State Systems

6.1 Temporal Theories and Models

6

The flexible individual constantspl₁,pl₂,pl₃represent the three places. Their possi- ble values during a sequence of moves are piles – represented by the sortPILE – of stones of sortSTONE. The “less than” symbol<is taken for the size comparison of stones;DECRstands for the property of piles to be decreasing in the size of the stones from bottom to top.TOWERis for the pile which stands on one of the places at the beginning and has to be moved to another place,EMPTY is for the empty pile, andPUSH,POP, andTOPstand for the obvious operations of placing a new stone on the top of a pile, taking away the top stone of a pile, and selecting a top stone, respectively. The latter operations are the same as the usual operations of a stack.

These informal interpretations are formalized by giving a structureHfor the first- order signatureSIGToH. Letn be the number of stones. Representing them by the natural numbers1,2, . . . ,n−1,nand piles by finite sequences of such numbers we could fix

|H|STONE ={1, . . . ,n},

|H|PILE ={1, . . . ,n}^∗,

TOWER^H= (n,n−1, . . . ,2,1), EMPTY^H=ε,

PUSH^H=push, POP^H=pop, TOP^H=top,

<^H(i,j) =tt ⇔ i<j,

DECR^H(i1, . . . ,im) =tt ⇔ im <im−1< . . . <i1

whereε∈ {1, . . . ,n}^∗is the empty sequence andpush,pop, andtopare defined as usual (as for a stack), e.g.,

push((i1, . . . ,im),l) = (i1, . . . ,im,l).

(Note that the symbol<on the right-hand sides of the last two clauses denotes the usual “less than” relation on the natural numbers1, . . . ,n.)

Any first-order structureSforSIG_ToH (e.g.,H) extends to a temporal structure K = (S,W)for TSIGToH withW being an infinite sequence(η0, η1, η2, . . .)of mappings

η_i :{pl₁,pl₂,pl₃} → {1, . . . ,n}^∗.

Eachηi (being a state in the technical sense of the formal definitions) obviously formalizes the informal notion of “state of the puzzle” determined by what piles are standing on the three places. The sequenceWrepresents a “run” of the system. (Note that these runs are infinite, i.e., we consider the system as “never ending”. We do not pay regard at this moment to the proper goal of the puzzle and the fact that a run can be ended when this goal is reached. We will come back to this aspect later.)

WithinLFOLTL(TSIG_ToH)we are able to formulate assertions about such runs.

For example, the formulas

pl_i =EMPTY ∧pl_j =EMPTY ∧TOP(pl_i)<TOP(pl_j) → (pl_i=EMPTY →TOP(pl_i)=TOP(plj))

for i,j ∈ {1,2,3}, i = j, (using the priming notation introduced in Sect. 5.4) formalize the phrase

“if the top stonets on some (non-empty) place is bigger than the top stone on another (non-empty) place then in the next statetscannot be the top stone (if this exists) on this latter place”

mentioned in the introduction of Sect. 2.1. The phrase

“in all states, on each of the three places the stones will be piled up with decreas- ing size”

from there is formally described by

2(DECR(pl₁)∧DECR(pl₂)∧DECR(pl₃)).

Not every temporal structureK= (S,W)forTSIG_ToH is a proper interpretation of the Towers of Hanoi system: of course, the data componentShas to be a “correct data type” for the stones and piles and, moreover,Whas to represent a run according to the rules of the puzzle. The desired distinction, i.e., the specification of the system, is performed – as in classical logic theories – by particular non-logical axioms. Typ- ically, one part of such axioms would deal with the data types involving no temporal aspects, e.g., axioms like

DECR(TOWER), POP(PUSH(x,y)) =x, etc.

which can be formulated in classical FOL. The second part of the axioms should distinguish the possible state sequencesWand really use the proper temporal logic means.

Before we treat this in more detail, let us first generalize the discussion. We writeLTLfor any languageLFOLTLwith or without one or more of the extensions discussed in the preceding chapters. If not stated differently, we always assumeLTL

to be equipped with normal semantics. Theorems, logical laws, etc. which hold for all the respective logics (or for particular ones in restricted contexts) will freely be used as required.

Definition. An FOLTL-theory Th = (LTL(TSIG),A) is given by a language LTL(TSIG)and a setAof formulas ofLTL(TSIG)called non-logical axioms. A temporal structureKforTSIGis called a model ofThif every formula ofAis valid inK.

IfC is a class of temporal structures for someTSIG (such asHtogether with

“all possible runs” in the Towers of Hanoi example) then we are interested in a specification of this class (making up the state system in question), i.e., in a the- oryTh = (LTL(TSIG),A)such that every temporal structure ofCis a model of Th. Such a theory is called aC-FOLTL-theory.

Example. LetTSIG = (SIG_Nat,{a},∅)andC={K₁,K₂}with

K1= (N,W1= (η₀⁽¹⁾, η⁽¹⁾₁ , η₂⁽¹⁾, . . .)), η⁽¹⁾_j (a) = 2∗j for everyj ∈N, K2= (N,W2= (η₀⁽²⁾, η⁽²⁾₁ , η₂⁽²⁾, . . .)), η⁽²⁾_j (a) = 2∗j+ 1 for everyj ∈N.

Informally,W1andW2look like η⁽¹⁾₀ η₁⁽¹⁾η⁽¹⁾₂ η₃⁽¹⁾. . .

a 0 2 4 6 . . .

and

η⁽²⁾₀ η₁⁽²⁾η⁽²⁾₂ η₃⁽²⁾. . .

a 1 3 5 7 . . .

i.e.,aruns through all even or odd numbers, respectively. An appropriateC-FOLTL- theory could take a languageLⁱ_FOLTL(TSIG)and contain the following non-logical axioms:

• Axioms forN,

• init→a= 0∨a= 1,

• 2(a=a+ 2).

The axioms forN are left open at the moment, we will come back to this issue more generally in the subsequent section. The two latter axioms describe the state sequencesW₁andW₂. It is obvious thatK₁andK₂are models of this theory.

As discussed in Sect. 1.3, axioms of first-order theories may contain free vari- ables or – equivalently – one can take their universal closures instead, providing closed formulas as axioms. It is obvious that the same holds for axioms in FOLTL- theories, but even more, there is a direct analogy to this concerning temporal closures.

For every formulaAand every temporal structureK, we have

_KA ⇔ _K2A

by Theorem 2.1.3 and (T4) and this means thatAand its temporal closure2Aare valid in the same temporal structures. So axioms may always be given in one of the two formsAor2A.

In the example above, the axiom in the second line could be given as 2(init→a= 0∨a= 1).

The last axiom is the temporal closure of a=a+ 2

which could be taken itself as an axiom. Subsequently, when writing axioms, we will throughout prefer the “non-closed” formulation.

The relationship betweenAand2Adiscussed here may be put into a more gen- eral setting indicated already in Sect. 4.1. We say that two formulasAandBof the underlying languageLTL(TSIG)are model equivalent, written

AB, if

_KA ⇔ _KB

holds for every temporal structureKforTSIG, which means thatAandBare valid in the same temporal structures and is obviously the same as saying that

AB and B A.

So, if we replace an axiomAof a theoryTh by a formulaBwithABthen the resulting theory has the same models asTh.

Model equivalence is a slight generalization of logical equivalence. It is obvious that it is an equivalence relation and that logically equivalent formulas are model equivalent. The case ofA and 2A shows that the converse does not necessarily hold. Moreover, the model equivalence of the latter two formulas is just a special case of the more general fact that for formulasAandB to be model equivalent it suffices that2Aand2B are logically equivalent. This is easy to see by applying (T4), Theorem 2.1.2, and the “if” part of Theorem 2.1.6:

2A↔2B ⇒ 2A→2B and 2B→2A

⇒ A2B and B2A

⇒ AB and BA.

(It should be noted that if we takeLTLwith initial validity semantics then the two notions of model and logical equivalence are the same (for closed formulas). On the other hand, if someAis to hold in every state of a temporal structure we then have to express this by2A. Another formula2B(AandBclosed) expresses the same if and only if2Aand2Bare logically equivalent.)

FOLTL-theories are first-order temporal theories. Of course, we can carry the definition over to the propositional case: an LTL-theoryTh = (LTL(V),A)is given by a languageLTL(V)(denoting some possibly extendedLLTL(V)) and a setAof formulas ofLTL(V)as non-logical axioms. A model ofTh is a temporal structure forVin which all formulas ofAare valid. AC-LTL-theory for a classCof temporal structures forVis a theory which has all elements ofCas models. Such propositional temporal theories are of great interest in computer science since they are tractable by algorithmic means. They arise by encoding “appropriate” first-order theories (cf.

Sect. 1.3 for a first hint and Sect. 11.1) or even “directly” by the state system under investigation.

A typical example for the latter case is given by circuits. Consider the simple synchronous circuit in Fig. 6.1 which continuously oscillates between a 3-bit binary

- - - _b0

b1

b2

r

r r

r

r

aa!!c

aa!!c

Fig. 6.1. An oscillator circuit

number and its two’s complement. The “circuit variables”b0,b1,b2(representing the binary numberb2b1b0) are boolean valued, so an appropriate temporal logic language for this system is someLLTL(V)withV={b0,b1,b2}.

A specification of the circuit (more precisely: aC-LTL-theory for the classCof the temporal structures forVrepresenting all possible runs of the circuit) is given by the non-logical axioms

• b₀ ↔b₀,

• b₁ ↔(b₀∨b₁)∧ ¬(b₀∧b₁),

• b₂ ↔(b₀∨b₁∨b₂)∧ ¬((b₀∨b₁)∧b₂)

which describe the change ofb0,b1,b2in “one step” and may be shortened to

• b₀ ↔b0,

• b₁ ↔ ¬(b0↔b1),

• b₂ ↔ ¬(b0∨b1↔b2).

Of course, the above definition and the meaning of model equivalence of formu- las can be literally transferred to the propositional case.

Second Reading

The intention of the usage of temporal logic is to specify state systems and the basic formal notion for this is that of an (FOLTL- or LTL-) theory: the non-logical axioms describe the

“behaviour” of the system, formally given by the state sequences of temporal structuresK.

If FOLTL is to be applied thenK = (S,W), and the data componentSofKdescribes the underlying data type of the system, the specification of which is the typical realm of classical logic as sketched out in Sect. 1.3.

In Sects. 5.3 and 5.6 we have indicated by means of the natural numbers that temporal logic could be used for such data type specifications as well (possibly achieving results which cannot be obtained by classical logic specifications). In fact, the considerations car- ried out there precisely fit into the concept of FOLTL-theories. For example, the setAN

consisting of the formulasP1–P8given in Sect. 5.3 constitute, together with an appropri- ate languageLFOLTL, an FOLTL-theoryThN= (LFOLTL,AN). According to the results of Sect. 5.3,ThNspecifies the standard modelNof natural numbers in the sense that there exists a model(N,W)ofThN, and even more: for any model(S,W)ofThN,SandNare

“isomorphic”.

So, while the FOLTL-specification of state systems mainly intends to describe the com- ponentsWof modelsK= (S,W), temporal logic specifications of data types would allow us also to address the data componentS. For example, in the “even and odd number” system in the above main text the axioms forNcould be given just by the formulasP1–P8.

The general notions for this approach are easy to define in the framework of this section.

LetTSIG= (SIG,X,V)be a temporal signature,Sbe a structure forSIG, andThbe an FOLTL-theory.Sis called a model structure ofThif there exists a model ofThwhich has Sas its data component. (Observe that this definition includes the classical specifications of Sect. 1.3 since the non-logical axioms ofThcould be only non-temporal formulas.)

Let us illustrate this method by a further example. In Sect. 1.3 we have specified stacks within classical FOL by the axioms

PUSH(x,y)=EMPTY, POP(PUSH(x,y)) =x, TOP(PUSH(x,y)) =y

formulated in a languageLFOL(SIGst)whereSIGstcontains the sortsOBJandSTACK. As with natural numbers, this specification has “non-standard” models. Using temporal logic, it is possible to specify stacks uniquely (up to isomorphism). Actually, there are several approaches to achieve this. One simple way is to choose the temporal signature TSIGst(SIGst,∅,∅)and a languageL^qFOLTL(TSIGst)of the logic FOLTL+q with flexible quantification. Let thenThst be the FOLTL-theory with the three axioms above and the additional axiom

∃z(z=EMPTY ∧3(z=x)∧(z=x → ∃y(z=PUSH(z,y))))

(wherez ∈ XSTACK^fl ,x ∈ XSTACK,y ∈ XOBJ and the priming notation of Sect. 5.4 is extended to flexible variables in an obvious way). The “standard model”Sof stacks (where elements of|S|STACK are finite sequences of elements of|S|OBJ) is a model structure of Thst and, in fact, all other model structures ofThst are isomorphic to it. The idea of the additional axiom is quite simple: it says that every stackx is “generated” by subsequently

“pushing” some finitely many elements from|S|OBJto the “empty stack”.