Linear temporal logic

Last updated October 16, 2024

In logic, linear temporal logic or linear-time temporal logic^[1]^[2] (LTL) is a modal temporal logic with modalities referring to time. In LTL, one can encode formulae about the future of paths, e.g., a condition will eventually be true, a condition will be true until another fact becomes true, etc. It is a fragment of the more complex CTL*, which additionally allows branching time and quantifiers. LTL is sometimes called propositional temporal logic, abbreviated PTL.^[3] In terms of expressive power, linear temporal logic (LTL) is a fragment of first-order logic.^[4]^[5]

Syntax

LTL is built up from a finite set of propositional variables AP, the logical operators ¬ and ∨, and the temporal modal operators X (some literature uses O or N) and U. Formally, the set of LTL formulas over AP is inductively defined as follows:

if $p \in AP$ then p is an LTL formula;
if $ψ$ and $φ$ are LTL formulas then $\neg ψ, φ \lor ψ, X ψ$ , and $φ U ψ$ are LTL formulas.^[7]

X is read as next and U is read as until. Other than these fundamental operators, there are additional logical and temporal operators defined in terms of the fundamental operators, in order to write LTL formulas succinctly. The additional logical operators are ∧, →, ↔, true, and false. Following are the additional temporal operators.

G for always (globally)
F for finally
R for release
W for weak until
M for mighty release

Semantics

An LTL formula can be satisfied by an infinite sequence of truth valuations of variables in AP. These sequences can be viewed as a word on a path of a Kripke structure (an ω-word over alphabet 2^AP). Let w = a₀,a₁,a₂,... be such an ω-word. Let w(i) = a_i. Let wⁱ = a_i,a_i+1,..., which is a suffix of w. Formally, the satisfaction relation ⊨ between a word and an LTL formula is defined as follows:

w ⊨ p if p ∈ w(0)
w ⊨ ¬ψ if w ⊭ ψ
w ⊨ φ ∨ ψ if w ⊨ φ or w ⊨ ψ
$w ⊨ X ψ$ if w¹ ⊨ ψ (in the next time step ψ must be true)
$w ⊨ φ U ψ$ if there exists i ≥ 0 such that wⁱ ⊨ ψ and for all 0 ≤ k < i, w^k ⊨ φ (φ must remain true until ψ becomes true)

We say an ω-word w satisfies an LTL formula ψ when w ⊨ ψ. The ω-language L(ψ) defined by ψ is {w | w ⊨ ψ}, which is the set of ω-words that satisfy ψ. A formula ψ is satisfiable if there exist an ω-word w such that w ⊨ ψ. A formula ψ is valid if for each ω-word w over alphabet 2^AP, we have w ⊨ ψ.

The additional logical operators are defined as follows:

φ ∧ ψ ≡ ¬(¬φ ∨ ¬ψ)
φ → ψ ≡ ¬φ ∨ ψ
φ ↔ ψ ≡ (φ → ψ) ∧ ( ψ → φ)
true ≡ p ∨ ¬p, where p ∈ AP
false ≡ ¬true

The additional temporal operators R, F, and G are defined as follows:

ψRφ ≡ ¬(¬ψU ¬φ) ( φ remains true until and including once ψ becomes true. If ψ never becomes true, φ must remain true forever. ψreleases φ.)
$F ψ \equiv true U ψ$ (eventually ψ becomes true)
Gψ ≡ falseRψ ≡ ¬F ¬ψ (ψ always remains true)

Weak until and strong release

Some authors also define a weak until binary operator, denoted W, with semantics similar to that of the until operator but the stop condition is not required to occur (similar to release).^[8] It is sometimes useful since both U and R can be defined in terms of the weak until:

$ψ W φ \equiv (ψ U φ) \lor G ψ \equiv ψ U (φ \lor G ψ) \equiv φ R (φ \lor ψ)$
$ψ U φ \equiv F φ \land (ψ W φ)$
$ψ R φ \equiv φ W (φ \land ψ)$

The strong release binary operator, denoted M, is the dual of weak until. It is defined similar to the until operator, so that the release condition has to hold at some point. Therefore, it is stronger than the release operator.

$ψ M φ \equiv \neg(\neg ψ W \neg φ) \equiv (ψ R φ) \land F ψ \equiv ψ R (φ \land F ψ) \equiv φ U (ψ \land φ)$

The semantics for the temporal operators are pictorially presented as follows.

Textual	Symbolic	Explanation
Unary operators:
Xφ	$\bigcirc \varphi$	neXt: φ has to hold at the next state.
Fφ	$\Diamond \varphi$	Finally: φ eventually has to hold (somewhere on the subsequent path).
Gφ	$\Box \varphi$	Globally: φ has to hold on the entire subsequent path.
Binary operators:
ψUφ	$\psi \;{\mathcal {U}}\,\varphi$	Until: ψ has to hold at least until φ becomes true, which must hold at the current or a future position.
ψRφ	$\psi \;{\mathcal {R}}\,\varphi$	Release: φ has to be true until and including the point where ψ first becomes true; if ψ never becomes true, φ must remain true forever.
ψWφ	$\psi \;{\mathcal {W}}\,\varphi$	Weak until: ψ has to hold at least until φ; if φ never becomes true, ψ must remain true forever.
ψMφ	$\psi \;{\mathcal {M}}\,\varphi$	Strong release: φ has to be true until and including the point where ψ first becomes true, which must hold at the current or a future position.

Equivalences

Let φ, ψ, and ρ be LTL formulas. The following tables list some of the useful equivalences that extend standard equivalences among the usual logical operators.

Distributivity
X (φ ∨ ψ) ≡ (X φ) ∨ (X ψ)	X (φ ∧ ψ) ≡ (X φ) ∧ (X ψ)	X (φ U ψ)≡ (X φ) U (X ψ)
F (φ ∨ ψ) ≡ (F φ) ∨ (F ψ)	G (φ ∧ ψ) ≡ (G φ) ∧ (G ψ)
ρ U (φ ∨ ψ) ≡ (ρ U φ) ∨ (ρ U ψ)	(φ ∧ ψ) U ρ ≡ (φ U ρ) ∧ (ψ U ρ)

Negation propagation
X is self-dual	F and G are dual	U and R are dual	W and M are dual
¬X φ ≡ X ¬φ	¬F φ ≡ G ¬φ	¬ (φ U ψ) ≡ (¬φ R ¬ψ)	¬ (φ W ψ) ≡ (¬φ M ¬ψ)
	¬G φ ≡ F ¬φ	¬ (φ R ψ) ≡ (¬φ U ¬ψ)	¬ (φ M ψ) ≡ (¬φ W ¬ψ)

Special temporal properties
F φ ≡ FF φ	G φ ≡ GG φ	φ U ψ ≡ φ U (φ U ψ)
φ U ψ ≡ ψ ∨ ( φ ∧ X(φ U ψ) )	φ W ψ ≡ ψ ∨ ( φ ∧ X(φ W ψ) )	φ R ψ ≡ ψ ∧ (φ ∨ X(φ R ψ) )
G φ ≡ φ ∧ X(G φ)	F φ ≡ φ ∨ X(F φ)

Negation normal form

All the formulas of LTL can be transformed into negation normal form, where

all negations appear only in front of the atomic propositions,
only other logical operators true, false, ∧, and ∨ can appear, and
only the temporal operators X, U, and R can appear.

Using the above equivalences for negation propagation, it is possible to derive the normal form. This normal form allows R, true, false, and ∧ to appear in the formula, which are not fundamental operators of LTL. Note that the transformation to the negation normal form does not blow up the length of the formula. This normal form is useful in translation from an LTL formula to a Büchi automaton.

Relations with other logics

LTL can be shown to be equivalent to the monadic first-order logic of order, FO[<]—a result known as Kamp's theorem —^[9] or equivalently to star-free languages.^[10]

Computation tree logic (CTL) and linear temporal logic (LTL) are both a subset of CTL*, but are incomparable. For example,

No formula in CTL can define the language that is defined by the LTL formula F(G p).
No formula in LTL can define the language that is defined by the CTL formulas AG( p → (EXq ∧ EX¬q) ) or AG(EF(p)).

Computational problems

Model checking and satisfiability against an LTL formula are PSPACE-complete problems. LTL synthesis and the problem of verification of games against an LTL winning condition is 2EXPTIME-complete.^[11]

Applications

Automata-theoretic linear temporal logic model checking: LTL formulas are commonly used to express constraints, specifications, or processes that a system should follow. The field of model checking aims to formally verify whether a system meets a given specification. In the case of automata-theoretic model checking, both the system of interest and a specification are expressed as separate finite-state machines, or automata, and then compared to evaluate whether the system is guaranteed to have the specified property. In computer science, this type of model checking is often used to verify that an algorithm is structured correctly.

To check LTL specifications on infinite system runs, a common technique is to obtain a Büchi automaton that is equivalent to the model (accepts an ω-word precisely if it is the model) and another one that is equivalent to the negation of the property (accepts an ω-word precisely it satisfies the negated property) (cf. Linear temporal logic to Büchi automaton). In this case, if there is an overlap in the set of ω-words accepted by the two automata, it implies that the model accepts some behaviors which violate the desired property. If there is no overlap, there are no property-violating behaviors which are accepted by the model. Formally, the intersection of the two non-deterministic Büchi automata is empty if and only if the model satisfies the specified property.^[12]

Expressing important properties in formal verification: There are two main types of properties that can be expressed using linear temporal logic: safety properties usually state that something bad never happens (G¬ϕ), while liveness properties state that something good keeps happening (GFψ or G(ϕ →Fψ)).^[13] For example, a safety property may require that an autonomous rover never drives over a cliff, or that a software product never allows a successful login with an incorrect password. A liveness property may require that the rover always continues to collect data samples, or that a software product repeatedly sends telemetry data.

More generally, safety properties are those for which every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample. For liveness properties, on the other hand, every finite path can be extended to an infinite path that satisfies the formula.

Specification language: One of the applications of linear temporal logic is the specification of preferences in the Planning Domain Definition Language for the purpose of preference-based planning.^{[ citation needed ]}

Extensions

Parametric linear temporal logic extends LTL with variables on the until-modality.^[14]

Related Research Articles

<span class="mw-page-title-main">Logical disjunction</span> Logical connective OR

In logic, disjunction, also known as logical disjunction or logical or or logical addition or inclusive disjunction, is a logical connective typically notated as $and read aloud as "or". For instance, the English language sentence "it is sunny or it is warm" can be represented in logic using the disjunctive formula, assuming that abbreviates "it is sunny" and abbreviates "it is warm".$

First-order logic—also called predicate logic, predicate calculus, quantificational logic—is a collection of formal systems used in mathematics, philosophy, linguistics, and computer science. First-order logic uses quantified variables over non-logical objects, and allows the use of sentences that contain variables. Rather than propositions such as "all men are mortal", in first-order logic one can have expressions in the form "for all x, if x is a man, then x is mortal"; where "for all x" is a quantifier, x is a variable, and "... is a man" and "... is mortal" are predicates. This distinguishes it from propositional logic, which does not use quantifiers or relations; in this sense, propositional logic is the foundation of first-order logic.

The propositional calculus is a branch of logic. It is also called (first-order) propositional logic, statement logic, sentential calculus, sentential logic, or sometimes zeroth-order logic. It deals with propositions and relations between propositions, including the construction of arguments based on them. Compound propositions are formed by connecting propositions by logical connectives representing the truth functions of conjunction, disjunction, implication, biconditional, and negation. Some sources include other connectives, as in the table below.

Intuitionistic logic, sometimes more generally called constructive logic, refers to systems of symbolic logic that differ from the systems used for classical logic by more closely mirroring the notion of constructive proof. In particular, systems of intuitionistic logic do not assume the law of the excluded middle and double negation elimination, which are fundamental inference rules in classical logic.

In logic, temporal logic is any system of rules and symbolism for representing, and reasoning about, propositions qualified in terms of time. It is sometimes also used to refer to tense logic, a modal logic-based system of temporal logic introduced by Arthur Prior in the late 1950s, with important contributions by Hans Kamp. It has been further developed by computer scientists, notably Amir Pnueli, and logicians.

Modal logic is a kind of logic used to represent statements about necessity and possibility. It plays a major role in philosophy and related fields as a tool for understanding concepts such as knowledge, obligation, and causation. For instance, in epistemic modal logic, the formula $can be used to represent the statement that is known. In deontic modal logic, that same formula can represent that is a moral obligation. Modal logic considers the inferences that modal statements give rise to. For instance, most epistemic modal logics treat the formula as a tautology, representing the principle that only true statements can count as knowledge. However, this formula is not a tautology in deontic modal logic, since what ought to be true can be false.$

In computer science and automata theory, a deterministic Büchi automaton is a theoretical machine which either accepts or rejects infinite inputs. Such a machine has a set of states and a transition function, which determines which state the machine should move to from its current state when it reads the next input character. Some states are accepting states and one state is the start state. The machine accepts an input if and only if it will pass through an accepting state infinitely many times as it reads the input.

Property Specification Language (PSL) is a temporal logic extending linear temporal logic with a range of operators for both ease of expression and enhancement of expressive power. PSL makes an extensive use of regular expressions and syntactic sugaring. It is widely used in the hardware design and verification industry, where formal verification tools and/or logic simulation tools are used to prove or refute that a given PSL formula holds on a given design.

Computation tree logic (CTL) is a branching-time logic, meaning that its model of time is a tree-like structure in which the future is not determined; there are different paths in the future, any one of which might be an actual path that is realized. It is used in formal verification of software or hardware artifacts, typically by software applications known as model checkers, which determine if a given artifact possesses safety or liveness properties. For example, CTL can specify that when some initial condition is satisfied, then all possible executions of a program avoid some undesirable condition. In this example, the safety property could be verified by a model checker that explores all possible transitions out of program states satisfying the initial condition and ensures that all such executions satisfy the property. Computation tree logic belongs to a class of temporal logics that includes linear temporal logic (LTL). Although there are properties expressible only in CTL and properties expressible only in LTL, all properties expressible in either logic can also be expressed in CTL*.

In theoretical computer science, the modal μ-calculus is an extension of propositional modal logic by adding the least fixed point operator μ and the greatest fixed point operator ν, thus a fixed-point logic.

CTL* is a superset of computational tree logic (CTL) and linear temporal logic (LTL). It freely combines path quantifiers and temporal operators. Like CTL, CTL* is a branching-time logic. The formal semantics of CTL* formulae are defined with respect to a given Kripke structure.

In automata theory, a semi-deterministic Büchi automaton is a special type of Büchi automaton. In such an automaton, the set of states can be partitioned into two subsets: one subset forms a deterministic automaton and also contains all the accepting states.

In automata theory, a generalized Büchi automaton is a variant of a Büchi automaton. The difference with the Büchi automaton is the accepting condition, which is determined by a set of sets of states. A run is accepted by the automaton if it visits at least one state of every set of the accepting condition infinitely often. Generalized Büchi automata are equivalent in expressive power to Büchi automata; a transformation is given here.

In formal verification, finite state model checking needs to find a Büchi automaton (BA) equivalent to a given linear temporal logic (LTL) formula, i.e., such that the LTL formula and the BA recognize the same ω-language. There are algorithms that translate an LTL formula to a BA. This transformation is normally done in two steps. The first step produces a generalized Büchi automaton (GBA) from a LTL formula. The second step translates this GBA into a BA, which involves a relatively easy construction. Since LTL is strictly less expressive than BA, the reverse construction is not always possible.

Metric temporal logic (MTL) is a special case of temporal logic. It is an extension of temporal logic in which temporal operators are replaced by time-constrained versions like until, next, since and previous operators. It is a linear-time logic that assumes both the interleaving and fictitious-clock abstractions. It is defined over a point-based weakly-monotonic integer-time semantics.

In model checking, the Metric Interval Temporal Logic (MITL) is a fragment of Metric Temporal Logic (MTL). This fragment is often preferred to MTL because some problems that are undecidable for MTL become decidable for MITL.

In model checking, a field of computer science, timed propositional temporal logic (TPTL) is an extension of propositional linear temporal logic (LTL) in which variables are introduced to measure times between two events. For example, while LTL allows to state that each event p is eventually followed by an event q, TPTL furthermore allows to give a time limit for q to occur.

In model checking, a branch of computer science, linear time properties are used to describe requirements of a model of a computer system. Example properties include "the vending machine does not dispense a drink until money has been entered" or "the computer program eventually terminates". Fairness properties can be used to rule out unrealistic paths of a model. For instance, in a model of two traffic lights, the liveness property "both traffic lights are green infinitely often" may only be true under the unconditional fairness constraint "each traffic light changes colour infinitely often".

<i>Principles of Model Checking</i> Computer science textbook

Principles of Model Checking is a textbook on model checking, an area of computer science that automates the problem of determining if a machine meets specification requirements. It was written by Christel Baier and Joost-Pieter Katoen, and published in 2008 by MIT Press.

References

↑ Logic in Computer Science: Modelling and Reasoning about Systems: page 175
↑ "Linear-time Temporal Logic". Archived from the original on 2017-04-30. Retrieved 2012-03-19.
↑ Dov M. Gabbay; A. Kurucz; F. Wolter; M. Zakharyaschev (2003). Many-dimensional modal logics: theory and applications. Elsevier. p. 46. ISBN 978-0-444-50826-3.
↑ Diekert, Volker. "First-order Definable Languages" (PDF). University of Stuttgart.
↑ Kamp, Hans (1968). Tense Logic and the Theory of Linear Order (PhD). University of California Los Angeles.
↑ Amir Pnueli, The temporal logic of programs. Proceedings of the 18th Annual Symposium on Foundations of Computer Science (FOCS), 1977, 46–57. doi : 10.1109/SFCS.1977.32
↑ Sec. 5.1 of Christel Baier and Joost-Pieter Katoen, Principles of Model Checking , MIT Press "Principles of Model Checking - the MIT Press". Archived from the original on 2010-12-04. Retrieved 2011-05-17.
↑ Sec. 5.1.5 "Weak Until, Release, and Positive Normal Form" of Principles of Model Checking.
↑ Abramsky, Samson; Gavoille, Cyril; Kirchner, Claude; Spirakis, Paul (2010-06-30). Automata, Languages and Programming: 37th International Colloquium, ICALP ... - Google Books. ISBN 9783642141614 . Retrieved 2014-07-30.
↑ Moshe Y. Vardi (2008). "From Church and Prior to PSL". In Orna Grumberg; Helmut Veith (eds.). 25 years of model checking: history, achievements, perspectives. Springer. ISBN 978-3-540-69849-4. preprint
↑ A. Pnueli and R. Rosner. "On the synthesis of a reactive module" In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages (POPL '89). Association for Computing Machinery, New York, NY, USA, 179–190. https://doi.org/10.1145/75277.75293
↑ Moshe Y. Vardi. An Automata-Theoretic Approach to Linear Temporal Logic. Proceedings of the 8th Banff Higher Order Workshop (Banff'94). Lecture Notes in Computer Science, vol. 1043, pp. 238–266, Springer-Verlag, 1996. ISBN 3-540-60915-6.
↑ Bowen Alpern, Fred B. Schneider, Defining Liveness, Information Processing Letters, Volume 21, Issue 4, 1985, Pages 181-185, ISSN 0020-0190, https://doi.org/10.1016/0020-0190(85)90056-0
↑ Chakraborty, Souymodip; Katoen, Joost-Pieter (2014). Diaz, Josep; Lanese, Ivan; Sangiorgi, Davide (eds.). "Parametric LTL on Markov Chains". Theoretical Computer Science . Lecture Notes in Computer Science. 7908. Springer Berlin Heidelberg: 207–221. arXiv: 1406.6683 . Bibcode:2014arXiv1406.6683C. doi:10.1007/978-3-662-44602-7_17. ISBN 978-3-662-44602-7. S2CID 12538495.

External links

A presentation of LTL
Linear-Time Temporal Logic and Büchi Automata
LTL Teaching slides of professor Alessandro Artale at the Free University of Bozen-Bolzano
LTL to Buchi translation algorithms a genealogy, from the website of Spot a library for model checking.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Logic in Computer Science: Modelling and Reasoning about Systems: page 175

[2] "Linear-time Temporal Logic". Archived from the original on 2017-04-30. Retrieved 2012-03-19.

[Gabbay2003-3] Dov M. Gabbay; A. Kurucz; F. Wolter; M. Zakharyaschev (2003). Many-dimensional modal logics: theory and applications. Elsevier. p. 46. ISBN 978-0-444-50826-3.

[4] Diekert, Volker. "First-order Definable Languages" (PDF). University of Stuttgart.

[5] Kamp, Hans (1968). Tense Logic and the Theory of Linear Order (PhD). University of California Los Angeles.

[6] Amir Pnueli, The temporal logic of programs. Proceedings of the 18th Annual Symposium on Foundations of Computer Science (FOCS), 1977, 46–57. doi : 10.1109/SFCS.1977.32

[7] Sec. 5.1 of Christel Baier and Joost-Pieter Katoen, Principles of Model Checking , MIT Press "Principles of Model Checking - the MIT Press". Archived from the original on 2010-12-04. Retrieved 2011-05-17.

[8] Sec. 5.1.5 "Weak Until, Release, and Positive Normal Form" of Principles of Model Checking.

[9] Abramsky, Samson; Gavoille, Cyril; Kirchner, Claude; Spirakis, Paul (2010-06-30). Automata, Languages and Programming: 37th International Colloquium, ICALP ... - Google Books. ISBN 9783642141614 . Retrieved 2014-07-30.

[10] Moshe Y. Vardi (2008). "From Church and Prior to PSL". In Orna Grumberg; Helmut Veith (eds.). 25 years of model checking: history, achievements, perspectives. Springer. ISBN 978-3-540-69849-4. preprint

[11] A. Pnueli and R. Rosner. "On the synthesis of a reactive module" In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages (POPL '89). Association for Computing Machinery, New York, NY, USA, 179–190. https://doi.org/10.1145/75277.75293

[12] Moshe Y. Vardi. An Automata-Theoretic Approach to Linear Temporal Logic. Proceedings of the 8th Banff Higher Order Workshop (Banff'94). Lecture Notes in Computer Science, vol. 1043, pp. 238–266, Springer-Verlag, 1996. ISBN 3-540-60915-6.

[13] Bowen Alpern, Fred B. Schneider, Defining Liveness, Information Processing Letters, Volume 21, Issue 4, 1985, Pages 181-185, ISSN 0020-0190, https://doi.org/10.1016/0020-0190(85)90056-0

[14] Chakraborty, Souymodip; Katoen, Joost-Pieter (2014). Diaz, Josep; Lanese, Ivan; Sangiorgi, Davide (eds.). "Parametric LTL on Markov Chains". Theoretical Computer Science . Lecture Notes in Computer Science. 7908. Springer Berlin Heidelberg: 207–221. arXiv: 1406.6683 . Bibcode:2014arXiv1406.6683C. doi:10.1007/978-3-662-44602-7_17. ISBN 978-3-662-44602-7. S2CID 12538495.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]