First-Order Linear Temporal Logic

5.1 Basic Language and Semantics

In propositional temporal logic the propositional constants (which are the only basic building blocks) are “time-dependent”. In a predicate logic, formulas are built from function and predicate symbols (and variables), and there is a free choice of which of these basic atoms are to be interpreted differently in different states. The symbols which are chosen for this to establish the temporal aspect are called flexible; the others are interpreted “time-independently” and are called rigid.

The most widely used choice is to take particular individual and propositional constants as the flexible symbols called flexible individual constants and flexible propositional constants, respectively. (Alternatives will be sketched in Sect. 10.1.) To put it formally, a temporal signatureTSIG = (SIG,X,V)is given by

• a signatureSIG= (S,F,P),

• X =

s∈SXs where Xs, for every s ∈ S, is a set of flexible individual con- stants,

• a setVof flexible propositional constants.

ForTSIG = (SIG,X,V) let SIG⁺ be the (classical) signature resulting from SIG= (S,F,P)by joiningX_stoF^(ε,s)for everys ∈SandVtoP^(ε). InSIG⁺the view of the flexible symbols ofXandVas individual and propositional constants is established. As we will see shortly from the semantical definitions, the flexible propositional constants will play the role of the propositional constants of LTL while rigid propositional constants in the sense of classical PL are, as in FOL, available as elements ofP^(ε). Note moreover, thatTSIGis just another form ofSIG⁺displaying XandVexplicitly.

Given a temporal signature TSIG = (SIG,X,V), SIG = (S,F,P), let LFOL(SIG⁺)be a first-order language in the sense of Sect. 1.2 (over the signature SIG⁺defined above) withX =

s∈SXsbeing its set of variables. The alphabet of a (basic) languageLFOLTL(TSIG)(also shortly:LFOLTL) of first-order linear temporal logic is given by

• all symbols ofLFOL(SIG⁺),

• the symbols eand2.

Terms (with their sorts) and atomic formulas ofLFOLTL(TSIG)are the terms and atomic formulas ofLFOL(SIG⁺). In particular this means that everya∈Xis a term and everyv ∈Vis an atomic formula.

Inductive Definition of formulas (ofLFOLTL(TSIG)).

1. Every atomic formula is a formula.

2. false is a formula, and ifAandBare formulas then(A→B), eA, and2Aare formulas.

3. IfAis a formula andxis a variable then∃xAis a formula.

It is obvious that every formula of the classical languageLFOL(SIG⁺)is a formula ofLFOLTL(TSIG)as well. These formulas contain no temporal operators and are called non-temporal. Terms and formulas containing no flexible symbols are called rigid. The rigid and non-temporal formulas are just the formulas ofLFOL(SIG).

All abbreviations, the notions of free and bound variables and of closed formulas, and the conventions about notation introduced in Sects. 1.2 and 2.1 are carried over toLFOLTL. For better readability we will additionally bracket atomic formulas in formulas of the form e(a<b),∃x(x =a)and the like.

For the definition of semantics for LFOLTL, the notion of temporal structures (serving again as interpretations) has to be adjusted to the first-order situation. A temporal structureK= (S,W)for a temporal signatureTSIG = (SIG,X,V)con- sists of

• a structureSforSIG(in the sense of Sect. 1.2), called the data component ofK,

• an infinite sequenceW= (η₀, η₁, η₂, . . .)of mappings η_i :X∪V→ |S| ∪ {ff,tt}

withη_i(a) ∈ |S|s fora ∈X_s,s ∈S, andη_i(v)∈ {ff,tt}forv ∈Vfor every i∈N. (Theηiare again called states;η0is the initial state ofK.)

A temporal structureK = (S,W)together with a variable valuationξwith respect toS (which is a mappingξ : X → |S| as in Sect. 1.2) defines, for every stateη_i ofW, mappingsS^(ξ,ηi)which associate valuesS^(ξ,ηi)(t)∈ |S|for every termtand S^(ξ,ηi)(A)∈ {ff,tt}for every atomic formulaA. The inductive definition runs quite analogously as in FOL:

1. S^(ξ,ηi)(x) =ξ(x) forx ∈ X. 2. S^(ξ,ηi)(a) =ηi(a) fora∈X.

3. S^(ξ,ηi)(v) =ηi(v) forv ∈V.

4. S^(ξ,ηi)(f(t1, . . . ,tn)) =f^S(S^(ξ,ηi)(t1), . . . ,S^(ξ,ηi)(tn)) forf ∈F.

5. S^(ξ,ηi)(p(t1, . . . ,tn)) =p^S(S^(ξ,ηi)(t1), . . . ,S^(ξ,ηi)(tn)) forp∈P.

6. S^(ξ,ηi)(t1=t2) =tt ⇔ S^(ξ,ηi)(t1)andS^(ξ,ηi)(t2)are equal values in|S|.

S^(ξ,ηi)plays the combined role ofS^(ξ)in FOL andηi in LTL and can now be induc- tively extended to the definition ofK^(ξ)_i (F)∈ {ff,tt}for every formulaF(the “truth value ofFinηiunderξ”) transferring the according clauses from FOL and LTL:

1. K^(ξ)_i (A) =S^(ξ,ηi)(A) for every atomic formulaA.

2. K^(ξ)_i (false) =ff.

3. K^(ξ)_i (A→B) =tt ⇔ K^(ξ)_i (A) =ff or K^(ξ)_i (B) =tt.

4. K^(ξ)_i (eA) =K^(ξ)_i+1(A).

5. K^(ξ)_i (2A) =tt ⇔ K^(ξ)_j (A) =tt for everyj ≥i.

6. K^(ξ)_i (∃xA) =tt ⇔ there is a ξwith ξ∼x ξ andK^(ξ_i ⁾(A) =tt.

For the other logical operators (in particular3and∀) the definitions carry over as in FOL and LTL, i.e.,

7. K^(ξ)_i (3A) =tt ⇔ K^(ξ)_j (A) =tt for somej ≥i.

8. K^(ξ)_i (∀xA) =tt ⇔ K^(ξ_i ⁾(A) =tt for all ξwith ξ∼x ξ.

Note that for rigid termstand rigid formulasAthese evaluations do not depend onη_i, so we have in such casesS^(ξ,ηi)(t) =S^(ξ,ηj)(t)andK^(ξ)_i (A) =K^(ξ)_j (A)for arbitraryi,j ∈ N. IfA is a rigid and non-temporal formula then, viewingA as a formula ofLFOL(SIG), we can also evaluateS^(ξ)(A)in the sense of classical FOL, and comparing the respective clauses in Sect. 1.2 with those forK^(ξ)_i (A)above, it follows immediately thatK^(ξ)_i (A) =S^(ξ)(A)then holds for everyK = (S,W),ξ, andi∈N.

Example. LetTSIG = (SIGNat,{a,b},{v})be a temporal signature withSIGNat

being a natural number signature and letx,y be variables (of sortNAT). Then A ≡ ∃x(a=x+y)∧ ev →2(b≤7)

is a formula ofLFOLTL(TSIG). Furthermore, letK= (N,W)be a temporal structure with the standard modelNof natural numbers andWgiven by

η0 η1 η2 η3 η4 . . .

a 2 8 5 7 3 . . .(arbitrary). . . b 4 7 9 5 5 . . .(5 forever). . . v tt tt ff tt tt . . .(arbitrary). . .

and letξbe a variable valuation withξ(y) = 3. Then

K^(ξ)_i (∃x(a=x+y)) =tt ⇔ there is a ξwith ξ∼x ξand η_i(a) =ξ(x) + 3.

This means K^(ξ)₀ (∃x(a = x +y)) = ff and K^(ξ)₂ (∃x(a = x +y)) = tt (with ξ(x) = 2). So we get

K^(ξ)₀ (A) =tt,

K^(ξ)₁ (ev) =η2(v) =ff ⇒ K^(ξ)₁ (A) =tt,

K^(ξ)₂ (ev) =η3(v) =tt,K^(ξ)₂ (b≤7) =ff,K^(ξ)₂ (2(b≤7)) =ff

⇒ K^(ξ)₂ (A) =ff,

K^(ξ)_i (2(b≤7)) =tt ⇒ K^(ξ)_i (A) =tt fori≥3.

Definition. A formulaAofLFOLTL(TSIG)is called valid in the temporal structure KforTSIG (orKsatisfiesA), denoted by _KA, ifK^(ξ)_i (A) =ttfor everyi∈Nand every variable valuationξ.Ais called a consequence of a setFof formulas (FA) if_KAholds for everyKwith_KBfor allB∈ F.Ais called (universally) valid (A) if∅A.

These definitions are the obvious adaptations from FOL and the (normal) validity concept of LTL. Clearly, FOLTL can alternatively be equipped with initial validity semantics as well by modifying the notion of validity in a temporal structure accord- ing to Sect. 2.6.

Example. The formula ∃x eA↔ e∃xA is valid since for everyK,i ∈Nandξwe have

K^(ξ)_i (∃x eA) =tt ⇔ there is a ξwith ξ∼x ξ and K^(ξ_i ⁾(eA) =tt

⇔ there is a ξwith ξ∼x ξ and K^(ξ_i+1⁾(A) =tt

⇔ K^(ξ)_i+1(∃xA) =tt

⇔ K^(ξ)_i (e∃xA) =tt.

(Observe that in this calculation we have just rephrased the validity proof of the

axiom (qltl2) of LTL+q in Sect. 3.3.)

FormulasAandB with A ↔ B (like∃x eAand e∃xAin the example) are again called logically equivalent, denoted byA∼=B.

Validity of a formulaAmeans thatA“holds for all data interpretations and all state sequences”. We still introduce as a weaker notion thatA“holds for all state sequences for a fixed data component”.

Definition. LetTSIG = (SIG,X,V) be a temporal signature,S a structure for SIG. A formulaAofLFOLTL(TSIG)is calledS-valid if_KAholds for every temporal structureKforTSIGwith data componentS.

Example. The formulaA ≡ e(a +x = a) → x = 0 over a natural number signature witha∈XNAT andx ∈ XNATisN-valid (Nbeing the standard model of natural numbers) since, for everyK= (N,(η0, η1, η2, . . .)),ξ, andi∈N, we have

K^(ξ)_i (e(a+x=a)) =tt ⇒ ηi+1(a) +ξ(x) =ηi+1(a)

⇒ ξ(x) = 0

⇒ K^(ξ)_i (x = 0) =tt

which means_KA.

In caseA is a rigid and non-temporal formula,S-validity is already given by validity in a single temporal structure with data componentS. Moreover, such a for- mula is a classical first-order formula over the underlying signatureSIG. So, forA we have also the notion of being valid inSas defined in Sect. 1.2, and it is quite trivial to compare this classical validity withS-validity in the present context.

Lemma 5.1.1. LetTSIG = (SIG,X,V)be a temporal signature,Sbe a structure for SIG,K = (S,W) be a temporal structure for TSIG, andA be a rigid and non-temporal formula ofLFOLTL(TSIG). Then

_KA ⇔ AisS-valid ⇔ Ais valid inS(in the classical first-order sense).

Proof. As already noted above,K^(ξ)_i (A) =S^(ξ)(A)holds for everyξand arbitrary K= (S,W)andi∈NifAis rigid and non-temporal. So we have

_KA ⇔ K^(ξ)_i (A) =tt for everyξ,i

⇔ S^(ξ)(A) =tt for everyξ and from this we obtain

_KA ⇔ Ais valid inS and

_KA ⇔ _KAfor every temporal structureK= (S,W)forTSIG

⇔ AisS-valid.

Together, this proves the claim.

The formula Ax(t) → ∃xA is a typical classically valid formula as seen in Sect. 1.2. In general, it is no longer valid in FOLTL. Consider, e.g., the formula

A ≡ x =a∧ e(x =a)

witha ∈X. Letb ∈XandKbe such thatη₀(a) =η₀(b) =η₁(a)=η₁(b). Then A_x(b) ≡ b=a∧ e(b=a) and, for arbitraryξ,

K^(ξ)₀ (Ax(b)) =tt

but

K^(ξ)₀ (∃xA) =ff

since otherwise there would be a ξwith ξ(x) =η₀(a)andξ(x)=η₁(a)which contradictsη₀(a) =η₁(a).

The problem illustrated here arises from the too liberal substitution of the flexible constantbfor the rigid variablex inA. In order to avoid it, a reasonable restriction could be formulated as follows.

Definition. LetAbe a formula ofLFOLTL. A termt is called substitutable forx in AifA_x(t)has no new occurrences of flexible individual constants in the scope of a temporal operator as compared withA.

Example. In the situation above, the termbis not substitutable forx inAsince in Ax(b)there is a new occurrence ofbin the scope of e. However, for

B ≡ x =a∧ e(y=a) we get

Bx(b) ≡ b=a∧ e(y =a),

sob is substitutable forx inB. It is easy to compute that B_x(b)→ ∃xB is valid.

More generally, if a termt is substitutable forx in a formulaAofLFOLTLthen the formula

Ax(t)→ ∃xA

is valid. In fact we have for arbitraryK,i ∈N, andξ:

K^(ξ)_i (A_x(t)) =tt ⇒ K^(ξ_i ⁾(A) =K^(ξ)_i (A_x(t)) =tt for ξ∼x ξ, ξ(x) =S^(ξ,ηi)(t)

⇒ K^(ξ)_i (∃xA) =tt.

We still note that the LTL relationship F ∪ {A} B ⇔ F2A→B

has to be modified as in Sect. 1.2 (it holds ifAdoes not contain free variables), and extend the list of laws (T1)–(T38) carried over from LTL by some more valid formulas as “typical” laws of FOLTL (also repeating the one proved in an example above).

(T39) ∃x eA↔ e∃xA, (T40) ∀x eA↔ e∀xA, (T41) ∃x3A↔3∃xA, (T42) ∀x2A↔2∀xA.

We mentioned already that FOLTL can be augmented with the propositional ex- tensions of Chap. 3 in the same way as LTL. For example, the logic FOLTL+b is FOLTL with the addition of binary operators described in Sect. 3.1 and contains formulas like

∃x(AunlessB),Aatnext(∀xB).

With such extensions, new temporal logical laws arise. We only give some examples in the line of (T39)–(T42) and conclude this section by proving one of them.

(Tb30) ∃x(AunlB)↔Aunl(∃xB)

if there is no free occurrence ofxinA, (Tb31) ∀x(AunlB)↔(∀xA)unlB

if there is no free occurrence ofxinB, (Tb32) ∃x(AatnextB)↔(∃xA)atnextB

if there is no free occurrence ofxinB, (Tb33) ∀x(AatnextB)↔(∀xA)atnextB

if there is no free occurrence ofxinB.

Proof of (Tb32). If there is no free occurrence ofxinBthen for any temporal struc- tureK,i ∈N, and variable valuationξwe have:

K^(ξ)_i (∃x(AatnextB)) =tt

⇔ there is a ξwith ξ∼xξandK^(ξ_i ⁾(AatnextB) =tt

⇔ there is a ξwith ξ∼xξand K^(ξ_j ⁾(B) =ff for everyj >i or

K^(ξ_k⁾(A) =tt for the smallestk>iwithK^(ξ_k⁾(B) =tt

⇔ there is a ξwith ξ∼xξand K^(ξ)_j (B) =ff for everyj >i or

K^(ξ_k⁾(A) =tt for the smallestk>iwith K^(ξ)_k (B) =tt

⇔ K^(ξ)_j (B) =ff for everyj >i or there is a ξwithξ∼x ξand

K^(ξ_k⁾(A) =tt for the smallestk>iwith K^(ξ)_k (B) =tt

⇔ K^(ξ)_j (B) =ff for everyj >i or

K^(ξ)_k (∃xA) =tt for the smallestk >iwith K^(ξ)_k (B) =tt

⇔ K^(ξ)_i ((∃xA)atnextB) =tt.