A Probabilistic Logic for Verifying Continuous-time Markov Chains

A continuous-time Markov chain (CTMC) execution is a continuous class of probability distributions over states. This paper proposes a probabilistic linear-time temporal logic, namely continuous-time linear logic (CLL), to reason about the probability distribution execution of CTMCs. We define the syntax of CLL on the space of probability distributions. The syntax of CLL includes multiphase timed until formulas, and the semantics of CLL allows time reset to study relatively temporal properties. We derive a corresponding model-checking algorithm for CLL formulas. The correctness of the model-checking algorithm depends on Schanuel's conjecture, a central open problem in transcendental number theory. Furthermore, we provide a running example of CTMCs to illustrate our method.


Introduction
As a popular model of probabilistic continuous-time systems, continuous-time Markov chains (CTMCs) have been extensively studied since Kolmogorov [1].In the recent 20 years, probabilistic continuous-time model checking receives much attention.Adopting probabilistic computational tree logic (PCTL) [2] to this context with extra multiphase timed until formulas Φ 1 U T1 Φ 2 • • • U TK Φ K+1 , for state formula Φ and time interval T , Aziz et al. proposed continuous stochastic logic (CSL) to specify the branching-time properties of CTMCs and the modelchecking problem for CSL is decidable [3].After that, efficient model-checking algorithms were developed by transient analysis of CTMCs using uniformization [4] and stratification [5] for a restricted version (path formulas are restricted to single until formulas Φ 1 U I Φ 2 ) and a full version of CSL, respectively.These algorithms have been practically implemented in model checkers PRISM [6], MRMC [7] and STORM [8].Further details can be found in an excellent survey [9].
There are also different ways to specify the linear-time properties of CTMCs.Timed automata were first used to achieve this task [10,11,12,13,14], and then metric temporal logic (MTL) [15] was also considered in this context.Subsequently, the probability of "the system being in state s 0 within five-time units after having continuously remained in state s 1 " can be computed.However, some statements cannot be specified and verified because of the lack of a probabilistic linear-time temporal logic, for instance "the system being in state s 0 with high probability (≥ 0.9) within five-time units after having continuously remained in state s 1 with low probability (≤ 0.1)".Furthermore, this probabilistic property cannot be expressed by CSL because CSL cannot express properties that are defined across several state transitions of the same time length in the execution of a CTMC.
In this paper, targeting to express the mentioned probabilistic linear-time properties, we introduce continuous-time linear logic (CLL).In particular, we adopt the viewpoint used in [16] by regarding CTMCs as transformers of probability distributions over states.CLL studies the properties of the probability distribution execution generated by a given initial probability distribution over time.By the fundamental difference between the views of state executions and probability distribution executions of CTMCs, CLL and CSL are incomparable and complementary, as the relation between probabilistic linear-time temporal logic (PLTL) and PCTL in model checking discrete-time Markov chains [16,Section 3.3].
The atomic propositions of CLL are explained on the space of probability distributions over states of CTMCs.We apply the method of symbolic dynamics to the probability distributions of CTMCs.To be specific, we symbolize the probability value space [0, 1] into a finite set of intervals I = {I k ⊆ [0, 1]} m k=1 .A probability distribution µ over its set of states S = {s 0 , s 2 , . . ., s d−1 } is then represented symbolically as a set of symbols S(µ) = { s, I ∈ S × I : µ(s) ∈ I} where each symbol s, I asserts µ(s) ∈ I, i.e., the probability of state s in distribution µ falls in interval I.For example, s 0 , [0.9, 1] means the system is in state s 0 with a probability in 0.9 to 1.The symbolization idea of distributions has been considered in [16]: choosing a disjoint cover of [0, 1]: Here, we remove this restriction and enrich the expressiveness of I .A crucial fact about this symbolization is that the set S × I is finite.Consequently, the (probability distribution) execution path generated by an initial probability distribution µ induces a sequence of symbols in S × I over time.Therefore, the dynamics of CTMCs can be studied in terms of a (real-time) language over the alphabet S × I , which is the set of atomic propositions of CLL.
Different from non-probabilistic linear-time temporal logics -linear-time temporal logic (LTL) and MTL, CLL has two types of formulas: state formulas and path formulas.The state formulas are constructed using propositional connectives.The path formulas are obtained by propositional connectives and a temporal modal operator timed until U T for a bounded time interval T , as in MTL and CSL.The standard next-step temporal operator in LTL is meaningless in continuous-time systems since the time domain (real numbers) is uncountable.As a result, CLL can express the above mentioned probabilistic property "the system is at state s 0 with high probability (≥ 0.9) within 5 time units after having continuously remained at state s 1 with low probability (≤ 0.1)" in a path formula: In this single until formula, there is a time instant 0 ≤ t ≤ 5 at which state s 1 with low probability transits to state s 0 with high probability.Then we illustrate this on the following timeline. s1,[0,0.1] Furthermore, CLL allows multiphase timed until formulas.The semantics of the formulas focuses on relative time intervals, i.e., time can be reset as in timed automata [17,18], while those of CSL [3] are for absolute time intervals.Subsequently, CLL can express not only relatively but also absolutely temporal properties of CTMCs.
As we can see, there are two time instants, namely t 1 and t 2 , happening distribution transitions.Time is reset to 0 after the first distribution transition happens and thus t 2 is relative to t 1 .More clearly, we depict this on the following timeline.
s0,[0.9,1] s1,[0,0.1] An absolute version is "probability distribution transition ϕ happens and the system always stays at state s 0 with a high probability (≥ 0.9) in 3 to 7 time units" ϕ ′′ = [3,7] We can get a clear timeline representation by simply adding [3,7] s 0 , [0.9, 1] to that of ϕ.Assume that t < 3, Time reset enriches the expressiveness of CLL but introduces more difficulties to model checking CLL than CSL.We cross this by translating relative time to the absolute one.As a result, we develop an algorithm to model check CTMCs against CLL formulas.More precisely, we reduce the model-checking problem to a reachability problem of absolute time intervals.The reachability problem corresponds to the real root isolation problem of real polynomial-exponential functions (PEFs) over the field of algebraic numbers, an extensively studied question in recent symbolic and algebraic computation community (e.g.[19,20,21]).By developing a state-of-the-art real root isolation algorithm, we resolve the latter problem under the assumption of the validity of Schanuel's conjecture, a central open question in transcendental number theory [22].This conjecture has also been the footstone of the correctness of many recent model-checking algorithms, including the decidability of continuous-time Markov decision processes [23], the synthesizing inductive invariants for continuous linear dynamical systems [24], the termination analysis for probabilistic programs with delays [25], and reachability analysis for dynamical systems [20].
In summary, the main contributions of this paper are as follows.
-Introducing a probabilistic logic, namely continuous-time linear logic (CLL), for reasoning about CTMCs; -Developing a state-of-the-art real root isolation algorithm for PEFs over the field of algebraic numbers for checking atomic propositions of CLL; -Proving that model checking CTMCs against CLL formulas is decidable subject to Schanuel's conjecture.
Organization of this paper.In the next section, we give the mathematical preliminaries used in this paper.In Section 3, we recall the view of CTMCs as distribution transformers.After that, the symbolic dynamics of CTMCs are introduced by symbolizing distributions over states of CTMCs in Section 4. In the subsequent section, we present our continuous-time probabilistic temporal logic CLL.In Section 6, we develop an algorithm to solve the CLL model checking problem.A case study and related works are shown in Sections 7 and 8, respectively.We summarize our results and point out future research directions in the final section.

Preliminaries
For the convenience of the readers, we review basic definitions and notations of number theory, particularly Schanuel's conjecture.
Throughout this paper, we write C, R, Q and A for the fields of all complex, real, rational and algebraic numbers, respectively.In addition, Z denotes the set of all integer numbers.For F ∈ {C, R, Q, Z, A}, we use F[t] and F n×m to denote the set of polynomials in t with coefficients in F and n-by-m matrices with every entry in F, respectively.Furthermore, for F ∈ {R, Q, Z}, we use F + to denote the set of positive elements (including 0) of F.
A bounded (time) interval T is a subset of R + , which may be open, half-open or closed with one of the following forms: where t 1 , t 2 ∈ R + and t 2 ≥ t 1 (t 1 = t 2 is only allowed in the case of [t 1 , t 2 ]).Here, t 1 and t 2 are called the left and right endpoints of T , respectively.Conveniently, we use inf T and sup T to denote t 1 and t 2 , respectively.In this paper, we only consider bounded intervals.
An algebraic number is a complex number that is a root of a non-zero polynomial in one variable with rational coefficients (or equivalent to integer coefficients, by eliminating denominators).An algebraic number α is represented by (P, (a, b), ε) where P is the minimal polynomial of α, a, b ∈ Q and a + bi is an approximation of α such that |α − (a + bi)| < ε and α is the only root of P in the open ball B(a + bi, ε).The minimal polynomial of α is the polynomial with the smallest degree in Q[t] such that α is a root of the polynomial and the coefficient of the highest-degree term is 1.Any root of f (t) ∈ A[t] is algebraic.Moreover, given the representations of a, b ∈ A, the representations of a ± b, a b and a • b can be computed in polynomial time, so does the equality checking [26].
Furthermore, a complex number is called transcendental if it is not an algebraic number.In general, it is challenging to verify relationships between transcendental numbers [27].On the other hand, one can use the Lindemann-Weierstrass theorem to compare some transcendental numbers.The transcendence of e and π are direct corollaries of this theorem.
The following concepts are introduced to study the general relation between transcendental numbers.Definition 1 (Algebraic independence).A set of complex numbers S = {a 1 , • • • , a n } is algebraically independent over Q if the elements of S do not satisfy any nontrivial (non-constant) polynomial equation with coefficients in Q.
By the above definition, for any transcendental number u, {u} is algebraically independent over Q, while {a} for any algebraic number a ∈ A is not.Thus, a set of complex numbers that is algebraically independent over Q must consist of transcendental numbers.{π, e π √ n } is also algebraically independent over Q for any positive integer n [28].Checking the algebraic independence is challenging.For example, it is still widely open whether {e, π} is algebraically independent over Q.
Definition 2 (Extension field).Given two fields E ⊆ F , F is an extension field of E, denoted by F/E, if the operations of E are those of F restricted to E.
For example, under the usual notions of addition and multiplication, the field of complex numbers is an extension field of real numbers.
Definition 3 (Transcendence degree).Let L be an extension field of Q, the transcendence degree of L over Q is defined as the largest cardinality of an algebraically independent subset of L over Q.
∈ Q} be two extension fields of Q.Then the transcendence degree of them are 1 and 0, respectively, by noting that e is a transcendental number and √ 2 is an algebraic number.Now, Schanuel's conjecture is ready to be presented.
Stephen Schanuel proposed this conjecture during a course given by Serge Lang at Columbia in the 1960s [22].Schanuel's conjecture concerns the transcendence degree of certain field extensions of the rational numbers.The conjecture, if proven, would generalize the most well-known results in transcendental number theory significantly [29,30].For example, the algebraical independence of {e, π} would simply follow by setting z 1 = 1 and z 2 = πi, and using Euler's identity e πi + 1 = 0.

Continuous-time Markov Chains as Distributions Transformers
We begin with the definition of continuous-time Markov chains (CTMCs).A CTMC is a Markovian (memoryless) stochastic process that takes values on a finite state set S (|S| = d < ∞) and evolves in continuous-time t ∈ R + .Formally, A transition rate matrix Q is a matrix whose off-diagonal entries {Q i,j } i =j are nonnegative rational numbers, representing the transition rate from state i to state j, while the diagonal entries {Q j,j } are constrained to be − j =i Q i,j for all 1 ≤ j ≤ d.Consequently, the column summations of Q are all zero.
The evolution of a CTMC can be regarded as a distribution transformer.Given initial distribution µ ∈ Q d×1 ∈ D(S), the distribution at time t ∈ R + is: where D(S) is denoted as the set of all probability distributions over S. We call D(S) the probability distribution space of CTMCs.An execution path of CTMCs is a continuous function indexed by initial distribution µ ∈ D(S): Example 1.We recall the illustrating example of CTMC M = (S, Q) in [3, Figure 1] as the running example in our work.In particular, M is a 5-dimensional CTMC with initial distribution µ, where S = {s 0 , s 1 , s 2 , s 3 , s 4 } and

Symbolic Dynamics of CTMCs
In this section, we introduce symbolic dynamics to characterize the properties of the probability distribution space of CTMCs.First, we fix a finite set of intervals I = {I k ⊆ [0, 1]} k∈K , where the endpoints of each I k are rational numbers.With the states S = {s 0 , s 1 , • • • , s d−1 }, we define the symbolization of distributions as a function: where × denotes the Cartesian product, and 2 S×I is the power set of S × I .s, I ∈ S(µ) asserts that the probability of state s in distribution µ is in the interval I.The symbolization of distributions is a generalization of the discretization of distributions with I k ∩ I m = ∅ for all k = m which was studied in [16].This generalization increases the expressiveness of our continuous linear-time logic introduced in the next section.Now, we can represent any given probability distribution by finite symbols from S × I .For example, suppose and then the initial distribution µ in Example 1 is symbolized as As we can see from the above example, the symbolization of distributions on states considers the exact probabilities (singleton intervals) of the states and the range of their possibilities.Next, we introduce the symbolization to CTMCs, As we can see, the set of intervals is picked depending on CTMCs.Then, we extend this symbolization to the path σ µ : Given a symbolized CTMC SM = (S, Q, I ), the path σ µ of CTMC M = (S, Q) over real numbers R + generated by probability distribution µ induces a symbolic execution path S • σ µ over finite symbols S × I .Subsequently, the dynamics of CTMCs can be studied in terms of a language over S × I .In other words, we can study the temporal properties of CTMCs in the context of symbolized CTMCs.

Continuous Linear-time Logic
In this section, we introduce continuous linear-time logic (CLL), a probabilistic linear-time temporal logic, to specify the temporal properties of a symbolized CTMC SM = (S, Q, I ).CLL has two types of formulas: state formulas and path formulas.The state formulas are constructed using propositional connectives.The path formulas are obtained by propositional connectives and a temporal modal operator timed until U T for a bounded time interval T , as in MTL and CSL.Furthermore, multiphase timed until formulas Φ 0 U T1 Φ 1 U T2 Φ 2 . . .U Tn Φ n are allowed to enrich the expressiveness of CLL.More importantly, time reset is involved in these multiphase formulas.Thus absolutely and relatively temporal properties of CTMCs can be studied.
Definition 7. The state formulas of CLL are described according to the following syntax: where AP denotes S × I as the set of atomic propositions.The path formulas of CLL are constructed by the following syntax: where n ∈ Z + is a positive integer, for all 0 ≤ k ≤ n, Φ k is a state formula, and T k 's are time intervals with the endpoints in Q + , i.e., each T k is one of the following forms: The semantics of CLL state formulas is defined on the set D(S) of probability distributions over S with the symbolized function S in Eq.( 2) of Section 4.
(1) σ µ |= true for all probability distributions µ ∈ D(S); Not surprisingly, other Boolean connectives are derived in the standard way, i.e., false = ¬true, and the path formula ϕ follows the same way.Furthermore, we generalize temporal operators ♦ ("eventually") and ("always") of discrete-time systems into their timed variant ♦ T and T , respectively, in the following: For n = 1 in multiphase timed until formulas, the until operator U T1 is a timed variant of the until operator of LTL; the path formula Φ 0 U T1 Φ 1 asserts that Φ 1 is satisfied at some time instant in the interval T 1 and that at all preceding time instants in T 1 , Φ 0 holds.For example, as mentioned in introduction section.
For general n, the CLL path formula Φ 0 U T1 Φ 1 U T2 Φ 2 . . .U Tn Φ n is explained over the induction on n.We first mention that U T is right-associative, e.g., . This makes time reset, i.e., T 1 and T 2 do not have to be disjoint, and the starting time point of T 2 is based on some time instant in T 1 .Recall the multiphase timed until formula in introduction section and this formula expresses a relative time property: which is different to the following CLL path formula representing an absolutely temporal property of CTMCs: As an example, we clarify the semantics of CLL by comparing the above two path formulas in general forms: , where µ t = e Qt µ ∀t ∈ R + .This is more clear in the following timeline.Given a CTMC (S, Q), CLL path formula ♦ [0,1000] s, [1,1] expresses a liveness property that state s ∈ S is eventually reached with probability one before time instant 1000.In terms of safety properties, formula [100,1000] s, [0, 0] represents that state s ∈ S is never reached (reached with probability zero) between time instants 100 and 1000.Furthermore, setting the intervals nontrivial (neither [0, 0] or [1,1]), liveness and safety properties can be asserted with probabilities, such as ♦ [0,1000] s, [0.5, 1] and [100,1000] s, [0, 0.5] .For multiphase timed until formula s, [0.7, 1] U [2,3] s, [0.7, 1] . . .U [2,3] s, [0.7, 1] , where the number of U [2,3] is 100, asserts that the probability of state s is beyond 0.7 in every time instant 2 to 3, and this happens at least 100 times.

CLL Model Checking
In this section, we provide an algorithm to model check CTMCs against CLL formulas, i.e., the following CLL model-checking problem -Problem 1 is decidable.
Problem 1 (CLL Model-checking Problem).Given a symbolized CTMC SM = (S, Q, I ) with an initial distribution µ and a CLL path formula ϕ on AP = S × I , the goal is to decide whether σ µ |= ϕ, where σ µ (t) = e Qt µ is an execution path defined in Eq.(1).
In particular, we show that Theorem 2. Under the condition that Schanuel's conjecture holds, the CLL model-checking problem in Problem 1 is decidable.
In the following, we prove the above theorem from checking basic formulas -atomic propositions to the most complex one -nontrivial multiphase timed until formulas.For readability, we put the proofs of all results in Appendix A.
We start with the simplest case of atomic proposition s, I .By the semantics of CLL, µ t |= s, I if and only if µ t = e Qt µ(s) ∈ I. To check this, we first observe that the execution path e Qt µ of CTMCs is a system of polynomial exponential functions (PEFs).Definition 8.A function f : R → R is a polynomial-exponential function (PEF) if f has the following form: where for all 0 Without loss of generality, we assume that λ k 's are distinct.
Generally, for a PEF f (t) with the range in complex numbers C, g(t) = f (t) + f * (t) is a PEF with the range in real numbers R, where f * (t) is the complex conjugate of f (t).The factor t is omitted whenever convenient, i.e., f = f (t).t is called a root of a function f if f (t) = 0. PEFs often appear in transcendental number theory as auxiliary functions in the proofs involving the exponential function [31].
Lemma 1.Given a CTMC M = (S, Q) with S = {s 0 , . . ., s d−1 }, Q ∈ Q d×d , and an initial distribution µ ∈ Q d×1 , for any 0 ≤ i ≤ d − 1 , e Qt µ(s i ), the i-th entry of e Qt µ, can be expressed as a PEF f : R + → [0, 1] as in Eq.( 6) with By the above lemma, for a given t in some bounded time interval T (to be specific in the latter discussion), e Qt µ(s) ∈ I is determined by the algebraic structure of PEF g(t) = e Qt µ(s) in T .That is all maximum intervals T max ⊆ T such that g(t) ∈ I for all t ∈ T max , where interval T max = ∅ is called maximum for g(t) ∈ I if no sub-intervals T ′ T max such that the property holds, i.e., g(t) ∈ I for all t ∈ T ′ .Then e Qt µ(s) ∈ I if and only if t ∈ T max for some maximum interval T max .So, we aim to compute the set T of all maximum intervals.By the continuity of PEF g(t), this can be done by identifying a real root isolation of the following PEF f (t) in T : A (real) root isolation of function f (t) in interval T is a set of mutually disjoint intervals, denoted by Iso(f ) T = {(a j , b j ) ⊆ T } for a j , b j ∈ Q such that for any j, there is one and only one root of f (t) in (a j , b j ); -for any root t * of f (t), t * ∈ (a j , b j ) for some j.
Furthermore, if f has no any root in T , then Iso(f ) T = ∅.
Although there are infinite kinds of real root isolations of f (t) in T , the number of isolation intervals equals to the number of distinct roots of f (t) in T .
Finding real root isolations of PEFs is a long-standing problem and can be at least backtracked to Ritt's paper [32] in 1929.Some following results were obtained since the last century (e.g.[33,34]).This problem is essential in the reachability analysis of dynamical systems, one active field of symbolic and algebraic computation.In the case of F 1 = Q and F 2 = N + in [19], an algorithm named ISOL was proposed to isolate all real roots of f (t).Later, this algorithm has been extended to the case of F 1 = Q and F 2 = R [20].A variant of the problem has also been studied in [21].The correctness of these algorithms is based on Schanuel's conjecture.Other works are using Schanuel's conjecture to do the root isolation of other functions, such as exp-log functions [35] and tame elementary functions [36].
By Lemma 1, we pursue this problem in the context of CTMCs.The distinct feature of solving real root isolations of PEFs in our paper is to deal with complex numbers C, more specifically algebraic numbers A, i.e., F 1 = F 2 = A. At the same time, to the best of our knowledge, all the previous works can only handle the case over R. Here, we develop a state-of-the-art real root isolation algorithm for PEFs over algebraic numbers.Thus from now on, we always assume that PEFs are over A, i.e., F 1 = F 2 = A in Eq.( 6).In this case, it is worth noting that whether a PEF has a root in a given interval, T ⊆ R + is decidable subject to Schanuel's Conjecture if T is bounded [37], which falls in the situation we consider in this paper.

Theorem 3 ([37]
).Under the condition that Schanuel's conjecture holds, there is an algorithm to check whether a PEF f (t) has a root in interval T , i.e., whether Iso(f ) T = ∅.
In this paper, we extend the above checking Iso(f ) T = ∅ to computing Iso(f ) T of PEF f (t).
Theorem 4.Under the condition that Schanuel's conjecture holds, there is an algorithm to find real root isolation Iso(f ) T for any PEF f (t) and interval T .Furthermore, the number of real roots is finite, i.e., |Iso(f We can compute the set T of all maximum intervals with the above theorem to check atomic propositions.Furthermore, we can compare the values of any real roots of PEFs, which is important in model checking general multiphase timed until formulas at the end of this section.Lemma 2. Let f 1 (t) and f 2 (t) be two PEFs with the domains in T 1 and T 2 , and t 1 ∈ T 1 and t 2 ∈ T 2 are roots of them, respectively.Under the condition that Schanuel's conjecture holds, there is an efficient way to check whether or not t 1 − t 2 < g for any given rational number g ∈ Q.
For model checking general state formula Φ, we can also use real root isolation of some PEF to obtain the set of all maximum intervals T max such that µ t |= Φ for all t ∈ T max .The reason is that Φ admits conjunctive normal form consisting of atomic propositions.See the proof of the following lemma in Appendix A. Lemma 3.Under the condition that Schanuel's conjecture holds, given a time interval T , the set T of all maximum intervals in T satisfying µ t |= Φ can be computed, where Φ is a state formula of CLL.Furthermore, the number of all intervals in T is finite; the left and right endpoints of each interval in T are roots of PEFs.
At last, we characterize the multiphase timed until formulas by the reachability analysis of time intervals (instants).
By the above lemma, the problem of checking multiphase timed until formulas is reduced to verify the existence of a sequence of time intervals.Now we can show the proof of Theorem 2.
Proof.Recall that the nontrivial step is to model check multiphase timed until formula By Lemma 4, for model checking the above formula, we only need to check the existence of time intervals {I k } n k=0 illustrated in the lemma.The following procedure can construct such a set of intervals if it exists: of all maximum intervals such that µ t |= Φ k−1 for all t ∈ I of I ∈ I , where µ t = e Qt µ; this can be done by Lemma 3. Noting that I k can be the empty set, i.e., I k = ∅; -(3) Let k from 1 to n.First, updating I k : The above updates can be finished by Lemma 2. If I k = ∅, then the formula is not satisfied; -(4) Updating I n : for each I ∈ I n , we replace I with [s − ε, s) for some constant ε > 0 if there is an s ∈ I with s − ε ∈ I such that µ s |= Φ n where µ s = e Qs µ; Otherwise, remove this element from I n .Again, this can be done by Lemma 3. If I n = ∅, then the formula is not satisfied; -(5) Finally, let k from n − 1 to 1, updating I k : Thus after the above procedure, we have non-empty sets {I k } n k=0 with the following properties.Therefore, we can get a set of intervals {I k } n k=0 satisfying the two conditions in Lemma 4 if it exists.On the other hand, it is easy to check that all such {I k } n k=0 must be in {I k } n k=0 , i.e., for each k, I k ⊆ I for some I ∈ I k .This ensures the correctness of the above procedure.
By the above constructive analysis, we give an algorithm for model checking CTMCs against CLL formulas.Focusing on the decidability problem, we do not provide the pseudocode of the algorithm.Alternatively, we implement a numerical experiment to illustrate the checking procedure in the next section.

By Jordan decomposition, we have
.
Then, we consider an initial distribution µ as the same as the one in Example 1.
Then we have that the value of e Qt µ is as follows: As we only consider states s 0 and s 1 in formulas ϕ and ϕ ′ , we focus on the following PEFs: f 0 (t) = 1 10 e −3t and f 1 (t) = − 1 30 e −3t + 7 30 .Next, we initialize the model checking procedures introduced in the proof of Theorem 2. First, we compute the set T of all maximum intervals T ⊆ [0 , 5] such that e Qt µ |= s 0 , [0.9, 1] for t ∈ T , i.e., f 0 (t) ∈ [0.9, 1] for t ∈ T .We obtain T = ∅ by the real root isolation algorithm mentioned in Theorem 4, and this indicates that σ µ |= ϕ where σ µ (t) = e Qt µ is the path induced by µ and defined in Eq.(1).
In the following, we consider a different initial distribution µ 1 as follows: .
Following the same way, we compute T for e Qt µ 1 |= s 0 , [0.9, 1] .Then we complete the model checking procedures in the proof of Theorem 2, and we conclude: σ µ1 |= ϕ.By repeating these, the result of the second formula ϕ ′ is σ µ1 |= ϕ ′ .

Related Works
Agrawal et al. [16] introduced probabilistic linear-time temporal logic (PLTL) to reason about discrete-time Markov chains in the context of distribution transformers as we did for CTMCs in this paper.Interestingly, the Skolem Problem can be reduced to the model checking problem for the logic PLTL [38].The Skolem Problem asks whether a given linear recurrence sequence has a zero term and plays a vital role in the reachability analysis of linear dynamical systems.
Unfortunately, the decidability of the problem remains open [39].Recently, the Continuous Skolem Problem has been proposed with good behavior (the problem is decidable) and forms a fundamental decision problem concerning reachability in continuous-time linear dynamical systems [37].Not surprisingly, the Continuous Skolem Problem can be reduced to model-checking CLL.The primary step of verifying CLL formulas is to find a real root isolation of a PEF in a given interval.Chonev, Ouaknine and Worrell reformulated the Continuous Skolem Problem in terms of whether a PEF has a root in a given interval, which is decidable subject to Schanuel's conjecture [37].An algorithm for finding root isolation can also answer the problem of checking the existence of the roots of a PEF.However, the reverse does not work in general.Therefore, the decidability of the Continuous Skolem Problem cannot be applied to establish that of our CLL model checking.
Remark 1.By adopting the method in this paper, we established the decidability of model checking quantum CTMCs against signal temporal logic [40].Again, we need Schanuel's conjecture to guarantee the correctness.A Lindblad's master equation governs a quantum CTMC and a more general real-time probabilistic Markov model than a CTMC, i.e., a CTMC is an instance of quantum CTMCs.We converted the evolution of Lindblad's master equation into a distribution transformer that preserves the laws of quantum mechanics.We reduced the model-checking problem of quantum CTMCs to the real root isolation problem, which we considered in this paper, and thus our method could be applied to it.

Conclusion
This paper revisited the study of temporal properties of finite-state CTMCs by symbolizing the probability value space [0, 1] into a finite set of intervals.To specify relatively and absolutely temporal properties, we propose a probabilistic logic for CTMCs, namely continuous linear-time logic (CLL).We have considered the model checking problem in this setting.Our main result is that a state-of-theart real root isolation algorithm over the field of algebraic numbers was proposed to establish the decidability of the model checking problem under the condition that Schanuel's conjecture holds.This paper aims to show decidability in as simple a fashion as possible without paying much attention to complexity issues.Faster algorithms on our current constructions would significantly improve from a practical standpoint.

A.1 Proof of Lemma 1
We need to use the Jordan decomposition to prove Lemma 1. Definition 9. A Jordan block is a square matrix of the following form.
, where J k is a Jordan block for each 1 ≤ k ≤ n.
Because A is algebraic closed, we know that Proposition 1 ( [41]).Any matrix A ∈ Q n×n is algebraically similar to a matrix in Jordan normal form over the algebraic number field A. Namely, there exists some invertible P ∈ A n×n and J ∈ A n×n in Jordan form such that A = P −1 JP , where A n×n is the set of all n-by-n matrices with every entry being algebraic numbers.
Now we can give the proof of Lemma 1.
Proof.As the elements of µ are rational, we only need to prove that any entry of e Qt can be expressed as a finite sum of k f k (t)e η k t for η k ∈ A and By Proposition 1, we have that there is a P ∈ A n×n such that where λ k is an eigenvalue of Q and Q ∈ Q d×d , so λ k is algebraic.Furthermore, J k ∈ A n k ×n k , where n k is the dimension of J k .Therefore, e Qt = P −1 e ⊕ k J k t P = P −1 (⊕ k e J k t )P .We complete the proof by proving that for each k, any entry of e J k t can be expressed as a finite sum of k f k (t)e η k t for η k ∈ A and f k (t) ∈ A [t]. Computing e J k t , we obtain that Before proving, we need the following fact observed in [3] according to the Lindemann-Weierstrass theorem.
Observation 1 Given a real number r ∈ R of the form k µ k e η k where µ k ′ s and η k ′ s are algebraic complex numbers, and the η k ′ s are pairwise distinct, there is an effective procedure to compare the values of r and c for any c ∈ Q.
According to Lindemann-Weierstrass theorem, we know that r = c if and only if r = c = 0 or c = −µ k for some k with η k = 0. Otherwise, we can compute a good approximation of r.For each k, e η k can be approximated with an error, the norm of the difference between r and the approximation, of less than ε (for any ε < 1) by taking the first ⌈3|η k | 2 /ε⌉ + 1 terms of the Maclaurin expansion for e η k .This leads to an approximation of r within k |µ k |ε.Since the individual terms in the Maclaurin expansion are algebraic functions of the η k 's, it follows that the approximations are algebraic.Then we can check if r > c by the comparision between the approximations and c.See [3] for more details.
Proof.First, by Theorem 4, isolating the real roots of f 1 (t) and f 2 (t), we have ) is still a PEF, then we can check whether or not there is a root of it in (a 1 , b 1 ) ∪ (a 2 , b 2 ) by Theorem 3.
If t 1 − t 2 = g, we answer whether or not t 1 − (t 2 + g) < 0 by narrowing (a 1 , b 1 ) and (a 2 , b 2 ) and maintaining the roots of f 1 (t) and f 2 (t) in the intervals.This can be done as we can arbitrarily narrow the interval (a 1 , b 1 ) by comparing the signs (> 0, < 0 or = 0) of f ( a1+b1 2 ) and f (a 1 ), and the same way works for narrowing (a 2 , b 2 ).The sign of f (a) for any a ∈ Q can be obtained by Observation 1 and Theorem 1.Moreover, there is a gap between t 1 and t 2 + g, and we can compare t 1 and (t 2 + g) by continuously narrowing (a 1 , b 1 ) and (a 2 , b 2 ), and comparing a 1 and b 2 (a 2 and b 1 ).

A.3 Proof of Lemma 3
Proof.Recall that state formulas of CLL are given by the following grammar: By the semantics of CLL state formulas, Φ k is a formula of propositional logics.So Φ admits conjunctive normal form (CNF) [42,Appendix A.3], i.e., Φ = ∧ j∈J ∨ l∈Lj lit j,l , where lit j,l is a literal of a ∈ AP or ¬a, and J k and L k are both finite sets.Furthermore, we observe that ¬a is (semantically equivalent to) either an atomic proposition or a disjunction of two atomic propositions.To prove this, let a = k, T for some interval T .We deal with the case of T = [c 1 , c 2 ] for 0 < c 1 < c 2 < 1, and the other situations of T can be done by the similar way.In this case, for any distribution µ ∈ D(S), µ |= ¬a if and only if µ |= a 1 ∨ a 2 , i.e. ¬a = a 1 ∨ a 2 , where a 1 = k, [0, c 1 ) and a 2 = k, (c 2 , 1] .Therefore, for some finite sets J ′ , L ′ j for j ∈ J ′ , {a j,l ∈ AP } j∈J ′ ,l∈L ′ j .From µ t |= ∧ j∈J ′ ∨ l∈L ′ j a j,l , by the semantic of CLL, we have that for all j ∈ J ′ , µ t |= a j,l for some l ∈ L ′ j .As J ′ and all L ′ j are finite sets, we can check one by one whether or not µ t |= a j,l .Let T j,l be the set of all the maximum intervals such that for each T ∈ T j,l , µ t |= a j,l for all t ∈ T .Then T = ∩ j∈J ′ T j , where T j = {T 1 ∪T 2 : T 1 ∈ T j,l1 and T 2 ∈ T j,l2 for all distinct l 1 , l 2 ∈ L ′ j } for all j ∈ J ′ , and The left problem is to handle T 1 ∩ T 2 and T 1 ∪ T 2 , and by the continuity of PEFs, the left and right endpoints of I 1 and I 2 are all the roots of PEFs.It is equivalent to compare the values of two real roots of two (different) PEFs.This can be done by Lemma 2.

A.4 Proof of Lemma 4
Proof.We first prove the sufficient direction.Let Then the above formula is Φ 0 U T1 ϕ 1 .By the semantic of CLL, we have that there is a time t 1 ∈ T 1 such that σ µt 1 |= ϕ 1 , and for any t and we get ϕ 1 = Φ 1 U T2 ϕ 2 .In the similar way, we have that there is a time t 2 ∈ T 2 such that σ µt 1 +t 2 |= ϕ 2 , and for any t Iteratively, we get a set of time instants {t k } n k=0 with t 0 = 0.For all 1 ≤ k ≤ n, let Then it is easy to check that {I k ∈ R + } k=0 with I 0 = [0, 0] are the desired intervals satisfying the above two conditions.
Considering the necessary direction, by the above proof, we only need to identify

A.5 Proof of Theorem 4
Before presenting the proof of Theorem 4, we recall one useful technique from previous works -factoring PEFs.
Factoring PEFs An essential step of finding a real root isolation of a PEF is factoring it into a set of PEFs, such that the resulting PEFs have no multiple roots except for zero.In the following, we introduce a technique to implement this.Before that, we recall some concepts.
Given a root t * of a function f (t), i.e., f (t * ) = 0, the multiplicity of t * is the maximum number m such that (t − t * ) m is a factor of f (t), i.e., there exists a function g(t) such that f (t) = g(t)(t − t * ) m .In particular, if m = 1, then we call that t * is a single root ; otherwise t * is a multiple root.
Recall a PEF f : R → R has the following form: where for all 0 Without loss of generality, we assume λ k 's are distinct, and use Exp(f ) to denote the set of exponent of f (t), i.e., Exp(f ) = {λ k } K k=0 .Let {a j } n j=1 be a linearly independent basis over Q of the exponents Exp(f ) = {λ k } K k=0 appearing in f (t) such that f (t) is a multivariate polynomial with respect to t, e a1t , . . ., e ant , denoted by f (t, e a1t , . . ., e ant ).This basis can be obtained by computing a simple extension (e.g.[43], [44, Algorithm 1]) Next, we replace t by the indeterminate y 0 , and each exponential term e ait by y i for 1 ≤ i ≤ n.Then, we have a multivariate polynomial representation f (y 0 , . . ., y n ) of f (t) in the y ′ s.By the factorization of polynomials, we have whose greatest square free part is denoted by f (y 0 , . . ., y n ) = f 1 (y 0 , . . ., y n ) • • • f 1 (y 0 , . . ., y n ).
Via switching y ′ s back by e ait and t, we have a PEF f (t) = f (t, e a1t , . . ., e ant ).
It is worth noting that the set of roots of f (t) is the same to the one of f (t).In the latter, we will prove f (t) only has single roots.At last, a corollary of Schanuel's conjecture is also needed to prove Theorem 4.
Corollary 1. [20, Corollary 3] Let a 1 , . . ., a n be algebraic numbers that are linearly independent over Q.Under the condition that Schanuel's conjecture holds, the transcendence degree of the extension field Q(t, e a1t , . . ., e ant ) is at least n if t = 0.
Main Proof In this subsection, we prove Theorem 4 with the help of the exclusion algorithm in [44,Algorithm 2] which can compute a real root isolation Iso(f ) T for a given simple PEF f (t) and interval T .Here, a PEF f (t) is simple if all roots of f (t) are single.
In particular, if f (t) has only single roots in T (there is no t ∈ T such that f (t) = f ′ (t) = 0), then we can get a real root isolation Iso(f ) T by [44,Algorithm 2].Otherwise, f (t) has at least one multiple root, and thus the exclusion algorithm in [44] cannot be used to compute a real root isolation of f (t) directly.This can be dealt with by employing factoring PEFs in the last section and the following fact.Lemma 5. Let f (t) = f (t, e a1t , . . ., e ant ) be a PEF with respect to t, and thus a polynomial with respect to t, e a1t , . . ., e ant , where {a i } n i=1 is linearly independent over Q.If the multivariate polynomial representation f (y 0 , . . ., y n ) of f (t) is square free, then, assuming that Schanuel's conjecture holds, f (t) has no multiple real root except 0.
By the above lemma, for finding a real root isolation Iso(f ) T of a PEF f (t) in some time interval T , we first implement the method of factoring PEFs in the last section to get a simple PEF f (t), which shares the same roots with f (t).Then we can implement the exclusion algorithm in [44] to achieve this goal.Finally, we complete the proof of Theorem 4 by noting that the number of obtained real root isolations by the algorithm is finite (see the correctness analysis of [44, Algorithm 2]), i.e., |Iso(f ) T | < ∞.

-
for each 1 ≤ k ≤ n, µ t |= Φ k−1 for all t ∈ I k and I k ∈ I k , and µ t * |= Φ n , where t * = sup I n ; -for each 1 ≤ k ≤ n, I ∈ I k , there exists at least one I ′ ∈ I k−1 such that I ⊆ sup I ′ + T k and inf I = sup I ′ + inf T k .
and only if there exist time intervals {I k ⊆ R + } n k=0 with I 0 = [0, 0] such that -The satisfaction of intervals: for all 1 ≤ k ≤ n, µ t |= Φ k−1 for all t ∈ I k , and µ t * |= Φ n , where t * = sup I n and µ t = e Qt µ ∀t ∈ R + ; -The order of intervals: for all 1