Computational tree logic

Computation tree logic (CTL) is a branching-time logic, meaning that its model of time is a tree-like structure in which the future is not determined; there are different paths in the future, any one of which might be an actual path that is realised.

Syntax of CTL

The Language of Well-Formed CTL Formulae is generated by the following unambiguous (wrt bracketing) Context-Free Grammar:

:$$phi::=ot | op |p|( egphi)|(phiandphi)|(phiorphi)
(phiRightarrowphi)|(phiLeftrightarrowphi)|AXphi|EXphi|AFphi|EFphi|AGphi|EGphi
A [phi U phi] |E [phi U phi]

where $$p ranges over a set of atomic formulas. Not all of these connectives are needed - for example, $${ eg, and, AX, AU, EU} comprises a complete set of connectives, and the others can be defined using them.

*$$A means 'along All paths' "(Inevitably)"
*$$E means 'along at least (there Exists) one path' "(possibly)"

For example, the following is a well-formed CTL formula:

:$$EF EG p Rightarrow AF r

The following is not a well-formed CTL formula:

:$$EF ig(r U qig)

The problem with this string is that $$U can occur only when paired with an $$A or an $$E. It uses atomic propositions as its building blocks to make statements about the states of a system. CTL then combines these propositions into formulas using logical operators and temporal operators.

Syntax of CTL*

CTL can be thought of as part of a larger logic, CTL*. In CTL* there is a separation to path-choosing operators $$E and $$A, and to operators that operate along a chosen path, $$F, G, X

Operators

Logical operators

The logical operators are the usual ones: $$eg,or,and,Rightarrow and $$Leftrightarrow. Along with these operators CTL formulas can also make use of the boolean constants true and false.

Temporal operators

The temporal operators are the following:
* Quantifiers over paths
**A $$phi - All: $$phi has to hold on all paths starting from the current state.
**E $$phi - Exists: there exists at least one path starting from the current state where $$phi holds.
* Path-specific quantifiers
**X $$phi - Next: $$phi has to hold at the next state (this operator is sometimes noted N instead of X).
**G $$phi - Globally: $$phi has to hold on the entire subsequent path.
**F $$phi - Finally: $$phi eventually has to hold (somewhere on the subsequent path).
**$$phi U $$psi - Until: $$phi has to hold until at some position $$psi holds. This implies that $$psi will be verified in the future.
**$$phi W $$psi - Weak until: $$phi has to hold until $$psi holds. The difference with U is that there is no guarantee that $$psi will ever be verified. The W operator is sometimes called "unless".

In CTL*, the temporal operators can be freely mixed. In CTL, the operator must always be grouped in two: one path operator followed by a state operator. See the examples bellow. CTL* is strictly more expressive than CTL.

Minimal set of operators

In CTL there is a minimal set of operators. All CTL formulas can be transformed to use only those operators. This is useful in model checking. One minimal set of operators is: {false, $$or, eg, EG, EU, EX}.

Some of the transformation used for temporal operator are:
*EF$$phi = E [trueU($$phi)] ( because F$$phi = [trueU($$phi)] )
*AX$$phi = $$egEX($$eg$$phi)
*AG$$phi = $$egEF($$eg$$phi) = $$eg E [trueU($$eg$$phi)]
*AF$$phi = A [trueU$$phi] = $$egEG($$eg$$phi)
*A [$$phiU$$psi] = $$eg( E [($$eg$$psi)U$$eg($$phi$$or$$psi)] $$or EG($$eg$$psi) )

emantics of CTL

Definition

CTL formulae are interpreted over Transition Systems as formally defined below.

Let $$mathcal{M}=(S, ightarrow,L) be a model for CTL:with $$s in S, phi in F where F is the set of wffs over the Language of $$mathcal{M}.

Then the relation of semantic entailment $$(mathcal{M}, s models phi) is defined by Structural Induction on $$phi:
# $$Big( (mathcal{M}, s) models op Big) land Big( (mathcal{M}, s) otmodels ot Big)
# $$Big( (mathcal{M}, s) models p Big) Leftrightarrow Big( p in L(s) Big)
# $$Big( (mathcal{M}, s) models egphi Big) Leftrightarrow Big( (mathcal{M}, s) otmodels phi Big)
# $$Big( (mathcal{M}, s) models phi_1 land phi_2 Big) Leftrightarrow Big( ig((mathcal{M}, s) models phi_1 ig) land ig((mathcal{M}, s) models phi_2 ig) Big)
# $$Big( (mathcal{M}, s) models phi_1 lor phi_2 Big) Leftrightarrow Big( ig((mathcal{M}, s) models phi_1 ig) lor ig((mathcal{M}, s) models phi_2 ig) Big)
# $$Big( (mathcal{M}, s) models phi_1 Rightarrow phi_2 Big) Leftrightarrow Big( ig((mathcal{M}, s) otmodels phi_1 ig) lor ig((mathcal{M}, s) models phi_2 ig) Big)
# $$igg( (mathcal{M}, s) models phi_1 Leftrightarrow phi_2 igg) Leftrightarrow igg( Big( ig((mathcal{M}, s) models phi_1 ig) land ig((mathcal{M}, s) models phi_2 ig) Big) lor Big( eg ig((mathcal{M}, s) models phi_1 ig) land eg ig((mathcal{M}, s) models phi_2 ig) Big) igg)
# $$Big( (mathcal{M}, s) models AXphi Big) Leftrightarrow Big( forall langle s ightarrow s_1 angle ig( (mathcal{M}, s_1) models phi ig) Big)
# $$Big( (mathcal{M}, s) models EXphi Big) Leftrightarrow Big( exists langle s ightarrow s_1 angle ig( (mathcal{M}, s_1) models phi ig) Big)
# $$Big( (mathcal{M}, s) models AGphi Big) Leftrightarrow Big( forall langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) forall i ig( (mathcal{M}, s_i) models phi ig) Big)
# $$Big( (mathcal{M}, s) models EGphi Big) Leftrightarrow Big( exists langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) forall i ig( (mathcal{M}, s_i) models phi ig) Big)
# $$Big( (mathcal{M}, s) models AFphi Big) Leftrightarrow Big( forall langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) exists i ig( (mathcal{M}, s_i) models phi ig) Big)
# $$Big( (mathcal{M}, s) models EFphi Big) Leftrightarrow Big( exists langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) exists i ig( (mathcal{M}, s_i) models phi ig) Big)
# $$igg( (mathcal{M}, s) models A [phi_1 U phi_2] igg) Leftrightarrow igg( forall langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) exists i Big( ig( (mathcal{M}, s_i) models phi_2 ig) land ig( forall (j < i) (mathcal{M}, s_j) models phi_1 ig) Big) igg)
# $$igg( (mathcal{M}, s) models E [phi_1 U phi_2] igg) Leftrightarrow igg( exists langle s_1 ightarrow s_2 ightarrow ldots angle (s=s_1) exists i Big( ig( (mathcal{M}, s_i) models phi_2 ig) land ig( forall (j < i) (mathcal{M}, s_j) models phi_1 ig) Big) igg)

Characterisation of CTL

Rules 10-15 above refer to computation paths in models and are what ultimately characterise the "Computation Tree";they are assertions about the nature of the infinitely deep computation tree rooted at the given state $$s.

emantic equivalence

The CTL formulae $$phi and $$psi are said to be semantically equivalent iff any state in any model which satisfies one also satisfies the other.:This is denoted $$phi equiv psi

It can be seen that A and E are duals (meaning one can be defined using the other). Furthermore so are G and F, being universal and existential computation tree quantifiers respectively.

Hence an instance of De Morgan's Laws can be formulated in CTL::$$eg AFphi equiv EG egphi:$$eg EFphi equiv AG egphi:$$eg AXphi equiv EX egphi

From these facts it can be derived that::$$AFphi equiv A [ op U phi] :$$EFphi equiv E [ op U phi]

In fact, it can be shown using these identities that a subset of the CTL temporal connectives is adequate iff it contains at least one of $${AX,EX} and at least one of $${EG,AF,AU}.

Some other important identities::$$AGphi equiv phi land AX AG phi:$$EGphi equiv phi land EX EG phi:$$AFphi equiv phi lor AX AF phi:$$EFphi equiv phi lor EX EF phi:$$A [phi U psi] equiv psi lor (phi land AX A [phi U psi] ):$$E [phi U psi] equiv psi lor (phi land EX E [phi U psi] )

Examples

Let "P" mean "I like chocolate" and Q mean "It's warm outside."

*AG.P:"I will like chocolate from now on, no matter what happens."
*EF.P:"It's possible I may like chocolate some day, at least for one day."
*AF.EG.P:"It's always possible (AF) that I will suddenly start liking chocolate for the rest of time." (Note: not just the rest of my life, since my life is finite, while G is infinite).
*EG.AF.P:"This is a critical time in my life. Depending on what happens next (E), it's possible that for the rest of time (G), there will always be some time in the future (AF) when I will like chocolate. However, if the wrong thing happens next, then all bets are off and there's no guarantee about whether I'll ever like chocolate."
*A(PUQ):"From now until it's warm outside, I will like chocolate every single day. Once it's warm outside, all bets are off as to whether I'll like chocolate anymore. Oh, and it's guaranteed to be warm outside eventually, even if only for a single day."
*E((EX.P)U(AG.Q)):"It's possible that: there will eventually come a time when it will be warm forever (AG.Q) and that before that time there will always be "some" way to get me to like chocolate the next day (EX.P)."

Relations with other logics

Computation tree logic (CTL) is a subset of CTL* as well as of the modal µ calculus. More interestingly, CTL is a fragment of Alur, Henzinger and Kupferman's Alternating-time Temporal Logic (ATL).

Computation tree logic (CTL) and Linear temporal logic (LTL) are both a subset of CTL*. CTL and LTL are not equivalent and they have a common subset.
*FG.P exists in LTL but not in CTL.
*AG(P$$Rightarrow((EX.Q)$$land(EX¬Q))) exists in CTL but not in LTL.

ee also

*Probabilistic CTL
*Fair Computation tree logic
*Linear temporal logic

References

*
*
*
*

External links

* [http://www.inf.unibz.it/~artale/FM/slide4.pdf Teaching slides of CTL]