=Paper=
{{Paper
|id=Vol-1949/ICTCSpaper04
|storemode=property
|title= A Model Checker for Interval Temporal Logic over Finite Structures
|pdfUrl=https://ceur-ws.org/Vol-1949/ICTCSpaper04.pdf
|volume=Vol-1949
|authors=Enrico Cominato,Dario Della Monica,Angelo Montanari,Guido Sciavicco
|dblpUrl=https://dblp.org/rec/conf/ictcs/CominatoMMS17
}}
== A Model Checker for Interval Temporal Logic over Finite Structures==
https://ceur-ws.org/Vol-1949/ICTCSpaper04.pdf
A model checker for interval temporal
logic over finite structures?
Enrico Cominato1 , Dario Della Monica2,3 ,
Angelo Montanari4 , and Guido Sciavicco1
1
Dept. of Mathematics and Computer Science
University of Ferrara, Italy
({enrico.cominato@student.|guido.sciavicco@}unife.it)
2
Dept. Sistemas Informáticos y Computación
Universidad Complutense de Madrid, Spain (ddellamo@ucm.es)
3
Dept. of Electrical Engineering and Information Technology
University “Federico II” of Naples, Italy (dario.dellamonica@unina.it)
4
Dept. of Mathematics, Computer Science, and Physics
University of Udine, Italy (angelo.montanari@uniud.it)
Abstract. Model checking is the process of establishing whether a cer-
tain formula is satisfied by a given structure, and it is usually associated
with point-based temporal logics. Recently, the question of how to cor-
rectly define and study the model checking problem for interval-based
temporal logics has been raised. In this paper, we focus on a very natural
finite version of the model checking problem for Halpern and Shoham’s
modal logic of time intervals, a.k.a. HS, for which an algorithm that be-
haves in a very efficient way (under certain conditions) can be designed.
We present an implementation of such an algorithm and analyse its per-
formance through a systematic series of tests.
1 Introduction
Model checking is the problem of verifying whether a given logical formula is
satisfied by a certain structure. It has been extensively studied in the area of
formal methods and automated verification as a technique to establish the cor-
rectness of (hardware and software) reactive systems with respect to certain
properties of interest. In most cases, the property to be verified is expressed in
some point-based temporal logic, such as LTL [24], CTL [9], and CTL∗ [12]. The
main reason is that the behavior of a (reactive) system is usually captured by
specifying how its states can possibly evolve during an execution, and thus it
is naturally represented as a labeled directed graph, where vertices represent
the states of the system, edges encode its transitions, and paths describe exe-
cutions. Interesting properties predicate about points (states) along a timeline
?
A. Montanari and G. Sciavicco acknowledge the contribution from the Italian GNCS
Project “Logics and Automata for Interval Model Checking”, while D. Della Mon-
ica acknowledges the financial support from a Marie Curie INdAM-COFUND-2012
Outgoing Fellowship.
�(execution), which makes point-based temporal logics a natural choice for the
specification formalism.
In the last years, however, a certain interest is emerging towards model check-
ing for temporal logics with an interval-based semantics, in particular for Halpern
and Shoham’s logic HS [13], which plays a prominent role in the literature about
interval-based temporal logics, along with its fragments. HS can be viewed as the
logic of Allen’s relations [2]. While some of its theoretical properties, such as sat-
isfiability and expressiveness, have been already studied in a very systematic way
(see, for instance, [1, 8]), its model checking problem has entered the research
agenda only recently, despite it has several potential application domains, as
shown in [22].
Model checking for full HS, interpreted over finite Kripke structures, accord-
ing to the so-called state-based semantics [6], has been studied in [18, 23]. The
authors showed that, under the homogeneity assumption [25], which constrains
a proposition letter to hold over an interval if and only if it holds over each com-
ponent state, the problem is non-elementarily decidable (EXPSPACE-hardness
has been later shown in [5]). Since then, the attention has been brought to HS
fragments, whose computational behavior is often much better [5, 7, 19–21]. The
model checking problem for some HS fragments extended with epistemic op-
erators has been investigated in [15, 16]. The semantic assumptions for these
epistemic HS fragments differ from those of [5, 7, 18–21, 23] in two important
respects, making it difficult to compare the two families of logics: formulas are
interpreted over the unwinding of the Kripke structure (computation-tree-based
semantics [6]) and interval labeling takes into account only the endpoints of inter-
vals. The latter assumption has been later relaxed by allowing the use of regular
expressions to define the labeling of proposition letters over intervals in terms of
the component states [17]. An in-depth investigation of interval temporal logic
model checking with regular expressions, under the homogeneity assumption,
has been recently undertaken [3, 4].
In this paper, we focus our attention on the problem of model checking a
single, finite path/interval. Unlike standard model checking, where logical spec-
ifications are evaluated against temporal structures which are abstract (finite)
representations of the infinite set of finite/infinite computation paths of a sys-
tem, we are interested in checking the truth of a formula against a concrete,
finite interval model. In [22], it has been shown that such a problem has vari-
ous interesting applications, such as, for instance, temporal query evaluation and
temporal constraint checking in temporal databases [10, 14, 26, 27].
We describe an implementation of a model checker for HS formulas against
concrete, finite interval models, and we report the outcomes of a series of sys-
tematic performance tests. Even though the proposed implementation is inspired
by the well-known model checking algorithm for CTL formulas by Emerson and
Clarke [11], devising an efficient procedure is not trivial at all and it requires a
deep theoretical analysis as well as suitable choices in representing and searching
the finite model, e.g., a symbolic representation is used when labeling intervals
with special kinds of formulas (see [22] for a more detailed discussion).
� HS Allen’s relations Graphical representation
x y
x0 y0
hAi [x, y]RA [x0 , y 0 ] ⇔ y = x0
x0 y0
hLi [x, y]RL [x0 , y 0 ] ⇔ y < x0
0
x0 y
hBi [x, y]RB [x0 , y 0 ] ⇔ x = x0 , y 0 < y
0
x0 y
hEi [x, y]RE [x0 , y 0 ] ⇔ y = y 0 , x < x0
x0 y0
hDi [x, y]RD [x0 , y 0 ] ⇔ x < x0 , y 0 < y
x0 y0
hOi [x, y]RO [x0 , y 0 ] ⇔ x < x0 < y < y 0
Shortcuts Semantics
V
[U ] [U ]ψ ≡ ψ ∧ X∈{A,B,E,D,O,L} ([X]ψ ∧ [X]ψ)
W
hSIi hSIiψ ≡ X∈{O,D,B,E} (hXiψ ∨ hXiψ)
Fig. 1. Allen’s interval relations, HS modalities, and some useful shortcuts.
2 The logic HS
Halpern and Shoham’s logic HS is a multi-modal logic with formulas built on a
set AP of proposition letters, the Boolean connectives ∨ and ¬, and 6 existential
modalities based on the following 6 Allen’s relations: meets (modality hAi), begins
(modality hBi), and ends (modality hEi), graphically depicted in Figure 1, and
their transposes met-by (modality hAi), begun-by (modality hBi), and ended-by
(modality hEi). Formulas of HS are defined by the following grammar:
ϕ ::= p | ¬ϕ | ϕ ∧ ϕ | ϕ ∨ ϕ | hAiϕ | hAiϕ | hBiϕ | hBiϕ | hEiϕ | hEiϕ.
The other Boolean connectives are defined as usual, while the universal version of
each existential modality hXi is denoted by [X] and defined as [X]ψ ≡ ¬hXi¬ψ.
The language of HS allows for additional (existential) modalities corresponding
to the other Allen’s relations, namely, during (modality hDi), later (modality
hLi), and overlaps (modality hOi), graphically depicted in Figure 1, and their
transposes contains (modality hDi), before (modality hLi), and overlapped-by
(modality hOi), which can be defined as follows:
hDiψ ≡ hBihEiψ, hDiψ ≡ hBihEiψ,
hLiψ ≡ hAihAiψ, hLiψ ≡ hAihAiψ,
hOiψ ≡ hEihBiψ, hOiψ ≡ hBihEiψ.
Hereafter, we denote by RX the Allen relation corresponding to modality hXi,
e.g., we denote by RA the relation corresponding to modality hAi (see Figure 1).
Let D = hD, y such that M, [y, z] ϕ;
– M, [x, y] hAiϕ iff there exists z < x such that M, [z, x] ϕ;
– M, [x, y] hBiϕ iff there exists x < z < y such that M, [x, z] ϕ;
– M, [x, y] hBiϕ iff there exists z > y such that M, [x, z] ϕ;
– M, [x, y] hEiϕ iff there exists x < z < y such that M, [z, y] ϕ;
– M, [x, y] hEiϕ iff there exists z < x such that M, [z, y] ϕ.
We say that an HS formula ϕ is satisfiable if and only if there exists a model M
and an interval [x, y] such that M, [x, y] ϕ. The satisfiability problem for HS
is the problem of finding a model and an interval that satisfies a formula.
Given an interval model M = hI(D), V i over a finite linearly ordered set
D = hD, 0,j (ei,S i,B
∨ hAiei,B
V
j → (hLiej j )); (i)
i,S i,B i,B
V
[U ] (f → (hLif ∨ hAif )); (ii)
i>0
[U ] V (ei,B → (hLiei−1,S ∨ hAiei−1,S ));
(iii)
ϕphy ≡ Vi,j j j j
[U ] i (f i,B → (hLif i−1,S ∨ hAif i−1,S )); (iv)
0 0
[U ] i,j,∗ (ei,∗ → i0 ,∗0 ¬hSIieji ,∗ );
V V
j (v)
0 0
[U ] i,∗ (f i,∗ → i0 ,∗0 ¬hSIif i ,∗ ).
V V
(vi)
� Experiments
1,200 Interpolating parabola
1,000
800
Time in ms.
600
400
five rivers
200 four rivers
three rivers
two rivers
0 one river
0 200 400 600 800 1,000 1,200 1,400 1,600 1,800 2,000
Input size
Fig. 7. Elapsed time.
Formulas (i) and (ii) impose that the farmer, as well as any element, has been
on the boat on the i-th river before being on the right hand side of that river.
Similarly, formulas (iii) and (iv) state that the farmer, as well as any element,
must have been on the left hand side of the i-th river before being on the boat
across it. Furthermore, formulas (v) and (vi) constrain the model to be coherent:
whenever any element or the farmer are somewhere, they are not anywhere else.
Finally, we add a formula ϕriddle (the riddle constraint) which states that
the capacity of the boat is limited (as in the original formulation of the riddle,
it states that the boat cannot host all the elements together) and that everyone
starts at the left hand side of the first river and, eventually, ends up at the right
hand side of the last one:
0,S 0,S 0,S
f V∧ eV
1 ∧ . . . ∧ en ,
ϕriddle ≡ [U ] j ( i (e1 ∧ . . . ∧ ei,B
i,B i,B i,B
j−1 ∧ ej+1 ∧ . . . ∧ en ) → ⊥),
hLi(f m,S ∧ em,S ∧ . . . ∧ em,S ).
1 n
In Figure 7, we have reported the elapsed time for model checking the con-
junction of the above formulas against a generalized version of the model in
Figure 5. The size of the problem is expressed in bytes, and time in milliseconds.
All experiments have been run on a CPU Intel(R) Core(TM) i7, with a clock
�of 2.60GHz and 8GB RAM. For each number of rivers, ranging from 1 to 5, we
have tried to model check the conjunction of all specifications for a number of
elements ranging from 8 to 48 (with 4-unit steps).
As one may observe from Figure 7, the elapsed time grows quadratically,
i.e., as a parabola, with the size of the input (size of the model plus size of the
formula), as expected in a non-degenerate experiment.
5 Conclusions
Model checking is a fundamental problem in computational logic. In the recent
past, it has been applied to a number of different contexts, ranging from program
and protocol checking to system verification. Point-based temporal logics have
been traditionally used for property specification in model checking. The interest
for interval temporal logic model checking is much more recent.
We focused on the problem of model checking formulas of the interval tem-
poral logic HS against (concrete) finite interval models, which comes into play
in a number of applications different from automated system verification. As an
example, constraint checking and query answering in temporal databases can
be viewed as special instances of such a problem. The same holds for temporal
rule extraction in data mining. A formalization of the problem, an analysis of its
complexity, and a discussion of some possible applications can be found in [22].
Here, we proposed a first implementation of the model checking procedure
outlined in [22], and we reported the outcomes of its systematic testing against
benchmarks obtained from the generalization of a known riddle and its solution.
References
1. L. Aceto, D. Della Monica, V. Goranko, A. Ingólfsdóttir, A. Montanari, and G. Sci-
avicco. A complete classification of the expressiveness of interval logics of Allen’s
relations: The general and the dense cases. Acta Informatica, 53(3):207–246, 2016.
2. J. Allen. Maintaining knowledge about temporal intervals. Communications of the
ACM, 26(11):832–843, 1983.
3. L. Bozzelli, A. Molinari, A. Montanari, and A. Peron. An in-Depth Investigation
of Interval Temporal Logic Model Checking with Regular Expressions. In Proc. of
the 15th SEFM, volume 10469 of LNCS, 2017.
4. L. Bozzelli, A. Molinari, A. Montanari, and A. Peron. On the Complexity of Model
Checking for Syntactically Maximal Fragments of the Interval Temporal Logic HS
with Regular Expressions. In Proc. of the 8th GandALF, 2017.
5. L. Bozzelli, A. Molinari, A. Montanari, A. Peron, and P. Sala. Interval temporal
logic model checking: The border between good and bad HS fragments. In Proc.
of the 8th IJCAR, volume 9706 of LNCS, pages 389–405. Springer, 2016.
6. L. Bozzelli, A. Molinari, A. Montanari, A. Peron, and P. Sala. Interval vs. point
temporal logic model checking: an expressiveness comparison. In Proc. of the 36th
FSTTCS, volume 65 of LIPIcs, pages 26:1–26:14, 2016.
7. L. Bozzelli, A. Molinari, A. Montanari, A. Peron, and P. Sala. Model checking the
logic of Allen’s relations meets and started-by is PNP -complete. In Proc. of the
7th GandALF, volume 226 of EPTCS, pages 76–90, 2016.
� 8. D. Bresolin, D. Della Monica, A. Montanari, P. Sala, and G. Sciavicco. Interval
temporal logics over strongly discrete linear orders: Expressiveness and complexity.
Theoretical Computer Science, 560:269–291, 2014.
9. E.M. Clarke and E.A. Emerson. Design and synthesis of synchronization skeletons
using branching-time temporal logic. In Logics of Programs, volume 131 of LNCS,
pages 52–71. Springer, 1981.
10. C. Combi and A. Montanari. Data models with multiple temporal dimensions:
Completing the picture. In Proc. of the 13th CAiSE, volume 2068 of LNCS, pages
187–202. Springer, 2001.
11. E.A. Emerson and J.Y. Halpern. Decision procedures and expressiveness in the
temporal logic of branching time. Journal of Computer and System Sciences,
30(1):1–24, 1985.
12. E.A. Emerson and J.Y. Halpern. “Sometimes” and “Not Never” revisited: On
branching versus linear time temporal logic. Journal of the ACM, 33(1):151–178,
1986.
13. J. Halpern and Y. Shoham. A propositional modal logic of time intervals. J. of
the ACM, 38(4):935–962, 1991.
14. K. Kulkarni and J.E. Michels. Temporal features in SQL:2011. ACM SIGMOD
Record, 41(3):34–43, 2012.
15. A. Lomuscio and J. Michaliszyn. An epistemic Halpern-Shoham logic. In Proc. of
the 23rd IJCAI, pages 1010–1016, 2013.
16. A. Lomuscio and J. Michaliszyn. Decidability of model checking multi-agent sys-
tems against a class of EHS specifications. In Proc. of the 21st ECAI, volume 263
of Frontiers in Artificial Intelligence and Applications, pages 543–548, 2014.
17. A. Lomuscio and J. Michaliszyn. Model checking multi-agent systems against
epistemic HS specifications with regular expressions. In Proc. of the 15th KR,
pages 298–308, 2016.
18. A. Molinari, A. Montanari, A. Murano, G. Perelli, and A. Peron. Checking interval
properties of computations. Acta Informatica, 53(6-8):587–619, 2016.
19. A. Molinari, A. Montanari, and A. Peron. Complexity of ITL model checking:
Some well-behaved fragments of the interval logic HS. In Proc. of the 22nd TIME,
pages 90–100, 2015.
20. A. Molinari, A. Montanari, and A. Peron. A model checking procedure for interval
temporal logics based on track representatives. In Proc. of the 24th CSL, volume 41
of LIPIcs, pages 193–210, 2015.
21. A. Molinari, A. Montanari, A. Peron, and P. Sala. Model checking well-behaved
fragments of HS: the (almost) final picture. In Proc. of the 15th KR, pages 473–483,
2016.
22. D. Della Monica, D. de Frutos-Escrig, A. Montanari, A. Murano, and G. Sciavicco.
Evaluation of temporal datasets via interval temporal logic model checking. In
Proc. of the 24th TIME. LIPIcs, 2017.
23. A. Montanari, A. Murano, G. Perelli, and A. Peron. Checking interval properties
of computations. In Proc. of the 21st TIME, pages 59–68, 2014.
24. A. Pnueli. The temporal logic of programs. In Proc. of the 18th FOCS, pages
46–57, 1977.
25. P. Roper. Intervals and tenses. Journal of Philosophical Logic, 9(4):451–469, 1980.
26. R.T. Snodgrass, editor. The TSQL2 Temporal Query Language. Kluwer, 1995.
27. R.T. Snodgrass, I. Ahn, G. Ariav, D.S. Batory, J. Clifford, C.E. Dyreson, R. El-
masri, F. Grandi, C.S. Jensen, W. Käfer, N. Kline, K. Kulkarni, T.Y.C. Leung,
N. Lorentzos, J.F. Roddick, A. Segev, M.D. Soo, and S.M. Sripada. TSQL2 lan-
guage specification. ACM Sigmod Record, 23(1):65–86, 1994.
�