Is A[bWWb] a tautology?

Question

Im thinking it is as if b is false then also the other (right)  b is false. If the first b becomes true the other one also is true. If b is always false then we are also fine as we are using a weak when. This is just intuition but I would like to make this a lot more formal. How can I prove that this holds on every Kripke Structure? Is there some mechanism that works like induction over Kripke Structures? I haven't been able to find a proof using deduction systems either.

Thanks :)

Comments

I also don't want to use tableaus or the fact that A[bWWb] is valid iff !A[bWWb] is not satisfiable.

---

As you got now some answers, try now to prove this one !(c & [b SB [a SU c]]).

---

Im a bit confused by the formula, is this even a state formula?
I tried the following but im not sure.
So first by replacing we have:
!(c & [b SB [a SU c]])=!(c &[![a SU c]  SU  b& ![a SU c]]).
We look at (c &[![a SU c]  SU  b& ![a SU c]]).
We now look at [a SU c] this holds as we know c is true at the state we are in .
So we have that ![a SU c] is always false.
We can follow that[![a SU c]  SU  b& ![a SU c]] is always false as the second part of the outermost SU is always false.
(c &[![a SU c]  SU  b& ![a SU c]]) is always false
!(c &[![a SU c]  SU  b& ![a SU c]]) is always true.

---

Perfect! It is not a state formula, but you may consider A!(c & [b SB [a SU c]]) instead, and if you like, you may also drive the negation inwards before. Your reasoning can be made more formal with unrolling the temporal logic sub formulas:

    !(c & [b SB [a SU c]])
        <-> !(c & [![a SU c] SU b & ![a SU c]])
        <-> !(c & (b & ![a SU c] | ![a SU c] & X[![a SU c]  SU  b& ![a SU c]]))
        <-> !(c & b & ![a SU c]
            | c & ![a SU c] & X[![a SU c]  SU  b& ![a SU c]]))
        <-> !(c & b & !(c | a & X[a SU c])
            | c & !(c | a & X[a SU c]) & X[![a SU c]  SU  b& ![a SU c]]))
        <-> !(c & b & !(true)
            | c & !(true) & X[![a SU c]  SU  b& ![a SU c]]))
        <-> !(false)
        <-> true

Some temporal logic formulas lead to propositional logic contradictions when being unrolled. That leads then to a simple proof. Others lead to conditions that imply themselves which is more difficult to handle since it asks for a fix point property. In principle, that could be dealt with similar to local model-checking in µ-calculus.

Answer 1

It is indeed a tautology which you can prove in various ways. Thanx for this question, and take the time to go through the answer below. Note that the question is essentially a question about the LTL formula [b WW b] and we may ask whether that one only on all paths. We can prove that in various ways:

First Way: Reduction to the Emptiness Problem of an Equivalent Omega-Automaton. We translate the negation of the formula to an equivalent existential omega-automaton and check that it cannot accept any word (if it would, that word would be a counterexample to our formula). For ![b WW b], we obtain the following omega-automaton using a single state variable q: 

   Auto∃({q},!q,q<->b|!b&next(q),F(!b->q))

The state transition diagram of this automaton looks as follows:

and its associated Kripke structure looks as follows:

Now, we need to check whether there is an infinite path from an initial state that will at least once reach a state where !b->q holds, i.e., one of the green states. You can clearly see that the initial state s1 is a deadend state, so we can omitt it (since it has no infinite outgoing paths); but then only s0 remains as the only reachable state, and the only path is the one where we always stay in s0. That path, however, does not satisfy the acceptance condition, since we never enter a green state. Therefore, the automaton does not accept any word. Hence, there is no path that would satisfy ![b WW b], and conversely, all paths satisfy [b WW b].

Second Way: Use the given semantics. We prove that on all paths pi, we have pi,0 |= [b WW b]. According to the semantics, pi,0 |= [a WW b] holds iff there is a point of time t, where pi,t |= b holds, then we must also have pi,t |= a for the first one of these points of time t. In particular, we have pi,0 |= [b WW b] holds iff there is a first point of time t, where pi,t |= b holds, then we must also have pi,t |= b. But that is clearly the case, so that  pi,0 |= [b WW b] holds on every path, and therefore A[b WW b] holds on every state of every Kripke structure.

Third Way: Proof Calculi. This is what you are maybe really interested in. For temporal logics, there are also proof calculi. In VRS, we do not consider them, since we are mostly interested in the verification of reactive systems which means checking whether a temporal logic property holds on a Kripke structure. These proof calculi are formulated in various ways like natural deduction, but also in tabuleaux form. Amir Pnueli has written papers about that, but also many others. At the end, the tableaux will also produce a Kripke structure which is nothing else than the associated Kripke Structure of the above omega-automaton, and we have to check the eventual properties in that structure similar to the emptiness check we discussed above. So, the proof calculi finally lead to nothing else than the first approach above which is the simplest one that can also be easily implemented.

Bytheway, some guys have embedded temporal logic in theorem provers so that one can use the proof rules of those theorem provers to prove temporal logic formulas (see https://es.cs.uni-kl.de/publications/datarsg/ScHo99.pdf). However, people were more enthusiastic about the automated proof procedure that came with the embedding that I implemented through the translation to omega-automata.

Comments

Thank you for the detailed answer :)

Answer 2

1. On slide 17 in the Temporal Logic Chapter, we defined [y WW z] := ¬[¬y SW z]. Hence, we need to look at ¬[¬b SW b]. On slide 16, we said that [y SW z] holds iff there is a following at point of time at which z & y hold, and y wasn't satisfied on the way to this point of time. If we set y := ¬b, z := b, we see that we need a point of time when b & ¬b is satisfied. As such a point doesn't exist, [¬b SW b] is unsatisfiable, and ¬[¬b SW b] is a tautology.
2. (This definition on points of time was derived from the definition [y SW z] := [¬z SU y&z], and the definition of SU on slide 14.)
3. The proof you gave is an application of the written definition (with a case distinction on F b) from slide 17.
4. Our teaching tools will reduce this tautology problem to ¬A[b WW b], generate an equivalent Omega-Automaton, and show its emptiness, which es equivalent to the unsatisfiablity of ¬A[b WW b]. But you excluded that case in your comments.

Comments

Thanks for your answer, i didn't try using the definition, as I thought it would get more complicated but its much nicer this way.