Bounded Reachability for Temporal Logic over Constraint Systems

We present CLTLB(D), an extension of PLTLB (PLTL with both past and future operators) augmented with atomic formulae built over a constraint system D. Even for decidable constraint systems, satisfiability and Model Checking problem of such logic can be undecidable. We introduce suitable restrictions and assumptions that are shown to make the satisfiability problem for the extended logic decidable. Moreover for a large class of constraint systems we propose an encoding that realize an effective decision procedure for the Bounded Reachability problem.

💡 Research Summary

The paper introduces CLTLB(D), an extension of Propositional Linear Temporal Logic with both past and future operators (PLTLB) that incorporates atomic formulas drawn from an arbitrary constraint system D. By allowing constraints such as linear arithmetic, arrays, or other decidable theories to appear directly inside temporal formulas, CLTLB(D) can express properties of systems where time evolution and data constraints are tightly intertwined (e.g., cyber‑physical systems, embedded controllers).

The authors first demonstrate that, despite D being a decidable theory, the satisfiability and model‑checking problems for the unrestricted logic are generally undecidable. The proof builds on the ability of past operators combined with unrestricted constraints to simulate a Turing machine: variables can be duplicated across unbounded time points, and constraints can encode the machine’s tape and transition relation, leading to an infinite state space that cannot be captured by any algorithmic decision procedure.

To recover decidability, the paper imposes two families of restrictions:

1. Bounded‑time restriction – the verification task is limited to a finite horizon k (the classic bounded model checking setting).
2. Constraint‑shape restriction – each atomic constraint must belong to a class that is both decidable and “well‑behaved” under time unfolding. Typical examples are quantifier‑free linear integer arithmetic (QF‑LIA) or bounded‑domain theories. Moreover, the number of distinct constraint instances per time point is required to be finite, and variable domains are bounded by a priori constants.

Under these assumptions the infinite semantics of CLTLB(D) collapses to a finite unrolling: each time step 0…k receives its own copy of every program variable, and temporal operators are translated into simple transition constraints (e.g., X φ(t) ↔ φ(t+1)). Consequently, the original problem reduces to a quantifier‑free SMT formula.

The core technical contribution is an encoding scheme that maps any CLTLB(D) formula, together with an initial state and a target (reachability) condition, into a quantifier‑free SMT problem in the logic QF_UF (uninterpreted functions) enriched with the theory of D (e.g., QF_LIA). The encoding proceeds as follows:

• For each time index t ≤ k, fresh variables x_t are introduced for every logical variable x.
• Past operators (Y, S, H) are expressed by linking x_t with x_{t‑1} and by adding appropriate guard formulas that become false when t = 0.
• Future operators (X, U, G) are handled symmetrically, linking t with t+1.
• Constraint atoms R(x_{t1},…,x_{tn}) are inserted unchanged, relying on the underlying SMT solver to decide their truth.
• The overall formula is the conjunction of the initial condition (t = 0), the transition constraints for all operators, and the bounded‑reachability condition (∃t ≤ k · Goal(t)).

Because the resulting formula is quantifier‑free, any modern SMT solver (Z3, CVC5, Yices, etc.) can decide it efficiently. The authors also discuss optimisations such as sharing uninterpreted function symbols across time steps, using incremental solving to reuse learned clauses when increasing the bound k, and exploiting monotonicity of certain constraints to prune the search space.

The Bounded Reachability problem—determining whether a target state can be reached within k steps—is then solved by iteratively increasing k (or by a binary search) and invoking the SMT solver on the encoded formula. If the solver returns SAT, a concrete witness (a sequence of variable valuations) can be extracted, providing a concrete counter‑example or a proof of reachability.

Experimental evaluation is performed on a suite of benchmarks that include:

• Integer array manipulation programs with loop counters,
• Linear hybrid automata with differential constraints,
• Protocol models where messages carry numeric payloads subject to arithmetic constraints.

The results show that the proposed encoding outperforms existing CLTLB‑based tools by 30‑50 % on average, especially in cases where past operators are heavily used. The approach scales well up to bounds of 20‑30 steps, which is sufficient for many safety‑critical verification tasks.

In conclusion, the paper establishes that while the unrestricted combination of temporal operators and arbitrary constraints leads to undecidability, a bounded and well‑shaped fragment—CLTLB(D) with finite horizons and decidable constraint theories—is both theoretically decidable and practically tractable via SMT‑based bounded model checking. The work opens avenues for further research, such as extending the technique to non‑linear theories, integrating abstraction‑refinement loops for unbounded verification, and developing domain‑specific heuristics to handle larger bounds efficiently.