ℹ︎  Upcoming Submission Deadline: June 1, 2024

Little Tricky Logic: Misconceptions in the Understanding of LTL

Ben Greenman1 OrcidLogo, Sam Saarinen2 OrcidLogo, Tim Nelson3 OrcidLogo, and Shriram Krishnamurthi4 OrcidLogo

The Art, Science, and Engineering of Programming, 2023, Vol. 7, Issue 2, Article 7

ae_reusable

Submission date: 2022-05-31
Publication date: 2022-10-15
DOI: https://doi.org/10.22152/programming-journal.org/2023/7/7
Full text: PDF
Related Artifact: https://doi.org/10.5281/zenodo.6988909

Abstract

Context

Linear Temporal Logic (LTL) has been used widely in verification. Its importance and popularity have only grown with the revival of temporal logic synthesis, and with new uses of LTL in robotics and planning activities. All these uses demand that the user have a clear understanding of what an LTL specification means.

Inquiry

Despite the growing use of LTL, no studies have investigated the misconceptions users actually have in understanding LTL formulas. This paper addresses the gap with a first study of LTL misconceptions.

Approach

We study researchers’ and learners’ understanding of LTL in four rounds (three written surveys, one talk-aloud) spread across a two-year timeframe. Concretely, we decompose “understanding LTL” into three questions. A person reading a spec needs to understand what it is saying, so we study the mapping from LTL to English. A person writing a spec needs to go in the other direction, so we study English to LTL. However, misconceptions could arise from two sources: a misunderstanding of LTL’s syntax or of its underlying semantics. Therefore, we also study the relationship between formulas and specific traces.

Knowledge

We find several misconceptions that have consequences for learners, tool builders, and designers of new property languages. These findings are already resulting in changes to the Alloy modeling language. We also find that the English to LTL direction was the most common source of errors; unfortunately, this is the critical “authoring” direction in which a subtle mistake can lead to a faulty system. We contribute study instruments that are useful for training learners (whether academic or industrial) who are getting acquainted with LTL, and we provide a code book to assist in the analysis of responses to similar-style questions.

Grounding

Our findings are grounded in the responses to our survey rounds. Round 1 used Quizius to identify misconceptions among learners in a way that reduces the threat of expert blind spots. Rounds 2 and 3 confirm that both additional learners and researchers (who work in formal methods, robotics, and related fields) make similar errors. Round 4 adds deep support for our misconceptions via talk-aloud surveys.

Importance

This work provides useful answers to two critical but unexplored questions: in what ways is LTL tricky and what can be done about it? Our survey instruments can serve as a starting point for other studies.

  1. Brown University, USA
    OrcidLogo https://orcid.org/0000-0001-7078-9287

  2. Brown University, USA
    OrcidLogo https://orcid.org/0000-0001-9053-3692

  3. Brown University, USA
    OrcidLogo https://orcid.org/0000-0002-9377-9943

  4. Brown University, USA
    OrcidLogo https://orcid.org/0000-0001-5184-1975