On the Complexity of Temporal-Logic Path Checking by Bundala, Daniel & Ouaknine, Joël
ar
X
iv
:1
31
2.
76
03
v3
  [
cs
.L
O]
  2
8 A
pr
 20
14
On the Complexity of Temporal-Logic
Path Checking⋆
Daniel Bundala and Joe¨l Ouaknine
Department of Computer Science, University of Oxford
Wolfson Building, Parks Road, Oxford, OX1 3QD, UK
Abstract. Given a formula in a temporal logic such as LTL or MTL, a
fundamental problem is the complexity of evaluating the formula on a
given finite word. For LTL, the complexity of this task was recently shown
to be in NC [8]. In this paper, we present an NC algorithm for MTL, a
quantitative (or metric) extension of LTL, and give an AC1 algorithm
for UTL, the unary fragment of LTL. At the time of writing, MTL is the
most expressive logic with an NC path-checking algorithm, and UTL is
the most expressive fragment of LTL with a more efficient path-checking
algorithm than for full LTL (subject to standard complexity-theoretic as-
sumptions). We then establish a connection between LTL path checking
and planar circuits, which we exploit to show that any further progress
in determining the precise complexity of LTL path checking would im-
mediately entail more efficient evaluation algorithms than are known for
a certain class of planar circuits. The connection further implies that
the complexity of LTL path checking depends on the Boolean connec-
tives allowed: adding Boolean exclusive or yields a temporal logic with
P-complete path-checking problem.
1 Introduction
One of the most fundamental problems in the fields of testing and verification is
the path-checking problem: determine whether a given observation1 of a system
satisfies a given specification drawn from a fixed ambient logic. The complexity of
this problem plays a key role in the design and analysis of offline monitoring and
runtime verification procedures [5,11]. The path-checking problem also appears
in testing [1] and in Monte-Carlo-based probabilistic verification [13].
Although the problem is simply stated, determining its precise complexity
can prove to be quite challenging. The case of LTL was investigated more than
a decade ago [4,12], and at the time is was conjectured that the straightforward
polynomial-time dynamic-programming algorithm is not optimal.2 And indeed,
using reductions to planar circuits and tree-contraction algorithms, it was re-
cently proved [8] that LTL path checking allows an efficient parallel algorithm
⋆ This is the full version of the paper with the same title from ICALP’14.
1 In this paper, all observations (paths, traces, words, etc.) considered are finite.
2 The best known lower bound for LTL path checking is NC1, which crudely arises
from the NC1-hardness of mere Boolean formula evaluation.
2 Daniel Bundala and Joe¨l Ouaknine
and lies in NC—in fact, in AC1[logDCFL]. (This seminal result was rewarded by
the ICALP 2009 best-paper award.) More recently, this work was extended to a
very restricted metric extension of LTL, in which only temporal operators of the
form U≤b are allowed [9].
In this paper, we give an algorithm for full Metric Temporal Logic (MTL)
with the same complexity—AC1[logDCFL]—known algorithm for LTL.
We reprise the strategy, introduced in [8], to represent temporal operators
using a special class of planar monotone circuits, together with a generic algo-
rithm [3] as a subroutine to evaluate those circuits. Such circuits have a very
special form, which led the authors of [8] to ask whether the complexity of
the path-checking algorithm can be improved by devising specialised circuit-
evaluation algorithms. In this paper, we present evidence to the contrary, by
showing that the evaluation of circuits drawn from a class of planar circuits
studied in [10] is reducible to LTL path checking; any further progress in deter-
mining the precise complexity of the latter would therefore immediately entail
more efficient evaluation algorithms than are known for this class of planar cir-
cuits. It is worth pointing out that augmenting this class of planar circuits with
NOT gates makes the evaluation problem P-complete [6]. It follows that the
complexity of path checking is sensitive to non-monotone connectives, as allow-
ing Boolean exclusive-or in formulae enables the evaluation of circuits from this
augmented class, and is therefore itself P-complete.
An examination of the algorithmic constructions of [8] shows that the most
intricate parts arise in handling the Until operator. In this paper, we show that
the removal of binary operators from the logic, yielding Unary Temporal Logic
(UTL), leads to a much simpler path-checking problem, enabling us to devise an
AC1 algorithm for UTL path checking.
At the time of writing, our results provide (i) the most expressive known
extension of LTL with an NC path-checking algorithm (MTL), (ii) the sim-
plest known extension of LTL with a strictly harder path-checking problem
(LTL+ Xor), and (iii) the most expressive known fragment of LTL with a strictly
more efficient path-checking algorithm than for full LTL (UTL).3
2 Preliminaries
We denote Boolean true and false by ⊤ and ⊥, respectively. The set {⊥,⊤} is
denoted by B. A vector v ∈ Bn is downward monotone if v(i + 1) = ⊤ =⇒
v(i) = ⊤. It is upward monotone if v(i − 1) = ⊤ =⇒ v(i) = ⊤. A vector is
monotone if it is upward or downward monotone. The set of monotone vectors
is denoted by M.
Temporal Logics: Let AP be a set of atomic propositions, p ∈ AP and
I ⊆ R≥0 be an interval with endpoints in N ∪ {∞}. The formulae of Metric
Temporal Logic (MTL) are defined recursively as follows.
ϕ = p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | XI ϕ | YI ϕ | ϕ UI ϕ | ϕ SI ϕ | ϕ RI ϕ | ϕ TI ϕ
3 Subject to standard complexity-theoretic assumptions.
On the Complexity of Temporal-Logic Path Checking 3
All logics and results presented in this paper apply to temporal logics with
past temporal operators. Note that negation is applied only to atomic propo-
sitions. Other operators are expressible using the following semantic equalities:
FIϕ = ⊤UIϕ, GIϕ = ¬FI¬ϕ, ϕRIψ = ¬(¬ϕUI¬ψ) and ϕTIψ = ¬(¬ϕSI¬ψ).
Linear Temporal Logic (LTL) is the subset of MTL in which I is always [0,∞)
(and is omitted). The fragment UTL of LTL consists of all Boolean connectives
and unary (X,F,G) temporal operators and their past duals.
A trace pi over AP of length n is a function pi : {1, . . . , n}×AP→ B assigning
a truth value to every p ∈ AP at every index. We identify p ∈ AP with a vector
in Bn and use p(i) = ⊤ if pi(i, p) = ⊤. The proposition that is true only in the
interval [i, j] and false otherwise is denoted by χi,j , i.e., χi,j(k) = ⊤ if i ≤ k ≤ j
and χi,j(k) = ⊥ otherwise. To evaluate MTL formulae on pi, we further associate
with pi a sequence of strictly-increasing timestamps t1 < . . . < tn.
Given an MTL formula ϕ and index 1 ≤ i ≤ n, the satisfaction relation
pi, i |= ϕ is defined recursively as follows.
pi, i |= p if p(i) = ⊤
pi, i |= ϕ1 ∧ ϕ2 if pi, i |= ϕ1 and pi, i |= ϕ2
pi, i |= ϕ1 ∨ ϕ2 if pi, i |= ϕ1 or pi, i |= ϕ2
pi, i |= XIϕ if i+ 1 < n ∧ ti+1 − ti ∈ I ∧ pi, i+ 1 |= ϕ
pi, i |= YIϕ if i > 1 and ti − ti−1 ∈ I and pi, i− 1 |= ϕ
pi, i |= ϕ1UIϕ2 if ∃j . (i ≤ j ≤ n) ∧

pi, j |= ϕ2tj − ti ∈ I
∀k . i ≤ k < j =⇒ pi, k |= ϕ1


pi, i |= ϕ1SIϕ2 if ∃j . (i ≥ j ≥ 1) ∧

pi, j |= ϕ2ti − tj ∈ I
∀k . i ≥ k > j =⇒ pi, k |= ϕ1


This paper studies the complexity of evaluating a given formula on a given trace.
Definition 1. The path-checking problem for logic L is to determine, given
a trace pi and a formula ϕ of L, whether pi, 1 |= ϕ.
Let ϕ be an MTL formula. Working from the smallest subformulae and using
the above definitions to tabulate the values pi, i |= ψ for every i and subformula
ψ yields a polynomial dynamic-programming algorithm evaluating ϕ on pi.
Theorem 1 ([12]). The path-checking problem for MTL is in P.
Given a trace pi and formula ϕ, we represent the value of ϕ on pi as the
vector v ∈ Bn such that v(i) = ⊤ if and only if pi, i |= ϕ. We further represent
LTL temporal operators as functions over vectors written in infix notation. For
example, U : Bn ×Bn → Bn is a function such that (pU q)(i) = ⊤ if and only if
there is i ≤ j ≤ n such that q(j) = ⊤ and p(k) = ⊤ for all i ≤ k < j.
A formula context ϕ(X) is a formula with one occurrence of a proposition
replaced by a variable X . If ψ(X) is another formula context then (ϕ ◦ ψ)(X)
is the context obtained by substituting ψ(X) for X in ϕ(X). If q ∈ AP is a
4 Daniel Bundala and Joe¨l Ouaknine
proposition then ϕ(q) is obtained by substituting q for X . For example, ((p U
X) ◦ (X S q))(r) = (p U (X S q))(r) = p U (r S q). Composing formula contexts
increases the size linearly as a formula context contain only one occurrence of
X .
Circuits:ABoolean circuit (C, δ) consists of a set of gates C and a prede-
cessor function δ : C → P(C). The type of a gate is either OR,AND,NOT, ID,
ONE or ZERO. If c is of type τ and δ(c) = {c1, . . . , cn} then we write c =
(τ, c1, . . . , cn). If d ∈ δ(c) then we say c depends on d or that there is a wire
from d to c. The ONE and ZERO gates provide constants inputs. A gate is an
input gate if it does not have a predecessor. A gate is an output gate if it is not
a predecessor of any other gate. A circuit is monotone if it has no NOT gates.
It is planar if the underlying DAG is planar. In this paper, all edges (wires)
are straight-line segment and so a planar embedding is induced by a function
γ : C → R2 assigning a point in the plane to every gate.
A circuit is layered if it can be partitioned into layers C0, . . . , Cn such that
each wire goes from Ci to Ci+1 for some i. Thus, C0 contains only input gates. A
layered circuit is stratified if all input gates appear in C0. A circuit is upward
planar if there is a planar embedding such that every edge monotonically in-
creases in the upward direction—the direction of the evaluation of C. A circuit is
upward layered (stratified) if it is both upward planar and layered (stratified).
Each layer Ci of an upward-layered circuit consists of gates αi,j in the left-to-
right ordering. Each αi,j depends on a contiguous block αi−1,l, . . . , αi−1,r layer
below and the wires do not cross: if αi,j depends on αi−1,q and αi,k depends on
αi−1,r then j ≤ k ⇐⇒ q ≤ r. Fig. 3 shows upward stratified monotone circuits.
Given a circuit with one output gate, the circuit value problem , abbrevi-
ated as CVP , is the problem of determining the value of the output gate.
Complexity Classes: The class logDCFL consists of problems that are
logspace many-one reducible to deterministic context-free languages. Equiva-
lently, it is the class of problems decidable by a deterministic logspace Turing
machine equipped with a stack and terminating in polynomial time. The circuit
class ACi for i ∈ N consists of problems decidable by polynomial-size unbounded
fan-in circuits of depth logi. All circuits in this paper are uniform—can be
generated by a deterministic logspace Turing machine. Given a problem S and
a complexity class C, we write S ∈ AC1[C] if there is a family of AC1 circuits
with additional unbounded fan-in C-oracle gates that decide S. It is known that
L ⊆ logDCFL ⊆ AC1 ⊆ AC1[logDCFL] ⊆ AC2 ⊆ · · · ⊆ ACi ⊆ ACi+1 ⊆ · · · ⊆ P
and that CVP for upward-stratified circuits is P-complete [6], CVP for monotone
upward-stratified circuits is in logDCFL [3] and that CVP for monotone upward-
layered circuits is in AC1[logDCFL] [10].
Tree Contraction: Let T = (V,E) be a binary tree, the tree contraction
algorithm [7] reduces T to a single node using a sequence of tree contraction steps.
Let l ∈ T be a leaf, p be its parent and s its sibling4. A tree contraction step
4 If l does not have a sibling then we take s to be a fresh node.
On the Complexity of Temporal-Logic Path Checking 5
collapses the triple (l, p, s) into a single node. Formally, a new tree T ′ = (V ′, E′)
is obtained from T as follows: V ′ = V \ {l, p}
E′ =
{
E \ {(p, l), (p, s)} if p is the root of T
(E \ {(p, l), (p, s), (q, p)}) ∪ {q, s} otherwise (q is the parent of p)
Note that a contraction step is local and hence multiple non-interfering contrac-
tions can be performed in parallel. A tree contraction algorithm using only ⌈logn⌉
parallel steps exists [7]. Further, this algorithm can be implemented in AC1.
Let ϕ be an LTL formula and pi a trace. A tree contraction algorithm eval-
uating ϕ on pi was given in [8]. The tree T used in [8] is the parse tree of ϕ.
The leaves of T correspond to the atomic propositions and the internal nodes to
Boolean or temporal operators. Each contraction step (l, p, s) partially evaluates
the operator associated with p.
For example, suppose that the formula rooted at p is ψ U q where q is a
proposition. Even if the value of ψ is unknown, we can still make some inferences.
E.g., if q(i) = ⊤ then (ψ U q)(i) = ⊤. If the last value q(|pi|) = ⊥ then (ψ U
q)(|pi|) = ⊥ and so on. The contraction step removes the nodes for ψ and U
and then labels the node s by the partial evaluation of the function (X U q) ◦ ψ.
It was shown in [8] how to represent, manipulate and evaluate these functions
efficiently. When a subformula ψ is fully collapsed into a single node then the
associated function is fully evaluated and the node is labelled by the constant
(ψ(1), . . . , ψ(|pi|)) ∈ B|pi|. The contraction algorithm eventually reduces the tree
into a single node, which is labelled by (ϕ(1), . . . , ϕ(|pi|)) ∈ B|pi|.
In general, a tree-contraction algorithm can evaluate a function f on a tree;
each contraction step partially evaluating f on a subtree. In this paper, the
evaluation is done as follows. Let C be the set of constants and F be a collection,
closed under composition, of admissible functions f : C → C.
– A constant cv ∈ C is attached to every leaf v of T . The values of cv for the
initial leaves are given as a part of the input.
– A function fv ∈ F is attached to every node v of T . Initially, fv is the
identity function.
– A tree contraction of (l, p, s) first builds f ′ ∈ F (depending on cl and p)
implementing the partial evaluation on p. Let f ′′ = fp ◦ f ′. If s is a leaf then
cs is replaced by f
′′(cs). Otherwise, fs is replaced by f
′′ ◦ fs.
l | cl
p | fp
s | fs
=⇒
s | fp ◦ f
′ ◦ fs
Fig. 1. An example of a tree contraction step.
The output of the algorithm is the constant attached to the single remaining
node. If each contraction step and admissible functions are in the complexity
class C then, by [7], the contraction algorithm calculating croot is in AC
1[C].
6 Daniel Bundala and Joe¨l Ouaknine
A tree contraction algorithm for LTL path checking [8] runs in AC1[logDCFL].
Constants C = Bn denote the truth values of propositions and subformulae.
Functions F are represented by upward stratified circuits with n input and n
output gates (transducer circuits), which are closed under composition [8]
and their evaluation and composition is in logDCFL [2]. For a fixed s ∈ Bn, [8]
gives transducer circuits for s∧x, s∨x, sUx, and sRx as the functions of x ∈ Bn.
In Section 4, we give transducer circuits for MTL temporal operators.
3 Reduction from upward layered CVP to LTL path
checking
Given an upward layered monotone circuit C with n gates and m wires we show
how to build an LTL formula ϕ over at most 2n propositions and a trace pi of
length |pi| ≤ m such that C evaluates to ⊤ if and only if pi |= ϕ.
Denote the layers of C by C0, . . . , Ck and the size of each Ci by ni. Let αi,j
be the gates in Ci in the left-to-right order in the upward planar embedding of
C. For each layer, we partition the trace into blocks—each of which stores the
outputs of a gate in the layer. Fig. 2 shows a valid partitioning. In the figure,
gate a occupies block [1, 1], gate e occupies [3, 5], gate g occupies [1, 7], etc.
In general, a valid partitioning consists of a trace pi and intervals v(i, j)
associated with each gate αi,j such that v(i, j) overlaps precisely with the blocks
of the gates the gate αi,j depends on. Formally,
– intervals v(i, 1), v(i, 2), . . . , v(i, ni) are disjoint and partition [1, |pi|] for ev-
ery i,
– if αi+1,j depends on αi,p, αi,p+1, . . . , αi,q then v(i + 1, j) ⊆ ∪r=p,...,qv(i, r)
and v(i+ 1, j) overlaps with each v(i, r) for p ≤ r ≤ q,
C0 a b b b c c c
C1 d d e e e f f
C2 g g g g g g g
a b c
d e f
g
Fig. 2. An upward layered circuit (on the right) with its partition (on the left). The
path pi for the gate labelled e is highlighted.
Suppose we are given a valid partitioning. Then for i > 0 and every 1 ≤ j ≤ ni
we build a formula context ϕi,j mimicking the evaluation of the gate αi,j .
For example, suppose that the gate e in Fig. 2 is an OR gate and the values
of the block in the first layer is r = (a, b, b, b, c, c, c) ∈ B7 for some a, b, c ∈ B.
Recall that (ϕ U ψ)(i) = ψ(i) ∨ (ϕ(i) ∧ (ϕ U ψ)(i + 1)). Hence, if ϕ(i) = ⊥ then
(ϕ U ψ)(i) = ψ(i) and if ϕ(i) = ⊤ then (ϕ U ψ)(i) = ψ(i) ∨ (ϕ U ψ)(i + 1).
Further recall that χi,j is a proposition that is true on [i, j] and false otherwise.
On the Complexity of Temporal-Logic Path Checking 7
Hence, (χ3,4 U r)(1) = a, (χ3,4 U r)(2) = b and (χ3,4 U r)(5, 6, 7) = c. Also,
(χ3,4 U r)(4) = r(4)∨ (χ3,4 U r)(5) = b∨ c. Finally, (χ3,4 U r)(3) = r(3) ∨ (χ3,4 U
r)(4) = b ∨ (b ∨ c) = b ∨ c. So χ3,4 U r = (a, b, b ∨ c, b ∨ c, c, c, c). Performing a
similar calculation backwards, we get χ4,5 S(χ3,4Ur) = (a, b, b∨c, b∨c, b∨c, c, c)
which gives the value of block e in Fig. 2 and leaves other blocks unchanged.
Denote the type of αi,j by τ and the left and the right endpoint of v(i, j) by
l and r, respectively. Then ϕi,j is constructed as follows:
– If τ = ONE then ϕi,j(X) = χl,r ∨X .
– If τ = ZERO then ϕi,j(X) = (¬χl,r) ∧X .
– If τ = ID then ϕi,j(X) = X .
– If τ = OR then ϕi,j(X) = χl+1,r S (χl,r−1 UX).
– If τ = AND then ϕi,j(X) = χl+1,r T (χl,r−1 RX).
It can be shown that the formula context ϕi,j updates the block v(i, j) and
leaves the other blocks unchanged. Hence, the formula context ψi(X) = ϕi,1 ◦
ϕi,2 ◦ · · · ◦ ϕi,ni evaluates the i-th layer Ci of C.
Formally, for each layer Ci let ri ∈ Bn be a proposition such that ri(k) = ⊤
if k ∈ v(i, j) for some j and αi,j evaluates to ⊤ and ri(k) = ⊥, otherwise. Then,
the formula ϕ = (ψk ◦ ψk−1 ◦ · · · ◦ ψ1)(r0) computes the output of the circuit.
Lemma 1. Let ψi, ϕ be as above. Then ψi(ri−1) = ri and ϕ(r0)(1) = ⊤ if and
only if C evaluates to ⊤. Moreover, ϕ can be built in L.
Finally, we show how to devise v(i, j)’s – the partitioning of the trace. With-
out loss of generality, connecting to a gate in the previous layer if necessary, we
assume that all ONE and ZERO gates not in C0 have at least one predecessor.
Given a gate αi,j there is unique rightmost gate in the layer Ci+1 that αi,j
is connected to by a wire. Now, start at αi,j and take the rightmost wires until
the sink is reached. Denote the traversed path by piu. Similarly, there is unique
rightmost gate in the layer Ci−1 that αi,j is connected to by a wire. Start at αi,j
and take the rightmost wires going down until a gate in C0 is reached. Denote
the traversed path by pid. Let pi be the concatenation of pid and piu. (See Fig. 2)
Let ki,j be the number of wires to the left of pi. A wire from αi,j to αi+1,k is
to the left of the wire from αi,a to αi+1,b if j < a or k < b. We store the output
of gate αi,j in the block v(i, j) := [ki,j−1 + 1, ki,j + 1]. We use ki,0 = 0.
Fig. 2 shows a circuit and the partitioning obtained by the above procedure.
The rightmost wire going up and down from e are e→ g and c→ e, respectively.
Thus, piu = e → g and pid = c → e. The path pi = c → e → g is highlighted
in the figure. Four wires a → d, b → d, b → e, d → g are to the left of pi. We
associate the block [3, 5] with gate e. All blocks, grouped by layers, are shown
in Fig. 2.
The following lemma summarises the important properties of ki,j ’s.
Lemma 2. Let ki,j’s and v(i, j)’s be as above. Then the following hold:
– ki,j−1 < ki,j for every i and j,
– ki,ni = kj,nj for every i and j,
– ki,ni ≤ m for every i,
– for every i and j = 1, . . . , ni the intervals v(i, j)’s partition [1, ki,ni ],
8 Daniel Bundala and Joe¨l Ouaknine
– if αi+1,j depends on αi,p, αi,p+1, . . . , αi,q then v(i + 1, j) ⊆ ∪r=p,...,qv(i, r)
and v(i + 1, j) overlaps with each v(i, r) for p ≤ r ≤ q,
– each ki,j can be computed in L.
This finishes the reduction from upward-layered CVP to LTL path checking. It
was shown in [8] that the latter is in AC1[logDCFL]. Therefore:
Theorem 2. The CVP for upward-layered monotone circuits is in AC1[logDCFL].
An alternative proof of Theorem 2 already appeared in [10]. Moreover, the
relationship shows that any improvement in LTL path checking would entail an
improvement in the evaluation of upward-layered monotone circuits.
The above reduction assumes the monotonicity of the input circuit. However,
if the target logic LTL is extended to include binary exclusive or (xor) as a
connective, then evaluating NOT gates becomes possible using ϕi,j(X) = χl,r ⊕
X as a formula context for NOT gate αi,j . Noting that CVP is P-complete for
general (non-monotone) upward stratified circuits [6], we have the following:
Theorem 3. LTL+ Xor path checking is P-complete.
Thus, the complexity of LTL path checking depends on the monotonicity of
the Boolean connectives present in the formula.
4 MTL path checking is efficiently parallelisable
We now show how the tree-contraction method of [8] extends to full MTL; giving
an AC1[logDCFL] path-checking algorithm for MTL. By [8], summarised in Sec-
tion 2, it suffices to give upward stratified transducer circuits for UI and its duals.
Let pi be the input trace with (floating-point) timestamps t1, . . . , tn. Fix an in-
terval I and consider the UI operator. We now describe a dynamic-programming
approach that yields planar circuits calculating (ψ1 UI ψ2)(i). For i 6= j the val-
ues (ψ1UI ψ2)(i) and (ψ1UI ψ2)(j) depend on the values of subformulae in some
future intervals. In general, these intervals overlap and so naive constructions of
transducer circuits are not planar. See Fig. 3 for the kind of circuits we build.
Recall, that the tree contraction is applied only to a leaf, its parent and its
sibling. Let s ∈ Bn be a vector. We need to construct only circuits for s UI ϕ
and ϕ UI s for known s. First consider the case sUI ϕ. (see left part of Fig. 3)
For index 1 ≤ i ≤ n the formula (sUI ϕ)(i) is true if there is j ≥ i such that
tj ∈ ti+I and ϕ(j) = ⊤ and s(k) = ⊤ for all i ≤ k < j. So let Ti = {j | tj ∈ ti+I}
be the set of indices in ti + I. If Ti = ∅ then (sUI ϕ)(i) = ⊥.
Otherwise, let first(i) = minTi and last(i) = maxTi be the first and the last
index in the interval ti + I, respectively. So (s UI ϕ)(i) is true if there exists
first(i) ≤ j ≤ last(i) such that ϕ(j) = ⊤ and s(k) = ⊤ for all i ≤ k < j.
Now, the value of s is known. So let seg(i) = min{j | j ≥ i∧s(j) = ⊥} be the
first index no smaller than i such that s(j) evaluates to false, i.e., s(j) is true from
i to seg(i)− 1. Thus, (sUI ϕ)(i) is true if there exists first(i) ≤ j ≤ last(i) such
On the Complexity of Temporal-Logic Path Checking 9
ϕ1 ϕ2 ϕ3 ϕ4 ϕ5 ϕ6 ϕ7
t : 1
s : ⊥
2
⊤
3
⊤
4
⊤
5
⊤
6
⊤
8.5
⊥
∨
∨
∨
∨
∨
∨
∨
∨
o1 o2 o3 o4 o5 o6 o7
⊥ ⊥
ϕ1 ϕ2 ϕ3 ϕ4 ϕ5 ϕ6 ϕ7
t : 1
s : ⊥
2
⊥
3
⊥
3.5
⊥
3.8
⊤
4
⊥
4.5
⊤
∧
∧
∧
∧
∧
∧
∧
∧
∧
∧
∧
∧
∧
o1 o2 o3 o4 o5 o6 o7
⊥
Fig. 3. Transducer circuits for sU[1,5] ϕ and ϕU[1,5] s. The first line below the circuits
are timestamps, the second row are values of s. Note that different timestamps and s
are used in the two examples. The inputs and the outputs of the circuits are denoted
ϕi and oi respectively.
that ϕ(j) = ⊤ and j ≤ seg(i). So take Li = first(i) and Ri = min(last(i), seg(i)).
Then (sUI ϕ)(i) is true if
∨
Li≤j≤Ri
ϕ(j) is true.
To build the circuits, we formalise the intuition from the left half of Fig. 3.
The circuit C consists of internal gates dp,q and output gates oi for each 1 ≤ i ≤ n.
Each internal gate dp,q calculates ϕp ∨ · · · ∨ ϕq. Precisely, dp,q is present in the
circuit if there is an i such that Li ≤ p ≤ q ≤ Ri. If p = q then l(dp,q) = (ID, ϕp).
Otherwise, l(dp,q) = (OR, dp,q−1, dp+1,q).
For the output gates, we define oi so that oi =
∨
Li≤j≤Ri
ϕ(j) = (s UI ϕ)(i).
Specifically, if Ti = ∅ then we set l(oi) = ⊥, otherwise, l(oi) = (ID, dLi,Ri).
An embedding γ : C → R2 for the circuit C is γ(oi) = (i, n), γ(ϕi) = (i, 0)
and γ(dp,q) = (p, q − p + 1). Observe that Li ≤ Li+1 and Ri ≤ Ri+1. Hence, it
cannot happen that Li < Lj ≤ Rj < Ri for some i and j. So the intervals may
overlap but never is one properly contained in another. This ensures that the
embedding is planar.
Finally, note that it is possible to compute Li and Ri for every i in logarithmic
space. Hence, the circuit construction can be carried out in logarithmic space.
Lemma 3. Let p be any proposition. For each i, set the input ϕi of the circuit
to p(i). Then for each j, the value of oj is true if and only if (sUI p)(j) is true.
We now give an analogous derivation and circuit construction for ϕUI s. See
the right side of Fig. 3 for an example of a resulting circuit.
For index 1 ≤ i ≤ n the formula (ϕ UI s)(i) is true if there exists j ≥ i
such that tj ∈ ti + I and s(j) = ⊤ and ϕ(k) = ⊤ for all i ≤ k < j. Since s is
known, we choose the first possible j. So let limit(i) = min{j | first(i) ≤ j ≤
last(i) ∧ s(j) = ⊤} be the first j in the interval ti + I such that s(j) is true.
If there is no such index then (ϕUI s)(i) = ⊥. Otherwise, (ϕUI s)(i) is true
if ϕ(k) = ⊤ for all i ≤ k < limit(i). That is, (ϕ UI s)(i) =
∧
i≤j<limit(i) ϕj .
10 Daniel Bundala and Joe¨l Ouaknine
Now, the circuit C (see right half of Fig. 3) consists of gates cp,q calculating
ϕp ∧ · · · ∧ ϕq and output gates oi for i = 1 . . . n. The gate cp,q is present in C
if there is i such that i ≤ p ≤ q < limit(i). If p = q then l(cp,q) = (ID, ϕp).
Otherwise, l(cp,q) = (AND, cp,q−1, cp+1,q).
For output, we set oi so that oi =
∧
i≤j<limit(i) ϕj = (ϕUI s)(i). If limit(i) =
∞ then l(oi) = ⊥, if limit(i) = i then l(oi) = ⊤ and else l(oi) = (ID, ci,limit(i)−1).
The embedding γ : C → R2 of the circuit C is the same as above, γ(oi) =
(i, n), γ(ϕi) = (i, 0) and γ(cp,q) = (p, q − p + 1). Since, i < j implies limit(i) ≤
limit(j), the embedding is planar.
This finishes the construction of circuits for UI . Circuits for the dual op-
erators of UI are obtained either by dualising OR and AND gates (Release
operator), by performing the construction backwards in time (Since operator) or
both (Trigger operator). Therefore,
Theorem 4. MTL path checking is in AC1[logDCFL].
A considerably weaker result appeared in [9], where the authors gave circuits
and an AC1[logDCFL] algorithm only for a fragment of MTL interpreted over
traces with integral timestamps ti = i and intervals of the form [0, a] for a ∈ N.
5 UTL
The most complicated circuits in the LTL path-checking algorithm [8] correspond
to s U ψ and ψ U s formulae. As in the case of MTL, the circuits are also not
uniform but depend on s. In this section, we devise an AC1 tree-contraction
algorithm for UTL—the fragment of LTL obtained by omitting binary temporal
operators. The algorithm works even if XOR is allowed and is based on the
analysis of functions arising in the tree contraction algorithm applied to UTL
formulae. First consider the future-only fragment of UTL.
Let p ∈ Bn be any proposition. If p(i) = ⊥ for every i then (Fp)(i) = ⊥
for every i. Otherwise, let i be the largest index such that p(i) = ⊤. Then,
(Fp)(j) = ⊤ for all j ≤ i. By construction, p(k) = ⊥ for all k > i. Hence,
(Fp)(k) = ⊥ for all k > i. Thus, Fp is downward monotone and depends only on
the largest i with p(i) = ⊤. In particular, only n+1 possible values exist for Fp.
Similarly, let t be the largest index such that p(t) = ⊥. Then p(j) = ⊤ for
all j > t. Hence (Gp)(j) = ⊤ for all j > t. Since p(t) = ⊥ we have (Gp)(k) = ⊥
for all k ≤ t. Thus, Gp is upward monotone and depends only on the largest t
with p(t) = ⊥. In particular, only n+ 1 possible values exist for Gp.
So for any formula ψ the value of F ◦ ψ or G ◦ ψ is a monotone vector—of
which there are only 2n many. Hence for any formula context ϕ(X), the formula
contexts ϕ ◦ (FX) and ϕ ◦ (GX) can be represented as g ◦ F or g ◦ G where
g : M → Bn is a function with monotone domain . Since |M| = O(n),
enumerating all outputs of g explicitly requires only |g| = O(n2) space. Similar
results hold for the past equivalents of G and F.
Now, Boolean operators are applied componentwise and obey the usual iden-
tities: ⊥ ∧ p = ⊥,⊤ ∧ p = p,⊥ ∨ p = p,⊤ ∨ p = ⊤,⊥ ⊕ p = p and ⊤ ⊕ p = ¬p.
On the Complexity of Temporal-Logic Path Checking 11
Therefore, to represent partial evaluation of conjunction (p∧X, x∧X), disjunc-
tion (p∨X,X ∨ p) and xor (p⊕X,X ⊕ p) it suffices to keep track whether each
component is ⊥,⊤ or equal to the original or the negation of the value in X .
Furthermore, Next (Xp) and Yesterday (Yp) temporal operators shift p by
1 and −1, respectively. Let m be the size of the input formula. The last two
paragraphs motivate the definition of filters: let v ∈ {⊥,⊤, ID,NOT}n and k ∈
[−m,m] satisfy v(i) ∈ B if i+ k 6∈ {1, . . . , n}. Then a filter with offset k and
pattern v is the function fv,k : B
n → Bn such that
fv,k(p)(i) =


⊥ if v(i) = ⊥
⊤ if v(i) = ⊤
p(i+ k) if v(i) = ID
¬p(i + k) if v(i) = NOT
The identity function as well as the partial evaluation of conjunction, disjunc-
tion, and xor are expressible as filters with offset 0. Temporal operators Next
and Yesterday are identity filters with offsets 1 and −1, respectively. Note that
filters are closed under composition.
Storing v explicitly and k in unary requires O(n + |ϕ|) bits per filter. By
fully expanding the definition, we can evaluate and compose two filters in AC0.
Moreover, if g : M → Bn is a function with monotone domain then (fv,k ◦ g) :
M→ Bn is also a function with monotone domain and the composition in AC0.
Lemma 4. There are uniform AC0 circuits calculating fv,k ◦fv′,k′ and fv,k(p)(i)
and fv,k ◦ g and F ◦ g and G ◦ g, where f ’s are filters and g is a function with
monotone domain.
We represent the functions arising in the tree-contraction algorithm as fol-
lows. If the contracted subtree S does not contain F or G operators then it is
representable by a filter. If it contains F or G then let T be the first such occur-
rence. Then the segment from the leaves to T is representable by a filter and the
segment above T is representable by a function with monotone domain. Thus,
the function h associated with S can be represented as:
h =
{
filter no temporal operator
f ◦ T ◦ filter T is the first temporal operator; f : M→ Bn
Now, if the contracted node is a Boolean connective, X or Y then we calculate
fv,k◦h for an appropriate filter. If the contracted node is F or G then we calculate
F ◦ h or G ◦ h. In either case, the resulting function is representable using the
above format. Moreover, by Lemma 4, the composition is in AC0. Hence, the
complexity of the tree contraction algorithm is AC1[AC0] = AC1.
Theorem 5. UTL path checking is in AC1.
Same results apply to past temporal operators. Note that the construction
works also when the negation is applied to arbitrary subformulae, and not only
to propositions. Also note that F[a,∞)p is downward monotone and the corre-
sponding circuits are constructible in logarithmic space. Therefore, the above
12 Daniel Bundala and Joe¨l Ouaknine
arguments apply to the more powerful logic UTL≥ obtained by allowing F[a,∞)
and G[b,∞) operators. To the best of our knowledge, UTL≥ is the most expressive
and powerful fragment of LTL with a sub-AC1[logDCFL] path-checking problem.
6 Conclusion
The results obtained in this paper shed further light on the complexity land-
scape of temporal-logic path-checking problems. Several open questions however
remain, the main one being to determine the precise complexity of LTL path
checking. In particular, there has been no progress on the trivial NC1 lower
bound over the past ten years. Furthermore, might it be possible to separate the
complexity of LTL and MTL, or of these logics and their future-only fragment?
Acknowledgments. This research was financially supported by EPSRC.
References
1. C. Artho, H. Barringer, A. Goldberg, K. Havelund, S. Khurshid, M. Lowry,
C. Pasareanu, G. Rosu, K. Sen, W. Visser, and R. Washington. Combining test
case generation and runtime verification. Theoretical Computer Science, 336(2-3),
2005.
2. D.A.M. Barrington, Chi-Jen Lu, P.B. Miltersen, and S. Skyum. On monotone
planar circuits. In Proceedings of Fourteenth Annual IEEE Conference on Compu-
tational Complexity, 1999., 1999.
3. T. Chakraborty and S. Datta. One-input-face MPCVP is hard for L, but in LogD-
CFL. In S. Arun-Kumar and Naveen Garg, editors, FSTTCS 2006: Foundations
of Software Technology and Theoretical Computer Science, volume 4337 of Lecture
Notes in Computer Science. 2006.
4. S. Demri and Ph. Schnoebelen. The complexity of propositional linear temporal
logics in simple cases. Information and Computation, 174(1):84 – 103, 2002.
5. B. Finkbeiner and H. Sipma. Checking finite traces using alternating automata.
Formal Methods in System Design, 24(2):101–127, October 2004.
6. L. M. Goldschlager. The monotone and planar circuit value problems are log space
complete for P. SIGACT News, 9, July 1977.
7. R. M. Karp and V. Ramachandran. Parallel algorithms for shared-memory ma-
chines. In Handbook of Theoretical Computer Science, Volume A: Algorithms and
Complexity (A). 1990.
8. L. Kuhtz and B. Finkbeiner. LTL path checking is efficiently parallelizable. In
Proceedings of the 36th Internatilonal Colloquium on Automata, Languages and
Programming: Part II, ICALP ’09, 2009.
9. L. Kuhtz and B. Finkbeiner. Efficient parallel path checking for linear-time tem-
poral logic with past and bounds. Logical Methods in Computer Science, 8(4),
2012.
10. N. Limaye, M. Mahajan, and J. M. N. Sarma. Evaluating monotone circuits on
cylinders, planes and tori. In Symposium on Theoretical Aspects of Computer
Science: STACS, 2006.
11. O. Maler and D. Nickovic. Monitoring temporal properties of continuous signals.
Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems,
2004.
On the Complexity of Temporal-Logic Path Checking 13
12. N. Markey and Ph. Schnoebelen. Model checking a path (Preliminary report). In
Proceedings of the 14th International Conference on Concurrency Theory, Lecture
Notes in Computer Science 2761. Springer, 2003.
13. H. L. S. Younes and R. G. Simmons. Probabilistic verification of discrete event
systems using acceptance sampling. In Proeedings of the 14th International Con-
ference on Computer Aided Verification, volume 2404 of LNCS. Springer, 2002.
14 Daniel Bundala and Joe¨l Ouaknine
A Proof of Lemma 2
Proof. Note that, due to planarity of the underlying circuit, each αi,j depends
on the consecutive block of gates one layer below and that αi,j and αi,j+1 share
at most one predecessor.
– ki,j−1 < ki,j Note that for any i, j, the rightmost predecessor (successor)
of αi,j is always to the right in the planar embedding of to the rightmost
predecessor (successor) of αi,j−1. Let pi be the path constructed by taking
the rightmost wires starting from αi,j . In particular, the wire from αi,j−1 to
its rightmost predecessor is strictly to the left of pi. Thus, ki,j−1 < ki,j as
necessary.
– ki,ni = kj,nj ≤ m for every i and j. Since the rightmost gate can only
be a predecessor of the rightmost gate one layer higher, it follows that the
path pi is equal for all rightmost gates in all layers.
– for every i and j = 1, . . . , ni the intervals v(i, j)’s partition [1, ki,ni].
By the first part, all v(i, j)’s in the same layer are disjoint. By construction,
they cover [1, ki,ni ] entirely.
– if αi+1,j depends on αi,p, αi,p+1, . . . , αi,q then
v(i + 1, j) ⊆
⋃
r=p,...,q
v(i, r)
and v(i+1, j) overlaps with each v(i, r) for p ≤ r ≤ q. Construct the
paths by taking the rightmost wires from αi+1,j−1, αi+1,j , αi,p and αi,q and
denote them by pij−1, pi, pip and piq respectively. Notice that pi and pip coincide
on the layers above i + 1 and that pi and piq coincide on the layers below i.
On the other hand, piq is always to the right of pip. Thus, ki,p < ki+1,j ≤ ki,q.
Also, pij−1 is always to the left of pip. Thus ki+1,j−1 < ki,p as required.
– each ki,j can be computed in L. The algorithm needs to keep track of
one counter: number of wires strictly to the left, and the current gate. By
traversing the list of wires, it is easy to calculate the rightmost wire going up
(down). By another pass through the list of wires, the counter is incremented
by the wires to the left in the current layer.
⊓⊔
B Proof of Lemma 1
Lemma 5. Fix i > 0, j and let p ∈ Bn be any proposition that agrees with ri−1
on v(i, j). Then ϕi,j(p) is constant on v(i, j) and equals the output of αi,j and
ϕi,j(p) is equal to p elsewhere.
Proof. Case τ = ONE Since ⊥ ∨ x = x and ⊤ ∨ x = ⊤, it holds that
(χl,r ∨ p)(i) =
{
⊤ ∨ p(i) = ⊤ if i ≤ l ≤ r
⊥ ∨ p(i) = p(i) otherwise
Case τ = ZERO Similar to above, using ⊤ ∧ x = x and ⊥ ∧ x = ⊥.
On the Complexity of Temporal-Logic Path Checking 15
Case τ = ID Trivial as ϕi,j is the identity formula context.
Case τ = OR Using the equality r U s = s ∨ (r ∧ X(r U s)), it follows
that (χl,r−1 U p)(i) = p(i) for i 6∈ [l, r − 1] as χl,r−1(i) = ⊥. In particular,
(χl,r−1 U p)(r) = p(r). By induction, one can easily show that (χl,r−1 U p)(j) =
p(j) ∨ p(j + 1) ∨ · · · ∨ p(r) for j ∈ [l, r].
Similarly, for any proposition s, it holds that
(χl+1,r S s)(j) =
{
s(l) ∨ s(l + 1) ∨ · · · ∨ s(j) if j ∈ [l, r]
s(j) otherwise
Putting the above equalities together, we obtain that
ϕi,j(p)(k)(χl+1,r S (χl,r−1 U p))(k) =
{
p(l) ∨ p(l + 1) ∨ · · · ∨ p(r) if k ∈ [l, r]
p(k) otherwise
Case τ = AND Dual to the above. ⊓⊔
Proof (of Lemma 1). Let γj = ϕi,j ◦ϕi,2◦· · ·◦ϕi,ni . We shall prove by downward
induction that γj(ri−1) equals ri on v(i, j) ∪ · · · ∪ v(i, ni) and ri−1 elsewhere.
Case j = ni Immediate from Lemma 5 applied to ϕi,ni .
Case j < ni Let pi = γj+1(ri−1). Now, v(i, t)’s partition the trace, Lemma 2,
and, Lemma 5, the value of ϕi,j on v(i, j) depends only on the trace segment
v(i, j) and all other trace values are left unaffected. By the induction hypothesis,
pi agrees with ri−1 on v(i, j). Thus, ϕi,j(pi) equals ri on v(i, j) and pi everywhere
else. By the induction, ϕi,j(pi) equals ri on v(i, j)∪· · ·∪v(i, ni) and ri−1 elsewhere
as required.
Finally, by induction, it is easily seen that ϕ = (ψk ◦ψk−1 ◦ · · · ◦ψ1)(r0) = rn.
Thus r0 |= ϕ if and only if rn(1) = ⊤ which is precisely when the output gate of
the circuit evaluates to true. ⊓⊔
C Proof of Lemma 3
One can easily show by induction on q− p that dp,q = ϕp ∨ · · · ∨ϕq. As noted in
the main text,
pi, i |= s UI ϕ if and only if
∨
Li≤j≤Ri
pi, j |= ϕ is true.
The result now immediately follows.
D Proof of Lemma 4
Proof. We show only how to compose g : M → Bn and a filter f in AC0. Other
cases can be treated similarly. Let h = f ◦ g and for every admissible k let fk
be a Boolean variable which is true if and only if f has offset k. Then for any
input v ∈ M and index 1 ≤ i ≤ n. The value of h(v)(i) = (f(g(v)))(i). Now,
16 Daniel Bundala and Joe¨l Ouaknine
depending on the offset and the pattern p of f , the function h(v)(i) evaluates to
true if and only if
∨
k,1≤i+k≤n
(fk∧(((p(i+k) = ⊤)∨(p(i+k) = ID∧g(i+k))∨(p(i+k) = NOT∧¬g(i+k)))
is true where p(i + k) = ⊤, ID,NOT is a shorthand for the check that the
bits encoding p(i + k) encode the particular pattern. This is a constant depth
polynomial size formula, thus a circuit, as necessary. ⊓⊔
