The expressiveness notions considered so far are based on logical equivalence.

One particular aspect of logically equivalent (“mutually expressible”) formulas is that they “describe the same temporal structures”. (We used this phrase already a few times in previous discussions.) We call this relationship between formulas A andBmodel equivalence, defined by

_KA ⇔ _KB or ⁰_KA ⇔ ⁰_KB

for every temporal structureK, depending on the underlying semantics. In the case of initial validity semantics, logical and model equivalence are actually the same. With normal semantics, however, model equivalence is weaker than logical equivalence which can trivially be seen by means of the formulasAand2A: we have

_KA ⇔ _K2A

for everyK, butAand2Aare clearly not logically equivalent.

So, in general, model equivalence is another notion for capturing the expressive power of temporal logics. It will be of special interest for our intended applications and we will come back to it in Sect. 6.1.

• F=∅,

• P={<(TIME TIME)} ∪ {v^(TIME)|v ∈V}.

With a given temporal structureK = (η₀, η₁, η₂, . . .)for V we associate a (first- order) structureS_KforSIG_V where|S_K| = |S_K|TIME = N, the predicate symbol

<is interpreted as the “less than” relation onN, and the interpretations of the unary predicate symbolsvare obtained from the statesηiofK:

v^SK(i) =ηi(v) fori ∈N.

It is straightforward to define a translation FOL:LLTLbp(V)→ LFOL(SIGV)

that associates a formula in the first-order languageLFOL(SIGV) induced by the signatureSIG_Vwith every formula of the languageLLTLbp(V)of LTLbp. (For sim- plicity, we occasionally “abuse” in this chapter the denotations of languages to de- note their sets of formulas.) The translation is defined by induction on the structure of temporal formulas as follows; it ensures that FOL(A)contains at most one free variablex₀that represents the current state:

FOL(v) =v(x0) forv ∈V, FOL(false) =false,

FOL(A→B) = FOL(A)→FOL(B),

FOL(AuntilB) = ∃x(x0<x∧(FOL(B))x0(x)

∧ ∀y(x0<y∧y<x →(FOL(A))x0(y))), FOL(AsinceB) =∃x(x <x₀∧(FOL(B))_x0(x)

∧ ∀y(x<y∧y <x₀→(FOL(A))_x0(y))).

The structure of this translation resembles the semantic definition of the temporal connectives. It preserves the meaning of formulas in the following sense.

Theorem 4.2.1. LetKbe a temporal structure for Vand let SK be the first-order structure corresponding toK. For any formulaAofLLTLbp(V), anyi ∈N, and any variable valuationξsuch thatξ(x₀) =i:

K_i(A) =S^(ξ)_K (FOL(A)).

Proof. The assertion is proved by structural induction on the formulaA.

1. A≡v ∈V: K_i(v) =η_i(v) =v^SK(i) =S^(ξ)_K (v(x₀)) =S^(ξ)_K (FOL(v)).

2. A≡false:Ki(false) =ff=S^(ξ)_K (false) =S^(ξ)_K (FOL(false)).

3. A≡B→C: Using the induction hypothesis we obtain Ki(B→C) =tt ⇔ Ki(B) =ff or Ki(C) =tt

⇔ S^(ξ)_K (FOL(B)) =ff or S^(ξ)_K (FOL(C)) =tt

⇔ S^(ξ)_K (FOL(B→C)) =tt.

4. A≡BuntilC: Assume thatK_i(B untilC) =ttand choose somej >isuch thatK_j(C) =ttandK_k(B) =ttfor allk wherei <k <j. By the induction hypothesis we know thatS^{( ¯}_K^ξ)(FOL(C)) =ttfor every variable valuationξ¯such thatξ(x¯ 0) =j, and sincex0is the only free variable in FOL(C), it also follows thatS^(ξ_K⁾((FOL(C))_x0(x)) =ttfor every valuationξsuch thatξ(x) =j. Similarly, it follows thatS^(ξ_K⁾((FOL(B))x0(y)) = tt for every valuation ξ wherei < ξ(y)<j.

Thus, ifξis a variable valuation such thatξ(x0) =i, we may chooseξ ∼x ξ whereξ(x) =j. We then clearly haveξ(x₀) =i <j =ξ(x), and the above arguments show thatS^(ξ_K⁾((FOL(C))x0(x)) =ttand that for allξ∼y ξwhere i =ξ(x0) < ξ(y) < ξ(x) =j, it holds thatS^(ξ_K⁾((FOL(B))x0(y)) = tt.

Together we obtainS^(ξ)_K (FOL(BuntilC)) =tt.

Conversely, assume thatS^(ξ)_K (FOL(BuntilC)) =tt, and so it follows that S^(ξ_K⁾(x0<x∧(FOL(C))x0(x)∧

∀y(x0<y∧y <x →(FOL(B))x0(x))) =tt

for someξsuch thatξ∼x ξ. Again using the induction hypothesis and the fact that FOL(B)and FOL(C)contain at most the free variablex0, we obtain that K_ξ(x)(C) = tt, whereξ(x) > ξ(x0) = i, and thatKk(B) = ttfor everyk whereξ(x0)<k< ξ(x). This argument establishesKi(BuntilC) =tt.

5. A≡BsinceC: This case runs “symmetrically” as forBuntilC. Adapting the notions from Sect 4.1 in an obvious way, Theorem 4.2.1 asserts that FOL (based on the signatureSIGV) is at least as expressive as LTLbp, and a fortiori at least as expressive as LTL. On the other hand, it turns out that every formula of LFOL(SIG_V)with a single free variable can be expressed in temporal logic. Because of this result, temporal logic is often said to be expressively complete (with respect to first-order logic).

For the proof of expressive completeness, we introduce some additional con- cepts. A formulaAof LTLbp is said to be

• a pure future formula ifAis of the formBuntilCwhere neitherBnorCcontain an occurrence of since,

• a pure past formula ifAis of the formBsinceC where neitherBnorC contain an occurrence of until,

• a present formula ifAcontains no temporal operator,

• separated ifAis a combination of pure future, pure past, and present formulas by the operator→.

As the key result it turns out that LTLbp is separable: every formula is logically equivalent to some separated formula.

Example. We claim the equivalence

e3(A∧ e2B) ↔ e2B∧B∧(B untilA).

The right hand side of this equivalence is (the abbreviation of) a separated formula:

its first conjunct is a pure past formula, its second conjunct is a present formula, and its third conjunct is a pure future formula. For the proof of the equivalence, consider an arbitrary temporal structureKandi∈N. We then have

Ki(e3(A∧ e2B)) =tt

⇔ there isj >isuch thatK_j(A) =ttandK_k(B) =ttfor allk<j

⇔ there isj >isuch thatKj(A) =tt

andKk(B) =ttfor allk≤iandKk(B) =ttfor allkwherei<k <j

⇔ K_k(B) =ttfor allk <iandK_i(B) =ttand there isj >isuch that K_j(A) =ttandK_k(B) =ttfor allkwherei<k <j

⇔ Ki(e2B) =ttandKi(B) =ttandKi(BuntilA) =tt

⇔ Ki(e2B∧B∧(BuntilA)) =tt.

A rather tedious enumeration of all possible cases establishes the general result.

Lemma 4.2.2. For every formulaAofLLTLbp(V)there is a separated formulaB such that A↔B.

Proof. Let us first consider a formula F ≡ A until B where A or B contain a subformulaF ≡C sinceD that is not in the scope of a temporal operator. LetA^⊥ andAdenote the formula that results fromAby replacing all such occurrences of Fby false and true, respectively, and similarly defineB^⊥andB. By propositional reasoning we have the valid equivalences

A↔((F∨A^⊥)∧(¬F∨A)) and B↔((F∧B)∨(¬F∧B^⊥)).

Substituting inF, we find that

F ↔((F∨A^⊥)∧(¬F∨A))until((F∧B)∨(¬F∧B^⊥)),

is valid and applying distribution laws for the until operator we finally obtain the validity of

F ↔ ((F∨A^⊥)until(F∧B)∨(F∨A^⊥)until(¬F∧B^⊥))∧ ((¬F∨A)until(F∧B)∨(¬F∨A)until(¬F∧B^⊥)).

For each of the four main subformulas of the right-hand side, Fig. 4.1 gives an equivalent formula whereFno longer occurs in the scope of an until operator, and no additional nestings of until and since have been introduced. (To understand the long formulas in Fig. 4.1, recall that until and since bind stronger than∧and∨.)

An analogous transformation can be applied when until occurs in the scope of since. Indeed, the equivalences of Fig. 4.1 remain valid when until and since are exchanged.

Carrying out a single replacement along these lines eliminates one degree of nesting of since inside until or vice versa, and repeated transformations therefore

produce an equivalent separated formula.

(C sinceD∨A)until(CsinceD∧B) ↔ (C untilB∧(D∨(C∧C sinceD)))∨

((C∨D∨ ¬(¬Duntil¬A))until(D∧C untilB)∧ (¬(¬D until¬A)∨D∨(C∧C sinceD))) (C sinceD∨A)until(¬(C sinceD)∧B) ↔

((A∧ ¬D)untilB∧ ¬D∧(¬C∨ ¬(C sinceD)))∨

((C∨D∨Auntil(B∨(A∧D)))until(¬C∧ ¬D∧(A∧ ¬D)untilB)∧ (Auntil(A∧D)∨D∨(C∧C sinceD)))

(¬(CsinceD)∨A)until(C sinceD∧B) ↔ ((A∧C)untilB∧(D∨(C∧C sinceD)))∨

((¬D∨Auntil(B∨(A∧ ¬C∧ ¬D)))until(D∧(A∧C)untilB)∧ (Auntil(A∧ ¬C∧ ¬D)∨(¬D∧(¬C∨ ¬(C sinceD))))) (¬(CsinceD)∨A)until(¬(C sinceD)∧B) ↔

(¬(Cuntil¬A)∨(¬D∧(¬C∨ ¬(C sinceD))))∧ (¬((C∨D∨ ¬(¬D untilB))until(D∧C until¬A))∨

(¬DuntilB∧ ¬D∧ ¬D∧(¬C∨ ¬(C sinceD))))∧ (true until(¬C∧ ¬D∧(¬D untilB))∨

(¬DuntilB∧ ¬D∧(¬C∨ ¬(C sinceD)))) Fig. 4.1. Separating until and since

Based on the separability of LTLbp, we can now show the announced expressive completeness result.

Theorem 4.2.3. For every formulaA ofLFOL(SIG_V)with at most one free vari- ablex₀ there is a formulaB ofLLTLbp(V)such that for any temporal structureK andi∈N,

Ki(B) =S^(ξ)_K (A)

whereSKis the first-order structure corresponding toKandξ(x0) =i.

Proof. The theorem is proved by structural induction on the formulaA. ForAand x₀we define a formula LTL(A,x₀)of LLTLbp(V)that satisfies the assertion of the theorem.

1. Ais an atomic formula: IfA ≡v(x0)wherev is a monadic predicate symbol corresponding tov ∈ V, then the definition LTL(A,x0) = v clearly suffices.

ForA≡x0=x0we take LTL(A,x0) =true, and ifA≡x0<x0then we let LTL(A,x0) =false. The first-order languageLFOL(SIGV)does not admit any other atomic formulas with the single free variablex0.

2. ForA≡false, we take LTL(A,x0) =false.

3. IfA≡B→C, we define LTL(A,x0) =LTL(B,x0)→LTL(C,x0), and the assertion follows with the help of the induction hypothesis.

4. For A ≡ ∃xB, we may assume without loss of generality that x₀ ≡ x, that B does not contain subformulas of the formx₀ = x₀ or x₀ < x₀ (these can equivalently be replaced by true or false), and thatx₀does not occur inB as

a bound variable. We may further assume thatB does not contain any atomic subformulasv(x₀), for somev ∈V, because such formulas can be moved out of the scope of the quantifier using equivalences such as

∃x(C∧v(x₀))↔v(x₀)∧ ∃xC.

Therefore, the only occurrences ofx0inB are of the forms x0 < y,x0 = y ory <x0whereyis some variable (eitherxor a variable bound in some subfor- mula ofB). We temporarily introduce auxiliary unary predicate symbolsFUx0, NOx0, andPAx0(for “future”, “now”, and “past”), and replace every occurrence ofx0 < y byFUx0(y), ofx0 = y byNOx0(y), and ofy < x0byPAx0(y).

The resulting formulaBcontains the single free variablex, and by the induction hypothesis we find a formula LTL(B,x)ofLLTLbp(V∪ {FUx0,NOx0,PAx0}) such that for any temporal structureKand anyj ∈N,

K_j(LTL(B,x)) = S^(ξ_K⁾(B)

whereξ(x) =j. In particular, considerK = (η₀, η₁, η₂, . . .)where η_j(FU_x0) =tt ⇔ i<j

η_j(NO_x0) =tt ⇔ i=j η_j(PA_x0) =tt ⇔ j <i

andη_j(v) =η_j(v)for allv ∈V. Obviously, this choice ofKthen ensures that S^(ξ_K⁾(B) = S^(ξ_K⁾(B) = K_j(LTL(B,x))

wheneverξ(x) =j. Observing moreover that∃xBcan equivalently be replaced by

∃x(x <x0∧B)∨Bx(x0)∨ ∃x(x0<x∧B), it follows that

S^(ξ)_K (∃xB) = K_i(C) where

C ≡ e3−LTL(B,x)∨LTL(B,x)∨ e3LTL(B,x).

Since LTLbp is separable by Lemma 4.2.2, there exists a separated formulaC of LTLbp such that C ↔C; hence also

S^(ξ)_K (∃xB) = K_i(C).

C still contains the auxiliary propositional constants FUx0,NOx0, andPAx0. We define LTL(A,x0)to be the formula that results fromCby replacing

• FU_x0by true in all pure future subformulas ofC,

• NO_x0by true in all present subformulas ofC,

• PA_x0 by true in all pure past subformulas ofC,

and all other occurrences ofFU_x0,NO_x0, andPA_x0by false. With these replace- ments, we obtain that

Ki(LTL(A,x0)) =K_i(C) =S^(ξ)_K (∃xB)

which completes the proof.

Example. We illustrate the construction of the above proof at the hand of the FOL formula

∃x(x₀<x∧v₂(x)∧ ¬∃y(x₀<y∧y<x∧ ¬v₁(y))).

The first replacements ofx0<xresult in the formula

∃x(FU_x0(x)∧v₂(x)∧ ¬∃y(B)) where

B ≡ FU_x0(y)∧y <x∧ ¬v₁(y)

and we continue with the construction of LTL(∃yB,x). We first have to replace the subformulay <x, resulting in

∃y(FU_x0(y)∧PA_x(y)∧ ¬v1(y))

where the predicate symbolPAx corresponds to the variablex. This formula can now be translated to temporal logic, yielding

e3−(FUx0∧PAx∧ ¬v1)∨(FUx0∧PAx∧ ¬v1)∨ e3(FUx0∧PAx∧ ¬v1) which is already in separated form. It remains to eliminate the auxiliary propositional constantPA_x, from which we obtain

e3−(FUx0∧true∧ ¬v1)∨(FUx0∧false∧ ¬v1)∨ e3(FUx0∧false∧ ¬v1) which can be further simplified to

e3−(FUx0∧ ¬v1).

Continuing with the translation of the main formula, we obtain e3−(FUx0∧v2∧ ¬ e3−(FUx0∧ ¬v1))∨

(FUx0∧v2∧ ¬ e3−(FUx0∧ ¬v1))∨ e3(FUx0∧v2∧ ¬e3−(FUx0∧ ¬v1)).

The first disjunct is a pure past formula, and the second disjunct is a combination of present and pure past formulas. It remains to separate the third disjunct, which (up

to trivial transformations) is just of the shape of the left-hand side of the equivalence considered in a previous example. We thus obtain the separated form

e3−(FUx0∧v2∧ ¬ e3−(FUx0∧ ¬v1))∨ (FUx0∧v2∧ ¬ e3−(FUx0∧ ¬v1))∨

e2(FUx0 →v1)∧(FUx0→v1)∧((FUx0→v1)until(FUx0∧v2)) in which we now replaceFUx0by true and false as appropriate, obtaining

e3−(false∧v₂∧ ¬ e3−(false∧ ¬v1))∨ (false∧v2∧ ¬ e3−(false∧ ¬v1))∨

e2(false→v1)∧(false→v1)∧((true→v1)until(true∧v2))

which can be finally simplified to the formulav₁untilv₂. In the preceding example, we obtained a temporal formula that was noticeably smaller than the original first-order formula. In general, however, the separation step that is part of the construction of Theorem 4.2.3 requires subformulas to be dupli- cated, and the resulting formula may in fact be nonelementarily larger than the orig- inal FOL formula.

Taken together, the Theorems 4.2.1 and 4.2.3 imply that first-order logic FOL¹ (over the signatureSIGV and over the class of interpretations where “time” is in- terpreted as natural numbers and where<denotes “less than”) with a single free variable and LTLbp are equally expressive. Adopting the notation of Sect. 4, this can be stated succinctly as

FOL¹=LTLbp.

As a simple corollary, we obtain a similar result for the logic LTL+b without past operators: every FOL¹ formulaAcan be translated to a formulaB of LTL+b such that the two formulas evaluate to the same truth value “with respect to initial validity semantics”.

Theorem 4.2.4. For every formulaA ofLFOL(SIGV)with at most one free vari- ablex0there is a formulaBofL^b_LTL(V)such that for any temporal structureK,

K₀(B) =S^(ξ)_K (A)

whereSKis the first-order structure corresponding toKandξ(x0) = 0.

Proof. By Theorem 4.2.3, we may find a formulaBofLLTLbp(V)such thatAand Bevaluate to the same value at all points. By Lemma 4.2.2, we may moreover as- sume thatBis separated. The formulaBresults fromB by replacing all pure past

subformulas ofBby false.

Applying the argument used in the proof of Theorem 4.2.4, we may also observe that every formula of LTLbp is initially expressible in LTL+b. Since we trivially have LTLbp=₀LTL+b+p and LTL+b≤0 LTL+b+p (where≤0denotes the “initial validity variant” of≤), we obtain the result

LTL+b=₀LTL+b+p

which was already noted at the end of Sect. 4.1.

Expressive completeness of temporal logic refers to the first-order logic FOL¹ with a fixed interpretation of “time” by the set of natural numbers. Of course, this corresponds to the choice ofN as the underlying “time model” in the semantics of LTL and its variants. In Sect. 10.1 we will briefly discuss other sets such as the integersZor the realsRwhich could be chosen instead ofN. Remarkably, expressive completeness of temporal logic carries over (in an analogously defined way) to a number of such time domains including Dedekind-complete structures such asR, but not for example the rational numbersQ.