Why Is Mo dal Logic So Robustly Decidable Moshe Y Vardi Department of Computer Science Rice University Houston TX Email vardicsriceedu URL httpwwwcsriceedu vardi Introduction Modal logic the logic of necessity and p ossibility of must b e and may b e was dis cussed by several authors in ancient times notably by Aristotle in De Interpretatione and Prior Analytics as well as by medieval logicians Like most work b efore the mo dern p erio d it was nonsymbolic and not particularly systematic in approach The rst sym b olic and systematic approach to the sub ject app ears to b e the work of Lewis b eginning in and culminating in the b o ok Symbolic Logic with Langford LL Prop osi tional mo dal logic is obtained from prop ositional logic by adding a mo dal connective 2 ie if is a formula then 2 is also a formula Intuitively 2 asserts that is necessarily true Dually 2 abbreviated as 3 asserts that is possibly true Mo dal logic has many applications due to the fact that the notions of necessity and p ossibility can b e given many concrete interpretations For example necessarily can mean according to the laws of physics or according to my knowledge or even after the program terminates In the last years mo dal logic has b een applied to numerous areas of computer science including articial intelligence BLMS MH program ver ication CES Pra Pnu hardware verication Bo c RS database theory CCF Lip and distributed computing BAN HM The standard semantics for mo dal logic is based on the p ossibleworlds approach originally prop osed by Carnap Car Car Possibleworlds semantics was further developed indep endently by several researchers including Bay Hin Hin Kan The research rep orted here was conducted while the author was visiting DIMACS and Bell Lab ora tories as part of the DIMACS Sp ecial Year on Logic and Algorithm Kri Mer Mon Pri reaching its current form with Kripke Kri which ex plains why the mathematical structures that capture the p ossibleworlds approach are called Kripke structures The intuitive idea b ehind the p ossibleworlds mo del is that b esides the true state of aairs there are a number of other p ossible states of aairs or worlds Necessity then means truth in all p ossible worlds For example an agent may b e walking on the streets in San Francisco on a sunny day but may have no information at all ab out the weather in London Thus in all the worlds that the agent considers p ossible it is sunny in San Francisco On the other hand since the agent has no infor mation ab out the weather in London there are worlds he considers p ossible in which it is sunny in London and others in which it is raining in London Thus this agent knows that it is sunny in San Francisco but he do es not know whether it is sunny in London Intuitively if an agent considers fewer worlds p ossible then he has less uncertainty and more knowledge If the agent acquires additional informationsuch as hearing from a reliable source that it is currently sunny in Londonthen he would no longer consider p ossible any of the worlds in which it is raining in London There are two main computational problems asso ciated with mo dal logic The rst problem is checking if a given formula is true in a given state of a given Kripke structure This problem is known as the modelchecking problem The second problem is checking if a given formula is true in all states of all Kripke structures This problem is known as the validity problem Both problems are decidable The mo delchecking problem can b e solved in linear time while the validity problem is PSPACEcomplete This is rather surprising when one considers the fact that mo dal logic in spite of its apparent prop ositional syntax is essentially a rstorder logic since the necessity and p ossibility mo dalities quantify over the set of p ossible worlds and mo del checking and validity for rstorder logic are computationally hard problems Furthermore the undecidability of rstorder logic is very robust Only very restricted fragments of rstorder logic are decidable and these fragments are typically dened in terms of b ounded quantier alternation DG Lew The ability however to have arbitrary nesting of mo dalities in mo dal logic means that it do es not corresp ond to a fragment of rstorder logic with b ounded quantier alternation Why then is mo dal logic so robustly decidable To answer this question we have to take a close lo ok at mo dal logic as a fragment of rstorder logic A careful examination reveals that prop ositional mo dal logic can in fact b e viewed as a fragment of variable rstorder logic Gab Ben This fragment 2 denoted FO is obtained by restricting the formulas to refer to only two individual variables It turns out that this fragment is computationally much more tractable than full rstorder logic which provides some explanation for the tractability of mo dal logic Up on a deep examination however we discover that this explanation is not to o satisfactory The tractability of mo dal logic is quite robust and survives for example under various epistemic assumptions which cannot b e explained by the relationship to 2 FO To deep en the puzzle we consider an extension of mo dal logic called computation tree logic or CTL CE This logic is also quite tractable even though it is not even a rstorder logic We show that it can b e viewed as a fragment of variable xp oint 2 logic denoted FP but the latter do es not enjoy the nice computational prop erties of 2 FO We conclude by showing that the decidability of CTL can b e explained by the 2 socalled treemodel property which is enjoyed by CTL but not by FP We show how the treemo del prop erty leads to automatabased decision pro cedures Mo dal Logic We wish to reason ab out worlds that can b e describ ed in terms of a nonempty nite set of propositional constants typically lab eled p p q q These prop ositional constants stand for basic facts ab out the world such as it is sunny in San Francisco or Alice has mud on her forehead We can now describ e the set of mo dal formulas We start with the prop ositional constants in and form more complicated formulas by closing o under negation conjunction and the mo dal connective 2 Thus if and are formulas then so are and 2 For the sake of readability we omit the parentheses in formulas such as whenever it do es not lead to confusion We also use standard abbreviations from prop ositional logic such as for and for We take true to b e an abbreviation for some xed prop ositional tautology such as p p and take false to b e an abbreviation for true Also we view p ossibility as the dual of necessity and use 3 to abbreviate 2 Intuitively is p ossible if is not necessary We can express quite complicated statements in a straightforward way using this language For example the formula 232p says that it is necessarily the case that p ossibly p is necessarily true Now that we have describ ed the syntax of our language that is the set of wellformed formulas we need semantics that is a formal mo del that we can use to determine whether a given formula is true or false We formalize the semantics in terms of Kripke structures A Kripke structure M is a tuple S R where S is a set of states or S possible worlds is an interpretation that asso ciates with each prop ositional constant in a set of states in S and R is a binary relation on S that is a set of pairs of elements of S The interpretation p tells us at which state a prop ositional constant p is true the intuition is that p is the set of states in which p holds Thus if p denotes the fact it is raining in San Francisco then s p captures the situation in which it is raining in San Francisco in the state s of the structure M The binary relation R is intended to capture the p ossibility relation s t R if the state t is p ossible given the information in the state s We think of R as a possibility relation since it denes what states are considered p ossible in any given state We now dene what it means for a formula to b e true at a given state in a structure Note that truth dep ends on the state as well as the structure It is quite p ossible that a formula is true in one state and false in another For example in one state an agent may know it is sunny in San Francisco while in another he may not To capture this we dene the notion M s j which can b e read as is true at M s or holds at M s or M s satises We dene the j relation by induction on the structure of The interpretation gives us the information we need to deal with the base case where is a prop ositional constant M s j p for a prop ositional constant p if s p For conjunctions and negations we follow the standard treatment from prop ositional logic a conjunction is true exactly if b oth of the conjuncts and are true while a negated formula is true exactly if is not true M s j if M s j and M s j M s j if M s j Finally we have to deal with formulas of the form 2 Here we try to capture the intuition that is necessarily true in state s of structure M exactly if is true at all states that are p ossible in s Formally we have M s j 2 if M t j for all t such that s t R Note that the semantics of 3 follows from the semantics of 2 and M s j 3 if M t j for some t such that s t R One of the advantages of a Kripke structure is that it can b e viewed as a lab eled graph that is a set of lab eled no des connected by directed edges The no des are the states of S the lab el of state s S describ es which prop ositional constants are true and