Linear Temporal Logic

In logic, linear temporal logic or linear-time temporal logic (LTL) is a modal temporal logic with modalities referring to time. In LTL, one can encode formulae about the future of paths, e.g., a condition will eventually be true, a condition will be true until another fact becomes true, etc. It is a fragment of the more complex CTL*, which additionally allows branching time and quantifiers. LTL is sometimes called propositional temporal logic (PTL).
In terms of expressive power, LTL is a fragment of first-order logic.

LTL was first proposed for the formal verification of computer programs by Amir Pnueli in 1977.

Syntax

LTL is built up from a finite set of propositional variables ''AP'', the logical operators ¬ and ∨, and the temporal modal operators X (some literature uses O or N) and U.
Formally, the set of LTL formulas over ''AP'' is inductively defined as follows:
* if then ''p'' is an LTL formula;
* if and are LTL formulas then , and are LTL formulas.

X is read as next and U is read as until.
Other than these fundamental operators, there are additional logical and temporal operators defined in terms of the fundamental operators, in order to write LTL formulas succinctly.
The additional logical operators are ∧, →, ↔, true, and false.
Following are the additional temporal operators.

* G for always (globally)
* F for finally
* R for release
* W for weak until
* M for mighty release

Semantics

An LTL formula can be '' satisfied'' by an infinite sequence of truth valuations of variables in ''AP''.
These sequences can be viewed as a word on a path of a Kripke structure (an ω-word over alphabet 2^''AP'').
Let ''w'' = a₀,a₁,a₂,... be such an ω-word. Let ''w''(''i'') = ''a_i''. Let ''w''ⁱ = ''a_i'',''a''_''i''+1,..., which is a suffix of ''w''. Formally, the satisfaction relation ⊨ between a word and an LTL formula is defined as follows:
* ''w'' ⊨ ''p'' if ''p'' ∈ ''w''(0)
* ''w'' ⊨ ¬ if ''w'' ⊭
* ''w'' ⊨ ∨ if ''w'' ⊨ or ''w'' ⊨
* if ''w''¹ ⊨ (in the next time step must be true)
* if there exists ''i'' ≥ 0 such that ''w''^''i'' ⊨ and for all 0 ≤ ''k'' < i, ''w''^''k'' ⊨ ( must remain true until becomes true)

We say an ω-word ''w'' satisfies an LTL formula when ''w'' ⊨ .
The ω-language ''L''() defined by is , which is the set of ω-words that satisfy .
A formula is ''satisfiable'' if there exist an ω-word ''w'' such that ''w'' ⊨ .
A formula is ''valid'' if for each ω-word ''w'' over alphabet 2^''AP'', we have ''w'' ⊨ .

The additional logical operators are defined as follows:
* ∧ ≡ ¬(¬ ∨ ¬)
* → ≡ ¬ ∨
* ↔ ≡ ( → ) ∧ ( → )
* true ≡ ''p'' ∨ ¬''p'', where ''p'' ∈ ''AP''
* false ≡ ¬true
The additional temporal operators R, F, and G are defined as follows:
* R ≡ ¬(¬ U ¬) ( remains true until and including once becomes true. If never becomes true, must remain true forever. releases .)
* (eventually becomes true)
*G ≡ false R ≡ ¬F ¬ ( always remains true)

Weak until and strong release

Some authors also define a ''weak until'' binary operator, denoted W, with semantics similar to that of the until operator but the stop condition is not required to occur (similar to release). It is sometimes useful since both U and R can be defined in terms of the weak until:
*
*
*

The ''strong release'' binary operator, denoted M, is the dual of weak until. It is defined similar to the until operator, so that the release condition has to hold at some point. Therefore, it is stronger than the release operator.
*

The semantics for the temporal operators are pictorially presented as follows.

Equivalences

Let φ, ψ, and ρ be LTL formulas. The following tables list some of the useful equivalences that extend standard equivalences among the usual logical operators.

Negation normal form

All the formulas of LTL can be transformed into ''negation normal form'', where
* all negations appear only in front of the atomic propositions,
* only other logical operators true, false, ∧, and ∨ can appear, and
* only the temporal operators X, U, and R can appear.
Using the above equivalences for negation propagation, it is possible to derive the normal form. This normal form allows R, true, false, and ∧ to appear in the formula, which are not fundamental operators of LTL. Note that the transformation to the negation normal form does not blow up the length of the formula. This normal form is useful in translation from an LTL formula to a Büchi automaton.

Relations with other logics

LTL can be shown to be equivalent to the monadic first-order logic of order, FO mdash;a result known as Kamp's theorem— or equivalently to star-free languages.

Computation tree logic (CTL) and linear temporal logic (LTL) are both a subset of CTL*, but are incomparable. For example,
* No formula in CTL can define the language that is defined by the LTL formula F(G p).
*No formula in LTL can define the language that is defined by the CTL formulas AG( p → (EXq ∧ EX¬q) ) or AG(EF(p)).

Computational problems

Model checking and satisfiability against an LTL formula are PSPACE-complete problems. LTL synthesis and the problem of verification of games against an LTL winning condition is 2EXPTIME-complete.

Applications

;Automata-theoretic linear temporal logic model checking
:LTL formulas are commonly used to express constraints, specifications, or processes that a system should follow. The field of model checking aims to formally verify whether a system meets a given specification. In the case of automata-theoretic model checking, both the system of interest and a specification are expressed as separate finite-state machines, or automata, and then compared to evaluate whether the system is guaranteed to have the specified property. In computer science, this type of model checking is often used to verify that an algorithm is structured correctly.

:To check LTL specifications on infinite system runs, a common technique is to obtain a Büchi automaton that is equivalent to the model (accepts an ω-word precisely if it is the model) and another one that is equivalent to the negation of the property (accepts an ω-word precisely it satisfies the negated property) (cf. Linear temporal logic to Büchi automaton). In this case, if there is an overlap in the set of ω-words accepted by the two automata, it implies that the model accepts some behaviors which violate the desired property. If there is no overlap, there are no property-violating behaviors which are accepted by the model. Formally, the intersection of the two non-deterministic Büchi automata is empty if and only if the model satisfies the specified property.

;Expressing important properties in formal verification
:There are two main types of properties that can be expressed using linear temporal logic: safety properties usually state that ''something bad never happens'' (G¬''ϕ''), while liveness properties state that ''something good keeps happening'' (GF''ψ'' or G(''ϕ'' →F''ψ'')). For example, a safety property may require that an autonomous rover never drives over a cliff, or that a software product never allows a successful login with an incorrect password. A liveness property may require that the rover always continues to collect data samples, or that a software product repeatedly sends telemetry data.

:More generally, safety properties are those for which every counterexample has a finite prefix such that, however it is extended to an infinite path, it is still a counterexample. For liveness properties, on the other hand, every finite path can be extended to an infinite path that satisfies the formula.

;Specification language
:One of the applications of linear temporal logic is the specification of preferences in the Planning Domain Definition Language for the purpose of preference-based planning.

Extensions

Parametric linear temporal logic extends LTL with variables on the until-modality.

See also

*Action language
* Metric temporal logic
*Safety and liveness properties

References

{{reflist

External links

A presentation of LTL

Linear-Time Temporal Logic and Büchi AutomataLTL Teaching slides
of professor Alessandro Artale at the Free University of Bozen-Bolzano
LTL to Buchi translation algorithms
a genealogy, from the website o
Spot
a library for model checking.

Computer-related introductions in 1977
Temporal logic