Basic Propositional Linear Temporal Logic
2.3 Axiomatization
(T38) 232A↔32A.
These laws assert that in a series of three alternating operators2and3, the first is
“absorbed” by the remaining two operators.
Proof. First,23A→323Ais just an instance of (T5). On the other hand, (T9) yields 323A→233A, and 323A→23Athen follows from (T11) and the substitutivity principle mentioned above. Taken together, we obtain (T37).
For the proof of (T38) we observe the following chain of logical equivalences:
232A ≡ 2¬2¬2A (by definition of3)
∼= ¬323¬A (by substitutivity from (T2) and (T3))
∼= ¬23¬A (by substitutivity from (T37))
∼= 32A (by substitutivity from (T2) and (T3)).
Theorem 2.2.3. LetA≡12. . .nB,n ≥1, be a formula ofLLTLwhere every i,1≤i≤n, is either2or3. Then
A∼=prefB
where pref is one of the four2-3-prefixes2,3,32, or23.
Proof. The theorem is proved by induction onn. The casen= 1is trivial since then A≡2BorA≡3B. Ifn >1then we have by induction hypothesis that
1. . .n−1nB ∼= prefnB
with pref being as described. If pref is2 or3then prefnB ∼= prefB, for some2-3-prefix pref of admissible form, can be established with the help of (T10) and (T11). Otherwise, we distinguish four different combinations of pref, which can be32or23, andn, which can be2or3. Any of these combinations can be reduced to an admissible prefix with the help of (T10), (T11), (T37), and (T38), and
the substitutivity principle.
Rules
(mp) A,A→B B,
(nex) A eA,
(ind) A→B,A→ eA A→2B.
The “axiom” (taut) may seem somewhat strange. We could instead have taken some axioms for classical propositional logic such as those shown in Sect. 1.1. We are, however, not interested here in how tautologically valid formulas can be derived (which would proceed completely within the “classical part” of the formal system).
In order to abbreviate derivations we simply take all such formulas (the set of which is decidable) as axioms. In fact, we will use (taut) extensively without really verifying the tautological validity of the formula in question explicitly. In the axioms (ltl2) and (ltl3) one should notice that these are only implications and not equivalences although the latter are also valid according to the laws (T14) and (T28) proven in the previous section. The rule (ind) is the proof-theoretical counterpart to Theorem 2.1.4;
it is an induction rule informally stating:
“IfA(always) impliesB andA is invariant from any state to the next thenA impliesBforever”.
Let us now show the soundness ofΣLTLwith respect to the semantics of LTL.
Theorem 2.3.1 (Soundness Theorem forΣLTL). LetAbe a formula andFa set of formulas. If F A then FA. In particular: if A then A.
Proof. The proof runs by induction on the assumed derivation ofAfromFwhich is inductively defined as explained in Sect. 1.1.
1. Ais an axiom ofΣLTL: All axioms (taut), (ltl1), (ltl2), (ltl3) are valid according to Theorem 2.2.1 and the laws (T1), (T14), and (T28) which were proved in Sect. 2.2. Of course, then also FA.
2. A∈ F: In this case FA holds trivially.
3. The rule applied last is (mp) with premises B andB → A: This means that F B as well as F B→A. By the induction hypothesis we get FB and FB→A and hence FA by Theorem 2.1.2.
4. The rule applied last is (nex) with premiseB: Therefore,A ≡ eB such that F B. By the induction hypothesis we get F B, and F eB then follows by Theorem 2.1.3.
5. The rule applied last is (ind) with premisesB →C andB → eB: Therefore, A≡B→2C, and we have F B→C andF B → eB. By the induction hypothesis we get F B→C and F B→ eB, and hence FB→2C;
so FA follows by Theorem 2.1.4.
We argued above that in derivations withinΣLTL we do not want to bother with how to derive tautologically valid formulas; we will simply use them as axioms.
Nevertheless, there will still occur purely classical derivation parts where only (taut) and (mp) are used. We will abbreviate such parts by using – often again without really proving the respective presupposition – the following derived rule:
(prop) A1, . . . ,An B ifBis a tautological consequence ofA1, . . . ,An. As an example we note again the chaining rule
A→B,B→C A→C
which we will apply from now on in derivations, together with many others, as a rule of the kind (prop). This shortcut is justified by the following theorem.
Theorem 2.3.2. A1, . . . ,An B whenever B is a tautological consequence of A1, . . . ,An.
Proof. We prove only the casen = 2. The general case is analogous. If B is a tautological consequence ofA1andA2then the formulaA1 →(A2→B)is tauto- logically valid and we can give the following derivation ofBfromA1andA2:
(1) A1 assumption
(2) A2 assumption
(3) A1→(A2→B) (taut)
(4) A2→B (mp),(1),(3)
(5) B (mp),(2),(4)
In the following we give some examples of derivations of proper temporal for- mulas and rules. We begin with the “opposite directions” of the axioms (ltl2) and (ltl3):
(ltl2’) (eA→ eB)→ e(A→B), (ltl3’) A∧ e2A→2A.
Derivation of (ltl2’).
(1) ¬(A→B)→A (taut)
(2) e(¬(A→B)→A) (nex),(1)
(3) e(¬(A→B)→A)→( e¬(A→B)→ eA) (ltl2)
(4) e¬(A→B)→ eA (mp),(2),(3)
(5) ¬e(A→B)↔ e¬(A→B) (ltl1)
(6) ¬e(A→B)→ eA (prop),(4),(5)
(7) ¬(A→B)→ ¬B (taut)
(8) ¬e(A→B)→ e¬B from (7) in the same
way as (6) from (1)
(9) e¬B→ ¬ eB (prop),(ltl1)
(10) ¬e(A→B)→ ¬ eB (prop),(8),(9)
(11) ¬e(A→B)→ ¬( eA→ eB) (prop),(6),(10)
(12) (eA→ eB)→ e(A→B) (prop),(11)
Derivation of (ltl3’).
(1) A∧ e2A→A (taut)
(2) 2A→A∧ e2A (ltl3)
(3) e(2A→A∧ e2A) (nex),(2)
(4) e2A→ e(A∧ e2A) (mp),(ltl2),(3)
(5) A∧ e2A→ e(A∧ e2A) (prop),(4)
(6) A∧ e2A→2A (ind),(1),(5)
The following two rules are simple but useful variants of the induction rule (ind):
(ind1) A→ eA A→2A,
(ind2) A→B,B→ eB A→2B.
Derivation of (ind1).
(1) A→ eA assumption
(2) A→A (taut)
(3) A→2A (ind),(1),(2)
Derivation of (ind2).
(1) A→B assumption
(2) B→ eB assumption
(3) B→2B (ind1),(1)
(4) A→2B (prop),(1),(3)
Next we show two rules the first of which is the analogy of (nex) for2:
(alw) A 2A,
(som) A→ eB A→3B.
Derivation of (alw).
(1) A assumption
(2) eA (nex),(1)
(3) A→ eA (prop),(2)
(4) A→2A (ind1),(3)
(5) 2A (mp),(1),(4)
Derivation of (som).
(1) A→ eB assumption
(2) 2¬B→ ¬B∧ e2¬B (ltl3)
(3) 2¬B→ e2¬B (prop),(2)
(4) 2¬B→ ¬B (prop),(2)
(5) e(2¬B→ ¬B) (nex),(4) (6) e(2¬B→ ¬B)→(e2¬B→ e¬B) (ltl2)
(7) e2¬B → e¬B (mp),(5),(6)
(8) 2¬B→ e¬B (prop),(3),(7)
(9) ¬eB↔ e¬B (ltl1)
(10) 2¬B→ ¬eB (prop),(8),(9)
(11) eB→ ¬2¬B (prop),(10)
(12) A→3B (prop),(1),(11)
We finish these exercises with a derivation of one direction of the law (T15) which will be needed subsequently:
(T15’) eA∧ eB→ e(A∧B).
Derivation of (T15’). We derive ¬(eA → ¬eB) → e¬(A → ¬B) which is (T15’) in its strict syntactical form:
(1) e(A→ ¬B)→( eA→ e¬B) (ltl2)
(2) e(A→ ¬B)→( eA→ ¬eB) (prop),(ltl1),(1)
(3) ¬(eA→ ¬ eB)→ ¬e(A→ ¬B) (prop),(2)
(4) ¬(eA→ ¬ eB)→ e¬(A→ ¬B) (prop),(ltl1),(3) In Theorem 2.1.6 we observed a connection between implication and the conse- quence relation. There is an analogous relationship between implication and deriv- ability.
Theorem 2.3.3 (Deduction Theorem of LTL). LetA,B be formulas,F a set of formulas. If F ∪ {A} B then F 2A→B.
Proof. The proof runs by induction on the assumed derivation ofBfromF ∪ {A}.
1. Bis an axiom ofΣLTLorB∈ F: ThenF B, andF 2A→Bfollows with (prop).
2. B ≡A: ThenF 2A→A∧ e2Aby (ltl3), andF 2A→Afollows with (prop).
3. B is a conclusion of (mp) with premisesC andC → B: We then have both F ∪ {A} C andF ∪ {A} C →B. Applying the induction hypothesis, we getF 2A → C andF 2A → (C → B), from whichF 2A → B follows with (prop).
4. B ≡ eC is a conclusion of (nex) with premiseC: ThenF ∪ {A} C, and thereforeF 2A→C by induction hypothesis. We continue the derivation of 2A→C to a derivation of 2A→ eC:
(1) 2A→C derivable
(2) e(2A→C) (nex),(1)
(3) e(2A→C)→(e2A→ eC) (ltl2)
(4) e2A→ eC (mp),(2),(3)
(5) 2A→A∧ e2A (ltl3)
(6) 2A→ e2A (prop),(5)
(7) 2A→ eC (prop),(4),(6)
5. B ≡C →2D is a conclusion of (ind) with premisesC →D andC → eC: As above we get with the induction hypothesis that 2A → (C → D) and 2A→(C → eC)are derivable fromF, and their derivations can be continued to derive 2A→(C →2D)as follows (using (T15’) derived above):
(1) 2A→(C →D) derivable
(2) 2A→(C → eC) derivable
(3) 2A∧C →D (prop),(1)
(4) 2A∧C → eC (prop),(2)
(5) 2A→ e2A (prop),(ltl3)
(6) 2A∧C → e2A∧ eC (prop),(4),(5)
(7) e2A∧ eC → e(2A∧C) (T15’)
(8) 2A∧C → e(2A∧C) (prop),(6),(7)
(9) 2A∧C →2D (ind),(3),(8)
(10) 2A→(C →2D) (prop),(9)
The Deduction Theorem can be used to abbreviate derivations, as illustrated by the following example: in order to derive the valid formula
(T22) 2(A→B)→(2A→2B)
it suffices, according to the theorem (withF =∅), to showA→B 2A→2B.
Applying the theorem once more, it suffices to proveA → B,A 2B, which is very easy using the derived rule (alw):
(1) A→B assumption
(2) A assumption
(3) B (mp),(1),(2)
(4) 2B (alw),(3)
According to the semantical considerations in Sect. 2.1 and the soundness of ΣLTL, the Deduction Theorem of classical propositional logic
If F ∪ {A} B then F A→B
does not hold generally in LTL. The converse direction of this relationship, however, holds trivially because it is nothing but an application of (mp), and the converse of Theorem 2.3.3 can be shown in a similar way:
Theorem 2.3.4. LetA,Bbe formulas, and letFbe a set of formulas. If F 2A→ B then F ∪ {A} B.
Proof. If F 2A →B then also F ∪ {A} 2A→B. With F ∪ {A} Awe get F ∪ {A} 2Aby (alw) and finally F ∪ {A} Bby applying (mp).
Second Reading
Temporal logic is a branch of modal logic. In its basic (propositional) form, modal logic extends classical PL by one modal operator2which allows for building formulas of the form 2Aand, as an abbreviation,3A≡ ¬2¬Aas in LTL. In modal logic these formulas are read necessarilyAand possiblyA, respectively.
A Kripke structureK= ({ηι}ι∈K,)for a setVof propositional constants underlying a modal logic language consists of
• a setK =∅,
• a binary accessibility relationonK,
• a valuationηι:V→ {ff,tt}for every ι∈K.
Theηι(or sometimes only the elements of the index setK) are called possible worlds in this context, and truth valuesKι(F)can be defined for all formulasF in an analogous way to that in LTL. For the classical part the inductive formation rules are just the same:
1. Kι(v) =ηι(v) forv ∈V, 2. Kι(false) =ff,
3. Kι(A→B) =tt ⇔ Kι(A) =ff or Kι(B) =tt, and for formulas2Athe definition reads:
4. Kι(2A) =tt ⇔ Kκ(A) =tt for everyκwithικ.
For3Athis clearly provides:
5. Kι(3A) =tt ⇔ Kκ(A) =tt for someκwithικ.
A modal logic formulaAis called valid in the Kripke structureKifKι(A) =ttfor every ι∈K. Consequence and (universal) validity are defined according to the usual pattern.
It is easy to see how LTL fits into this general modal framework. The language of LTL contains two operators cand2(instead of one) with corresponding accessibility relations ◦ and2. (In a more general setting of multimodal logic withn ≥ 1modal operators 21, . . . ,2n, LTL would be a bimodal logic.) Temporal structures for LTL can be under- stood as a special case of Kripke structures whereK=Nand, fori,j ∈N,
i◦j ⇔ i+ 1 =j, i2j ⇔ i≤j.
Taking these definitions in clause 4 above (with◦ and2, respectively) we indeed get back the LTL definitions forKi( cA)andKi(2A).
As long as no restrictions are put on the relation ⊆ K ×K, modal logic can be axiomatized by a sound and complete formal system with the axioms
• all tautologically valid formulas (defined as in LTL),
• 2(A→B)→(2A→2B) and the rules
• A,A→B B,
• A 2A.
A large variety of modal logics is obtained by requiring particular properties of accessi- bility. Many of these can be characterized by (additional) axioms. For example, reflexivity ofcan be described by adding
2A→A
to the basic system, and transitivity ofis characterized by 2A→22A.
The modal logic with both additional axioms is usually denoted by S4. An extension of S4, often denoted by S4.3Dum, is obtained by adding the Lemmon formula
2(2A→B)∨2(2B→A)
and the Dummett formula
2(2(A→2A)→A)→(32A→2A)
to the axioms of S4. These additional axioms forceto be linear and discrete, respectively.
This logic is “very close” to LTL: a formulaAis derivable in the resulting formal system if and only ifAis valid in all Kripke structures({ηi}i∈N,≤). However, formulas of S4.3Dum do not contain the “nexttime” operator, and in particular it is impossible to formulate an induction rule in that logic.