MATHEMATICAL MODAL LOGIC: A VIEW OF ITS EVOLUTION
MATHEMATICAL MODAL LOGIC: A VIEW OF ITS EVOLUTION MATHEMATICAL MODAL LOGIC: A VIEW OF ITS EVOLUTION
68 Robert Goldblatt[Hennessy and Liu, 1995]. They provide modalities that formalise complex structuralassertions, for example the formula 〈c!x〉α expressing “it is possible to outputsome value v on channel c and thereby evolve to a state in which α[v/x] is true”.Axiomatisations of various modal process logics may be found, inter alia, in[Stirling, 1987] and [Larsen, 1990]. Other work on modal aspects of process algebrais collected in [Ponse et al., 1995].7.3 Temporal Logic for ConcurrencyIn 1977 Amir Pnueli, motivated by a reading of [Rescher and Urquhart, 1971], 61proposed to use temporal logic to formalising reasoning about the behaviour of concurrentprograms involving a number of processors acting in parallel and sharinga memory environment, so that each can alter the values of variables used by theothers (see Pnueli [1977; 1981]). This is particularly relevant to the specificationand analysis of reactive programs, like operating systems and systems for airlinereservation or process control, that repeatedly interact with their environmentand are not expected to terminate. As such a program runs, each success stateis obtained by one processor being chosen to execute one instruction. Thus froman initial state x 0 , many different sequences x 0 , x 1 ,. . . of states may be generateddepending on which processors get chosen to act at each step.Pnueli observed that temporal modalities could be used to formulate computationallysignificant properties of execution sequences, such as fair scheduling (noprocessor is delayed forever), freedom from deadlock (when none can act), andmany others. He used Prior’s future-tense modality G (and its dual F ), but withthe Diodorean reading of “at all future states including the present”, as well asa connective X with the reading “at the next state”. The latter had first beenintroduced to tense logic for discrete time by Dana Scott (see [Prior, 1967, p. 66]).Programs do not appear in the syntax in this approach. Instead, temporal formulasdescribe properties of a particular execution sequence of a single (concurrent)program.The paper of Gabbay, Pnueli, Shelah and Stavi [1980] added a binary connectiveU to this formalism, with α Uβ meaning “α until β”, i.e. “β will be true, and αwill be true at all times until β is”. This connective and its past-tense versionα since β had been studied by Hans Kamp [1968] who showed that they forman expressively complete set of connectives in the sense that for models in whichtime is a complete linear ordering, all tense-logical connectives can be defined interms of them. Gabbay et al. adapted this to show that U by itself plays a similarrole for the future-tense logic of state sequences. They gave an axiomatisation forthis extended logic, which they called DUX, and proved that it is decidable. Byway of illustration of the expressive completeness of U, they noted that F α can bedefined as ⊤ Uα, and then Gα as ¬F ¬α, while Xα can be defined as ⊥ Uα. DUXis now more commonly known as PLTL (propositional linear temporal logic).61 See [Hasle and Øhrstrøm, 2004, p. 222].
Mathematical Modal Logic: A View of its Evolution 69Since there are many different execution sequences with a given starting stateany particular sequence is just one “branch” or “path” of the “tree” of all possiblefuture states. Considering the tree as a whole gives rise to some interesting newmodalities that can formalise reasoning about future behaviour. This line waspursued by Ben-Ari, Pnueli and Manna [Ben-Ari et al., 1983], defining a systemUB (the unified system of branching time), which combined G and X with thesymbols ∀, ∃ for quantification over paths to produce the following modal forms:∀Gα :∃Gα :∀Xα :along all future paths, α is true at all states.along some path, α is true at all states.along all paths, α is true at the next state.Dual modalities were defined by writing ∃F for ¬∀G¬, ∀F for ¬∃G¬, and ∃X for¬∀X¬. The logic UB was shown to be finitely axiomatisable and have the finitemodel property, using semantic tableaux methods. It was also stated that, incontrast to PLTL, no temporal language for branching time with a finite number ofmodalities could be expressively complete, this theorem being credited to Gabbay.The until connective U was added to UB by Edmund Clarke and Allen Emerson[1981] to define the system CTL of Computation Tree Logic, which was axiomatisedand shown to have the finite model property by Emerson and Joseph Halpern[1982; 1985]. CTL has the limitation that the path quantifiers ∀ and ∃ are tiedto a single linear-time state quantifier (modality) as in the forms ∀G, ∃F , or asingle instance of U as in ∃(α Uβ) etc. It does not allow a combination like ∃GF α,expressing “there is a path along which α is true infinitely often”, a property ofrelevance to fair scheduling conditions. Emerson and Halpern [1983; 1986] deviseda new system CTL* that allows such formations. It distinguishes between stateformulas, which are true or false at each state, and path formulas, which are trueor false of each path. The path formulas include the state formulas and both categoriesare closed under the truth-functional connectives. If α, β are path formulasthen αUβ, Gα and Xα are path formulas, while ∀α and ∃α are state formulas.∀α (respectively ∃α) is true at state s iff α is true of all (respectively some) pathsthat start at s.In addition to being more expressive than CTL, CTL* is more complex. WhereasCTL and PDL are decidable by algorithms that run in deterministic exponentialtime, the complexity of CTL* is that of deterministic doubly exponential time. Thelower bound here was established by Moshe Vardi and Larry Stockmeyer [1985],and the upper bound by Emerson and Charanjit Jutla [1988; 1999]. Methods fromtree automata theory are used to prove decidability results in this context. Modelscan be viewed as infinite branching trees, or at least can be “unravelled” into suchtree structures. Associated with each formula α is an automaton A α that acceptsa tree model iff it it satisfies α at its root. Thus the satisfiability problem for manylogics can be reduced to the emptiness problem for automata on infinite trees thatwas shown to be decidable in [Rabin, 1969] (see section 6.2). This technique wasfirst developed in the 1980 Masters thesis of Robert Streett (see [1982]) who usedit to prove the decidability of PDL with the repeat construct.
- Page 17 and 18: Mathematical Modal Logic: A View of
- Page 19 and 20: Mathematical Modal Logic: A View of
- Page 21 and 22: Mathematical Modal Logic: A View of
- Page 24 and 25: 24 Robert Goldblatt“true” or
- Page 26 and 27: 26 Robert GoldblattPrior’s articl
- Page 28 and 29: 28 Robert GoldblattThis proposal be
- Page 30 and 31: 30 Robert Goldblattwhere α ′ is
- Page 32 and 33: 32 Robert Goldblattif α is atomic
- Page 34 and 35: 34 Robert GoldblattHintikka gives a
- Page 36 and 37: 36 Robert Goldblattbetween worlds a
- Page 38 and 39: 38 Robert Goldblattnormal (“queer
- Page 40 and 41: 40 Robert Goldblattinterpreting for
- Page 42 and 43: 42 Robert GoldblattDiodorean interp
- Page 44 and 45: 44 Robert Goldblattthat the formula
- Page 46 and 47: 46 Robert Goldblatt6.1 Incompletene
- Page 48 and 49: 48 Robert Goldblatttions: every nor
- Page 50 and 51: 50 Robert Goldblatttrue at some poi
- Page 52 and 53: 52 Robert Goldblattof the monadic s
- Page 54 and 55: 54 Robert Goldblattversion [van Ben
- Page 56 and 57: 56 Robert Goldblatt6.5 Duality and
- Page 58 and 59: 58 Robert Goldblattfrom a suitably
- Page 60 and 61: 60 Robert GoldblattAnother way to d
- Page 62 and 63: 62 Robert Goldblattwhether a variet
- Page 64 and 65: 64 Robert Goldblattatomic commands
- Page 66 and 67: 66 Robert Goldblattmodalities 〈 i
- Page 70 and 71: 70 Robert GoldblattThe logic CTL* w
- Page 72 and 73: 72 Robert GoldblattThe meaning of
- Page 74 and 75: 74 Robert Goldblattwhich shows that
- Page 76 and 77: 76 Robert Goldblattmodal formulas s
- Page 78 and 79: 78 Robert GoldblattGrothendieck gen
- Page 80 and 81: 80 Robert GoldblattNow if Y and Z a
- Page 82 and 83: 82 Robert Goldblatt7.7 Modal Logic
- Page 84 and 85: 84 Robert GoldblattThis abstracts t
- Page 86 and 87: 86 Robert Goldblattextensions [Gold
- Page 88 and 89: 88 Robert Goldblatt[Clarke and Emer
- Page 90 and 91: 90 Robert Goldblatt[Gerson, 1976] M
- Page 92 and 93: 92 Robert Goldblatt[Hoare, 1969] C.
- Page 94 and 95: 94 Robert Goldblatt[̷Lukasiewicz a
- Page 96 and 97: 96 Robert Goldblatt[Prior, 1967] Ar
- Page 98: 98 Robert Goldblatt[Tarski, 1956] A
Mathematical Modal Logic: A View of its Evolution 69Since there are many different execution sequences with a given starting stateany particular sequence is just one “branch” or “path” of the “tree” of all possiblefuture states. Considering the tree as a whole gives rise to some interesting newmodalities that can formalise reasoning about future behaviour. This line waspursued by Ben-Ari, Pnueli and Manna [Ben-Ari et al., 1983], defining a systemUB (the unified system of branching time), which combined G and X with thesymbols ∀, ∃ for quantification over paths to produce the following modal forms:∀Gα :∃Gα :∀Xα :along all future paths, α is true at all states.along some path, α is true at all states.along all paths, α is true at the next state.Dual modalities were defined by writing ∃F for ¬∀G¬, ∀F for ¬∃G¬, and ∃X for¬∀X¬. The logic UB was shown to be finitely axiomatisable and have the finitemodel property, using semantic tableaux methods. It was also stated that, incontrast to PLTL, no temporal language for branching time with a finite number ofmodalities could be expressively complete, this theorem being credited to Gabbay.The until connective U was added to UB by Edmund Clarke and Allen Emerson[1981] to define the system CTL of Computation Tree Logic, which was axiomatisedand shown to have the finite model property by Emerson and Joseph Halpern[1982; 1985]. CTL has the limitation that the path quantifiers ∀ and ∃ are tiedto a single linear-time state quantifier (modality) as in the forms ∀G, ∃F , or asingle instance of U as in ∃(α Uβ) etc. It does not allow a combination like ∃GF α,expressing “there is a path along which α is true infinitely often”, a property ofrelevance to fair scheduling conditions. Emerson and Halpern [1983; 1986] deviseda new system CTL* that allows such formations. It distinguishes between stateformulas, which are true or false at each state, and path formulas, which are trueor false of each path. The path formulas include the state formulas and both categoriesare closed under the truth-functional connectives. If α, β are path formulasthen αUβ, Gα and Xα are path formulas, while ∀α and ∃α are state formulas.∀α (respectively ∃α) is true at state s iff α is true of all (respectively some) pathsthat start at s.In addition to being more expressive than CTL, CTL* is more complex. WhereasCTL and PDL are decidable by algorithms that run in deterministic exponentialtime, the complexity of CTL* is that of deterministic doubly exponential time. Thelower bound here was established by Moshe Vardi and Larry Stockmeyer [1985],and the upper bound by Emerson and Charanjit Jutla [1988; 1999]. Methods fromtree automata theory are used to prove decidability results in this context. Modelscan be viewed as infinite branching trees, or at least can be “unravelled” into suchtree structures. Associated with each formula α is an automaton A α that acceptsa tree model iff it it satisfies α at its root. Thus the satisfiability problem for manylogics can be reduced to the emptiness problem for automata on infinite trees thatwas shown to be decidable in [Rabin, 1969] (see section 6.2). This technique wasfirst developed in the 1980 Masters thesis of Robert Streett (see [1982]) who usedit to prove the decidability of PDL with the repeat construct.
Change language