SOTA temporal logic: replace speculative FRET/Pressburger claims with LTL operators from RA, cite Baier 2008

2-state-of-the-art/state-of-art.tex

@@ -161,31 +161,28 @@ primary assurance evidence remain as significant challenges.
 Formal verification of any system requires a precise language for stating
 what the system must do. Temporal logic provides this language by extending
 classical propositional logic with operators that express properties over
-time. Where propositional logic can state that a condition is true or false,
+time~\cite{baier_principles_2008}. Where propositional logic can state that
-temporal logic can state that a condition must always hold, must eventually
+a condition is true or false, temporal logic can state that a condition must
-hold, or must hold until some other condition is met. This expressiveness
+always hold, must eventually hold, or must hold until some other condition is
-makes temporal logic the foundation for specifying reactive systems---systems
+met. Linear temporal logic (LTL) formalizes these notions through four key
-that continuously interact with their environment and must satisfy ongoing
+operators:
-behavioral requirements.
+\begin{itemize}
-
+  \item $\mathbf{X}\phi$ (next): $\phi$ holds in the next state
-For nuclear control applications, temporal logic captures exactly the kinds
+  \item $\mathbf{G}\phi$ (globally): $\phi$ holds in all future states
-of properties that matter: safety properties (``the reactor never enters an
+  \item $\mathbf{F}\phi$ (finally): $\phi$ holds in some future state
-unsafe configuration''), liveness properties (``the system eventually reaches
+  \item $\phi \mathbf{U} \psi$ (until): $\phi$ holds until $\psi$ becomes
-operating temperature''), and response properties (``if coolant pressure
+    true
-drops, shutdown initiates within bounded time''). These properties can be
+\end{itemize}
-derived directly from operating procedures and regulatory requirements,
+These operators allow specification of safety properties ($\mathbf{G}\neg
-creating a formal link between existing documentation and verifiable system
+\text{unsafe}$), liveness properties ($\mathbf{F}\text{target}$), and
-behavior.
+response properties ($\mathbf{G}(\text{trigger} \rightarrow
-
+\mathbf{F}\text{response})$). For nuclear control, this expressiveness
-NASA's Formal Requirements Elicitation Tool (FRET) bridges the gap between
+captures exactly the kinds of requirements that matter: the reactor must
-natural language requirements and temporal logic specifications. FRET
+never enter an unsafe configuration, the system must eventually reach
-provides a structured intermediate language that allows engineers to define
+operating temperature, and if coolant pressure drops, shutdown must initiate
-temporal behavior without writing raw logic formulas. The HARDENS project
+within bounded time. These properties can be derived directly from operating
-used FRET for requirement capture, and it has been validated on aerospace
+procedures and regulatory requirements, creating a formal link between
-systems including a Lift+Cruise aircraft with 53 formalized
+existing documentation and verifiable system behavior.
-requirements~\cite{Pressburger2023}. FRET's ability to start with imprecise
-natural language and iteratively refine it into well-posed specifications
-makes it particularly suited to formalizing nuclear operating procedures.
 
 \subsubsection{Differential Dynamic Logic}