Temporal normal form for Linear Temporal Logic formulae 1

Abstract

In the present paper, the concepts of characters as well as the least characters for LTL (Linear Temporal Logic) formulae are introduced. It is pointed out that those LTL formulae with characters can always be checked within finite steps during model checking even in some cases when the underlying transition system contains infinite states. What is more, the class of LTL formulae with characters can be characterized by full LTL_n, the bounded case for LTL. Meanwhile, two types of temporal normal form for LTL formulae are proposed. A necessary and sufficient condition is given in which an LTL formula has an equivalent formula in temporal normal form.

Keywords

Linear Temporal Logic transition system character temporal normal form

1 Introduction

Model checking is a verification technique that automatically examines all relevant system states to check whether the system model satisfies the desired properties. Since it was proposed independently by Clarke and Emerson [3] as well as Queille and Sifakis [15], this breakthrough was the first step towards the automated verification of concurrent programs. Over the last three decades, model checking has received a lot of attention and becomes a subject of rapidly growing research community [1 , 12]. Given a model TS of the system and a specification φ of the property to be considered, model checking can systematically checks the validity of the property in the model. Here the model TS is a transition system [1 , 9], and the specification φ is typically represented in temporal logic such as LTL (Linear Temporal Logic) [1 , 12], an extension of propositional or predicate logic by modalities that permit to referral to the infinite behavior of a reactive system.

Temporal logics and related modal logics [2 , 17] have been studied in ancient times in different areas such as philosophy. Their application to verifying complex computer systems was proposed by Pnueli and greatly developed recently [6 , 14]. In this paper, we will focus our attention on LTL, a temporal logic that is based on a linear-time perspective [1 , 12]. First, we introduce the concepts of characters as well as the least characters for LTL formulae and form the bounded case for LTL formulae, i.e., LTL_n formulae. Meanwhile, we prove that all LTL_n formulae have characters as well as the least characters and show that those LTL formulae with characters have good properties. That is, they can be equivalently written in a simple form without containing the logical connective ⊔, and more importantly they can always be checked within finite steps during model checking even in some cases when the underlying transition system contains infinite states. What is more, the class of LTL formulae with characters can be characterized by full LTL_n, which provides reasonable intuition for the notion of characters. After that, we propose TDNF (temporal disjunctive normal form) and TCNF (temporal conjunctive normal form) for LTL as well as LTL_n formulae and obtain a similar result as in classical propositional logic [11, 18]: The class of TDNF (TCNF) formulae is as expressive as full LTL_n. Besides, a necessary and sufficient condition is given in which an LTL formula has an equivalent TDNF (TCNF) formula.

2 Preliminaries

In this section, we briefly overview some preliminaries that we need. For more details, please see [1, 4].

Definition 2.1. [1] A transition system TS is a tuple (S, Act, → , I, AP, L), where

S is a set of states,

Act is a set of actions,

→ ⊆ S × Act × S is a transition relation,

I (⊆ S) is a set of initial states,

AP is a set of atomic propositions, and

L : S → 2^AP is a labeling function.

For convenience, we write s → s′ instead of (s, α, s′)∈ → when there is no confusion. s′ is called a successor of s, and Post (s) denotes the set of all successors of s. A path π of TS is a non-empty sequence of states s₀s₁s₂⋯ such that s_i ∈ Post (s_i-1) for all i ≥ 1. Paths (TS) denotes the set of all initial, infinite paths of TS. For path π = s₀s₁s₂⋯ of TS, the trace of π is defined as $trace (π) = L (s_{0}) L (s_{1}) L (s_{2}) \dots (\in (2^{AP})^{ω}),$ and $Traces (TS) = {trace (π) | π \in Paths (TS)} .$

Definition 2.2. [1] LTL formulae over AP are formed according to the following grammar: $φ : : = true | a | \neg φ | φ_{1} \land φ_{2} | ○ φ | φ_{1} ⊔ φ_{2}$ where a ∈ AP. Other connectives can be derived as follows: $\begin{matrix} false & = & \neg ture, \\ φ_{1} \lor φ_{2} & = & \neg (\neg φ_{1} \land \neg φ_{2}), \\ φ_{1} \to φ_{2} & = & \neg φ_{1} \lor φ_{2}, \\ ♦ φ & = & true ⊔ φ, \\ □ φ & = & \neg ♦ \neg φ, \\ ○^{k} φ & = & ○^{k - 1} (○ φ), k \geq 1, \\ ○^{0} φ & = & φ . \end{matrix}$

The precedence order on the operators is as follows. The unary operators ¬, ○ , ♦ and □ bind stronger than the binary ones, and ⊔ takes precedence over ∧, ∨ and →.

Definition 2.3. [1] Let φ be an LTL formula over AP. Define $Words (φ) = {σ \in (2^{AP})^{ω} ∣ σ ⊨ φ}$ (1) where ⊨ is the smallest relation with the following properties:

σ ⊨ true,

σ ⊨ a iff a ∈ σ [0] for all a ∈ AP,

σ ⊨ ¬ φ iff σ ⊭ φ,

σ ⊨ φ₁ ∧ φ₂ iff σ ⊨ φ₁ and σ ⊨ φ₂,

σ ⊨ ○ φ iff σ [1 . . .] ⊨ φ,

σ ⊨ φ₁ ⊔ φ₂ iff ∃j ≥ 0 s.t. σ [j . . .] ⊨ φ₂ and σ [i . . .] ⊨ φ₁ (0 ≤ i < j).

Here for σ = A₀A₁A₂ ⋯ ∈ (2^AP) ^ω, σ [i] = A_i and σ [i . . .] = A_iA_i+1A_i+2⋯ for all i ≥ 0.

For path π of TS, define $π ⊨ φ iff trace (π) ⊨ φ,$ and $TS ⊨ φ iff Traces (TS) \subseteq Words (φ),$ i.e., π ⊨ φ holds for every π ∈ Paths (TS).

Corollary 2.4. Let φ, φ₁, φ₂ be LTL formulae over AP and σ ∈ (2^AP) ^ω. Then

Words (true) = (2^AP) ^ω,

Words (¬ φ) = (2^AP) ^ω - Words (φ),

Words (φ₁ ∧ φ₂) = Words (φ₁) ∩ Words (φ₂),

σ ∈ Words (○ φ) iff σ [1 . . .] ∈ Words (φ), and

σ ∈ Words (φ₁ ⊔ φ₂) iff ∃j ≥ 0 s.t. σ [j . . .] ∈ Words (φ₂) and σ [i . . .] ∈ Words (φ₁) (0 ≤ i < j).

Definition 2.5. [1] LTL formulae φ, ψ are equivalent, denoted φ ≡ ψ, if Words (φ) = Words (ψ).

Let φ be an LTL formula. If Words (φ) = (2^AP) ^ω, then it is easily seen that φ ≡ true, and we call φ a tautology in this sense. Similarly, if Words (φ) =∅, then φ ≡ false, and we call φ a contradiction.

3 Characters of LTL formulae

Definition 3.1. Let σ ∈ E ⊆ (2^AP) ^ω. We say that σ is eventually free in E if there exists m ≥ 0 such thatσ′ ∈ E holds for every σ′ ∈ (2^AP) ^ω with σ′ [k] = σ [k] (k = 0, 1, ⋯ , m - 1). In this case, we also say that σ is m-free in E.

Obviously, if σ is m-free in E, then it is n-free in E for all n ≥ m.

Definition 3.2. Let φ be an LTL formula with Words (φ)≠ ∅. If there exists k ≥ 0 such that σ is k-free in Words(φ) for every σ ∈ Words (φ), then k is called a character of φ. Furthermore, if k is the least, then we say that k is the least character of φ, denoted Ch (φ) = k.

Obviously, if k is a character of φ, then m is also a character of φ for every m ≥ k, and Ch (φ) exists in this case.

For a tautology φ, since Words (φ) = (2^AP) ^ω, we can easily get Ch (φ) =0. Note that Definition 3.2 is not suitable for any contradiction ψ since Words(ψ) =∅, however, we can still reach an agreement and let Ch (ψ) =0.

Example 3.3. Let a, b ∈ AP. Since Words(a ∧ b)= {σ ∈ (2^AP) ^ω ∣ a, b ∈ σ [0]}, we can obtain that Ch (a ∧ b) =1. Similarly, Ch (¬ a) =1, Ch (○ a) =2. However, a ⊔ b does not have any character, since for σ = {a} ^k {b} ^ω (k > 0), σ′ = {a} ^ω, we have σ [j] = σ′ [j] (j = 0, 1, ⋯ , k - 1), σ∈Words(a ⊔ b), but σ′∉Words(a ⊔ b) for arbitrary natural number k > 0. Similarly, one can prove that there are many other LTL formulae, such as □a, ¬c ∧ (○ b ⊔ a) and □ (b → ○ d) etc., having no characters.

From Example 3.3, it is not true that each LTL formula has a character. To make up this situation, we introduce a binary connective ⊔^≤n as the bounded form for ⊔, and also ♦^≤n, □^≤n corresponding to ♦, □ respectively. Here for every σ ∈ (2^AP) ^ω, σ ⊨ φ₁ ⊔ ^≤nφ₂ iff ∃j with 0 ≤ j ≤ n s.t. σ [j . . .] ⊨ φ₂ and σ [i . . .] ⊨ φ₁ (0 ≤ i < j). Moreover, by substituting ⊔^≤n for each ⊔ in LTL formulae, we obtain LTL_n formulae, the bounded form for LTL. In the sequel, we can see that every LTL_n formula has a character (also the least character). To prove this, we need a lemma whose proof is simple and consequently omitted.

Lemma 3.4. Let φ, ψ be LTL or LTL_n formulae. Ifφ ≡ ψ, then Ch (φ) = Ch (ψ).

Proposition 3.5. Each LTL_n formula has a character as well as the least character. Furthermore, for a contingent formula (i.e., neither a tautology nor a contradiction) φ, the upper bound of Ch (φ) can be computed by induction in the following way:

Ch (a) =1 for every a ∈ AP;

If φ = ¬ ψ, then Ch (φ) = Ch (ψ);

If φ = φ₁ ∧ φ₂, then Ch (φ) ≤ max {Ch (φ₁) , Ch (φ₂)};

If φ = ○ ψ, then Ch (φ) = Ch (ψ) +1;

If φ = φ₁ ⊔ ^≤nφ₂, then Ch (φ) ≤ n + max {Ch (φ₁) -1, Ch (φ₂)}. Furthermore, if φ₁ ≡ φ₂, then Ch (φ) = Ch (φ₁) = Ch (φ₂).

Proof. For a tautology or a contradiction, we have already known that the least character is 0. Let φ be a contingent formula. In what follows we prove by induction on the complexity of φ.

(i) Let φ = a where a ∈ AP. Then σ∈Words(φ) iff a ∈ σ [0]. Thus each k ≥ 1 is a character of φ, and consequently Ch (φ) =1.

(ii) Let φ = ¬ ψ and k be a character of ψ. Since φ is a contingent formula, so does ψ, thus k > 0. Arbitrarily choose σ ∈ (2^AP) ^ω. Suppose that there exists σ′∈Words(φ) such that σ′ [i] = σ [i] for i = 0, 1, ⋯ , k - 1, then it can be obtained that σ∈Words(φ). Since otherwise, if σ∉Words(φ), then σ ∈ (2^AP) ^ω-Words(φ)=Words(ψ). Consequently σ′∈Words(ψ) by Definition 3.2, which contradicts with σ′∈Words(φ)=(2^AP) ^ω-Words(ψ). Therefore, k is a character of φ, and Ch (φ) exists. Furthermore, it is easy to get Ch (φ) = Ch (ψ).

(iii) Let φ = φ₁ ∧ φ₂ and k₁, k₂ be characters of φ₁, φ₂ respectively. Since Words (φ) = Words (φ₁) ∩ Words (φ₂), it can be similarly obtained that k = max {k₁, k₂} is a character of φ, thus Ch (φ) ≤ max {Ch (φ₁) , Ch (φ₂)}.

(iv) Let φ = ○ ψ and k be a character of ψ. Then we can similarly prove that k + 1 is a character of φ, and Ch (φ) = Ch (ψ) +1.

(v) Let φ = φ₁ ⊔ ^≤nφ₂, k₁, k₂ be characters of φ₁, φ₂ respectively, and k = n + max {k₁ - 1, k₂}. Arbitrarily choose σ ∈ (2^AP) ^ω, and suppose that there exists σ′∈Words(φ) such that σ′ [m] = σ [m] for m = 0, 1, ⋯ , k - 1. Since σ′∈Words(φ), there exists j with 0 ≤ j ≤ n such that σ′ [j . . .]∈Words(φ₂) and σ′ [i . . .]∈Words(φ₁) for 0 ≤ i < j. Note thatk - j ≥ k - n ≥ k₂, k - i ≥ k₁, and σ [m] = σ′ [m] holds for all m with i ≤ m < k. Thus σ [j . . .]∈Words(φ₂), σ [i . . .]∈Words(φ₁) for 0 ≤ i < j, and consequently σ∈Words(φ), which proves that k is a character of φ. Thus, Ch (φ) ≤ n + max {Ch (φ₁) -1, Ch (φ₂)}. Furthermore, it is easy to obtain that Ch (φ) = Ch (φ₁) = Ch (φ₂) in case φ₁ ≡ φ₂ by Lemma 3.4.□

Corollary 3.6. Let φ, ψ, φ₁, φ₂ be LTL_n formulae with Ch (φ) >0.

If φ = φ₁ ∨ φ₂ or φ₁ → φ₂, then Ch (φ) ≤ max {Ch (φ₁) , Ch (φ₂)};

If φ = □ ^≤nψ or ♦^≤nψ, then Ch (φ) ≤ n + Ch (ψ).

Definition 3.7. Let φ be an LTL or LTL_n formula. Define for j = 1, 2, ⋯, ${Words}^{(j)} (φ) = {σ [. . . j - 1] ∣ σ \in Words (φ)} .$ (2)

For an LTL or LTL_n formula φ with Ch (φ) = k, one can easily infer that $Words (φ) = {δ σ ∣ δ \in {Words}^{(k)} (φ), σ \in (2^{AP})^{ω}}$ (3) holds by Equations. (1)-(2), where δσ denotes the string concatenation of δ and σ. In this case, if one wants to check whether a σ ∈ (2^AP) ^ω satisfies the formula φ, he (she) only needs to check whether the k-length prefix of σ satisfies φ. In another words, the set Words(φ) is completely decided by Words^(k) (φ). As a result, the formula φ can be checked as a specification within finite steps during model checking, that is, for any given transition system TS, we can always check the validity of φ in TS within finite steps. In fact, in order to check whether TS ⊨ φ holds, we only need to check whether the k-length prefix of each trace σ ∈ Traces (TS) satisfies φ. To be more in detail, we suppose that TS = (S, Act, → , I, AP, L) has finite initial states, i.e., |I| is finite, and each state has finite successors, i.e., |Post (s) | ≤ t holds for some t ∈ N and all s ∈ S. In this case, it is easy to obtain that there are no more than M = |I| · t^k-1 many k-length traces (i.e., k-length prefix of traces) of TS. According to above analysis, we need to check whether each k-length trace of TS belongs to Words^(k) (φ), and after M times of computation we would check out whether TS ⊨ φ holds. During this procedure, the key issue lies in that we only need to consider those states no more than k steps from some initial state in TS, instead of considering all states (as some LTL formulae, such as a ⊔ b, do). To conclude these, when a specification φ has a character, we are lucky that the procedure of model checking would be finished within finite steps even in some cases when TS contains infinite states. Under this circumstance, the original model checking would be greatly simplified since the state-space explosion problem is avoided to some extent.

Proposition 3.8. Let φ be an LTL formula. If Ch (φ) exists, then φ is equivalent to some LTL formula without containing the logical connective ⊔.

Proof. Let Ch (φ) = k. If k = 0, then φ is a tautology or a contradiction, and the conclusion obviously holds in this case. Suppose k > 0 and |AP| = m. Then Words^(k) (φ) is a finite set. Assume that Words^(k) (φ) = {δ₁, ⋯ , δ_t} ≠ ∅, where δ_i ∈ (2^AP) ^k (i = 1, ⋯ , t) and t ≤ 2^mk. Define $ψ = \lor_{i = 1}^{t} (ψ_{0}^{(i)} \land ○ ψ_{1}^{(i)} \land \dots \land ○^{k - 1} ψ_{k - 1}^{(i)}),$ (4) where $ψ_{j}^{(i)} = [(\land_{a \in δ_{i} [j]} a) \land (\land_{b \in AP - δ_{i} [j]} \neg b)]$ for j = 0, ⋯ , k - 1 and i = 1, ⋯ , t . Obviously, ψ is an LTL formula without containing the logical connective ⊔. In what follows we prove that φ ≡ ψ. Firstly, we can infer from Proposition 3.5 that Ch (ψ) ≤ k. Meanwhile, by Corollary 2.4 and Equation. (3) we obtain that ${Words}^{(k)} (ψ) = \cup_{i = 1}^{t} {Words}^{(k)} (ψ_{0}^{(i)} \land ○ ψ_{1}^{(i)} \land \dots \land ○^{k - 1} ψ_{k - 1}^{(i)}) .$ For every j ∈ {0, ⋯ , k - 1}, i ∈ {1, ⋯ , t} and δ∈Words $^{(k)} (ψ_{j}^{(i)})$ , we can easily get that δ [j] = δ_i [j]. Thus $\begin{matrix} {Words}^{(k)} (ψ_{0}^{(i)} \land ○ ψ_{1}^{(i)} \land \dots \land ○^{k - 1} ψ_{k - 1}^{(i)}) \\ = & Words (ψ_{0}^{(i)}) \cap Words (○ ψ_{1}^{(i)}) \cap \dots \cap Words (○^{k - 1} ψ_{k - 1}^{(i)}) \\ = & {δ_{i}} . \end{matrix}$ As a result, ${Words}^{(k)} (ψ) = {δ_{1}, \dots, δ_{t}} = {Words}^{(k)} (φ),$ and Words(φ)=Words(ψ) consequently holds by Equation. (3). By Definition 2.5, we conclude that φ ≡ ψ.

Since an LTL formula without containing ⊔ can also be seen as an LTL_n formula, Proposition 3.8 states that each LTL formula with characters is equivalent to some LTL_n formula. Meanwhile, if an LTL formula φ is equivalent to some LTL_n formula, then by Proposition 3.5 and Lemma 3.4 we can easily infer that Ch (φ) exists. In a word, the following corollary holds.

Corollary 3.9. Let φ be an LTL formula. Then Ch (φ) exists if and only if φ is equivalent to some LTL_nformula.

Corollary 3.9 states that the class of LTL formulae with characters is as expressive as full LTL_n. In another words, they can be characterized by LTL_n formulae, which provides reasonable intuition for the notion of characters.

4 Temporal normal form for LTL formulae

Example 4.1. Let a, b ∈ AP. Then we can get Ch (a ∧ ○ b) =2, and $a \land ○ b \equiv [a \lor ○ (a \land \neg a)] \land [(a \land \neg a) \lor ○ b] .$

Similarly, Ch (a ⊔ ^≤2b) =3, and $\begin{matrix} a ⊔^{\leq 2} b & \equiv & b \lor (a \land ○ b) \lor (a \land ○ a \land ○^{2} b) \\ \equiv & [b \land ○ (a \lor \neg a) \land ○^{2} (a \lor \neg a)] \\ \lor [a \land ○ b \land ○^{2} (a \lor \neg a)] \\ \lor (a \land ○ a \land ○^{2} b) . \end{matrix}$

It can be seen that the two LTL_n formulae in Example 4.1 can be equivalently written in a special form similarly to disjunctive (conjunctive) normal form in classical propositional logic (see [11, 18] in detail). More generally, we give the following definition.

Definition 4.2. Let φ be an LTL or LTL_n formula. φ is said to be in temporal disjunctive normal form (TDNF for short) and in temporal conjunctive normal form (TCNF for short) with order k, respectively, if φ has the respective forms $\begin{matrix} (A_{10} \land ○ A_{11} \land \dots \land ○^{k} A_{1 k}) \lor \dots \lor \\ (A_{t 0} \land ○ A_{t 1} \land \dots \land ○^{k} A_{tk}) \end{matrix}$ (5) and $\begin{matrix} (A_{10} \lor ○ A_{11} \lor \dots \lor ○^{k} A_{1 k}) \land \dots \land \\ (A_{t 0} \lor ○ A_{t 1} \lor \dots \lor ○^{k} A_{tk}) \end{matrix}$ (6) where A_ij (i = 1, ⋯ , t ; j = 0, 1, ⋯ , k) are propositional formulae over AP, and at least one of A_ik (i = 1, ⋯ , t) is contingent.

Note that each tautology is equivalent to a ∨ ¬ a which can be seen in either TDNF or TCNF, and each contradiction is equivalent to a ∧ ¬ a in either TDNF or TCNF where a ∈ AP. In what follows we obtain a similar result also for contingent formulae. First of all, we need two lemmas.

Lemma 4.3. [1] Let φ, ψ be LTL or LTL_n formulae. Then $\begin{matrix} \neg (○^{k} φ) & \equiv & ○^{k} (\neg φ), \\ ○^{k} (φ \land ψ) & \equiv & ○^{k} φ \land ○^{k} ψ, \\ ○^{k} (φ \lor ψ) & \equiv & ○^{k} φ \lor ○^{k} ψ . \end{matrix}$

By Lemma 4.3 and distributive laws for ∨,∧ (see [1] in detail) we get:

Lemma 4.4. If φ has an equivalent TDNF (TCNF) formula, then φ also has an equivalent TCNF (TDNF) formula with the same order.

Proposition 4.5. Let φ be a contingent LTL_n formula. Then φ has an equivalent TDNF (TCNF) formula with order k iff Ch (φ) = k + 1.

Proof. On one hand, suppose that φ is equivalent to a formula ψ in TDNF (TCNF) with order k as shown in Eq. (5)-(6). By Lemma 3.4 and Proposition 3.5 we get Ch (φ) = Ch (ψ) = k + 1, which proves the necessity.

On the other hand, let ⊥ = a ∧ ¬ a and ⊤ = a ∨ ¬ a where a ∈ AP. In what follows we prove the sufficiency by induction on the complexity of φ.

(i) Let φ = b where b ∈ AP. Obviously Ch (φ) =1 and φ is in TDNF with order 0.

(ii) Let φ = ¬ ψ with Ch (ψ) = k + 1. Then Ch (φ) = Ch (ψ) = k + 1. Assume that ψ≡ (A₁₀ ∧ ○ A₁₁ ∧ ⋯ ∧ ○ ^kA_1k) ∨ ⋯ ∨ (A_t0 ∧ ○A_t1 ∧ ⋯ ∧ ○ ^kA_tk). Then by Lemma 4.3 we get φ =¬ ψ ≡ ¬ ((A₁₀ ∧ ○ A₁₁ ∧ ⋯ ∧ ○ ^kA_1k) ∨ ⋯ ∨(A_t0 ∧ ○ A_t1 ∧ ⋯ ∧ ○ ^kA_tk)) ≡ (¬ A₁₀ ∨ ○ (¬ A₁₁)∨ ⋯ ∨ ○ ^k (¬ A_1k)) ∧ ⋯ ∧ (¬ A_t0 ∨ ○ (¬ A_t1) ∨ ⋯ ∨ ○ ^k (¬ A_tk)), which is in TCNF with order k. Consequently, φ has an equivalent TDNF formula with order k by Lemma 4.4.

(iii) Let φ = φ₁ ∧ φ₂ with Ch (φ₁) = k₁ + 1, Ch (φ₂) = k₂ + 1, and k = max {k₁, k₂}. Assume that φ₁ ≡ (A₁₀ ∨ ○ A₁₁ ∨ ⋯ ∨ ○ ^{k
₁}A_1k₁) ∧ ⋯ ∧ (A_i0 ∨ ○ A_i1 ∨ ⋯ ∨ ○ ^{k
₁}A_{ik
₁}), φ₂ ≡ (B₁₀ ∨ ○ B₁₁ ∨ ⋯ ∨ ○ ^{k
₂}B_1k₂) ∧ ⋯ ∧ (B_j0 ∨ ○ B_j1 ∨ ⋯ ∨ ○ ^{k
₂}B_{jk
₂}). Suppose that k₁ ≤ k₂, then k = k₂, and φ = φ₁ ∧ φ₂ ≡ (A₁₀ ∨ ○ A₁₁ ∨ ⋯ ∨ ○ ^{k
₁}A_1k₁ ∨ ○ ^k₁+1 ⊥ ∨ ⋯ ∨ ○ ^k ⊥) ∧ ⋯ ∧ (A_i0 ∨ ○ A_i1 ∨ ⋯ ∨ ○ ^{k
₁}A_{ik
₁} ∨ ○ ^k₁+1 ⊥ ∨ ⋯ ∨ ○ ^k ⊥) ∧ (B₁₀ ∨ ○ B₁₁ ∨ ⋯ ∨ ○ ^kB_1k) ∧ ⋯ ∧ (B_j0 ∨ ○ B_j1 ∨ ⋯ ∨ ○ ^kB_jk), which is in TCNF. Consequently, φ has an equivalent TDNF formula by Lemma 4.4.

(iv) Let φ = ○ ψ with Ch (ψ) = k + 1. Then Ch (φ) = k + 2. Assume that ψ ≡ (A₁₀ ∧ ○ A₁₁ ∧ ⋯ ∧ ○ ^kA_1k) ∨ ⋯ ∨ (A_t0 ∧ ○ A_t1 ∧ ⋯ ∧ ○ ^kA_tk). Then φ = ○ ψ ≡ (⊤ ∧ ○ A₁₀ ∧ ○ ²A₁₁ ∧ ⋯ ∧ ○ ^k+1A_1k) ∨ ⋯ ∨ (⊤ ∧ ○ A_t0 ∧ ○ ²A_t1 ∧ ⋯ ∧ ○ ^k+1A_tk), which is in TDNF with order k + 1.

(v) Let φ = φ₁ ⊔ ^≤nφ₂. Then φ ≡ φ₂ ∨ (φ₁ ∧ ○ φ₂) ∨ (φ₁ ∧ ○ φ₁ ∧ ○ ²φ₂) ∨ ⋯ ∨ (φ₁ ∧ ○ φ₁ ∧ ⋯ ∧ ○ ^n-1φ₁ ∧ ○ ⁿφ₂) . Thus the proof of this case can be converted to cases (i)-(iv).

As a result, every contingent formula φ with Ch (φ) = k + 1 has an equivalent TDNF formula (also an equivalent TCNF formula by Lemma 4.4) with order k.

Corollary 4.6. Each LTL _n formula has an equivalent TDNF (TCNF) formula.

By Corollary 3.9 and 4.6, we can also get the following corollary.

Corollary 4.7. Let φ be an LTL formula. Then φ has an equivalent TDNF (TCNF) formula if and only if Ch (φ) exists.

It should be noted that an LTL formulae φ in TDNF or TCNF has a good property, that is, the set Words(φ) can be easily computed, which would simplify the procedure of model checking. For example, let φ = [b ∧ ○ (a ∨ ¬ a)] ∨ (a ∧ ○ b). We can easily obtain that Ch (φ) =2, and Words⁽²⁾ (φ) =Words⁽²⁾ (b∧ ○ (a ∨ ¬ a)) ∪ Words⁽²⁾ (a ∧ ○ b) ={AB ∈ (2^AP) ² ∣ b ∈ A or a ∈ A, b ∈ B}. Then by Equation (3), the set Words(φ) can be computed without difficulty.

5 Conclusions

The present paper introduced the concepts of characters as well as the least characters for LTL and LTL_n formulae. It was proved that all LTL_n formulae have characters as well as the least characters, and that those LTL formulae with characters can always be checked within finite steps during model checking. Besides, two types of temporal normal form, TDNF and TCNF, for LTL as well as LTL_n formulae were proposed. It was obtained that the class of TDNF (TCNF) formulae is as expressive as full LTL_n. Finally, a necessary and sufficient condition was given in which an LTL formula has an equivalent TDNF (TCNF) formula. As one can see, TDNF and TCNF formulae are simple in form and consequently easy to be checked during model checking. The application of TDNF and TCNF formulae in model checking will be studied in a forthcoming paper.

References

Baier

and Katoen

J.P.

, Principles of Model Checking, MIT Press, 2008.

Blackburn

, de Rijke

and Venema

, , , Modal Logic, Cambridge University PressNew York, 2001.

Clarke

E.M.

and Emerson

E.A.

, Design and synthesis of synchronization skeletons using branching time temporal logic, In: Logic ofrograms, LNCS 131, 1981, pp. 52–71.

Clarke

E.M.

, Grumberg

and Peled

, Model Checking, MIT Press 1999.

Clarke

E.M.

and Kurshan

, Computer-aided verification, IEEE Spectrum 33(6) (1996), 61–67.

Ding

X.C.

, Smith

S.L.

, Belta

, et al., Optimal control of Markov decision processes with linear temporal logic constraints, IEEE Transactions on Automatic Control 59(5) (2014), 1244–1257.

Feng

, Yu

N.K.

and Ying

M.S.

, Model checking quantum Markov chains, Journal of Computer and System Sciences 79 (2013), 1181–1198.

Gotzhein

, Temporal logic and applications: A tutorial, Computer Networks and ISDN Systems 24(3) (1992), 203–218.

Huth

and Ryan

, Logic in Computer Science-Modelling and Reasoning about Systems (2nd ed.), Cambridge University Press, Cambridge, 2004.

10.

Ito

, Ichinose

, Shimakawa

, et al., Qualitative analysis of gene regulatory networks by temporal logic, Theoretical Computer Science 594 (2015), 151–179.

11.

Kroger

and Merz

, Temporal Logic and State Systems, Springer-Verlag, Berlin 2008.

12.

Y.M.

and Li

L.J.

, Model checking of linear-time properties based on possibility measure, IEEE Transactions on Fuzzy Systems 21(5) (2013), 842–854.

13.

Manna

and Pnueli

, Temporal Verification of Reactive Systems, Springer-Verlag, New York 1995.

14.

Manna

and Pnueli

, The Temporal Logic of Reactive and Concurrent Systems: Specification, Springer-Verlag, New York, 1995.

15.

Queille

J.P.

and Sifakis

, Specification and verification of concurrent systems in CESAR, In: Proceedings 5th International Symposium on Programming, LNCS 137, 1982, pp. 337–351.

16.

Shi

H.X.

and Wang

G.J.

, Lattice-valued modal propositional logic and its completeness, Science China Information Sciences 53 (2010), 2230–2239.

17.

Wang

G.J.

and She

Y.H.

, A topological characterization of consistency of logic theories in propositional logic, Mathematical Logic Quarterly 52 (2006), 470–477.

18.

Wang

G.J.

and Zhou

H.J.

, Introduction to Mathematical Logic and Resolution Principle, Science Press, Beijing, U.K. Alpha Science International Limited, Oxford, 2009.