• Symmetry holds if ∀s, t ∈ S we have that sRt implies tRs.
• Transitivity holds if ∀s, t, p ∈ S we have that sRt and tRp implies sRp. • Seriality holds if ∀s ∈ S ∃t ∈ S such that sRt.
If R is reflexive, symmetric, and transitive then R is called an equivalence relation. A frame F with a reflexive, symmetric, transitive, serial R is said to be a reflexive, symmetric, transitive, serial frame, respectively.
2.2
Reasoning about time
If we are interested in reasoning about time, we need some more suitable modal operators to reason about temporal concepts such as temporal intervals. Sometimes we need to express some concept such as: “before that”, “after that”, “until that”, “eventually in the future”, “in the next instant” and so forth. If the underlying relation represents temporal successors, we still could use the 2 modal operator to express “in the next instant”, but for all the others we need some extra operators.
This section presents some particular modal logics that are extremely useful to model scenarios where the concept of time is involved. Temporal logics were introduced by Arthur Prior [Pri67] as a result of an interest in the relationship between time and modality attributed to the Greek philosopher of the Megarian school Diodorus Cronus, who lived in the 4th century BC, famous for “the paradox of future contingents” [HR04].
Temporal logics form an interesting part of modal logic defined and built to reason about time. The principal distinction among them concerns whether they model time as linear or branching structures. If the future is determined and all time instants are ordered as in a line from past to future, a suitable logic for describing this situation is a linear time logic. A linear temporal logic is introduced in section 2.2.3. This is used for reasoning about deterministic programs. Nevertheless, a linear temporal logic can be applied to the executions or runs of a system that presents many alternative futures. This can be done since a fixed execution represents a single future. Therefore, the nondeterminism of the system can be taken into account by considering all runs of the systems. Hence, linear temporal logics can also be used to express properties
on non-deterministic programs. However, when the future is not determined and we need to express the existence of a single execution among many, another type of logic is needed. This kind of logic is called branching time logic or computation tree logic. This logic is introduced in section 2.2.2. Not all structures for time fall into the linear or the branching category (for a further discussion see [Wol87, EH86]) but these certainly are the two most often used in the model checking literature.
2.2.1
Transition systems
A transition system [HR04] can be seen as special version of a Kripke structure in terms of semantics. These systems are very useful for representing scenarios where the concept of time is involved. The usual definition for transition systems is the following one:
Definition 2.8 (Transition system).
A transition system is a triple T = hS, t, V i.
• S is a set of punctual states or states with an internal structure.
• t ⊆ S × S is a transition relation representing transitions between states in two different times: given two states s and s′ of S, (s, s′) ∈ t means that s′ is the successor of s.
• V : S → 2AP is an evaluation function that associates to a given state s ∈ S the set of formulas that hold at the state s.
Definition 2.9 (path).
A path π in T is an infinite sequence of states π = s0, s1, s2, . . . , sn, . . . such that (si, si+1) ∈ t for all i ≥ 0.
The i-th state in the path π is denoted by π(i).
2.2.2
Computation tree logic (CTL)
A branching time logic for reasoning about time is introduced. This logic is called CTL (computational tree logic) [CE82, Eme90, HR04, EH82]. The syntax of CTL is defined by
2.2. Reasoning about time 17
The formula EXφ is read “there exists a path π, starting in π(0), such that at the next state π(1) formula φ holds”. EGφ is read “there exists a path such that formula φ holds at each state belonging to the path π”. E[φUψ] is read “there exists a path such that φ holds until ψ holds”.
CTL modalities are made of a pair of symbols, where the first symbol is a quantifier over paths (E corresponds to the quantifier “∃ ”), while the second symbol expresses some constraint over paths. The semantics of CTL is given in terms of transition systems and CTL-formulas are interpreted at a state s in a transition system T as follows:
Definition 2.10 (semantics of CTL). T, s |= p iff p ∈ V (s);
T, s |= ¬φ iff T, s 2 φ;
T, s |= φ1∨ φ2 iff T, s |= φ1 or T, s |= φ2;
T, s |= EXφ iff there exists a path π such that π(0) = s, and T, π(1) |= φ;
T, s |= EGφ iff there exists a path π such that π(0) = s, and T, π(i) |= φ, for all i ≥ 0;
T, s |= E[φUψ] iff there exists a path π such that π(0) = s, and there exists k ≥ 0 such that T, π(k) |= ψ, and T, π(j) |= φ for all 0 ≤ j < k;
The expression T |= ϕ denotes that the formula ϕ is valid in every state s∈S. The following relations hold:
AXψ = ¬EX¬ψ; AGψ = ¬EF¬ψ; EFψ = E[true Uψ]; AFψ = A[true Uψ] = ¬EG¬ψ; A[φUψ] = ¬(E[¬ψU(¬φ ∧ ¬ψ)]EG¬ψ).
AXψ is read “for all paths π, starting in π(0), formula ψ holds in the next state π(1) ”. AGψ is read “for all paths, formula ψ globally holds along the path”. Formula EFψ is read “there exists at least one path π in which eventually in the future ψ holds”. Formula AFψ is read “for all paths π, eventually in the future ψ holds”. A[φUψ] is read “for all paths, φ holds until ψ holds”.
2.2.3
Linear temporal logic (LTL)
In this section, the temporal logic LTL (linear temporal logic) [HR04, Pnu81] is introduced. Given a finite set AP of atomic formulas the syntax of LTL is defined as follows
φ ::= p | ¬φ | φ ∨ ψ | Xφ | Gφ | φUψ
In this definition, p ∈ AP is an atomic formula. Xφ is read “for all paths at the next state φ holds”. Gφ is read “for all paths φ globally holds”. φUψ is read “for all paths φ holds until ψ holds”. The semantics of LTL is given on transition systems.
Let T = (S, t, V ) be a transition system and π = s0, s1, s2, . . . , sn, . . . a path in T . Whether π satisfies an LTL-formula on T is defined by the relation |= in the following way:
Definition 2.11 (Semantics of LTL). T, π |= p iff p ∈ V (s0),
T, π |= ¬φ iff T, π 2 φ,
T, π |= φ ∨ ψ iff T, π |= φ or T, π |= ψ, T, π |= Xφ iff T, π(1) |= φ,
T, π |= Gφ iff T, π(i) |= φ, for all i ≥ 0,
T, π |= φUψ iff there exists some k ≥ 0 such that T, π(k) |= ψ, and T, π(j) |= φ, for all 0 ≤ j < k.
T |= φ denotes that the formula φ is valid for every path π.
LTL can express path properties. For example, the formula FGφ reads ““eventually, φ con- tinuously holds”, while the formula GFφ reads “infinitely often φ holds”. However, it is not possible to express the “existence” of paths in LTL as this logic implicitly quantifies universally over paths. Therefore, properties that express the existence of a path cannot be encoded in LTL. This problem can partially be solved by considering the negation of the property. How- ever, properties that mix universal and existential path quantifiers cannot be modeled. These can be expressed in CTL. In fact, CTL allows us to explicitly quantify existentially over paths. Notice that CTL does not extend LTL. There are properties that can be expressed in both logics, like “if φ then for all futures eventually ψ ”. This is expressed by AG(φ → AFψ) [HR04] in CTL, and by G(φ → Fψ) in LTL.