Specification and Analysis of Contracts Lectures 3 and 4 Background: Modal Logics Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov. 7, 2008 Cape Town, South Africa university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 1 / 56 Plan of the Course 1 Introduction 2 Components, Services and Contracts 3 Background: Modal Logics 1 4 Background: Modal Logics 2 5 Deontic Logic 6 Challenges in Defining a Good Contract language 7 Specification of ’Deontic’ Contracts ( ) CL 8 Verification of ’Deontic’ Contracts 9 Conflict Analysis of ’Deontic’ Contracts 10 Other Analysis of ’Deontic’ Contracts and Summary university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 2 / 56 Depending on the semantics, we can interpret ' differently temporal ' will always hold @ doxastic I believe ' epistemic I know ' deontic It ought to be the case that ' Modal Logics Modal logic is the logic of possibility and necessity ': ' is necessarily true. 3@ ': ' is possibly true. Not a single system but many different systems depending on application Good to reason about causality and situations with incomplete information Different interpretation for the modalities: belief, knowledge, provability, etc. university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 3 / 56 Modal Logics Modal logic is the logic of possibility and necessity ': ' is necessarily true. 3@ ': ' is possibly true. Not a single system but many different systems depending on application Good to reason about causality and situations with incomplete information Different interpretation for the modalities: belief, knowledge, provability, etc. Depending on the semantics, we can interpret ' differently temporal ' will always hold @ doxastic I believe ' epistemic I know ' deontic It ought to be the case that ' university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 3 / 56 Modal Logic Dynamic Aspect of Modal Logic Modal logic is good to reason in dynamic situations Truth values may vary over time (classical logic is static) Sentences in classical logic are interpreted over a single structure or world In modal logic, interpretation consists of a collection K of possible worlds or states If states change, then truth values can also change Dynamic interpretation of modal logic Temporal logic Linear time Branching time Dynamic logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 4 / 56 Modal Logic Dynamic Aspect of Modal Logic Modal logic is good to reason in dynamic situations Truth values may vary over time (classical logic is static) Sentences in classical logic are interpreted over a single structure or world In modal logic, interpretation consists of a collection K of possible worlds or states If states change, then truth values can also change Dynamic interpretation of modal logic Temporal logic Linear time Branching time Dynamic logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 4 / 56 Modal Logics We will see In the rest of this and next lecture (2 hours): Temporal logic Propositional modal logic Multimodal logic Dynamic logic µ-calculus Real-time logics In the following lecture (1 hour): Deontic logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 5 / 56 Plan 1 Temporal Logic 2 Propositional Modal Logic 3 Multimodal Logic 4 Dynamic Logic 5 Mu-calculus 6 Real-Time Logics university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 6 / 56 Plan 1 Temporal Logic 2 Propositional Modal Logic 3 Multimodal Logic 4 Dynamic Logic 5 Mu-calculus 6 Real-Time Logics university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 7 / 56 Temporal Logic Introduction Temporal logic is the logic of time There are different ways of modeling time linear time vs. branching time time instances vs. time intervals discrete time vs. continuous time past and future vs. future only university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 8 / 56 p pp p . i−2i−1 i i+1 i+2 i+3 p p p . i−2i−1 i i+1 i+2 i+3 Temporal Logic Introduction In Linear Temporal Logic (LTL) we can describe such properties as, if i is now, p holds in i and every following point (the future) p holds in i and every preceding point (the past) We will only be concerned with the future university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 9 / 56 p pp p . i−2i−1 i i+1 i+2 i+3 p p p . i−2i−1 i i+1 i+2 i+3 Temporal Logic Introduction In Linear Temporal Logic (LTL) we can describe such properties as, if i is now, p holds in i and every following point (the future) p holds in i and every preceding point (the past) We will only be concerned with the future university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 9 / 56 p pp p . i−2i−1 i i+1 i+2 i+3 p p p . i−2i−1 i i+1 i+2 i+3 Temporal Logic Introduction In Linear Temporal Logic (LTL) we can describe such properties as, if i is now, p holds in i and every following point (the future) p holds in i and every preceding point (the past) We will only be concerned with the future university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 9 / 56 Temporal Logic Introduction We extend the first-order language to a temporal language T by adding the temporal operators , 3, , UL, R and W . L @ Interpretation '' will always (in every state) hold @ 3 '' will eventually (ins some state) hold '' will hold at the next point in time ' will eventually hold, and until that point ' will hold U ' R holds until (incl.) the point (if any) where ' holds (release) ' W ' will hold until holds (weak until or waiting for) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 10 / 56 Temporal Logic Introduction Definition We define LTL formulae as follows: T: first-order formulae are also LTL formulae L ⊆ L If ' is an LTL formulae, so are ', 3 ', ' and ' @ : If ' and are LTL formulae, so are ' , ' R , ' W , ' , ' , ' and ' U _ ^ ) ≡ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 11 / 56 Temporal Logic Semantics Definition A path is an infinite sequence of states σ = s0; s1; s2;::: k σ denotes the path sk ; sk+1; sk+2;::: σk denotes the state sk All computations are paths, but not vice versa university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 12 / 56 Linear Temporal Logic Semantics Definition We define the notion that an LTL formula ' is true(false) relative to a path σ, written σ = ' (σ = ') as follows. j 6j σ = ' iff σ0 = ' when ' j j 2 L σ = ' iff σ = ' j : 6j σ = ' iff σ = ' or σ = j _ j j σ = ' iff σk = ' for all k 0 j @ j ≥ σ = 3 ' iff σk = ' for some k 0 j j ≥ σ = ' iff σ1 = ' j j (cont.)university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 13 / 56 Linear Temporal Logic Semantics Definition (cont.) σ = ' iff σk = for some k 0, and j U j ≥ σi = ' for every i such that 0 i < k j ≤ σ = ' R iff for every j 0, j ≥ if for every i < j σi = ' then σj = 6j j σ = ' W iff σ = ' or σ = ' j j U j @ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 14 / 56 Temporal Logic Semantics Definition If σ = ' for all paths σ, we say that ' is (temporally) valid and write j = ' (Validity) j If = ' (ie. σ = ' iff σ = , for all σ), we say that ' and are equivalentj ≡ and writej j ' (Equivalence) ∼ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 15 / 56 Temporal Logic Semantics Definition If σ = ' for all paths σ, we say that ' is (temporally) valid and write j = ' (Validity) j If = ' (ie. σ = ' iff σ = , for all σ), we say that ' and are equivalentj ≡ and writej j ' (Equivalence) ∼ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 15 / 56 σ = 3 p j p . 01 2 3 4 σ = p j p . 01 2 3 4 Temporal Logic Semantics σ = p j @ pp p pp . 01 2 3 4 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 16 / 56 p . 01 2 3 4 σ = p j p . 01 2 3 4 Temporal Logic Semantics σ = p j @ pp p pp . 01 2 3 4 σ = 3 p j university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 16 / 56 p . 01 2 3 4 p . 01 2 3 4 Temporal Logic Semantics σ = p j @ pp p pp . 01 2 3 4 σ = 3 p j σ = p j university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 16 / 56 σ = p R q – The sequence of q may be infinite j qq q q,p .