The Tractability of Model-Checking for LTL: The Good, the Bad, and the Ugly Fragments

In a seminal paper from 1985, Sistla and Clarke showed that the model-checking problem for Linear Temporal Logic (LTL) is either NP-complete or PSPACE-complete, depending on the set of temporal operators used. If, in contrast, the set of propositional operators is restricted, the complexity may decrease. This paper systematically studies the model-checking problem for LTL formulae over restricted sets of propositional and temporal operators. For almost all combinations of temporal and propositional operators, we determine whether the model-checking problem is tractable (in P) or intractable (NP-hard). We then focus on the tractable cases, showing that they all are NL-complete or even logspace solvable. This leads to a surprising gap in complexity between tractable and intractable cases. It is worth noting that our analysis covers an infinite set of problems, since there are infinitely many sets of propositional operators.

💡 Research Summary

The paper presents a comprehensive classification of the model‑checking problem for Linear Temporal Logic (LTL) when both the set of temporal operators (T) and the set of propositional operators (B) are restricted. Building on the classic results of Sistla and Clarke (1985) and later work by Markey (2004), which showed that LTL model checking is either NP‑complete or PSPACE‑complete for certain standard operator sets, the authors extend the analysis to an infinite family of propositional operator sets by exploiting Post’s lattice of Boolean clones.

The authors first introduce seven representative Boolean clones—BF (all Boolean functions), M (monotone functions), L (linear functions), V (∨‑dominant functions), E (∧‑dominant functions), N (functions depending on at most one variable), and I (projections and constants). Each clone is closed under superposition and contains the constants 0 and 1, which, by Lemma 2.2, allows the authors to ignore the presence of explicit constant symbols when analyzing complexity. By mapping any finite set of propositional operators to its generated clone, the paper reduces the infinite landscape of possible B‑sets to a finite, well‑structured taxonomy.

For each pair (T, B) the model‑checking problem MC(T, B) is examined. The authors prove two overarching dichotomies:

1. Intractable (NP‑hard) fragments – For almost all combinations, especially any fragment that includes the binary “until” operator U (even without any propositional operators), MC(T, B) is NP‑hard (Theorem 3.5). When X is combined with U or S, the problem becomes PSPACE‑complete, matching the classic results of Sistla and Clarke. The paper supplies log‑space reductions from known NP‑hard problems (e.g., 3‑SAT) to MC(T, B) that respect the syntactic restrictions of each fragment.

2. Tractable fragments – When the temporal operators are limited to subsets of {F, G, X} and the propositional clone is restricted, the model‑checking problem drops dramatically in complexity. The authors show that every tractable fragment is either NL‑complete or solvable in deterministic log‑space (L). The key technique is to translate LTL formulas into simple graph‑reachability or strongly‑connected‑component queries on the underlying Kripke structure. For example, with clone V (∨, 0, 1) and temporal set {F, G, or}, checking a formula reduces to testing whether a state can reach a target set, which is NL‑complete (Theorem 4.3). With clone L (⊕, 1) and only the next‑time operator X, the problem becomes a straightforward walk along a deterministic path, solvable in L (Theorem 4.6).

A notable auxiliary result (Lemma 3.1) demonstrates that allowing propositional negation does not affect the complexity class: MC⁺(T, B) (model checking with propositional negation) is log‑space equivalent to MC(T, B). Consequently, the distinction between atomic negation and unrestricted propositional negation collapses for the purposes of complexity classification.

Table 1 in the paper summarizes the full landscape: each row corresponds to a Boolean clone, each column to a temporal operator subset, and the entries indicate whether the fragment is NL, L, NP‑hard, or PSPACE‑complete. The table reveals a striking “gap”: tractable fragments sit at the very low end of the complexity spectrum (NL/L), while the moment a fragment includes U, S, or X together with certain temporal operators, the problem jumps to NP‑hard or PSPACE‑complete. This gap is more pronounced than in earlier dichotomies for SAT, where the boundary is often a single operator (e.g., presence of ∧).

The paper’s contributions are threefold:

• Complete classification – By leveraging clone theory, the authors provide a full, uniform classification of MC(T, B) for all finite propositional operator sets, covering infinitely many concrete fragments.
• Methodological innovation – The use of Boolean clones to abstract away syntactic details offers a reusable framework that could be applied to other modal or temporal logics.
• Practical guidance – The results give system designers concrete advice: to keep model checking tractable, avoid the “until” and “since” operators and restrict propositional connectives to those lying in clones N, I, or V (essentially monotone or disjunction‑only). Conversely, any inclusion of U or S immediately incurs NP‑hardness.

In the conclusion, the authors outline future directions, such as extending the analysis to infinite Kripke structures, incorporating additional temporal operators like Release (R), and developing automated tools that, given a specification’s operator set, instantly report its model‑checking complexity based on the presented taxonomy. The paper thus not only settles a long‑standing open question about the fine‑grained complexity of LTL model checking but also opens avenues for systematic complexity‑aware specification design.