A first-order logic characterization of safety and co-safety languages

TL;DR

This paper introduces first-order logic fragments, SafetyFO and coSafetyFO, that precisely characterize safety and co-safety languages definable in LTL, providing new insights into their logical and automata-theoretic properties.

Contribution

It defines SafetyFO and coSafetyFO fragments of FO-TLO that are expressively complete for SafetyLTL and coSafetyLTL, clarifying their relationship and simplifying their characterization.

Findings

SafetyFO and coSafetyFO exactly characterize safety and co-safety LTL languages.

Any safety language definable in LTL is also definable in SafetyLTL.

Over finite words, SafetyLTL without the tomorrow operator captures the safety fragment of LTL.

Abstract

Linear Temporal Logic (LTL) is one of the most popular temporal logics, that comes into play in a variety of branches of computer science. Among the various reasons of its widespread use there are its strong foundational properties: LTL is equivalent to counter-free omega-automata, to star-free omega-regular expressions, and (by Kamp's theorem) to the First-Order Theory of Linear Orders (FO-TLO). Safety and co-safety languages, where a finite prefix suffices to establish whether a word does not belong or belongs to the language, respectively, play a crucial role in lowering the complexity of problems like model checking and reactive synthesis for LTL. SafetyLTL (resp., coSafetyLTL) is a fragment of LTL where only universal (resp., existential) temporal modalities are allowed, that recognises safety (resp., co-safety) languages only. The main contribution of this paper is the introduction of a fragment of FO-TLO, called SafetyFO, and of its dual coSafetyFO, which are expressively complete with respect to the LTL-definable safety and co-safety languages. We prove that they exactly characterize SafetyLTL and coSafetyLTL, respectively, a result that joins Kamp's theorem, and provides a clearer view of the characterization of (fragments of) LTL in terms of first-order languages. In addition, it gives a direct, compact, and self-contained proof that any safety language definable in LTL is definable in SafetyLTL as well. As a by-product, we obtain some interesting results on the expressive power of the weak tomorrow operator of SafetyLTL, interpreted over finite and infinite words. Moreover, we prove that, when interpreted over finite words, SafetyLTL (resp. coSafetyLTL) devoid of the tomorrow (resp., weak tomorrow) operator captures the safety (resp., co-safety) fragment of LTL over finite words.