Binary Temporal Operators - Extensions of LTL

Extensions of LTL

3.1 Binary Temporal Operators

3

interpret it also more strictly counting only states after the present one. Furthermore, the informal wording does not state whetherB will actually hold in the future. In a

“strong” version this is the case; in a “weak” versionBneed not become true, andA should therefore hold “forever”.

We thus get four possible readings that are represented by four different binary operators denoted by until, unt, unless, and unl with the following informal inter- pretations:

AuntilB: “There is a (strictly) subsequent state in whichB holds, andAholds until that state”,

AuntB: “There is a subsequent state (possibly the present one) in whichBholds, andAholds until that state”,

AunlessB: “If there is a (strictly) subsequent state in whichB holds thenAholds until that state or elseAholds permanently”, AunlB: “If there is a subsequent state (possibly the present one) in whichBholds thenAholds until that state or elseAholds permanently”.

The operators until and unt are called strict and non-strict (or reflexive) until oper- ator, respectively. They are strong operators because they demand thatBwill hold sometime. In contrast, unless and unl are the weak versions of until and unt and are called strict and non-strict (reflexive) unless or waiting-for operators.

Actually, there are still some more choices when interpreting the informal phrase

“Aholds until that state”. Clearly,A should hold over an interval of states, deter- mined by the present state and “that state”, but the formulation is ambiguous about whether the end points of this interval are included or not. Instead of introducing even more operators to distinguish these possibilities, we choose to include the present state in the non-strict versions and to exclude it in the strict ones; the other end point is not included in either case.

To make these considerations precise, we define the semantics of the four operators in the framework introduced in Sect. 2.1. Given a temporal structureKand i∈N, these definitions are as follows.

• K_i(AuntilB) =tt ⇔ K_j(B) =tt for somej >iand K_k(A) =tt for everyk,i<k<j.

• Ki(AuntB) =tt ⇔ Kj(B) =tt for somej ≥iand Kk(A) =tt for everyk,i≤k <j.

• K_i(AunlessB) =tt ⇔ K_j(B) =tt for somej >iand Kk(A) =tt for everyk,i<k <j or

Kk(A) =tt for everyk>i.

• K_i(AunlB) =tt ⇔ K_j(B) =tt for somej ≥iand K_k(A) =tt for everyk,i≤k <j or

K_k(A) =tt for everyk≥i.

(We should remark that the designations of the binary operators of temporal logic are not universally agreed upon, and this can be a source of confusion. For example, many authors write until for the operator that we denote by unt.)

Example. Consider, for v1,v2 ∈ V, the four formulas A1 ≡ v1until2v2, A2 ≡ v1unt2v2, B1 ≡ v2unless2v1, B2 ≡ v2unl2v1, and let K be given by:

η0 η1 η2 η3 η4 . . .

v₁ ff tt tt ff ff . . .(ffforever). . . v2 tt tt ff tt tt . . .(ttforever). . .

ThenKi(2v2) =fffori <3andKi(2v2) =ttfori ≥3and therefore:

K0(A1) =tt,K0(A2) =ff, K₁(A₁) =K₁(A₂) =tt, Ki(A1) =tt fori≥2

(sinceKi+1(2v2) =ttand there is nokwithi<k <i+ 1), K₂(A₂) =tt,

Ki(A2) =tt fori≥3

(sinceKi(2v2) =ttand there is nok withi≤k <i).

Furthermore, because ofKj(2v1) =fffor everyj ∈Nwe have:

K_i(B₁) =K_i(B₂) =ff fori≤1, K2(B1) =tt,K2(B2) =ff,

Ki(B1) =Ki(B2) =tt fori≥3.

From the formal definitions, it should be clear that there are simple relationships between the operators. We note some of them as valid formulas:

(Tb1) AuntilB ↔ e3B∧AunlessB, (Tb2) AunlessB ↔ e(AunlB), (Tb3) AunlB ↔ AuntB∨2A, (Tb4) AuntB ↔ B∨(A∧AuntilB).

(We save parentheses by assigning all binary temporal operators introduced in this section higher priority than the classical binary operators.) These laws show in fact that all the versions can be expressed by each other (and eand2). The validity proofs are easy calculations:

Proof of (Tb1)–(Tb4). For any temporal structureKandi ∈Nwe have:

Ki(AuntilB) =tt ⇔ Kj(B) =tt for somej >iand Kk(A) =tt for everyk,i<k<j

⇔ Ki+1(3B) =tt and Ki(AunlessB) =tt

⇔ K_i(e3B∧AunlessB) =tt.

Ki(AunlessB) =tt ⇔ Kj(B) =tt for somej >iand Kk(A) =tt for everyk,i<k<j or

Kk(A) =tt for everyk>i

⇔ K_i(B) =tt for somej ≥i+ 1and K_k(A) =tt for everyk,i+ 1<k<j or

Kk(A) =tt for everyk≥i+ 1

⇔ K_i+1(AunlB) =tt

⇔ Ki(e(AunlB)) =tt.

Ki(AunlB) =tt ⇔ Kj(B) =tt for somej ≥iand Kk(A) =tt for everyk,i≤k<j or

Kk(A) =tt for everyk≥i

⇔ K_i(AuntB) =tt or K_i(2A) =tt

⇔ Ki(AuntB∨2A) =tt.

Ki(AuntB) =tt ⇔ Kj(B) =tt for somej ≥iand K_k(A) =tt for everyk,i≤k<j

⇔ Ki(B) =tt or

Kj(B) =tt for somej >iand Kk(A) =tt for everyk,i≤k<j

⇔ K_i(B) =tt or

Ki(A) =tt andKj(B) =tt for somej >iand Kk(A) =tt for everyk,i<k<j

⇔ K_i(B∨(A∧AuntilB)) =tt.

Similarly, we could introduce various versions of binary operators as formal counterparts to the two other informal phrases at the beginning of this section. We restrict ourselves, however, to defining only the strict and weak operators atnext (atnext or first time operator) and before (before or precedence operator) with the semantical definitions

• K_i(AatnextB) =tt ⇔ K_j(B) =ff for everyj >i or

K_k(A) =tt for the smallestk >iwith K_k(B) =tt,

• Ki(AbeforeB) =tt ⇔ for everyj >iwith Kj(B) =tt

there is somek,i<k<j, with K_k(A) =tt.

Definitions for the reflexive and/or strong versions of these operators would be ob- vious and as above, the different versions would be mutually expressible. It is more interesting to observe that all binary operators introduced so far can be expressed by each other. Having already established the mutual expressibility of the different

“until” operators as laws (Tb1)–(Tb4), this fact follows from the validity of the following laws.

(Tb5) AunlessB↔Batnext(A→B), (Tb6) AatnextB↔Bbefore(¬A∧B), (Tb7) AbeforeB↔ ¬(A∨B)unless(A∧ ¬B).

Again the proofs are simple calculations; we only give one example.

Proof of (Tb5). For any temporal structureKandi∈Nwe have:

K_i(AunlessB) =tt ⇔ K_j(B) =tt for somej >iand Kk(A) =tt for everyk,i<k<j or

Kk(A) =tt for everyk>i

⇔ there is a smallestj>iwith K_j(B) =tt and K_k(A) =tt for everyk,i<k<j

K_k(A) =tt and K_k(B) =ff for everyk>i

⇔ Kj(B) =tt for the smallestj >iwith Kj(A→B) =tt

K_k(A→B) =ff for everyk >i

⇔ Ki(Batnext(A→B)) =tt.

To conclude the discussion about the linguistic power of all these operators we still note that the basic operators eand2can also be expressed by each of the strict operators (using no other operator), e.g.:

(Tb8) eA↔Aatnext true, (Tb9) 2A↔A∧Aunless false.

For2(but not for e) similar equivalences hold for the non-strict operators, e.g.:

(Tb10) 2A↔Aunl false.

The proofs are quite trivial, e.g.:

Proof of (Tb9). For any temporal structureKandi∈Nwe have:

K_i(2A) =tt ⇔ K_j(A) =tt for everyj ≥i

⇔ Ki(A) =tt and Kk(A) =tt for everyk >i

⇔ Ki(A) =tt and

Kj(false) =tt for somej >iand Kk(A) =tt for everyk,i<k<j or

Kk(A) =tt for everyk>i

⇔ K_i(A∧Aunless false) =tt.

On the other hand, we will prove in Sect. 4.1 that none of the binary operators can be defined just from eand2.

In Sect. 2.2 we mentioned fixpoint characterizations for2and3. Such characterizations also exist for the new operators and are given by the following laws:

(Tb11) AuntilB↔ eB∨ e(A∧AuntilB), (Tb12) AunlessB↔ eB∨ e(A∧AunlessB), (Tb13) AuntB ↔B∨(A∧ e(AuntB)), (Tb14) AunlB↔B∨(A∧ e(AunlB)),

(Tb15) AatnextB↔ e(B →A)∧ e(¬B→AatnextB), (Tb16) AbeforeB↔ e¬B∧ e(A∨AbeforeB).

It is worth noting that the recursive equivalences for the strong and weak versions of an operator are of the same shape. The strict and non-strict versions differ only by the scope of operators e. Again we show only one proof, the others being analogous.

Proof of (Tb15). For any temporal structureKandi ∈Nwe have:

Ki(AatnextB) =tt ⇔ Kj(B) =ff for everyj >ior

Kk(A) =tt for the smallestk >iwithKk(B) =tt

⇔ K_i+1(A) =K_i+1(B) =tt or

K_j(B) =ff for everyj >i or

Ki+1(B) =ff and Kk(A) =tt

for the smallestk>i+ 1with Kk(B) =tt

⇔ K_i+1(A) =K_i+1(B) =tt or

K_i+1(B) =ff and K_i+1(AatnextB) =tt

⇔ if Ki+1(B) =tt thenKi+1(A) =tt and

if Ki+1(B) =ff thenKi+1(AatnextB) =tt

⇔ Ki(e(B→A)∧ e(¬B→AatnextB)) =tt.

Let us now summarize our discussion for the extension of the basic language LLTLwith binary operators. We call the extended languageL^b_LTLand define it to be obtained fromLLTLby adding the symbol op, among the above binary operators, to the alphabet and the formation rule

• IfAandBare formulas then(AopB)is a formula

to its syntax (with the notational convention that op has higher priority than the binary operators of propositional logic).

We leave it at this “parametric” definition instead of fixing an actual choice for op. As we have seen, any one of the operators can be taken for op, and all the others can then be introduced as abbreviations. If op is a strict binary operator, it could even serve as the sole basic temporal operator ofL^b_LTL because eand2 are then

expressible. If op is non-strict, estill needs to be present but2could be introduced as an abbreviation.

The semantics of the new operators ofL^b_LTLhas already been defined above, and the proof theory for the extended logic (which we will denote by LTL+b) can be given quite uniformly. For any choice of the operator op, the formal systemΣ_LTLneeds to be extended by two additional axioms to obtain a sound and weakly complete formal systemΣ_LTL^b for LTL+b. One of these axioms is the fixpoint characterization of the operator op and the other one indicates whether op is strong or weak (remember that the fixpoint characterizations of the strong and weak versions of the operators are

“equal”). So, e.g., if we choose until as the basic operator, the additional axioms are (until1) AuntilB ↔ eB∨ e(A∧AuntilB),

(until2) AuntilB → e3B.

The axiom (until1) is just (Tb11), whereas (until2) expresses that until is a strong operator because the formulaA untilBimplies thatBmust hold sometime in the (strict) future.

In the case of unless we take

(unless1) AunlessB↔ eB∨ e(A∧AunlessB), (unless2) e2A→AunlessB.

The axiom (unless2) expresses that unless is a weak operator because the formula AunlessBholds ifAwill always hold in the (strict) future, irrespective ofB.

For the non-strict operators unt and unl, we have to replace the axioms (until1) and (unless1) by (Tb13) or (Tb14) and the axioms (until2) and (unless2) by the ob- vious versions

(unt2) AuntB→3B or

(unl2) 2A→AunlB,

respectively. If we choose the atnext operator then

(atnext1) AatnextB ↔ e(B→A)∧ e(¬B→AatnextB), (atnext2) e2¬B→AatnextB

are appropriate and, finally, for the before operator the axioms are (before1) AbeforeB↔ e¬B∧ e(A∨AbeforeB), (before2) e2¬B→AbeforeB.

Again we give a formal validity proof only for one of these cases:

Proof of (before2). For any temporal structureKandi∈Nwe have:

Ki(e2¬B) =tt ⇔ Kj(B) =ff for everyj>i

⇒ for everyj >iwith Kj(B) =tt

there is somek,i<k <jwith Kk(A) =tt

⇔ K_i(AbeforeB) =tt.

As a simple example of application, we derive a formula within Σ_LTL^b (with (unless1) and (unless2)) that can be considered as a fixpoint characterization of

¬(AunlessB):

(Tb17) ¬(AunlessB)↔ e¬B∧ e(¬A∨ ¬(AunlessB)).

Derivation of (Tb17).

(1) AunlessB↔ eB∨ e(A∧AunlessB) (unless1) (2) ¬(AunlessB)↔ ¬eB∧ ¬e(A∧AunlessB) (prop),(1) (3) ¬(AunlessB)↔ e¬B∧ e¬(A∧AunlessB) (prop),(ltl1),(2) (4) e¬(A∧AunlessB)↔ e(¬A∨ ¬(AunlessB)) (taut),(T30)

(5) ¬(AunlessB)↔ e¬B∧ e(¬A∨ ¬(AunlessB)) (prop),(3),(4) We have seen the importance of the fixpoint characterizations for these binary operators to express their interplay with the nexttime operator e. Whereas (T28) provides a similar characterization for the unary always operator2, its axiomatic characterization required one more fundamental principle, namely the induction rule (ind). Analogous induction principles can also be formulated for the weak binary operators:

(indunless) A→ eC∨ e(A∧B) A→BunlessC, (indunl) A→C∨(B∧ eA) A→BunlC,

(indatnext) A→ e(C →B)∧ e(¬C →A) A→BatnextC, (indbefore) A→ e¬C∧ e(A∨B) A→BbeforeC.

These rules need not be included inΣ_LTL^b because they can already be derived with the help of rule (ind), as we show for one of them:

Derivation of (indunless).

(1) A→ eC∨ e(A∧B) assumption

(2) ¬(B unlessC)→ ¬eC∧ e(¬B∨ ¬(BunlessC)) (prop),(Tb17),(ltl1) (3) A∧ ¬(BunlessC)→ eB (prop),(T15),(1),(2) (4) ¬(B unlessC)→ ¬eB∨ e¬(BunlessC) (prop),(T16),(ltl1),(2) (5) A∧ ¬(BunlessC)→ e(A∧ ¬(B unlessC)) (prop),(T15),(1),(4)

(6) A∧ ¬(BunlessC)→2 eB (ind),(3),(5)

(7) e2B →BunlessC (unless2)

(8) A∧ ¬(BunlessC)→B unlessC (prop),(T12),(6),(7)

(9) A→BunlessC (prop),(8)

The common characteristic feature of the above rules (including the induction rules for2) is that they all express some form of computational induction over state sequences. There is no such induction principle for the operator3or for the strong binary operators like until or unt, which imply a formula of the form3B. Only in Chap. 5 will we become able to formulate induction principles of a different nature for this kind of assertion.

We still remark that each of the above induction rules could be used for an al- ternative axiomatization of LTL+b. The systematic pattern of the axiomatization de- scribed above was to take as axioms the fixpoint characterization of a binary operator and a formula expressing whether it is chosen in its strong or weak version, respectively. Another possibility would be to take the fixpoint characterization or, what is actually sufficient, even only “one direction” of it together with the respective rule.

For example, with the operator unless this would be the axiom (unless1’) AunlessB→ eB∨ e(A∧AunlessB)

and the rule (indunless). In the next section we will see that there is also an intuitive pattern which underlies this form of axiomatization.

We conclude this section by illustrating the new operators with the help of some more logical laws. We restrict ourselves to formulas involving the non-strict unless and the strict atnext operator. Analogous laws can easily be stated for the other operators.

(Tb18) 2(¬B →A)→AunlB, (Tb19) e(AunlB)↔ eAunl eB,

(Tb20) (A∧B)unlC ↔AunlC∧BunlC, (Tb21) Aunl(B∨C)↔AunlB∨AunlC, (Tb22) Aunl(B∧C)→AunlB∧AunlC, (Tb23) Aunl(AunlB)↔AunlB,

(Tb24) (AunlB)unlB ↔AunlB, (Tb25) 2(B →A)→AatnextB, (Tb26) e(AatnextB)↔ eAatnext eB,

(Tb27) (A∧B)atnextC ↔AatnextC∧BatnextC, (Tb28) (A∨B)atnextC ↔AatnextC∨BatnextC, (Tb29) Aatnext(B∨C)→AatnextB∨AatnextC.

Note that “idempotency” laws like (Tb23) and (Tb24) hold only for non-strict operators but not for the strict ones.

The laws can easily be verified semantically or by a derivation withinΣ_LTL^b . As an example, we show how to derive (Tb25):

Derivation of (Tb25).

(1) 2(B→A)→ e(B →A) (T6)

(2) 2(B→A)→ e2(B→A) (prop),(ltl3)

(3) 2(B→A)→ e(¬B →2(B→A)) (prop),(T14),(2)

(4) 2(B→A)→ e(B →A)∧ e(¬B→2(B→A)) (prop),(1),(3)

(5) 2(B→A)→AatnextB (indatnext),(4)

Dalam dokumen PDF Texts in Theoretical Computer Science (Halaman 73-81)