Linear time temporal logics

Linear time logics assume the time structure is linear which means that at each moment a system state has at most one possible successor state (Emerson, 1995; Konur, 2010) as shown in Figure 2.4. The sequence of states describing the changes of the system over time is denoted as a computation path.

s

s

_...

s

_...

Figure 2.4: Linear structure of time. At each moment a system state has at most one successor state.

One of the most employed temporal logics considering a linear time struc- ture used for model checking (concurrent systems) is Linear Temporal Logic

(LTL) (Finkbeiner and Sipma, 2001; Pnueli, 1977). 2.3.1.1 Linear Temporal Logic

Logic statements written in LTL are composed of atomic, Boolean and temporal logic propositions.

Similarly to the description provided in the definition of (P)LSTSs (see Defini- tions 1 and 2) atomic propositions are Boolean expressions defined over variables, constants and predicate symbols, which cannot be divided into simpler logic statements.

Conversely a Boolean proposition is a compound statement comprising a Boolean operator and one/two logic propositions (denoted here by φ):

• ∼ φ (not): The negation of logic proposition φ is true i.e. φ is false; • φ1∧ φ2 (and): Logic proposition φ1 is true and logic proposition φ2 is true; • φ1∨ φ2 (or): Logic proposition φ1 is true or logic proposition φ2 is true; • φ1 ⇒ φ2(implication): Logic proposition φ1is true implies logic proposition

φ2 is true;

• φ1 ⇔ φ2 (equivalence): Logic proposition φ1 is true equivalent to logic proposition φ2 is true,

where ∼ is a unary Boolean operator, and ∧, ∨, ⇒, ⇔ are binary Boolean opera- tors.

Finally temporal propositions are used to reason about how the system changes over time. They comprise a temporal operator and logic proposition(s):

• F φ (Future): Eventually logic proposition φ holds; • Gφ (Globally): Logic proposition φ holds always;

• φ1U φ2 (Until): Logic proposition φ1 holds until logic proposition φ2 holds; • Xφ (neXt): Logic proposition φ holds in the next time point,

where F , G, U , X are temporal operators. Syntax

Therefore the syntax of LTL formulae over a set of atomic propositions AP is defined by the following grammar:

where a ∈ AP , ∧ and ∼ are the usual Boolean operators, and X and U are temporal operators.

Only two (X, U ) out of four possible temporal operators were specified in the grammar because the other two temporal operators (F , G) can be defined based on the U temporal operator as follows:

F φ ≡ true U φ; Gφ ≡∼ F ∼ φ.

Similarly the Boolean operators ∨, ⇒ and ⇔ can be defined based on the Boolean operators contained by the grammar (∼, ∧):

φ1∨ φ2 ≡∼ (∼ φ1∧ ∼ φ2); φ1 ⇒ φ2 ≡∼ φ1∨ φ2;

φ1 ⇔ φ2 ≡ (φ1 ⇒ φ2) ∧ (φ2 ⇒ φ1). Semantics

An LTL formula encodes a property of the system with respect to a linear computation path. Let us denote the computation path as σ = {s0, s1, ...}, where s0, s1, ... is the sequence of states describing how the system changes over time, and σi as the suffix of σ starting after the first i states (e.g. σ2 = s2, s3, ...). According to this notation σ and σ0 are identical.

The semantics of an LTL formula with respect to a computation path σ corresponding to a model of the system M is defined as follows:

• σ |= true;

• σ |= a if and only if a is true in s0;

• σ |= φ1∧ φ2 if and only if σ |= φ1 and σ |= φ2; • σ |=∼ φ if and only if σ 6|= φ;

• σ |= Xφ if and only if σ1 _{|= φ;}

• σ |= φ1U φ2 if and only if there exists i ≥ 0 such that σi |= φ2, and for all j, 0 ≤ j < i, it holds that σj _{|= φ}

1.

The extended semantics of an LTL formula with respect to a computation path σ corresponding to a model of the system M is defined as follows:

• σ |= Gφ if and only if for all i ≥ 0 it holds that σi _{|= φ;} • σ |= φ1∨ φ2 if and only if σ |= φ1 or σ |= φ2;

• σ |= φ1 ⇒ φ2 if and only if σ |=∼ φ1 or σ |= φ2;

• σ |= φ1 ⇔ φ2 if and only if σ |= φ1 ⇒ φ2 and σ |= φ2 ⇒ φ1.

Example 3 LTL property corresponding to the Dictyostelium dis- coideum life cycle case study

Let us assume that we would like to encode in LTL a logic property corresponding to the Dictyostelium discoideum case study described in Example 1. The logic property is defined over the set of atomic propositions AP provided in the LSTS corresponding to the case study (see Example 1), and is described both in natural language and LTL below.

Natural language: Always, if the population is in the “fruiting body” state (identified by atomic propositions distance = short, population = heterogeneous), then it will next transition into the “unicellular” state (iden- tified by atomic propositions distance = long, population = homogeneous). LTL: G (((distance = short) ∧ (population = heterogeneous)) ⇒

(X ((distance = long) ∧ (population = homogeneous)))).

∎

2.3.1.2 Bounded Linear Temporal Logic

One of the limitations of LTL is that it cannot specify logic properties relative to finite sequences of states (e.g. the first 10 states) in a given computation path. Such logic properties are called bounded and are usually employed for complex systems whose behaviour is described as a potentially infinite sequence of states. The evaluation of unbounded logic properties against infinite sequences of states can prove intractable and therefore corresponding bounded logic properties are usually employed instead.

To enable writing such bounded logic properties various extensions of LTL were developed. One of these extensions is a sublogic of Koymans’s Metric Temporal Logic (Koymans, 1990; Zuliani et al., 2010) and is called Bounded Linear Temporal Logic (BLTL). As indicated by Jha et al. (Jha et al., 2009a) BLTL augments classic LTL temporal operators F , G and U with an upper bound t ∈ Q≥0:

• Gt _{φ: Logic proposition φ holds always within the time interval [0, t];} • φ1 Ut φ2: Logic proposition φ1 holds until logic proposition φ2 holds within

the time interval [0, t].

Moreover as suggested later by Jha and Ramanathan (Jha and Ramanathan, 2012) it is possible to additionally augment the temporal operators F , G and U with intervals [t1, t2], t1, t2 ∈ Q≥0, such that logic propositions are evaluated against bounded time intervals which start at time point t1 6= 0.

Example 4 Bounded LTL property corresponding to the Dic- tyostelium discoideum life cycle case study

Let us assume that we would like to transform the LTL property in Example 3 to a bounded form as described both in natural language and BLTL below.

Natural language: Always within the first ten states (i.e. simulation time interval [0, 9]), if the population is in the “fruiting body” state (identified by atomic propositions distance = short, population = heterogeneous), then it will next transition into the “unicellular” state (identified by atomic propositions distance = long, population = homogeneous).

BLTL: G9 (((distance = short) ∧ (population = heterogeneous)) ⇒ (X ((distance = long) ∧ (population = homogeneous)))).

∎

One limitation of both LTL and BLTL is that they cannot express proba- bilistic logic properties which are usually required for the formal specifications of probabilistic systems.

2.3.1.3 Probabilistic Linear Temporal Logic

To address this limitation probabilistic extensions of LTL and BLTL were devel- oped called Probabilistic Linear Temporal Logic (PLTL) (Baier, 1998), respectively Probabilistic Bounded Linear Temporal Logic (PBLTL) (Langmead, 2009). The difference between (B)LTL and P(B)LTL is that the latter has an additional probabilistic specification associated with the (B)LTL property.

Syntactically a P(B)LTL property φ is defined as P./θ[ψ] where ./ ∈ {<, ≤, ≥ , >}, θ ∈ (0, 1) and ψ is a (B)LTL property. Considering a model of a system M, the formal specification φ ≡ P./θ[ψ] evaluates to true (i.e. M |= P./θ[ψ]) if and only if the probability of ψ to hold for an execution of M is ./ θ.

Example 5 Probabilistic BLTL property corresponding to the Dic- tyostelium discoideum life cycle case study

Let us assume that we would like to translate the BLTL property in Example 4, corresponding to the LSTS in Example 1, to a probabilistic form, applicable to the PLSTS in Example 2. The resulting logic property is described both in natural language and PBLTL below.

Natural language: The probability is greater than 90% that always within the first ten states (i.e. simulation time interval [0, 9]), if the population is in the “fruiting body” state (identified by atomic propositions distance = short, population = heterogeneous), then it will next transition into the “unicellular” state (identified by atomic propositions distance = long, population = homogeneous).

PBLTL: P > 0.9 [G9 (((distance = short) ∧

(population = heterogeneous)) ⇒ (X ((distance = long) ∧ (population = homogeneous))))].

Remark 2. The probabilities employed in Example 5 were chosen for illustrative purposes and were not derived from experimental data or the literature.

∎