρ ( s 2 ) imples s 3 ∈ ρ ( s 1 ) – Linear , iff for every s ∈ I , there is at most one s ′ such that s ′ = ρ ( s ) • Linearity may seem a strange property, but it will become clear when we talk of LTL 9

Linear Temporal Logic • Linear temporal logic (LTL) is PTL (possibly etended with some operators) whose interpretations are lim- ited to transition functions that are reflexive, tran- sitive and linear • The interpretations of LTL can be represented as paths ρ = s 0 s 1 · · · , where s i : P → { T, F } , we write σ i = s i s i +1 · · · • Truth value is defined similarly: 10

– For propositional formula A , ν ( A, σ ) = T iff s 0 | = A – If A is � A ′ then ν ( A, σ ) = T iff ν ( A, σ i ) = T for i ≥ 0 – If A is ◦ A ′ , then ν ( A, σ ) = T iff ν ( A, σ 1 ) = T , etc. • if ν ( A, σ ) = T we also write σ | = A .

Side note: Models of modal logics • A canonical model for temporal logics and also for epistemic logic ∗ is a Kripke structure • A general Kripke structure is a tuple ( S, L, R 1 , . . . , R n ) where S is a set of states, L : S �→ 2 P and each R i ⊆ S × S are relations over states. • For temporal logics there is just one relation in the model, but for instance in multi agent epistemic logics, each agent has its own relation. ∗ see, e.g., Fagin, Halpern, Moses, Vardi: Reasoning about knowl- edge MIT Press, 1995 11

LTL (contd) • Even though semantics of LTL are given over paths, we can extend them to Kripke structures, so that M = ( S, L, R ) is a model for A at state s , written ( M, s ) | = A if all paths σ that start at s have σ | = A . • Validity and satisfiability are not sensitive to whether we think of models of formulas to be paths or Kripke structures, but it is possible that neither ( M, s ) | = A nor ( M, s ) | = ¬ A holds for a given Kripke structure, even if it is true that σ | = A or σ | = ¬ A does always hold. 12

Tableaux for LTL • We can construct tableaux just like with proposi- tional formulas, but we need new rules for temporal operators • � A is an α -formula, that results in A and ◦ � A : A must hold here, and � A must hold in the next state • ⋄ A is a β -formula, whose descendants are A and ◦ ⋄ A : A must hold here, or ⋄ A must hold in the next state 13

• ◦ A has a new rule, the X-rule , which says that A must hold in the next state, and ¬ ◦ A says that A must not hold in the next state.

Tableaux for LTL (contd) • When a node in a tableaux contains only literals or and X-formulas, then we say that the node is a state node • A state node has a given set of literals, but when we apply the X-rule, these literals are not copied; the application of the X-rule means that we are moving from one state to another • This breaks down the proof of completness and soundness that were proven using Hintikka sets ear- lier. 14

slide LTL Tableau algorithm for formula A • The root is labelled A . • At each iteration, choose a leaf that is not yet han- dled and do one of the following: 1. If it has a complementary pair of literals, mark it closed. If the node consists of only literals, but no complementary pairs, mark it open. 2. Apply α or β rules accordingly, if possible 3. If it is a state node, generate the successor: use the X-rule on all X formulas simultaneously and

remove all the other labels. If the resulting node is an existing state node, connect; otherwise cre- ate The tableau is closed if all leaves are closed and there are no cycles. Otherwise it is open.

Hintikka Structure • A tableau structure for a given LTL Formula A is like a Kripke structure, but its labels are sets of formulas built from the propositions of A • A state path is a path l 0 , . . . , l k through a tableau, such that l 0 is a state node (or the ruut) and l k is a state node, and none of l 1 , . . . , l k − 1 are state nodes. • A tableau structure built from a tableau is defined so that S is the set of state nodes of the tableau 15

• Each state s is labelled by the union of formulas that appear on non-state nodes of a state path leading to s • ( s, s ′ ) ∈ R iff there is a state path leading from s to s ′ in the tableau • we say that s ′ is reachable from s iff s ′ = s or there is some s ′′ such that ( s, s ′′ ) ∈ R and s ′ is reachable from s ′′ .

Hintikka Structure (contd.) • A tableau structure is a Hintikka structure for A iff A ∈ L ( s 0 ) and for all states s i the following hold: 1. For all propositions of A either p / ∈ L ( s i ) or ¬ p / ∈ L ( s i ) 2. If α ∈ L ( s i ) then α 1 ∈ L ( s i ) and α 2 ∈ L ( s i ) 3. If β ∈ L ( s i ) then β 1 ∈ L ( s i ) and β 2 ∈ L ( s i ) 4. If X ∈ L ( s i ) then for every s j such that ( s i , s j ) ∈ R , X 1 ∈ L ( s j ). 16

• Theorem: The Structure created from an open tableau is a Hintikka structure

Hintikka Structure (contd.) • A Hintikka structure ( S, L, R ) is linear iff for every s there exists exactly one s ′ such that ( s, s ′ ) ∈ R • Lemma: An infinite path through a Hintikka struc- ture of A is itself a linear Hintikka structure • A linear Hintikka structure is fulfilling iff for all fu- ture formulas ⋄ A and for all states s of the structure, if ⋄ A ∈ L ( s ) then A ∈ L ( s ′ ) for some state s ′ such that s ′ is reachable from s . • Theorem: If there exists a linear fulfilling Hintikka structure for A then A is satisfiable 17

Deduction in Temporal Logic • Valid propositional logic formulas and deducion rules remain valid for temporal logic • Additional valid formulas can be taken as axioms: 1. � ( A → B ) → ( � A → � B ) 2. ◦ ( A → B ) → ( ◦ A → ◦ B ) 3. � A → ( A ∧ ◦ A ∧ ◦ � A ) 4. � ( A → ◦ A ) → ( A → � A ) 18

5. ◦ A ↔ ¬ ◦ ¬ A • The rules of inference are the standard Modus Po- nens, and generalization: A ⇒ � A , again with the same caveat as in FOL: A must be valid and not part of the assumptions

Binary temporal operators • The unary temporal operators can be expressed with the help of one binary operator U . • A U B means that A must be true until B becomes true • A characterization of U is the following: A U B ↔ ( B ∨ ( A ∧ ◦ ( A U B ) ∧ ⋄ B )) 19