The Common Fragment of ACTL and LTL

The paper explores the relationship between tree languages definable in LTL, CTL, and ACTL, the fragment of CTL where only universal path quantification is allowed. The common fragment of LTL and ACTL is shown to be strictly smaller than the common fragment of LTL and CTL. Furthermore, an algorithm is presented for deciding if an LTL formula can be expressed in ACTL. This algorithm uses an effective characterization of level 3/2 of the concatenation hierarchy for infinite words, also a new result. Two of the most commonly used logics in verification are LTL and CTL. The first is a linear time logic, a formula of LTL describes a property of words. To describe properties of trees, one applies universal path quantification: an LTL formula is valid in a tree if it is valid in all paths. CTL, on the other hand, is a branching time logic. A formula of CTL refers explicitly to the branching in the tree, by using both universal and existential path quantification. What is the relationship between the two logics? Which LTL definable properties can be defined in CTL, and which CTL definable properties can be defined in LTL? In other words, what is the common fragment of CTL and LTL? There is a well known algorithm, which given an automaton on infinite trees, determines if its language can be defined in LTL (basically, a tree constructed by mixing paths of different trees accepted by the automaton, must still be accepted by the automaton; furthermore, the appropriate word language must be aperiodic). For tree languages defined in CTL* there is also a simple characterization of Clarke and Draghilescu: a CTL* formula is equivalent to an LTL formula, if and only if it is equivalent to the one obtained by removing the path quantifiers [3]. Maidl [6] has shown that if the input is given as a CTL formula, then problem of LTL definability becomes PSPACE complete. The converse question, however, remains an open problem: is it decidable if a given LTL formula can be equivalently written as a CTL formula? A second, more general, problem is to decide if an arbitrary regular language of infinite trees can be defined in CTL. It seems a good idea to begin with the first problem before tackling the second one. If an LTL formula with universal path semantics can be defined by a CTL formula, then why should the CTL formula use existential modalities, such as “exists a successor with φ”? Shouldn’t it be enough to consider ACTL formulas, where only universal path quantification is used? The first result of this paper is ? Author supported by Polish government grant no. N206 008 32/0810. that, possibly surprisingly, this assumption is wrong. Indeed, a very simple LTL property, “all paths belong to (ab)∗a(ab)∗cω”, can be defined in CTL but not ACTL. Intuitively speaking, to catch the extra a on every path, existential path quantification is needed. Therefore, two distinct questions can be investigated: which LTL properties can be defined in CTL, and which LTL properties can be defined in ACTL. The other main result of this paper is an effective characterization of the second common fragment: one can decide if an LTL formula φ can be expressed in ACTL. This problem has already been considered in [6], where it was shown that a necessary and sufficient condition for ACTL definability is that ¬φ, when seen as a word language, can be recognized by a certain restricted type of Büchi automaton. This condition, however, was not known to effective, i.e. there was no algorithm that decided if ¬φ could be recognized by the restricted Büchi automaton. The second contribution of this paper is such an algorithm. It is easy to see that the restricted Büchi automata defined in [6] are equivalent to ω-regular languages on level 3/2 of the concatenation hierarchy, i.e. finite unions of expressions A0a1A ∗ 1a2 · · ·Ak−1akAk . Therefore, deciding if an LTL formula can be defined in ACTL boils down to testing if an ω-regular language belongs to level 3/2 of the concatenation hierarchy. This problem was known to be decidable for finite words [1, 2, 8]. We generalize this result to infinite words. In the process, we also present a simplified proof for finite words. The paper is organized as follows. In Section 1, we show that the common fragment of LTL and CTL is strictly larger than the common fragment of LTL and ACTL. Section 2 gives an effective characterization of those LTL properties that can be defined in ACTL. Finally, in Section 4, we present concluding remarks. These concern mainly the common fragment of LTL and CTL, about which little is known. 1 The common fragment of CTL and LTL needs existential modalities Trees in this paper are unordered, infinite and unranked. In other words, a tree is a connected directed graph with nodes of indegree at most one, but outdegree at least one. The last condition is so that every (maximal) path in the tree is infinite. Trees are labeled. The results in this paper would also apply to finite trees, or transition systems. Some of the results would be cleaner for finite trees, we will come back to this at the end of the paper. LTL is a linear time temporal logic. An LTL formula specifies a property of an infinite word. (When we say a word position satisfies φ, we mean that the suffix beginning in that position satisfies φ.) The modalities are: φUψ (there is a position with ψ, and all preceding positions satisfy φ), Xφ (the second word position satisfies φ) and Gφ (all positions in the word satisfy φ). Furthermore, boolean connectives and label tests (the formula a describes words that begin with a) are allowed. Kamp’s theorem [5] says that LTL has the same expressive power as first-order logic with the linear order on word positions. An LTL formula can be evaluated in a tree, it is said to be valid if all maximal paths in the tree satisfy it. In this sense, very simple tree properties, such as “some node in the tree has label a”, cannot be defined in LTL. In the following, we will indicate whether an LTL formula is understood to define a word language, or a tree language. CTL [4] is a temporal branching time logic, i.e. its modalities explicitly quantify over tree paths, possibly existentially. A CTL formula specifies a property of a tree. As with LTL, when we say a formula holds in a tree node (or equivalently, on a position on a path in the tree), we mean that the subtree of that node satisfies the formula. The modalities are: AφUψ (on every path, there is a position with ψ, and all preceding positions on the path satisfy φ), AXφ (every successor of the root satisfies φ) and AGφ (on every path, every position satisfies φ). Furthermore, boolean connectives and label tests (the formula a describes trees whose root has label a) are allowed. Existential quantification can be simulated using negation. In other words, CTL is obtained from LTL by adding universal path quantification next to every modality. In particular, over trees with only one path, i.e. where all nodes have exactly one successor, CTL has the same expressive power as LTL. In general, however, the two logics diverge, for instance CTL cannot express FGa (on every path, finitely many non a labels). ACTL is the fragment of CTL that does not allow negation, i.e. where only universal path quantification is allowed. (Here, the atomic propositions are node labels, so they are mutually exclusive; if they are are not exclusive then negation is allowed next to atomic propositions.) Clearly, ACTL is a proper fragment of CTL; for instance, the CTL property “some node has label a” is not definable in ACTL. The main result in this section is: Theorem 1. The language L = “all paths belong to (ab)∗a(ab)∗cω” is definable in CTL and LTL, but not ACTL. This result is somewhat surprising: the language L talks about all paths, while the corresponding CTL formula must quantify existentially over paths. This example shows that ideas significantly different from those in [6] are needed to understand the common fragment of LTL and CTL. Before proceeding with the proof, we would like to remark the similarity of this “paradox” with a result for first-order logic over finite binary trees. In [9], Potthof showed that the language “all paths belong to (aa)∗” is definable in first-order logic over finite binary trees, even though the word language (aa)∗ is not definable in first-order logic over words. His technique was similar to the one invoked below, in that it used properties of “maximal” nodes. We will now prove Theorem 1. Lemma 1. The language L is definable in CTL. Proof It is easy to show that the language “all paths belong to (ab)∗cω” is definable in CTL. Let φa be such a formula; we will use it below. Likewise we will use a formula φb for the language “all paths belong to b(ab)∗cω”. The formula for the language L is a conjunction of several properties. First, we have to manage the way c’s are used. Formula (1) says that every path contains some c, and every time c appears, all subsequent nodes are c’s; finally, only b nodes can have a c successor: AFc ∧ AG(c⇒ AGc) ∧ AG(a⇒ AX(a ∨ b)) . (1) Formula (2) says that the tree does not contain two consecutive b’s: AG(b⇒ AX(a ∨ c)) . (2) Formula (3) says that on every path, two consecutive a’s can be found at most once: ¬EF(a ∧ EX(a ∧ (EF(a ∧ EXa))) . (3) So far, we have stayed within ACTL. The above three properties guarantee that every path in the tree is either in (ab)∗cω or in (ab)∗a(ab)∗cω, as long as the root has label a. We now need to eliminate the paths of the first type. First, we enforce the root label, and say that at least one path is not in (ab)∗cω