¬ | negation/not; |
! | negation/not; |
∀ | for-all; |
∃ | there-exists-a; |
◊ | eventually; |
□ | always ; |
⇒ | implies; |
::= | is-defined-as, |
≡ | is-the-same-as |
"This basket has 5 red balls and 10 blue balls."
∀n : ∃m : g(n + m)
asserts that g(i) is true for infinitely many values of i."This basket will have 10 red balls."
A and B are mutually exclusive for ever.
Process 2 will be in the critical section.
for-all t: not (A(t) and B(t))
The semantics of temporal logic is based on behaviors. A behavior is an infinite sequence of states.
P is always True. □ Square. Unary prefix. Also called, Henceforth.
An assertion that something may never happen is called a safety property.
It is not the case that P is always False. P is eventually True. Same as, "sometime". ◊ Diamond box.
As you can see, (eventually P) is the same as (not always not P); ◊P ≡ !□!P
An assertion that something eventually does happen is called a liveness property.
Q holds now or in the future, and P has to hold until that time. From that time on, P does not have to hold any more. Binary infix.
P leads-to Q ::= (always (P implies eventually Q))
Using wiggly-arrow ~→ for leads-to
P ~→ Q ::= □(P ⇒ ◊Q)
Binary infix.
This is transitive.
The formula □◊P (always eventually P) is true for a behavior iff ◊P is true at all times n during that behavior, and ◊P is true at time n iff P is true at some time m greater than or equal to n.
The formula ◊□P asserts that eventually P is always True.
◊□P ⇒ □◊P, for any P
□ F ⇒ F | Always F implies F. |
¬ □F ⇔ ◊¬F | F is not always true iff it is eventually false. |
□(F & G ) ⇔ □F & □G | F and G are both always true iff F is always true and G is always true. Another way of saying this is that □ distributes over & . |
□ F or □ G ⇒ □(F or G) | □ distributes over or? [Note the implies] |
□(F or G) ⇏ (□ F or □ G) | Reverse of above does not hold. |
◊(F or G ) ⇔ ◊F or ◊G | Eventually distributes over OR. |
□ ◊(F or G) ⇔ (□◊F) or (□◊G) | Always-Eventually distributes over OR. |
◊□ (F & G) ⇔ (◊□ F) & (◊□ G) | Eventually-Always distributes over AND. |
from P ⇒ P', P' ⇒□Q', Q' ⇒Q infer P ⇒ □Q |
Consequence Rule |
from P ⇒□R, R ⇒□Q infer P ⇒□Q | Catenation Rule |
from F infer □F | Generalization Rule |
from F ⇒ G infer □F ⇒ □G | Implies Generalization Rule |
int x := 0, y := 0; do < await true --> x := x + 1> [] < await true --> y := y + 1> od |
Do any of the following hold? always x = 0 eventually x > 5 eventually always y = 3 |
An operation must be executed if it remains possible to do so for a long enough time.
"Long enough" means until the operation is executed, so weak fairness asserts that eventually the operation must either be executed or become impossible to execute. It may mean perhaps only briefly.
An operation must be executed if it is infinitely often possible to do so.
Either the operation is eventually executed, or its execution is not infinitely often possible. Not infinitely often possible is the same as eventually always impossible (¬□◊ . . . ≡ ◊□¬ . . .), so we get
strong fairness: (◊ executed) or (◊□ impossible)
We formalize action A is "executed" and A is "impossible" later.
weak fairness: (eventually executed) or (eventually impossible)
strong fairness: (eventually executed) or (eventually always impossible)
In symbols,
weak fairness : (◊ executed) or (◊ impossible)
strong fairness: (◊ executed) or (◊ □ impossible)
We formalize action A is "executed" and A is "impossible" later.
The two naive temporal formulas assert fairness at "time zero", but we want fairness to hold at all times. The correct formulas are:
weak fairness : □((◊ executed) or (◊ impossible))
strong fairness: □((◊ executed) or (◊□ impossible))
Temporal logic reasoning, using the semantic definitions of □ and ◊, shows that these conditions are equivalent to
weak fairness : (□◊ executed) or (□◊ impossible)
strong fairness: (□◊ executed) or (◊□ impossible)
bool b := true;
process LP:: do b → skip od
process ST:: b := false