Linear Temporal Logic

Stanley Bak
CSE 510 – Hybrid Systems

(Based on slides from Jacques Fleuriot)

LTL – Syntax
LTL = Linear(-time) Temporal Logic
Assume some set Atom of atomic propositions
Syntax of LTL formulas ϕ:

ϕ ::= p | ¬ϕ | ϕ ∨ ϕ | ϕ ∧ ϕ | ϕ → ϕ | Xϕ | Fϕ | Gϕ | ϕUϕ

where p ∈ Atom.
Pronunciation:
▶ Xϕ — neXt ϕ
▶ Fϕ — Future ϕ
▶ Gϕ — Globally ϕ
▶ ϕUψ — ϕ Until ψ
Other common connectives: W (weak until), R (release).
Precedence high-to-low: (X, F, G, ¬), (U), (∧, ∨), →.
▶ E.g. Write Fp ∧ Gq → p U r instead of ((Fp) ∧ (Gq)) → (p U r).
LTL – Informal Semantics
LTL formulas are evaluated at a position i along a path π through
the system (a path is a sequence of states connected by transitions)
▶ An atomic p holds if p is true the state at position i.
▶ The propositional connectives ¬, ∧, ∨, → have their usual
meanings.
▶ Meaning of LTL connectives:
▶ Xϕ holds if ϕ holds at the next position;
▶ Fϕ holds if there exists a future position where ϕ holds;
▶ Gϕ holds if, for all future positions, ϕ holds;
▶ ϕUψ holds if there is a future position where ψ holds, and ϕ
holds for all positions prior to that.
▶ ϕRψ holds if there is a future position where ϕ becomes true,
and ψ holds for all positions prior to and including that i.e. ϕ
‘releases’ ψ.
▶ It is equivalent to ¬(¬ϕU¬ψ).
▶ Thus R is the dual of U.

This will be made more formal in the next few slides.

LTL – Formal Semantics: Transition Systems and Paths

Definition (Transition System)

A transition system (or model) M = ⟨S, →, L⟩ consists of:

S a finite set of states

→⊆S×S transition relation
L : S → P(Atom) a labelling function

such that ∀s1 ∈ S. ∃s2 ∈ S. s1 → s2

Note: Atom is a fixed set of atomic propositions, P(Atom) is the
powerset of Atom.
Thus, L(s) is just the set of atomic propositions that is true in state s.
Definition (Path)
A path π in a transition system M = ⟨S, →, L⟩ is an infinite
sequence of states s0 , s1 , ... such that ∀i ≥ 0. si → si+1 .
Paths are written as: π = s0 → s1 → s2 → ...
LTL – Formal Semantics: Satisfaction by Path
Satisfaction: π |=i ϕ — “path at position i satisfies formula ϕ”

π |=i ⊤
π ̸|=i ⊥
π |=i p iff p ∈ L(si )
π |=i ¬ϕ iff π ̸|=i ϕ
π |=i ϕ∧ψ iff π |=i ϕ and π |=i ψ
π |=i ϕ∨ψ iff π |=i ϕ or π |=i ψ
π |=i ϕ→ψ iff π |=i ϕ implies π |=i ψ
π |=i Xϕ iff π |=i+1 ϕ
π |=i Fϕ iff ∃j ≥ i. π |=j ϕ
π |=i Gϕ iff ∀j ≥ i. π |=j ϕ
π |=i ϕ1 U ϕ2 iff ∃j ≥ i. π |=j ϕ2 and ∀k ∈ {i..j − 1}. π |=k ϕ1
π |=i ϕ1 R ϕ2 iff (∀j ≥ i. π |=j ϕ2 ) or
(∃j ≥ i. π |=j ϕ1 and ∀k ∈ {i..j}. π |=k ϕ2 )
LTL – Formal Semantics: Alternative Satisfaction by Path
Alternatively, we can define π |= ϕ using the notion of ith suffix
π i = si → si+1 → ... of a path π = s0 → s1 → ....

For example, the alternative definition of satisfaction for G would be:

π |= G ϕ iff ∀j ≥ 0. π j |= ϕ

instead of
π |=0 G ϕ iff ∀j ≥ 0. π |=j ϕ
Satisfaction in terms of |= for the other connectives is left as an
exercise.

▶ π |=i ϕ is better for understanding, and needed for past-time

operators.
▶ π |= ϕ is needed for the semantics of branching-time logics, like
CTL.
LTL Semantics: Satisfaction by a Model

For a model M, we write

M, s |= ϕ

if, for every execution path π ∈ M starting at state s, we have

π |=0 ϕ
A Taste of LTL – Examples
1. π |=i G invariant
invariant is true for all future positions
∀j ≥ i. π |=j invariant
∀j ≥ i. invariant ∈ L(sj )
A Taste of LTL – Examples
1. π |=i G invariant
invariant is true for all future positions
∀j ≥ i. π |=j invariant
∀j ≥ i. invariant ∈ L(sj )
2. π |=i G ¬(read ∧ write)
In all future positions, it is not the case that read and write
∀j ≥ i. read ̸∈ L(sj ) ∨ write ̸∈ L(sj )
A Taste of LTL – Examples
1. π |=i G invariant
invariant is true for all future positions
∀j ≥ i. π |=j invariant
∀j ≥ i. invariant ∈ L(sj )
2. π |=i G ¬(read ∧ write)
In all future positions, it is not the case that read and write
∀j ≥ i. read ̸∈ L(sj ) ∨ write ̸∈ L(sj )
3. π |=i G(request → Fgrant)
At every position in the future, a request implies that there
exists a future point where grant holds.
∀j ≥ i. request ∈ L(sj ) implies ∃k ≥ j. grant ∈ L(sk ).
A Taste of LTL – Examples
1. π |=i G invariant
invariant is true for all future positions
∀j ≥ i. π |=j invariant
∀j ≥ i. invariant ∈ L(sj )
2. π |=i G ¬(read ∧ write)
In all future positions, it is not the case that read and write
∀j ≥ i. read ̸∈ L(sj ) ∨ write ̸∈ L(sj )
3. π |=i G(request → Fgrant)
At every position in the future, a request implies that there
exists a future point where grant holds.
∀j ≥ i. request ∈ L(sj ) implies ∃k ≥ j. grant ∈ L(sk ).
4. π |=i G(request → (request U grant))
At every position in the future, a request implies that there
exists a future point where grant holds, and request holds up
until that point.
∀j ≥ i. request ∈ L(sj ) implies
∃k ≥ j. grant ∈ L(sk ) and ∀l ∈ {j, k − 1}. request ∈ L(sl ).
LTL Equivalences 1

·
ϕ≡ψ = ∀M.∀π ∈ M.∀i. π |=i ϕ ↔ π |=i ψ
LTL Equivalences 1

·
ϕ≡ψ = ∀M.∀π ∈ M.∀i. π |=i ϕ ↔ π |=i ψ

Dualities from Propositional Logic:

¬(ϕ ∧ ψ) ≡ ¬ϕ ∨ ¬ψ ¬(ϕ ∨ ψ) ≡ ¬ϕ ∧ ¬ψ
LTL Equivalences 1

·
ϕ≡ψ = ∀M.∀π ∈ M.∀i. π |=i ϕ ↔ π |=i ψ

Dualities from Propositional Logic:

¬(ϕ ∧ ψ) ≡ ¬ϕ ∨ ¬ψ ¬(ϕ ∨ ψ) ≡ ¬ϕ ∧ ¬ψ

Dualities from LTL:

¬Xϕ ≡ X¬ϕ ¬Gϕ ≡ F¬ϕ ¬Fϕ ≡ G¬ϕ

¬(ϕ U ψ) ≡ ¬ϕ R ¬ψ ¬(ϕ R ψ) ≡ ¬ϕ U ¬ψ
LTL Equivalences 1

·
ϕ≡ψ = ∀M.∀π ∈ M.∀i. π |=i ϕ ↔ π |=i ψ

Dualities from Propositional Logic:

¬(ϕ ∧ ψ) ≡ ¬ϕ ∨ ¬ψ ¬(ϕ ∨ ψ) ≡ ¬ϕ ∧ ¬ψ

Dualities from LTL:

¬Xϕ ≡ X¬ϕ ¬Gϕ ≡ F¬ϕ ¬Fϕ ≡ G¬ϕ

¬(ϕ U ψ) ≡ ¬ϕ R ¬ψ ¬(ϕ R ψ) ≡ ¬ϕ U ¬ψ

Distributive laws:

G(ϕ ∧ ψ) ≡ Gϕ ∧ Gψ F(ϕ ∨ ψ) ≡ Fϕ ∨ Fψ
LTL Equivalences 2

Inter-definitions:

Fϕ ≡ ¬G¬ϕ Gϕ ≡ ¬F¬ϕ Fϕ ≡ ⊤ U ϕ Gϕ ≡ ⊥ R ϕ
LTL Equivalences 2

Inter-definitions:

Fϕ ≡ ¬G¬ϕ Gϕ ≡ ¬F¬ϕ Fϕ ≡ ⊤ U ϕ Gϕ ≡ ⊥ R ϕ

Idempotency:

FFϕ ≡ Fϕ GGϕ ≡ Gϕ
LTL Equivalences 2

Inter-definitions:

Fϕ ≡ ¬G¬ϕ Gϕ ≡ ¬F¬ϕ Fϕ ≡ ⊤ U ϕ Gϕ ≡ ⊥ R ϕ

Idempotency:

FFϕ ≡ Fϕ GGϕ ≡ Gϕ

Weak and strong until:

ϕ W ψ ≡ ϕ U ψ ∨ Gϕ ϕ U ψ ≡ ϕ W ψ ∧ Fψ
LTL Equivalences 2

Inter-definitions:

Fϕ ≡ ¬G¬ϕ Gϕ ≡ ¬F¬ϕ Fϕ ≡ ⊤ U ϕ Gϕ ≡ ⊥ R ϕ

Idempotency:

FFϕ ≡ Fϕ GGϕ ≡ Gϕ

Weak and strong until:

ϕ W ψ ≡ ϕ U ψ ∨ Gϕ ϕ U ψ ≡ ϕ W ψ ∧ Fψ

Some more surprising equivalences:

GFGϕ ≡ FGϕ FGFϕ ≡ GFϕ G(Fϕ ∨ Fψ) ≡ GFϕ ∨ GFψ