∞-Regular temporal logic and its model checking problem  by Hamaguchi, Kiyoharu et al.
Theoretical Computer Science 103 (1992) 191-204 
Elsevier 
191 
W-Regular temporal logic and its 
model checking problem 
Kiyoharu Hamaguchi, Hiromi Hiraishi and Shuzo Yajima 
Department oj Information Science, Faculty of Engineering, Kyoto University, Kyoto 606, Japan 
Communicated by M. Takahashi 
Received September 1989 
Revised June 1991 
Abstract 
Hamaguchi, K., H. Hiraishi and S. Yajima, W-Regular temporal logic and its model checking 
problem, Theoretical Computer Science 103 (1992) 191-204 
In order to verify logic design formally, the model checking approach based on propositional 
temporal logics has been proposed and the approach has been successfully applied to verify finite 
state machines. Although many temporal logics have been exploited as specification languages, 
some of them do not have enough expressive power to characterize arbitrary behavior of finite 
state machines, while others have difficulties in finding design errors. Considering these problems, 
one of the authors proposed regular temporal logic (RTL). RTL is expressively equivalent to the 
class of regular sets, and it has a simple algorithm for finding errors. RTL cannot describe, 
however, a property called fairness, which is defined over infinite sequences, because it is defined 
over finite sequences. In this paper, firstly, we introduce a new temporal logic in$nitary regular 
temporal logic (wRTL), which is able to describe fairness, and show that its expressive power is 
equivalent to the class of finite unions of regular sets and w-regular sets. Secondly, we show how 
to reduce the formal verification of finite state machines to the model checking problem of wRTL 
and we prove that the complexity of the model checking problem is nonelementary. 
1. Introduction 
VLSI technology has developed rapidly in recent years, and its progress has 
enabled the design of one new logic system after the other. When the errors are not 
discovered at the design phase, the costs are higher to correct them. Therefore it is 
important to establish methods for verifying correctness of logic design. Logic 
simulation, which has been widely used to analyze the behavior of logic systems, 
cannot guarantee correctness of design in a strict sense, because the simulation 
results are obtained only for given input patterns. 
In order to verify correctness of logic design rigorously, forma1 verification 
methods have been developed [2, 3, 5, 12, 131. The aim of formal verification is to 
make sure whether a designed system satisfies a specification for it. 
0304-3975/92/$05.00 0 1992-Elsevier Science Publishers B.V. All rights reserved 
192 K. Hamaguchi et al. 
The first step to this goal is to describe mathematically both a specification and 
an implementation. The second step is to verify the design and to detect errors from 
the given descriptions of an implementation and a specification for it. 
In this paper, implementations are assumed to be given in the form of finite state 
machines such as sequential machines, because they are widely used and funda- 
mental in formalizing logic systems. As a language for describing specifications, we 
propose a new temporal logic called injinitary regular temporal logic (coRTL). As 
an approach for formal verification, model checking is employed, and the complexity 
of the model checking problem for mRTL is discussed. 
Various kinds of temporal logics have been exploited as extensions of classical 
logics and used to prove the correctness of concurrent programs [9] or to define 
rigorous semantics of programming languages [l] and logic systems [ 111. For the 
sake of formal verification, the satisfiability problem or the model checking problem 
of temporal logics can be applied. These problems are decidable for propositional 
temporal logics, although this is not the case forjrst-order temporal logics. In other 
words, propositional temporal logics can be utilized for automatic formal verification. 
Thus we consider propositional temporal logic. 
Some of new temporal logics have been developed for the purpose of formal 
verification of finite state machines [5, 151. In particular, Clarke et al. [5] have 
succeeded in verifying sequential machines of medium size using computational 
tree logic (CTL). It has been proved, however, that the traditional temporal logics 
and CTL cannot characterize all finite state machines [5, 151. 
Wolper [ 151 proposed extended temporal logic (ETL), whose expressive power 
is equivalent to that of the class of finite unions of regular sets and w-regular sets. 
In the approach of [14], it is difficult to analyze the cause of an error because 
specifications are transformed into finite automata in order to reduce formal 
verification of sequential machines to the inclusion problem of finite automata. 
Considering the problems stated above, one of the authors have proposed a class 
of propositional temporal logic, E-free regular temporal logic (e-free RTL). e-free 
RTL can express any finite behavior of finite state machines, because its expressive 
power is equivalent to the class of E-free regular sets. Furthermore, &-free RTL can 
easily find out the cause of errors from an E-free RTL formula which fails to hold, 
by using derivatives of the formula [7]. 
On the other hand, it is known that certain properties called fairness are useful 
in describing specifications [3]. For example, a property like “an event p occurs 
infinitely often” is called fairness, and it is used to restrict the scope of verification 
as in “a property Q holds under the constraint in which an event p occurs infinitely 
often”. Fairness, however, cannot be described in e-free RTL, because it is a property 
of infinite sequences and the semantics of r-free RTL is defined over finite sequences. 
In this paper, we propose ooRTL, which is an extension of E-free RTL. mRTL is 
powerful enough to express E-free regular sets and w-regular sets; it can express 
any infinite behavior of finite state machines as well as any finite behavior. It can 
also describe fairness. The complexity of model checking problem is shown to be 
nonelementary. 
InJinitary regular temporal logic 193 
This paper is organized as follows: Section 2 introduces wRTL and shows its 
expressive power. Section 3 discusses an outline of formal verification using c.cRTL 
and the complexity of the model checking problem. Section 4 summarizes this paper 
and gives future problems. 
2. Regular temporal logic 
2.1. Preliminaries 
In this section, the basic terminology is introduced. A jnitary word over an 
alphabet A is a finite nonempty sequence of symbols from A, and an w-word over 
A is an infinite sequence of symbols from A. An w-word over A is described as 
x,x2x3 . . . ) where x,, x2, x3,. . E A. The empty word, denoted by F, is the word with 
no symbol. An injinitary word over A is a finitary word, an w word over A or the 
empty word. 
Let x and y be infinitary words. 1x1 represents the number of symbols of x. If x 
is an w-word, then lx/= w. x(i) represents the ith symbol of x. If x is a finite word 
then x(i) is defined for 1,2,. . . , 1x1, and if x is an w-word then x(i) is defined for 
1,2,.... The concatenation of x and y, denoted by xy, is defined as follows. 
(1) If x = E, then xy( i) = y( i) for all i such that y(i) is defined. 
(2) If x is a finitary word, then xv(i) =x(i) for all i such that x(i) is defined, 
and xy(lxl+ i) = y( i) for all i such that y(i) is defined. 
(3) If x is an w word, then xy(i) =x(i) for all i such that x(i) is defined. 
A Language over A is a set of infinitary words over A. Let A,, A, and A be 
languages over A. The concatenation of A, and A,, denoted by A,A,, is {xy (x E A, 
and YE A,}. The Kleene closure of A, denoted by A*, is U::,, A’, where A’=(E) 
and A’+’ = A’A for all i =O, 1,. . . . The positive closure of A, denoted by A’, is 
UT=‘_, A’. The w-closure A” and a-closure A” are defined by 
A”=A*uA”. 
Definition 2.1. The a-regular sets over an alphabet A are defined inductively as 
follows. 
(1) The empty set denoted by fl, and {a}, where a E A, are oo-regular sets. 
(2) If A and B are cc-regular sets, then Au B, AB, A* and A’” are co-regular sets. 
If an co-regular set A is included in A" (A *), then A is called an w-regular set (regular 
set, respectively). If an a-regular set A does not contain the empty word e, then A 
is called e-fYee. 
It can be proved that any e-free co-regular set can be constructed similarly by 
using positive closure i-, instead of Kleene closure *. 
194 K. Hamaguchi et al. 
Proposition 2.2. For any a-regular set A over an alphabet A, A n A” can be represented 
by the$nite union of BC’“, for some regular sets B and C, 
Proof. Firstly, it is proved that, for any cc-regular set A, An A* is a regular set. 
Let a be an element of A and A, and A2 be co-regular sets. Then it is straightforward 







If A, n A* and A, n A” are regular sets, then the right-hand sides of the above 
equations are expressed by some regular expressions. Thus, for any a-regular set 
A, An A” is proved to be a regular set by the induction. 
Secondly, the proposition is proved. It is also easy to prove the following equations: 
l (dnA’“={a}nA”=@Y, 
l (A,uA,)nA’“= (A,nA’“)u(A,nA”‘), 
l ATnA”=(A,nA”)*(A,nAw), 
l A? n A’, = (A, n A*)w, 
l (A,A2)nA’“=(A,nA”)u(A,nA*)(A,nA”). 
Assume that A, n A” and A, n A”’ can be represented in the form of the finite 
union of BC” for some regular sets B and C. Since A, n A” and A3 n A* are regular 
sets, the right-hand sides of the above equations can also be represented in the same 
form. Thus the proposition is proved by the induction. 0 
By the above proposition and the results of [4, lo] or [6, Chapter 141, the class 
of w-regular sets (i.e., the intersections of a-regular sets and A”), is exactly the 
class of the languages accepted by w-finite automata of the type given in [4, lo]. 
This means that the o-regular sets defined here, can characterize the infinite behavior 
of an arbitrary w finite automaton. 
2.2. m-Regular temporal logic 
In this section, W-Regular temporal logic (wRTL) is defined. 
Definition 2.3 (Syntax). Let Ap be a set of atomic propositions of wRTL. Then 
wRTL formulae are defined inductively as follows: 
l if p E Al’, then p is an wRTL formula; 
l if n and 5 are wRTL formulae, then so are (1~) and (7 v 5); 
l if n and 5 are wRTL formulae, then so are (Oq), (n:<) and (On). 
“O”, “I” and “W are temporal operators and are read “next”, “concatenation” 
and “repeat”, respectively. 
Injnitary regular temporal logic 195 
In the following, sequences composed from the elements of a set of states 2 are 
handled. The set t; is regarded as an alphabet and the same notations, such as 1-, 
* etc., defined for words are also used for the sequences composed from the elements 
of 2. 
Definition 2.4 (Model and semantics). The semantics of WRTL is defined with respect 
to a finear model M = (1, I), where .E is a finite set of states and 1:X + 2AP is an 
interpretation function which assigns, to each state, a set of atomic propositions 
which are true at the state. 
M, u k 7) denotes that the mRTL formula v holds along the sequence g with 
respect to a linear model M. If there is no confusion, M is omitted like v + v. Let 
p be an atomic proposition, 7 and 5 be ERTL formulae. The relation I= is defined 
inductively as follows: 
(1) u l= p iff p E I(g(l)). 
(2) a!= (77) iff a# 7. 
(3) (T + (7 v 5) iff (T + 7 or u + 5. 
(4) CT b (Or]) iff 1~122 and pa.. . k 7. 
(5) a~(r]:~)iffthereexistsu,~~~~andu~~~~-{~}suchthatu=u,u,,u,~~ 
and uz + 5 or IuI = w and u + v. 
(6) u F (0~) iff there exists Ui E 2’ (i = 1,. . . , m - 1) and urn E En-{&} such that 
u=u,u~...u,,n and u, b 77 for all i or there exist an infinite number of finite 
sequences u,E~’ such that u=u,u2... and a, + rl (i=1,2 ,... ). 
An wRTL formula is satis$uble iff there exists some linear model M = (2, I) and 
some sequence UE Zr-{&} such that M, u k 7. 
Fig. 1. Intuitive meaning of logical connectives (1) 
196 K. Hamaguchi et al. 
Fig. 2. Intuitive meaning of logical connectives (2) 
Intuitive meanings of the logical connectives for a state sequence o E .Yc” - {F} are 
shown in Figs. 1 and 2. The sequences which end with states (0) represent finite 
sequences of states, and those which end with dashed lines represent infinite 
sequences of states. 
In the following. “A”, “3” and “3” are used, as usual, to represent Boolean 
“conjunction”, “implication” and “equivalence”. VT and V, represent any 
“tautology” and “invalid” formula respectively. Unary operators have higher pre- 
cedence than binary operators. If there is no ambiguity, parentheses “(” and “)” 
are omitted. 
Definition 2.5. Finite RTL is the subclass of aRTL, whose semantics domain is 
restricted to X’. 
Finite RTL is exactly the same as e-free RTL, cf. [7]. 
2.3. Co-Regular temporal logic and e-free a-regular sets 
In this section, firstly, some description examples of ooRTL are shown. Secondly, 
the relation between ooRTL and a-regular sets is discussed. 
Injnitary regular iemporal logic 197 
The formula whose intuitive meaning is the set of sequences of length 1 can be 
expressed by 
Len 1 d&f 70 Vr. 
Similarly, infinite and finite sequences are expressed by Inf and Fin defined 
respectively as follows: 
znf~f(vT:vF), Fin dzf ~lnf= -I( Vr : V,). 
Temporal operators “0” (“sometimes”) and “0” (“always”) used in many 
temporal logics are expressed as follows: 
OndAf r]v(Fin:~), 07 dzf 1017. 
Consider the condition that (1) p E AP is finitely true along an infinite sequence 
and (2) a unit time after p becomes true, q A lr or 1q A r is true. This condition 
can be expressed as follows: 
A = Inf~ q Op A O(p*o((q sir) v (iq A r))). 
Under the condition expressed by A, a fairness constraint such that both q and r 
become fairly true can be described by 
A+OOq A nor. 
In order to discuss the relation between aRTL and regular sets, we define 
LG? Mv), W-7 NV) and L,@, I)(n) as follows, where (1, I) is a linear model 
of wRTL and 77 is an wRTL formula. 
L(~,,)(77)~f{~IaE~“-{e},a~ ?t}. 
L,(~,I)(r])~f{alaE~~-,a~ 7). 
L,(E, I)(7t)dgf {cTlUEY, ffI= r]}. 
If there is no confusion, L(T) etc. are used instead of L(E, I)(v) etc. 
The following theorem shows the relation between aRTL and regular sets. 
Lemma 2.6. The complementation over E”- {F} of an CO-regular set is also an 
a-regular set. 
Proof. Let R be an co-regular set. It is easy to see that (2;” -{E}) - R = (2.’ - R) u 
(2” -R), and E“- R and 2” -R are known to be an a-free regular set and an 
w-regular set, respectively [8,4]. Hence (Z”-(e)) -R is also an 03 regular set. 0 
Theorem 2.7. For an arbitrary wRTL formula 77 and an arbitrary model (2, I) of 
QJRTL, L(I, I)(q) is an E-free co-regular set over 2. Conversely, for an arbitrary 
&-free a-regular set R over an alphabet E, an m RTL formula 77 such that L(2, Z)(q) = R 
can be constructed, by introducing, for each state s E 1, an atomic proposition p< such 
that I(s) = {p.,}. 
198 K. Hamaguchi et al. 
Proof. Let p be an atomic proposition and n and 5 be aRTL formulae. L(n) is 
shown to be an e-free ~0 regular set. 
(1) L(p)={sIsE~,pEI(S)}~~‘. 
(2) L(7) = (E;“-{a}) - L(n). 
(3) L(rl ” 5) = L(V)U L(5). 
(4) L(O77) = -WV). 
(5) L(rl: 5) = L(v)L(5). 
(6) L(ElTf)= L(7$u L(?jy. 
Obviously the right-hand side of (I) is an co-regular set. If L( 7) and L(l) are 
cc-regular sets, then the right-hand sides of (3)-(6) are a-regular sets. From Lemma 
2.6, the right-hand side of (2) is also an co-regular set. 
Conversely, for a given a-free cc regular set R, an wRTL formula F(R) such that 
L( F(R)) = R is constructed inductively as follows. Assume that R, and R2 are a-free 
W-regular sets. 
(1) F(0) = v,. 
(2) F(s) =p, A Lenl. 
(3) F(R,R2)= F(R,):F(R,). 
(4) F(R, u R,) = F( R,) v F( R,). 
(5) F(R:)= F(R,)v ((Fin r\mF(R,)): F(R,)). 
(6) F(R;“)=Cl(F(R,)r,Fin)r\Inf: 0 
Corollary 2.8. For any wRTL formula 77 and linear model (2, I) of wRTL, Lt(v) 
and L,(q) are an E-free regular set and an w-regular set, respectively. 
From the definition of L(v), L{(v) and L,(q), we can see that describing an 
wRTL formula 7 means giving a set of sequences of states. In other words, an 
wRTL formula n can be used to specify some property of sequences, and L(v) is 
a set of the sequences that have the property. 
3. The model checking problem of w-regular temporal logic 
In Section 3.1, we take sequential machines as a mathematical model of the 
implementation and show how formal verification of sequential machines are 
reduced to the model checking problem of wRTL. In Section 3.2, we discuss the 
decidability and the complexity of the model checking problem. 
3.1. Formal veri$cation and the model checking problem 
Let M = (X, Z, S, 6, A, sO) be a Mealy type deterministic sequential machine with 
an initial state, where X, 2 and S are finite nonempty sets of n binary input signals 
1nfinitar.v regular temporal logic 199 
x1,x2,..., x,, m binary output signals z,, z2,. . . , z,, and states, respectively. sg E S 
is the initial state. 6 :2x x S + S is the state transition function. (Although 6 may 
be a partial function, it is assumed that at least one next state is defined for each 
state in S.) A : 2x x S + 2= is the output function. (It is assumed that the A is defined 
so long as S is defined.) 
A possible input-output sequence of the sequential machine M is an injinite or 
jinite sequence p over 2x”z such that x, E p(k) iff x, = 1 at the kth input and z, E p(k) 
iffz,=latthekthoutput,wherei=1,2 ,..., n,j=l,2 ,..., mandk=l,2 ,..., IpI. 
When a specification of a sequential machine is described, the behavior of the 
machine is regarded as the set of all of its input-output sequences, and the properties 
which the sequences should satisfy are specified by an ooRTL formula. 
A possible input-output sequence can be identified with a sequence of states of 
ooRTL, by introducing atomic propositions p%, and pz, associated with input signal 
x, and output signal z,, respectively, such that px, is true iff xi = 1 and pz, is true iff 
z, = 1. From Theorem 2.7 and Corollary 2.8, a specification for a sequential machine 
can be described by using aRTL or finite RTL. 
In [7], specifications are described for jnite possible input-output sequences by 
using finite RTL. While finite RTL can express any finite behavior of sequential 
machines, a fairness constraint [3], which is important in writing input constraints, 
cannot be described. In this paper, we 
l adopt ooRTL to describe specifications and 
l focus our attention to only injinite possible input-output sequences of the 
machines. 
Assume that a specification formula, i.e., an ooRTL formula written as a 
specification, and a sequential machine as a design are given. Then the forma1 
verification is to check whether the specification formula holds along all the infinite 
possible input-output sequences (i.e., state sequences of a linear mode1 of coRTL) 




Fig. 3. A specification and an implementation of a sequence detector. 
200 K. Hamaguchi et al. 
For example, the specification Spec and the implementation of a sequence detector 
are shown in Fig. 3. The arrow & points to the initial state of the machine. The 
output z becomes 1 iff the previous consecutive 4 inputs are exactly 1001. It is 
required that Spec holds along all infinite possible input-output sequences of the 
machine. 
Here a structure model is introduced to handle possible input-output sequences 
easily and the model checking problem of aRTL is defined. 
Definition 3.1. K = (2, Z, R, &) is called a structure model, where 
l (E, I) is a linear model of coRTL. 
l R G 1 x .E is a binary relation on 1 and denotes the possible transitions between 
states. 
l &G 2 is a set of initial states. 
For a structure model K, a finite sequence of states r = s, . . . s, is called a finite 
path from s, to s, iff (s;, s,+,) E R for all i = 1,2, . . . , n - 1. An infinite path r = s,sz . . . 
is defined in a similar way. 
An coRTL formula n is said to be existentially (K, s)-true if n holds along some 
finite or infinite path from s in the structure model K; otherwise it is called universally 
(K, s)-false. rl is universally (K, s)-true if n holds along all finite and all infinite 
paths from s in the structure model K ; otherwise it is called existentially (K, s)-false. 
Furthermore, n is said to be existentially (universally) K-true if 77 is (K, s,,)-true for 
some (respectively all) s,, E I,,. 
When only finite paths on the structure model K are considered, the terms 
existentially (or universally) (K, s)-jnite true are employed. Similarly, in case of 
considering only infinite paths, existentially (or universally) (K, s)-omega true are 
employed. 
For an ooRTL formula n and a structure model K, the$nite model checkingproblem 
is to determine whether the formula is existentially K-finite true. Similarly, the 
w-model checking problem is to determine whether the formula is existentially 
K-omega true. 
Obviously, for an ooRTL formula n and a structure model K, 
l 77 is universally K-true iff 171 is universally K-false, 
l n is universally K-finite true iff 17 is universally K-finite false, 
0 n is universally K-omega true iff 17~ is universally K-omega false. 
The structure model K corresponding to a designed sequential machine M is 
constructed as shown in the following. Informally K is constructed so that every 
possible input-output sequence of M appears as a projective image of an infinite 
path on K and, conversely, the projective image of every infinite path on K is a 
possible input-output sequence of M. 
Let M be a Mealy machine (X, 2, S, 8, A, Q). The structure model K = (2, Z, R, &) 
which corresponds to M is constructed as follows: 
. ~={s;,,,~Is,ES,~E~~, kE2=,h(j,s,)=k}, 
201 Injinitary regular temporal logic 
I(d,,,k) = {Px Ix Ed LJ {Pz I z E kl> 
R = {(sz,j,k, s~,,,‘,A.)Is~,/,L, s ,, ,.L,E ‘7 S(_i, ‘,I = ‘,*I, 
2” = {&,k I 4JJ.k E 21. 
Since in a given machine, each state is assumed to have at least one successor, 
the relation R of the structure model generated from the machines becomes a total 
relation. The structure model corresponding to the sequence detector of Fig. 3 is 
shown in Fig. 4. The states are represented by 0 and the assignment of the truth 
values for the atomic propositions at each state are represented by the atomic 
propositions or their negations in 0’s. The arrows 3 point to the initial states of 
the structure model. 
Fig. 4. A structure model of the sequence detector. 
When ooRTL is adopted as a specification description language, the formal 
verification problem of a designed machine becomes to check whether a specification 
formula n is universally K-omega true, i.e., w-model checking problem for 17 on 
K, where K is a structure model constructed from the machine. 
3.2. Decidability and complexity of the w-model checking problems 
Firstly, in this section, the decidability of the w-model checking problem is shown. 
Secondly, the DTM (deterministic Turing machine) space complexity of the w-model 
checking problem is shown to be nonelementary. 
Theorem 3.2. The w-model checking problem is decidable. 
Proof. Let K = (2, I, R, &) be a structure model and 7 be an wRTL formula. The 
theorem is proved by reducing the w-model checking problem to the empty set 
problem of w-regular sets, which is decidable [4]. Let 
L,~(K)d~f{~,~z...l~,~~,,(~j,~,+,)~R forall i=1,2 ,... }. 
202 K. Hamaguchi et al. 
Then it is easily shown that an w-finite automaton of the type shown in [4] which 
accepts L,(K) can be constructed. Thus L,(K) is an w-regular set from the results 
of [4, lo]. The w-model checking problem is equivalent to the problem of checking 
whetherL,(n)nL,(K)=O.SinceL,(n)nL,(K)’ 1s an w-regular set from Theorem 
2.7, the w-model checking problem is reduced to the empty set problem of w-regular 
sets. 0 
The complexity of o-model checking problem is shown to be nonelementary by 
reducing the finite model checking problem to the w model checking problem. 
Proposition 3.3 (Hiraishi [7]). The DTM (deterministic Turing machine) space com- 
plexity of the _finite model checking problem of wRTL is nonlementary. 
Theorem 3.4. The DTM space complexity of the w-model checking problem of wRTL 
is nonelementary. 
Proof. Let K = (2, I, R, E,,) be a structure model and n be an wRTL formula. The 
finite checking problem for n on K is reduced to the w model checking problem 
for an wRTL formula 7’ on a structure model K’. 
Firstly, K’= (X’, I’, R’, 2;) is constructed. Here a state .sd and an atomic proposi- 
tion pd are introduced and they are assumed to be distinguishable from the other 
states and atomic propositions of K respectively. Intuitively, all the states in 2 are 
connected with sd, the atomic proposition pd is true only at the state sd, and sd has 
an edge to itself. 
Z’(s) = 1 I(s) ifsE1, {pd} ifs=sd; 
Secondly, q’ is constructed as follows: 
If n is existentially K-finite true, then there exists a finite path r such that n + 7. 
Let rr’= s,sz.. . s, in K’ be the finite path corresponding to rr = slsz . . . s, in K. 
Since rr) + (7 A nip, A Fin) and (s,, sd) E R’, 7’ holds along slsz . . . s,sdsd. . . . Con- 
versely, if 7’ is existentially K’-omega true, then there exists a finite path GT’ such 
that V’ + (r) A Clip, A Fin) and r’ does not contain sd. Hence n is existentially 
K-finite true. 
Since the construction of K’ and 7’ can be done in time O(lCl) and O(1) 
respectively, the finite model checking problem can be transformed to the w-model 
checking problem in elementary time. 0 
Injnitary regular temporal logic 203 
4. Conclusion 
In logic design, it is indispensable to guarantee the correctness of a designed 
system, that is, to verify formally that the behavior of the designed system satisfies 
a specification for it. 
In this paper, firstly, co-regular temporal logic has been proposed as a specification 
language. Its expressive power was proved to be equivalent to the class of a-regular 
sets, i.e., the class of the finite unions of regular sets and w-regular sets. This means 
that wRTL can express any behavior of finite state machines. 
Secondly, the model checking problem of wRTL was defined. Focusing on infinite 
behaviors of finite state systems, we showed how to reduce the formal design 
verification of sequential machines to the w-model checking problem of wRTL. 
Furthermore the complexity of the w-model checking problem was shown. 
As one of the other future problems, development of some practical model 
checking algorithm is important. It seems that the nonelementary complexity of the 
problem makes the model checking of aRTL extremely impractical. However, finite 
RTL, whose model checking complexity is also nonelementary, has a fairly feasible 
algorithm for its model checking, and some sequential machines have been success- 
fully verified [7]. It is expected that the similar algorithm is constructed for wRTL. 
Acknowledgment 
The authors would like to express their sincere appreciation to Dr. N. Takagi, 
Dr. N. Ishiura and all the members of the Yajima Laboratory in Kyoto University 
for their precious discussions and advice. 
References 
[I] H. Barringer, The use of temporal logic in the compositional specification of concurrent systems, 
in: A. Galton, ed., Temporal Logics and rheir Applications (Academic Press, London, 1987) 53-90. 
[2] G.V. Bochmann, Hardware specification with temporal logic: an example, IEEE Trans. Comput. 
C-31(3) (1982) 223-231. 
[3] M.C. Browne, E.M. Clarke, D.L. Dill and B. Mishra, Automatic verification of sequential circuits 
using temporal logic, IEEE Trans. Comput. C-35(12) (1986) 1035-1044. 
[4] J.R. Biichi, On a decision method in restricted second order arithmetic, in: Proc. Internat. Congr. 
Logic Methodology and Philosophy of Science 1960 (Stanford University Press, 1962) 1-12. 
[S] E.M. Clarke, E.A. Emerson and A.P. Sistla, Automatic verification of finite state concurrent systems 
using temporal logic specifications: a practical approach, Proc. 10th ACM Symposium on Principles 
of Programming Languages (1983) 117-126. 
[6] S. Eilenberg, Automata, Languages, and Machines, Vol. A (Academic Press, New York, 1974). 
[7] H. Hiraishi, Design verification of sequential machines based on a model checking algorithm of 
e-free regular temporal logic, in: Proc. Computer Hardware Descripfion Languages and their Applica- 
tions (1989) 249-263. 
[8] J.E. Hopcroft and J.D. Ullman, Forma/ Languages and their Relation to Automata (Addison-Wesley, 
Reading, MA, 1969). 
204 K. Hamaguchi et al. 
[9] Z. Manna and A. Pnueli, Verification of concurrent programs: the temporal framework, in: R.S. 
Boyer and J.S. Moore, eds., The Correctness Problem in Compurer Science (Academic Press, London, 
1981) 215-273. 
[lo] R. McNaughton, Testing and generating infinite sequences by a finite automaton, Inform. and 
Control 9 (1966) 521-530. 
[ll] B. Moszkowski, Reasoning about digital circuits, Ph.D. Dissertation, Tech. Rept. STAN-CS-83.970, 
Stanford University, 1983. 
[12] H. Nakamura, M. Fujita, S. Kono and H. Tanaka, Temporal logic based fast verification system 
using cover expressions, in: IFIP VLSI ‘87 (1987) 67-80. 
[13] T. Uehara, T. Saito, F. Maruyama and N. Kawato, DDL verifier and temporal logic, in: Proc. 6th 
Infernat. Symp. on Computer Hardware Description Languages (1983) 91-102. 
[14] M. Vardi and P. Wolper, An automata theoretic approach to automatic program verification, in: 
Proc. Symp. on Logic in Computer Science (1986) 332-344. 
[15] P. Wolper, Temporal logic can be more expressive, in: Proc. 22nd Ann. Symp. on Foundations of 
Computer Science (1981) 340-348. 
