Logic: Lecture 24, 19 November 2015
-----------------------------------

CTL (Computation Tree Logic)
----------------------------

- System defines a computation tree

- At a state, we can make assertions about runs originating from
  that state

  - Use LTL formula phi to specify a property of a given run

  - Use path quantifiers E phi, A phi to assert that phi holds for
    some run starting at this state, or  phi holds for all runs
    starting at this state

- Restrict expressivity to make model checking more efficient

  - Pair up a path quantifier with a single temporal modality

    - EX phi, AX phi, E (phi U psi), A (phi U psi)
      - Hence also, EF phi, AF phi, AF phi, AG phi

Note that

- AX is dual of EX: s |= AX phi iff s |= ~EX ~phi

- Can express EF in terms of EU as usual

  s |= EF phi iff s |= E (true U phi)

  Likewise, AF is expressible using AU.

- The LTL way of expressing EG is

  s |= EG phi iff s |= E (~F~phi)

  However E (~F~phi) is not within syntax of CTL. Can only negate EF
  as a whole, not F alone

  Instead

  s |= EG phi iff s |= ~(AF ~phi)

  - i.e. EG phi fails if along every path, we eventually see ~phi.
    This can be expressed as AF ~phi.  Hence ~(AF ~phi)
    corresponds to EG phi.

- This shows that we need both EU and AU to get all of EF, EG, AF
  and AG

- Surprisingly, we can also recover AU from EG

  A (phi U psi) fails if for some path

  - psi never holds:   EG ~psi
  - we see ~phi before the first psi --- i.e., while ~psi continues
    to hold, we see ~phi and ~psi: E (~psi U (~phi land ~psi))

  - We can combine these to say

    A (phi U psi) = ~(EG ~psi) and ~(E (~psi U (~phi land ~psi))) 

- We will work with EX, EG and EU as the basic set of operators for 
  model checking


Model checking
--------------

- Treat system as a directed graph and label each state s
  (vertex) by a formula phi if s |= phi

- Label psi can be assigned if labels for all subformulas of
  psi are already available


Labelling algorithm:

- For p in AP, label s with p iff p in v(s)

- Label s with ~phi iff s has not been lablled with phi

- Label s with (phi or psi) iff s has been lablled with phi or
                                s has been lablled with psi or

- Label s with EX phi iff some successor s' of s has been lablled
                          with phi  

- Label s with E (phi U psi) 

  s |= E (phi U psi) iff s |= psi or,
                     s |= phi and for some successor s' of s,
                     s' |= E (phi U psi)

  In other words:

     E (phi U psi) == psi or (phi and EX (E (phi U psi)))

  We iteratively assign the label E(phi U psi) as follows

  - Begin by labelling every state that is already labelled psi
    with the new label E (phi U psi)

  - For any state s, if s is labelled phi and some neighbour of s
    is labelled E (phi U psi), add E (phi U psi) to the label of
    s

  - Repeat this until no labels change

- Label s with EG phi

  - Note that to satisfy EG phi, a state must already satisfy phi

  - Start by adding a label EG phi to every state already
    labelled phi.  

  - Suppose a state s labelled EG phi has no neighbour also
    labelled EG phi.  Then, remove the label EG phi from s

  - Repeat until no labels change

  An alternative algorithm:

  - EG phi requires a path along which phi holds continuously

  - The edges on this path form a strongly connected component
    (scc) within the set of nodes that satisy phi

  - Restrict the original system (graph) to the subgraph of nodes
    labelled phi

  - Compute the scc's of this graph

  - Label a node s EG phi if there is a path from s to some scc


Other logics
------------

- Recall that MSO can be extended to infinite sequence

  - MSO over {0,1,2....}
  - Every position has a successor 

- Consider the complete infinite binary tree

  - Every positition has two successors, 0-succ and 1-succ
  - Label each node by the 0-1 path from the root to that node

    - Root is labelled empty string
    - Children of root are 0 and 1
    - Next level nodes are 00, 01, 10 and 11
    - ...

- Extend MSO from infinite sequence to binary tree

  - S2S, MSO with two successor functions succ0 and succ1
  - The original logic is S1S, MSO with one successor function

Theorem([Rabin]): S2S is decidable


- All known decidable theories are expressible in S2S

  - S2S  embeds S3S,..., SnS for all finite n, as well as S omega S,
    the complete infinitely branching tree

  - MSO over rationals
    Can describe a dense linear order within S2S

- S2S: a "maximally" decidable theory?


======================================================================