Computation tree logic: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 00:34, 5 December 2020 edit 2001:861:3ac0:4fa0:20d6:ce8e:19fd:ecf3 (talk) No edit summary ← Previous edit		Latest revision as of 04:16, 23 December 2024 edit undo LR.127 (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 25,456 edits Adding short description: "Theory in computer science" Tag: Shortdesc helper
(23 intermediate revisions by 16 users not shown)
Line 1: {{Short description\|Theory in computer science}} {{More footnotes\|date=October 2015}} '''Computation tree logic''' ('''CTL''') is a branching-time [[Mathematical logic\|logic]], meaning that its model of [[time]] is a [[tree (graph theory)\|tree-like]] structure in which the future is not determined; there are different paths in the future, any one of which might be an actual path that is realized. It is used in [[formal verification]] of software or hardware artifacts, typically by software applications known as [[model checker]]s, which determine if a given artifact possesses [[Safety ~~(distributed~~and ~~computing)~~Liveness Properties\|safety]] or [[liveness properties]] ~~properties~~. For example, CTL can specify that when some initial condition is satisfied (e.g., all program variables are positive or no cars on a highway straddle two lanes), then all possible executions of a program avoid some undesirable condition (e.g., dividing a number by zero or two cars colliding on a highway). In this example, the safety property could be verified by a model checker that explores all possible transitions out of program states satisfying the initial condition and ensures that all such executions satisfy the property. Computation tree logic belongs to a class of [[temporal logic]]s that includes [[linear temporal logic]] (LTL). Although there are properties expressible only in CTL and properties expressible only in LTL, all properties expressible in either logic can also be expressed in [[CTL]]. == History == CTL was first proposed by [[Edmund M. Clarke]] and [[E. Allen Emerson]] in 1981, who used it to synthesize so-called ''synchronisation skeletons'', ''i.e'' abstractions of [[concurrent program]]s. Since the introduction of CTL, there has been debate about the relative merits of CTL and LTL. Because CTL is more computationally efficient to model check, it has become more common in industrial use, and many of the most successful model-checking tools use CTL as a specification language.<ref>{{cite book \|last1=Vardi \|first1=Moshe Y. \|date=2001 \|chapter=Branching vs. Linear Time: Final Showdown \|journal=Tools and Algorithms for the Construction and Analysis of Systems \|series=Lecture Notes in Computer Science \|volume=2031 \| publisher=Springer, Berlin \|pages=1{{ndash}}22 \|doi=10.1007/3-540-45319-9_1 \|isbn=978-3-540-41865-8 \|chapter-url=https://link.springer.com/content/pdf/10.1007/3-540-45319-9_1.pdf}}</ref> == Syntax of CTL == The [[Regular Language\|language]] of [[well -formed formula]]s for CTL is generated by the following [[Context-free grammar\|grammar]]: :<math>\begin{align} Line 14 ⟶ 18: \end{align}</math> where <math>p</math> ranges over a set of [[atomic formula]]s. It is not necessary to use all connectives  – for example, <math>\{\neg, \land, \mbox{AX}, \mbox{AU}, \mbox{EU}\}</math> comprises a complete set of connectives, and the others can be defined using them. <math>\mbox{A}</math> means 'along All paths' ''(~~Inevitably~~inevitably)'' <math>\mbox{E}</math> means 'along at least (there Exists) one path' ''(possibly)'' For example, the following is a well-formed CTL formula: :<math>\mbox{EF }(\mbox{EG } p \Rightarrow \mbox{AF } r )</math>) The following is not a well-formed CTL formula: :<math>\mbox{EF }\big(r \mbox{ U } q\big) </math> The problem with this string is that <math>\mathrm U</math> can occur only when paired with an <math>\mathrm A</math> or an <math>\mathrm E</math>. <!-- TODO: explain it is evaluated over multiple paths /// here is a copy-paste from the LTL page: build up from proposition variables p1,p2,..., LTL formulas are generally evaluated over paths and a position on that path. A LTL formula as such is satisfied if and only if it is satisfied for position 0 on that path. --> The problem with this string is that <math>U</math> can occur only when paired with an <math>A</math> or an <math>E</math>. <!-- TODO: explain it is evaluated over multiple paths /// here is a copy-paste from the LTL page: build up from proposition variables p1,p2,..., LTL formulas are generally evaluated over paths and a position on that path. A LTL formula as such is satisfied if and only if it is satisfied for position 0 on that path. --> ItCTL uses [[First-order logic#Vocabulary\|atomic propositions]] as its building blocks to make statements about the states of a system. <!-- TODO: give an example of an atomic proposition. --> ~~CTL~~These ~~then~~propositions ~~combines~~are ~~these~~then ~~propositions~~combined into formulas using [[logical operator]]s and [[temporal logic\|temporal operator]]s. ==Operators== Line 34 ⟶ 40: ===Logical operators=== The [[Logical connective\|logical operators]] are the usual ones: ¬, &or;, &and;, ⇒ and ⇔. Along with these operators CTL formulas can also make use of the boolean constants [[Truth\|true]] and [[False (logic)\|false]]. ===Temporal operators=== The temporal operators are the following: Quantifiers over paths '''A''' ~~''φ''~~Φ – '''A'''ll: ~~''φ''~~Φ has to hold on all paths starting from the current state. '''E''' ~~''φ''~~Φ – '''E'''xists: there exists at least one path starting from the current state where ~~''φ''~~Φ holds. * Path-specific quantifiers '''X''' ''φ'' – Ne'''x'''t: ''φ'' has to hold at the next state (this operator is sometimes noted '''N''' instead of '''X'''). Line 48 ⟶ 54: ''φ'' '''W''' ''ψ'' – '''W'''eak until: ''φ'' has to hold until ''ψ'' holds. The difference with '''U''' is that there is no guarantee that ''ψ'' will ever be verified. The '''W''' operator is sometimes called "unless". In [[CTL]], the temporal operators can be freely mixed. In CTL, ~~the operator~~operators must always be grouped in ~~two~~pairs: one path operator followed by a state operator. See the examples below. [[CTL]] is strictly more expressive than CTL. ===Minimal set of operators=== In CTL there ~~is a~~are minimal ~~set~~sets of operators. All CTL formulas can be transformed to use only those operators. This is useful in [[model checking]]. One minimal set of operators is: {true, &or;, ¬, '''EG''', '''EU''', '''EX'''}. Some of the transformations used for temporal operators are: Line 67 ⟶ 73: ===Definition=== CTL formulae are interpreted over [[~~Transition~~transition system~~\|Transition Systems~~]]s. A transition system is a triple <math>\mathcal{M}=(S,{\rightarrow},L)</math>, where <math>S</math> is a set of states, <math>{\rightarrow} \subseteq S \times S</math> is a transition relation, assumed to be serial, i.e. every state has at least one successor, and <math>L</math> is a labelling function, assigning propositional letters to states. Let <math>\mathcal{M}=(S,\rightarrow,L)</math> be such a transition model, with <math>s \in S</math>, and <math>\phi \in F</math>, where <math>F</math> is the set of [[well-formed formula]]s over the [[Formal language\|language]] of <math>\mathcal{M}</math>. ~~:with <math>s \in S, \phi \in F</math> where F is the set of [[Well formed formula\|wffs]] over the [[Regular Language\|language]] of <math>\mathcal{M}</math>.~~ Then the relation of semantic [[entailment]] <math>(\mathcal{M}, s \models \phi)</math> is defined recursively on <math>\phi</math>: Line 95 ⟶ 100: This is denoted <math>\phi \equiv \psi</math> It can be seen that <math>\mathrm A</math> and <math>\mathrm E</math> are duals, being universal and existential computation path quantifiers respectively: <math>\neg \mathrm A\~~phi~~Phi \equiv \mathrm E \neg \~~phi~~Phi </math>. Furthermore, so are <math>\mathrm G</math> and <math>\mathrm F</math>. Hence an instance of [[De Morgan's ~~Laws~~laws]] can be formulated in CTL: :<math>\neg AF\phi \equiv EG\neg\phi</math> :<math>\neg EF\phi \equiv AG\neg\phi</math> Line 107 ⟶ 112: It can be shown using such identities that a subset of the CTL temporal connectives is adequate if it contains <math>EU</math>, at least one of <math>\{AX,EX\}</math> and at least one of <math>\{EG,AF,AU\}</math> and the boolean connectives. The important equivalences below are called the '''expansion laws'''; they allow ~~to unfold~~unfolding the verification of a CTL connective towards its successors in time. :<math>AG\phi \equiv \phi \land AX AG \phi</math> :<math>EG\phi \equiv \phi \land EX EG \phi</math> Line 125 ⟶ 130: :"It's always possible (AF) that I will suddenly start liking chocolate for the rest of time." (Note: not just the rest of my life, since my life is finite, while '''G''' is infinite). '''EG'''.'''AF'''.P :"~~This is a critical time in my life.~~ Depending on what happens ~~next~~in the future (E), it's possible that for the rest of time (G), ~~there will always~~I'll be ~~some~~guaranteed ~~time~~at inleast ~~the future~~one (AF) ~~when~~chocolate-liking Iday ~~will~~still ~~like~~ahead ~~chocolate~~of me. However, if ~~the~~something ~~wrong~~ever ~~thing~~goes ~~happens next~~wrong, then all bets are off and there's no guarantee about whether I'll ever like chocolate." The two following examples show the difference between CTL and CTL, as they allow for the until operator to not be qualified with any path operator ('''A''' or '''E'''): Line 136 ⟶ 141: ==Relations with other logics== <!-- CTL is a subset of CTL* --> Computation tree logic (CTL) is a subset of CTL* as well as of the [[modal mu calculus\|modal μ calculus]]. CTL is also a fragment of Alur, Henzinger and Kupferman's [[~~Alternating~~alternating-time ~~Temporal~~temporal ~~Logic~~logic]] (ATL). <!-- CTL is complementary to LTL --> Computation tree logic (CTL) and [[~~Linear~~linear temporal logic]] (LTL) are both a subset of CTL. CTL and [[Linear temporal logic\|LTL]] are not equivalent and they have a common subset, which is a proper subset of both CTL and LTL. '''FG'''.P exists in LTL but not in CTL. '''AG'''(~~P<math>\Rightarrow</math>~~P⇒(('''EX'''.Q)~~<math>\land</math>~~&and;('''EX'''¬Q))) and '''AG.EF'''.P exist in CTL but not in LTL. == Extensions == CTL has been extended with [[second-order logic\|second-order]] ~~quantifier~~quantification <math>\exists p</math> and <math>\forall p</math> to ''quantified computational tree logic'' (QCTL).<ref>{{Cite journal\|~~last~~last1=David\|~~first~~first1=Amélie\|last2=Laroussinie\|first2=Francois\|last3=Markey\|first3=Nicolas\|date=2016\|editor-last=Desharnais\|editor-first=Josée\|editor2-last=Jagadeesan\|editor2-first=Radha\|title=On the Expressiveness of QCTL\|url=http://drops.dagstuhl.de/opus/volltexte/2016/6164\|journal=27th International Conference on Concurrency Theory (CONCUR 2016)\|series=Leibniz International Proceedings in Informatics (LIPIcs)\|___location=Dagstuhl, Germany\|publisher=Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik\|volume=59\|pages=28:1–28:15\|doi=10.4230/LIPIcs.CONCUR.2016.28\|doi-access=free \|isbn=978-3-95977-017-0}}</ref> There are two semantics: the tree semantics. We label nodes of the computation tree. QCTL* = QCTL = [[monadic second-order logic\|MSO]] over trees. Model checking and satisfiability are tower- complete. * the structure semantics. We label states. QCTL* = QCTL = MSO over ~~graphs~~[[Graph (discrete mathematics)\|graph]]s. Model checking is [[PSPACE-complete]] but satisfiability is [[undecidable problem\|undecidable]]. A reduction from the model -checking problem of QCTL with the structure semantics, to TQBF (true quantified ~~binary~~Boolean formulae) has been proposed, in order to take advantage of the QBF solvers.<ref>{{Cite journal\|~~last~~last1=Hossain\|~~first~~first1=Akash\|last2=Laroussinie\|first2=François\|date=2019\|editor-last=Gamper\|editor-first=Johann\|editor2-last=Pinchinat\|editor2-first=Sophie\|editor3-last=Sciavicco\|editor3-first=Guido\|title=From Quantified CTL to QBF\|url=http://drops.dagstuhl.de/opus/volltexte/2019/11369\|journal=26th International Symposium on Temporal Representation and Reasoning (TIME 2019)\|series=Leibniz International Proceedings in Informatics (LIPIcs)\|___location=Dagstuhl, Germany\|publisher=Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik\|volume=147\|pages=11:1–11:20\|doi=10.4230/LIPIcs.TIME.2019.11\|doi-access=free \|isbn=978-3-95977-127-6\|s2cid=195345645 }}</ref> ==See also== [[Probabilistic CTL]] [[Fair ~~Computational~~computational tree logic]] [[Linear temporal logic]] ==References== {{Reflist}} {{cite ~~journal~~book \|author1=E.M. Clarke \|author2=E.A. Emerson \| ~~title~~chapter=Design and synthesis of synchronisation skeletons using branching time temporal logic\| ~~journal~~title=Logic of Programs, Proceedings of Workshop, Lecture Notes in Computer Science \|volume=131 \| publisher= Springer, Berlin \| year=1981 \|pages= 52–71\|doi=10.1007/BFb0025774 \|isbn=3-540-11212-X \|chapter-url=https://www.cs.cmu.edu/afs/cs/user/emc/www/papers/Invited%20Conference%20Articles/Design%20and%20Synthesis%20of%20Synchronization%20Skeletons%20Using%20Branching%20Time%20Temporal%20Logic.pdf}} * {{cite book \|author1=Michael Huth \|author2=Mark Ryan \| title=Logic in Computer Science ~~(Second Edition)~~ \| year=2004\| page=207 \| publisher=Cambridge University Press \| isbn=978-0-521-54310-1\|edition=Second }} * {{cite journal \|author1=Emerson, E. A. \|author2=Halpern, J. Y. \|author2link = Joseph Halpern\| title=Decision procedures and expressiveness in the temporal logic of branching time \| journal=[[Journal of Computer and System Sciences]]\| year=1985\| volume=30 \| issue=1 \| pages=1–24 \| doi=10.1016/0022-0000(85)90001-7\| citeseerx=10.1.1.221.6187}} * {{cite journal \|author1=Clarke, E. M. \|author2=Emerson, E. A. \|author3=Sistla, A. P. \|name-list-style=amp \| title=Automatic verification of finite-state concurrent systems using temporal logic specifications \| journal=[[ACM Transactions on Programming Languages and Systems]]\| year=1986\| volume=8 \| issue=2 \| pages=244–263 \| doi=10.1145/5397.5399\|s2cid=52853200 \| doi-access=free }} * {{cite book \| author=Emerson, E. A. \| year=1990 \| chapter =Temporal and modal logic \| editor=[[Jan van Leeuwen]] \| editor-link=Jan van Leeuwen \| title=Handbook of Theoretical Computer Science, vol. B \| pages=955–1072 \| publisher=MIT Press \| isbn=978-0-262-22039-2}} ==External links==