Substructure Temporal Logic Massimo Benerecetti, Fabio Mogavero, and Aniello Murano Università degli Studi di Napoli Federico II Abstract—In formal verification and design, reasoning about substructures is a crucial aspect for several fundamental problems, whose solution often requires to select a portion of the model of interest on which to verify a specific property. In this paper, we present a new branching-time temporal logic, called Substructure Temporal Logic (STL * , for short), whose distinctive feature is to allow for quantifying over the possible substructure of a given structure. This logic is obtained by adding two new operators to CTL * , whose interpretation is given relative to the partial order induced by a suitable substructure relation. STL * turns out to be very expressive and allows to capture in a very natural way many well known problems, such as module checking, reactive synthesis and reasoning about games. A formal account of the model theoretic properties of the new logic and results about (un)decidability and complexity of related decision problems are also provided. I. I NTRODUCTION Since the seminal paper by Pnueli [20], temporal logic,a special kind of modal logic geared towards the description of the temporal ordering of events, has been established as the de facto specification language for system verification and design. Depending on the possible views of the underlying nature of time, two varieties of temporal logics are mainly considered in the literature. In linear-time temporal logics, such as LTL [20], time is considered as an infinite chain of different time instants, each one having a unique immediate future moment. Under this view, formulas are interpreted over linear sequences describing the ongoing behavior of system computations. Conversely, in branching-time temporal logics, such as CTL [4], CTL + [7], and CTL ∗ [8], each time instant may split into several possible immediate future moments and a suitable pair of operators, the existential and universal path quantifiers, are used to express properties along some or all possible temporal branches. Accordingly, formulas of these logics are interpreted over branching structures, such as infinite trees, which better characterize nondeterministic behaviors of incompletely specified deterministic systems. The success of such a specification framework is due to a multiplicity of factors, most notably, the ability to express relevant properties of computational systems and the discovery of algorithmic methods to solve the principal decision problems related to system verification and design. From the standpoint of verification, model checking [4], [5], [6] is a well-established formal method that allows to automatically check for global system correctness. In order to check whether a system satisfies a required property, we describe its structure through mathematical models like Kripke structures or labeled transition systems. A more challenging problem, from the standpoint of design, is synthesis [3], which is based on the appealing idea of building a system directly from its specification, instead of first developing it and then verifying its correctness. The modern approach to this problem was initiated by Pnueli and Rosner in [21], who introduced LTL reactive synthesis. Over the years, an enormous body of work has been devoted to increase the expressive power of temporal logics, so as to capture more and more complex system behaviors. To this aim, two main directions have been followed. The first one is to extend the semantics of already defined logics, by changing the interpretation of their syntactic operators. The second one, instead, is to extend the syntax, by replacing or introducing new operators. The success of the resulting extensions often depends upon the ratio between the achieved gain in expressiveness and the consequent increase in the complexity of the related decision problems. One of the most important semantic extensions, which has proved to be fundamental in practice for the verification of liveness properties, was the introduction of fairness constraints into CTL [9]. The resulting semantics restricts the interpretation of the path quantifiers to range over fair paths only, in order to rule out unrealistic executions. Another classic semantic extension was the introduction of module checking for branching time formulas [15], which corresponds to model checking in the context of open system analysis. An open system is modeled as a module interacting with the environment and its correctness requires that the desired property holds with respect to all such interactions. In this case, the entire definition of the modeling relation changes. Similarly, the reactive synthesis problem can be formulated as a semantic extension of the concept of synthesis of a model for a logic formula. While classic synthesis corresponds to the construction of a witness for the satisfiability, reactive synthesis further requires that such witness belongs to the restricted class of models that are coherent with the possible interactions with the environment. On the side of syntactic extensions, instead, a first line of research focuses on logics for the analysis of strategic ability, in the setting of multi-agent games, such as ATL [1] and SL [17], [16]. These logics syntactically extend classic temporal logics, by means of suitable modal operators which quantify over agent strategies, in order to express properties about cooperation and competition among agents. In partic- ular, these modalities allow for a selective quantifications