Computational tree logic

Computation tree logic (CTL) is a branching-time logic, meaning that its model of time is a tree-like structure in which the future is not determined; there are different paths in the future, any one of which might be an actual path that is realised.

Syntax of CTL

The Language of Well-Formed CTL Formulae is generated by the following unambiguous (wrt bracketing) Context-Free Grammar:

:
(phiRightarrowphi)|(phiLeftrightarrowphi)|AXphi|EXphi|AFphi|EFphi|AGphi|EGphi
A [phi U phi] |E [phi U phi]

where $p$ ranges over a set of atomic formulas. Not all of these connectives are needed - for example, $\{\; eg,\; and,\; AX,\; AU,\; EU\}$ comprises a complete set of connectives, and the others can be defined using them.

*$A$ means 'along All paths' "(Inevitably)"
*$E$ means 'along at least (there Exists) one path' "(possibly)"

For example, the following is a well-formed CTL formula:

:$EF\; EG\; p\; Rightarrow\; AF\; r$

The following is not a well-formed CTL formula:

:

The problem with this string is that $U$ can occur only when paired with an $A$ or an $E$. It uses atomic propositions as its building blocks to make statements about the states of a system. CTL then combines these propositions into formulas using logical operators and temporal operators.

Syntax of CTL*

CTL can be thought of as part of a larger logic, CTL*. In CTL* there is a separation to path-choosing operators $E$ and $A$, and to operators that operate along a chosen path, $F,\; G,\; X$

Operators

Logical operators

The logical operators are the usual ones: $eg,or,and,Rightarrow$ and $Leftrightarrow$. Along with these operators CTL formulas can also make use of the boolean constants true and false.

Temporal operators

The temporal operators are the following:
* Quantifiers over paths
**A $phi$ - All: $phi$ has to hold on all paths starting from the current state.
**E $phi$ - Exists: there exists at least one path starting from the current state where $phi$ holds.
* Path-specific quantifiers
**X $phi$ - Next: $phi$ has to hold at the next state (this operator is sometimes noted N instead of X).
**G $phi$ - Globally: $phi$ has to hold on the entire subsequent path.
**F $phi$ - Finally: $phi$ eventually has to hold (somewhere on the subsequent path).
**$phi$ U $psi$ - Until: $phi$ has to hold until at some position $psi$ holds. This implies that $psi$ will be verified in the future.
**$phi$ W $psi$ - Weak until: $phi$ has to hold until $psi$ holds. The difference with U is that there is no guarantee that $psi$ will ever be verified. The W operator is sometimes called "unless".

In CTL*, the temporal operators can be freely mixed. In CTL, the operator must always be grouped in two: one path operator followed by a state operator. See the examples bellow. CTL* is strictly more expressive than CTL.

Minimal set of operators

In CTL there is a minimal set of operators. All CTL formulas can be transformed to use only those operators. This is useful in model checking. One minimal set of operators is: {false, $or,\; eg$, EG, EU, EX}.

Some of the transformation used for temporal operator are:
*EF$phi$ = E [trueU($phi$)] ( because F$phi$ = [trueU($phi$)] )
*AX$phi$ = $eg$EX($eg$$phi$)
*AG$phi$ = $eg$EF($eg$$phi$) = $eg$ E [trueU($eg$$phi$)]
*AF$phi$ = A [trueU$phi$] = $eg$EG($eg$$phi$)
*A [$phi$U$psi$] = $eg$( E [($eg$$psi$)U$eg$($phi$$or$$psi$)] $or$ EG($eg$$psi$) )

emantics of CTL

Definition

CTL formulae are interpreted over Transition Systems as formally defined below.

Let $mathcal\{M\}=(S,\; ightarrow,L)$ be a model for CTL:with $s\; in\; S,\; phi\; in\; F$ where F is the set of wffs over the Language of $mathcal\{M\}$.

Then the relation of semantic entailment $(mathcal\{M\},\; s\; models\; phi)$ is defined by Structural Induction on $phi$:
#
# $Big(\; (mathcal\{M\},\; s)\; models\; p\; Big)\; Leftrightarrow\; Big(\; p\; in\; L(s)\; Big)$
# $Big(\; (mathcal\{M\},\; s)\; models\; egphi\; Big)\; Leftrightarrow\; Big(\; (mathcal\{M\},\; s)\; otmodels\; phi\; Big)$
#
#
#
#
#
#
#
#
#
#
#
#

Characterisation of CTL

Rules 10-15 above refer to computation paths in models and are what ultimately characterise the "Computation Tree";they are assertions about the nature of the infinitely deep computation tree rooted at the given state $s$.

emantic equivalence

The CTL formulae $phi$ and $psi$ are said to be semantically equivalent iff any state in any model which satisfies one also satisfies the other.:This is denoted $phi\; equiv\; psi$

It can be seen that A and E are duals (meaning one can be defined using the other). Furthermore so are G and F, being universal and existential computation tree quantifiers respectively.

Hence an instance of De Morgan's Laws can be formulated in CTL::$eg\; AFphi\; equiv\; EG\; egphi$:$eg\; EFphi\; equiv\; AG\; egphi$:$eg\; AXphi\; equiv\; EX\; egphi$

From these facts it can be derived that::$AFphi\; equiv\; A\; [\; op\; U\; phi]$:$EFphi\; equiv\; E\; [\; op\; U\; phi]$

In fact, it can be shown using these identities that a subset of the CTL temporal connectives is adequate iff it contains at least one of $\{AX,EX\}$ and at least one of $\{EG,AF,AU\}$.

Some other important identities::$AGphi\; equiv\; phi\; land\; AX\; AG\; phi$:$EGphi\; equiv\; phi\; land\; EX\; EG\; phi$:$AFphi\; equiv\; phi\; lor\; AX\; AF\; phi$:$EFphi\; equiv\; phi\; lor\; EX\; EF\; phi$:$A\; [phi\; U\; psi]\; equiv\; psi\; lor\; (phi\; land\; AX\; A\; [phi\; U\; psi]\; )$:$E\; [phi\; U\; psi]\; equiv\; psi\; lor\; (phi\; land\; EX\; E\; [phi\; U\; psi]\; )$

Examples

Let "P" mean "I like chocolate" and Q mean "It's warm outside."

*AG.P:"I will like chocolate from now on, no matter what happens."
*EF.P:"It's possible I may like chocolate some day, at least for one day."
*AF.EG.P:"It's always possible (AF) that I will suddenly start liking chocolate for the rest of time." (Note: not just the rest of my life, since my life is finite, while G is infinite).
*EG.AF.P:"This is a critical time in my life. Depending on what happens next (E), it's possible that for the rest of time (G), there will always be some time in the future (AF) when I will like chocolate. However, if the wrong thing happens next, then all bets are off and there's no guarantee about whether I'll ever like chocolate."
*A(PUQ):"From now until it's warm outside, I will like chocolate every single day. Once it's warm outside, all bets are off as to whether I'll like chocolate anymore. Oh, and it's guaranteed to be warm outside eventually, even if only for a single day."
*E((EX.P)U(AG.Q)):"It's possible that: there will eventually come a time when it will be warm forever (AG.Q) and that before that time there will always be "some" way to get me to like chocolate the next day (EX.P)."

Relations with other logics

Computation tree logic (CTL) is a subset of CTL* as well as of the modal µ calculus. More interestingly, CTL is a fragment of Alur, Henzinger and Kupferman's Alternating-time Temporal Logic (ATL).

Computation tree logic (CTL) and Linear temporal logic (LTL) are both a subset of CTL*. CTL and LTL are not equivalent and they have a common subset.
*FG.P exists in LTL but not in CTL.
*AG(P$Rightarrow$((EX.Q)$land$(EX¬Q))) exists in CTL but not in LTL.

ee also

*Probabilistic CTL
*Fair Computation tree logic
*Linear temporal logic

References

*
*
*
*

External links

* [http://www.inf.unibz.it/~artale/FM/slide4.pdf Teaching slides of CTL]