Conversation
Cslib/Logics/LTL/Basic.Lean
Outdated
|
|
||
| /-- Satisfaction relation for ω-sequences of atom valuations. -/ | ||
| @[simp, scoped grind =] | ||
| def Satisfies (ls : ωSequence (Set T)) (φ : Proposition T) := match φ with |
There was a problem hiding this comment.
| def Satisfies (ls : ωSequence (Set T)) (φ : Proposition T) := match φ with | |
| def Satisfies (ls : ωSequence (Set T)) : Proposition T → Prop |
Cslib/Logics/LTL/Basic.Lean
Outdated
| | .or φ₁ φ₂ => Satisfies ls φ₁ ∨ Satisfies ls φ₂ | ||
| | .atom (p) => p ∈ ls 0 | ||
| | .not φ => ¬ (Satisfies ls φ) | ||
| | .next φ => Satisfies (ωSequence.drop 1 ls) φ |
There was a problem hiding this comment.
| | .next φ => Satisfies (ωSequence.drop 1 ls) φ | |
| | .next φ => Satisfies (ls.drop 1) φ |
etc
Cslib/Logics/LTL/Basic.Lean
Outdated
|
|
||
| /-- Equivalence of LTL propositions on ω-sequences. -/ | ||
| @[simp, scoped grind =] | ||
| def Proposition.equiv (φ₁ : Proposition T) (φ₂ : Proposition T) := |
There was a problem hiding this comment.
| def Proposition.equiv (φ₁ : Proposition T) (φ₂ : Proposition T) := | |
| def Proposition.equiv (φ₁ : Proposition T) (φ₂ : Proposition T) : Prop := |
Cslib/Logics/LTL/Basic.Lean
Outdated
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := | ||
| by simp |
There was a problem hiding this comment.
style should be
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := | |
| by simp | |
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := by | |
| simp |
(throughout)
| theorem expansion_until {T} : ∀ (φ : Proposition T) (ψ : Proposition T) , | ||
| Proposition.until_op φ ψ ≈ Proposition.or ψ (Proposition.and φ ((Proposition.until_op φ ψ).next)) := | ||
| by | ||
| intros |
There was a problem hiding this comment.
| theorem expansion_until {T} : ∀ (φ : Proposition T) (ψ : Proposition T) , | |
| Proposition.until_op φ ψ ≈ Proposition.or ψ (Proposition.and φ ((Proposition.until_op φ ψ).next)) := | |
| by | |
| intros | |
| theorem expansion_until {T} (φ : Proposition T) (ψ : Proposition T) : | |
| φ.until_op ψ ≈ ψ.or (φ.and ((φ.until_op ψ).next)) := by |
Cslib/Logics/LTL/Basic.Lean
Outdated
| namespace Cslib.Logic.LTL | ||
|
|
||
| /-- Propositions, where `T` is the type of atoms. -/ | ||
| inductive Proposition (T : Type) : Type u where |
There was a problem hiding this comment.
| inductive Proposition (T : Type) : Type u where | |
| inductive Proposition (T : Type u) : Type u where |
ctchou
left a comment
ctchou
left a comment
There was a problem hiding this comment.
These are my specific comments. I will give my general comments on Zulip:
#CSLib > LTL?
Cslib/Logics/LTL/Basic.Lean
Outdated
| @@ -0,0 +1,167 @@ | |||
| /- | |||
| Copyright (c) 2026 Fabrizio Montesi. All rights reserved. | |||
There was a problem hiding this comment.
You can put your name here.
Cslib/Logics/LTL/Basic.Lean
Outdated
| /-! # Linear Temporal Logic | ||
|
|
||
| Linear Temporal Logic (LTL) is a logic for reasoning about the validity of propositional atoms | ||
| in non-branching time. |
Cslib/Logics/LTL/Basic.Lean
Outdated
| namespace Cslib.Logic.LTL | ||
|
|
||
| /-- Propositions, where `T` is the type of atoms. -/ | ||
| inductive Proposition (T : Type) : Type u where |
There was a problem hiding this comment.
Any reason implies and leads_to are not among the operators? Alternatively, can we take seriously the idea that (for example) always and eventuallycan be defined as derived operators and reduce this inductive definition to a minimal set of operators?
Cslib/Logics/LTL/Basic.Lean
Outdated
| /-- Equivalence of LTL propositions on ω-sequences. -/ | ||
| @[simp, scoped grind =] | ||
| def Proposition.equiv (φ₁ : Proposition T) (φ₂ : Proposition T) := | ||
| ∀ (ls : ωSequence (Set T)) , (ls ⊧ φ₁) ↔ ls ⊧ φ₂ |
There was a problem hiding this comment.
Would it be possible to give \models a higher precedence than \iff, so that we can get rid of the parentheses on the LHS of \iff?
Cslib/Logics/LTL/Basic.Lean
Outdated
|
|
||
| /-- Equivalence of LTL propositions on ω-sequences. -/ | ||
| @[simp, scoped grind =] | ||
| def Proposition.equiv (φ₁ : Proposition T) (φ₂ : Proposition T) := |
There was a problem hiding this comment.
Instead of Proposition.equiv φ₁ φ₂, I think you should define Proposition.valid φ to mean that φ is true over all models ls. This is more general, because Proposition.equiv φ₁ φ₂ is simply Proposition.valid (φ₁.iff φ₂). (You didn't define Proposition.iff, but there is no reason why you shouldn't.). Also, Proposition.equiv φ₁ φ₂ biases you toward equational reasoning. But sometimes it is more natural to reason about implications.
Cslib/Logics/LTL/Basic.Lean
Outdated
| /-- The `eventually` operator distributes on disjunction. -/ | ||
| @[scoped grind .] | ||
| theorem distrib_eventually_or {T} : | ||
| ∀ (φ : Proposition T) (ψ : Proposition T) , | ||
| Proposition.eventually (φ.or ψ) ≈ (Proposition.or (φ.eventually) (ψ.eventually)) | ||
| := by | ||
| simp | ||
| grind |
There was a problem hiding this comment.
Please fix the indents here and throughout
Cslib/Logics/LTL/Basic.Lean
Outdated
| @[scoped grind .] | ||
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := by | ||
| simp |
There was a problem hiding this comment.
| @[scoped grind .] | |
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := by | |
| simp | |
| @[scoped grind .] | |
| theorem next_self_dual {T} : ∀ (φ : Proposition T), φ.next.not ≈ φ.not.next := by | |
| simp |
Cslib/Logics/LTL/Basic.Lean
Outdated
|
|
||
| /-- Validity of LTL propositions on ω-sequences. -/ | ||
| @[simp, scoped grind =] | ||
| def Proposition.valid (φ₁ : Proposition T) : Prop := |
There was a problem hiding this comment.
| def Proposition.valid (φ₁ : Proposition T) : Prop := | |
| def Proposition.Valid (φ₁ : Proposition T) : Prop := |
or perhaps
| def Proposition.valid (φ₁ : Proposition T) : Prop := | |
| def Proposition.IsValid (φ₁ : Proposition T) : Prop := |
| inductive Proposition (T : Type u) : Type u where | ||
| | true | ||
| | false | ||
| | not (φ₁ : Proposition T) | ||
| | and (φ₁ φ₂ : Proposition T) | ||
| | or (φ₁ φ₂ : Proposition T) | ||
| | implies (φ₁ φ₂ : Proposition T) | ||
| | iff (φ₁ φ₂ : Proposition T) | ||
| | next (φ : Proposition T) | ||
| | eventually (φ : Proposition T) | ||
| | always (φ : Proposition T) | ||
| | until_op (φ : Proposition T) (φ : Proposition T) | ||
| | atom (p : T) |
There was a problem hiding this comment.
Instead of trying to anticipate and enumerate all propositional operators you will ever need, I wonder if it is better to limit yourself to a minimal set of operators in terms of which other operators can be defined. For example, even with the expanded set of operators given above, you still miss one important operator:
def Proposition.leadsTo (φ₁ φ₂ : Proposition T) : Proposition T :=
(φ₁.implies φ₂.eventually).always
variable (φ₁ φ₂ : Proposition T)
#check (φ₁.leadsTo φ₂)
As you can see, the dot-notation enables the new operator to be written and used pretty much like those in the original inductive definition. By limiting yourself to a minimal set of core operators which will likely stay stable, you will have fewer operators to deal with if you ever want to develop any proof theory for LTL.
There was a problem hiding this comment.
Makes a lot of sense. On it 👍
| | next (φ : Proposition T) | ||
| | eventually (φ : Proposition T) | ||
| | always (φ : Proposition T) | ||
| | until_op (φ : Proposition T) (φ : Proposition T) |
There was a problem hiding this comment.
Are you sure until doesn't work here? I played with it a little bit and it seems to work. These operators are never used "nakedly" and always appears as part of dot-notations.
|
One more comment: I wonder if it is possible to change the type of a model from |
3 participants
Hi! Here is my first attempt at formalizing LTL, by providing a semantics on omega-sequences and a few simple rules. I think this could be quite easily adapted to obtain a semantics on paths of transition systems.
I hope you'll forgive my naive proof style, I'm fairly new to Lean, and I hope we can work on this together to make it up to standards :)