Model checking [1,2] is a cornerstone in formal verification, prominently featuring model checking for Linear Temporal Logic (LTL) and Computation Tree Logic (CTL). The automation inherent in model checking has facilitated its widespread adoption in the analysis and validation of software and hardware systems[3,4,5], communication protocols[6,7], and security protocols[8,9], achieving commendable outcomes. As computer systems grow in scale and complexity, practical systems increasingly exhibit quantitative behavioral attributes. Multi-agent systems [10,11,12,13], for instance, feature intricate dynamic structures and behavioral patterns that require the integration of quantitative information for an accurate portrayal of their dynamic behavior. In addressing the verification challenges posed by systems endowed with quantitative data, quantitative model checking methodologies have piqued considerable interest from academic and industrial circles alike. Hart et al. [14,15] pioneered probabilistic model checking, rooted in probability measures, employing Markov chains or Markov decision processes to model system behaviors and probabilistic computation tree logic or probabilistic linear temporal logic to define system properties. Sultan et al. [16,17] extended the probabilistic framework to multi-agent systems, introducing probabilistic multi-agent model checking. Chechik et al. [18,19] explored model checking for CTL and LTL on multi-valued Kripke structures, where values reside within a finite De Morgan algebra. Moreover, Li YongMing et al. established the theoretical foundation for possibility temporal logic and its applications in model checking. Literature [20] proposed Possibility Computation Tree Temporal Logic (PoCTL) and investigated its expressiveness. It was proven that PoCTL, particularly qualitative PoCTL, is more expressive than CTL. Equivalences for expressing fundamental CTL formulas using qualitative PoCTL formulas were provided. Some PoCTL formulas that cannot be expressed by any CTL formula were given. Qualitative properties of repeat accessibility and persistence were represented with PoCTL formulas. A model-checking approach for PoCTL based on fuzzy matrix composite operations and fixed-point techniques was presented, and the time complexity of the algorithm was analyzed. Literature [21] introduced the theory of generalized possibility measures and Generalized Possibility Kripke Structure (GPKS). Generalized Possibility Computation Tree Temporal Logic(GPoCTL) was proposed, with its syntax and semantics defined. A model-checking method for GPoCTL based on fuzzy matrix composite operations and fixed-point techniques was provided, and the time complexity of the algorithm was analyzed.

Quality constraints serve to delineate specific quality requisites that systems or computation trees must satisfy [22,23]. These requisites encompass a spectrum of performance metrics—such as response time and throughput—reliability metrics—such as failure rates—and security metrics. In our pioneering research pursuits, we innovatively amalgamated specific quality functions and predicates into Possibility Linear Temporal Logic (PoLTL), culminating in the proposition of Fuzzy Linear Temporal Logic with Quality Constraints (QFLTL) [24]. QFLTL empowers the articulation of a system's more intricate temporal attributes. These functions and predicates are meticulously defined based on the system's empirical operational data or projected objectives, yielding fuzzy truth values indicative of quality levels. The introduction of quality constraints significantly bolsters QFLTL's expressive capabilities in several facets: (1) Departing from PoLTL's singular information amalgamation operator, the minimum "$\wedge$", QFLTL introduces an enhanced repertoire of information aggregation operators, encompassing minimum "$\wedge$", product "$\bullet$", and the weighted average operator "${⨁}_{\lambda }$". This innovation effectively mitigates the issue of information erosion. (2) The weighted average operator "${⨁}_{\lambda }$" enables a preference-sensitive integration of path reachability insights and property satisfaction measures or the synthesis of disparate property subformulas, facilitating the delineation of more nuanced temporal properties. (3) The linear differential operators ${\lambda }_{cp}\left(\bullet \right),{\lambda }_{ne}\left(\bullet \right)\mathrm{a}\mathrm{n}\mathrm{d}{\lambda }_{cf}\left(\bullet \right)$, coupled with the quality predicate "$P$ ", can impose quality constraints on property formulas grounded in anticipated objectives, thereby enriching the portrayal of diverse system quantifiable properties. (4) By recursively defining formula satisfaction values onto path segments that meet property conditions, it ensures the synchronous alignment of path reachability and property satisfaction. These enhancements have been empirically validated in reference [24].

Building on the robust foundation established by QFLTL research, we introduce quality functions and quality predicates into PoCTL, culminating in the proposition of QFCTL. We delve into its logical characteristics and investigate the model checking theory of QFCTL on Fuzzy Kripke Structure(FKS). Section 2 delineates the syntax and semantics of QFCTL, illustrating its robust expressive capabilities and practical utility through instructive examples. Section 3 explores the intricate logical properties of QFCTL, encompassing the equivalence calculation and partial order relations of its formulas, the functional completeness of QFCTL operators, and the fundamental properties and determination of the characteristic predicate operator $Q_P(\bullet )$, which delineates the fulfillment characteristics of property formulas under the constraint of quality predicate P on pertinent paths, indicating full, none, or partial satisfaction. Section 4 focuses on the model checking problem of QFCTL on FKS. By ingeniously reducing the computation of QFCTL formulas from infinite to finite paths, we introduce a model checking algorithm with a time complexity proportional to the product of the QFCTL formula's length and the FKS's scale, and a space complexity equivalent to the FKS's scale. The reasonableness and complexity of the algorithm are rigorously substantiated. Section 5 builds upon QFCTL by introducing the quantitative characteristic predicate operator $Q_P^{*}(.)$, leading to the proposal of QFCTL*. We investigate the logical properties of QFCTL*, provide a determination theorem for the operator $Q_P^{*}(.)$, which describes the fulfillment status of property formula $\psi$ under the constraint of quality predicate $P$ on pertinent paths, signifying the ratio of paths satisfying $\psi$ under $P$ constraint among all paths satisfying $\psi$. We prove the well-defined nature of $Q_P^{*}(.)$, delineate the model checking algorithm for QFCTL*, and conduct a thorough analysis of the algorithm's complexity. Section 6 presents model checking application examples of ten illustrative QFCTL formulas and QFCTL* formulas on the FKS that characterizes the patient treatment process, as outlined in reference [24]. Through these applications, we vividly demonstrate the robust expressive capabilities and practical applicability of QFCTL and QFCTL*. Simultaneously, the automatic and effective nature of the model checking algorithms for QFCTL and QFCTL* presented in the paper is empirically validated. Conclusively, in Section 7, we summarize the primary research content of the article and outline some meaningful research directions pertaining to temporal logic with quality constraints and its reasoning problems.

We introduce these quality functions and quality predicates into PoCTL to propose QFCTL, and present the syntax and semantics of QFCTL.

Initially, we delineate the notion of relationships between QFCTL formulas.

Definition 7 [Relationships Between QFCTL Formulas] Let$\mathit{\phi },{{\mathit{\phi }}_1,\mathit{\phi }}_2$denote QFCTL state formulas and$\mathit{\psi },{{\mathit{\psi }}_1,\mathit{\psi }}_2$denote QFCTL path formulas.Consider$M=(S,I,\delta ,AP,L)$to be a FKS, where$Path\left(M\right)=\left\{\pi |\pi \in S^{\omega },I\left({\pi }_0\right)>0\right\}$is the set of infinite paths in$M$. Let“$~$” represent a relational operator, which may be selected from the set$\{>,<,\ge ,\le ,\ne ,=\}$. The relations among QFCTL formulas are delineated as follows:

(1) If for every state$s\in S$, the evaluation$⟦s,{\phi }_1⟧~⟦s,{\phi }_2⟧$, then${\phi }_1$is deemed to be in relation “$~$” with${\phi }_2$, indicated as${\phi }_1~{\phi }_2$.

(2) If for every path$\pi \in Path\left(M\right)$, the evaluation$⟦\pi ,{\psi }_1⟧~⟦\pi ,{\psi }_2⟧$, then${\psi }_1$is deemed to be in relation “$~$” with${\psi }_2$, indicated as${{ \psi }_1~\psi }_2$.

Subsequently, our research expedition advances towards the meticulous examination of the distinctive logical attributes intrinsic to Quantified Fuzzy Computation Tree Logic (QFCTL). As a pivotal pillar within its own theoretical architecture, this in-depth exploration is paramount for enhancing comprehension of the fundamental logical mechanisms that underpin this specialized field.

Theorem 1 [Equivalence Calculus of QFCTL Formulas]Let$\phi , {{ \phi }_1, \phi }_2$be state formulas in QFCTL, and$M=(S,I,\delta ,AP,L)$be an FKS.Then the following conclusions hold:

$\phi =\neg \neg \phi$;

${\lambda }_{cp}\left(\phi \right)=\neg {\lambda }_{ne}\left(\neg \phi \right),{ \lambda }_{ne}\left(\phi \right)=\neg {\lambda }_{cp}\left(\neg \phi \right)$;

${\lambda }_{ne}\left(\phi \right)=\phi {⨁}_{\lambda }Ture,{\lambda }_{cf}\left(\phi \right)={\lambda }_{cp}\left(\phi \right)+(1-\lambda )/2$;

${\phi }_1{⨁}_{\lambda }{\phi }_2={\phi }_2{⨁}_{1-\lambda }{\phi }_1$;

$\phi {⨁}_{\lambda }{(\phi }_1\wedge {\phi }_2)=(\phi {⨁}_{\lambda }{\phi }_1)\wedge ({\phi {⨁}_{\lambda }\phi }_2)$,$\phi {⨁}_{\lambda }{(\phi }_1\vee {\phi }_2)=(\phi {⨁}_{\lambda }{\phi }_1)\vee ({\phi {⨁}_{\lambda }\phi }_2)$;

${\phi }_1\wedge {\phi }_2=\neg \left({\neg \phi }_1\vee {\neg \phi }_2\right),{ \phi }_1\vee {\phi }_2=\neg ({\neg \phi }_1\wedge {\neg \phi }_2)$;

${\phi }_1⟶{\phi }_2={\neg \phi }_1\vee {\phi }_2$;

$\mathrm{◇}\phi =Ture\bigsqcup \phi$;

$\exists \mathrm{◇}\phi =\exists (Ture\bigsqcup \phi )$,$\forall \mathrm{◇}\phi =\forall (Ture\bigsqcup \phi );$$\exists \mathrm{◯}\phi =\neg \forall \mathrm{◯}\neg \phi ,\forall \mathrm{◯}\phi =\neg \exists \mathrm{◯}\neg \phi$;

$\exists \phi =\neg \forall \mathrm{◇}\neg \phi ,\forall \phi =\neg \exists \mathrm{◇}\neg \phi$;

$\mathrm{◯}\phi =\neg \left(\mathrm{◯}\neg \phi \right),\phi =\neg (\mathrm{◇}\neg \phi ),\mathrm{◇}\phi =\neg (\neg \phi )$;

$\mathrm{◇}\phi =\phi \vee \mathrm{◯}\mathrm{◇}\phi ,\phi =\phi \wedge \mathrm{◯}\phi$;

${\phi }_1\bigsqcup {\phi }_2={\phi }_2\vee ({\phi }_1\wedge \mathrm{◯}({\phi }_1\bigsqcup {\phi }_2)$;

$\forall \left({\phi }_1\wedge {\phi }_2\right)=\forall {\phi }_1\wedge \forall {\phi }_2;$$\exists \left({\phi }_1\vee {\phi }_2\right)=\exists {\phi }_1\vee \exists {\phi }_2$;

Proof: The above conclusions can be readily proven through straightforward calculations based on Definition 6. Here, we provide proof examples for (2), (5), (14), (15), and (16) as follows.

Proof of Conclusion (2). For all $s\in S$,

$⟦s,\neg {\lambda }_{ne}\left(\neg \phi \right)⟧=1-⟦s,{\lambda }_{ne}\left(\neg \phi \right)⟧$$=1-(\left(1-\lambda \right)+\lambda ⟦s,\neg \phi ⟧)$ ${\lambda }_{cp}\left(\phi \right)$$=1-\left(\left(1-\lambda \right)+\lambda \left(1-⟦s,\phi ⟧\right)\right)$$=\lambda ⟦s,\phi ⟧=⟦s,{\lambda }_{cp}\left(\phi \right)⟧$.

Therefore,${\lambda }_{cp}\left(\phi \right)=\neg {\lambda }_{ne}\left(\neg \phi \right)$. By analogous reasoning, it can be shown that,

${\lambda }_{ne}\left(\phi \right)=\neg {\lambda }_{cp}\left(\neg \phi \right)$.

Proof of Conclusion (5). For all $s\in S$,

$⟦s,\phi {⨁}_{\lambda }{(\phi }_1\wedge {\phi }_2)⟧=\lambda ⟦s,\phi ⟧+\left(1-\lambda \right)(⟦s,{\phi }_1⟧\wedge ⟦s,{\phi }_2⟧)$$=(\lambda ⟦s,\phi ⟧+\left(1-\lambda \right)⟦s,{\phi }_1⟧)\wedge (\lambda ⟦s,\phi ⟧+\left(1-\lambda \right)⟦s,{\phi }_2⟧)$$=⟦s,\phi {⨁}_{\lambda }{\phi }_1⟧\wedge ⟦s,\phi {⨁}_{\lambda }{\phi }_1⟧$.

Therefore,$\phi {⨁}_{\lambda }{(\phi }_1\wedge {\phi }_2)=(\phi {⨁}_{\lambda }{\phi }_1)\wedge ({\phi {⨁}_{\lambda }\phi }_2)$. By analogous reasoning, it can be shown that,$\phi {⨁}_{\lambda }{(\phi }_1\vee {\phi }_2)=(\phi {⨁}_{\lambda }{\phi }_1)\vee ({\phi {⨁}_{\lambda }\phi }_2)$.

Proof of Conclusion (14). For all $\pi \in Path\left(M\right)$,$i\in \mathbb{N}$,

$⟦{\pi }^i,{\phi }_2\vee ({\phi }_1\wedge ◯({\phi }_1\bigsqcup {\phi }_2)⟧$$=⟦{\pi }^i,{\phi }_2⟧\vee ⟦{\pi }^i,{\phi }_1\wedge ◯({\phi }_1\bigsqcup {\phi }_2)⟧$$=⟦{\pi }^i,{\phi }_2⟧\vee (⟦{\pi }^i,{\phi }_1⟧\wedge ⟦{\pi }^i,◯\left({\phi }_1\bigsqcup {\phi }_2\right)⟧)$$=⟦{\pi }^i,{\phi }_2⟧\vee (⟦{\pi }^i,{\phi }_1⟧\wedge ⟦{\pi }^{i+1},{\phi }_1\bigsqcup {\phi }_2⟧)$$=⟦{\pi }^i,{\phi }_2⟧\vee (⟦{\pi }^i,{\phi }_1⟧\wedge \underset{j\ge i+1}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge \underset{i+1\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧\left)\right)$$=⟦{\pi }^i,{\phi }_2⟧\vee \underset{j\ge i+1}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge (⟦{\pi }^i,{\phi }_1⟧\wedge \underset{i+1\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧\left)\right)$$=⟦{\pi }^i,{\phi }_2⟧\vee \underset{j\ge i+1}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge \underset{i\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧)$$=(⟦{\pi }^i,{\phi }_2⟧\wedge Ture)\vee \underset{j\ge i+1}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge \underset{i\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧)$$=(⟦{\pi }^i,{\phi }_2⟧\wedge \underset{i\le k<i}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧)\vee \underset{j\ge i+1}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge \underset{i\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧)$$=\underset{j\ge i}{\bigvee }(⟦{\pi }^j,{\phi }_2⟧\wedge \underset{i\le k<j}{\bigwedge }⟦{\pi }^k,{\phi }_1⟧)$$=⟦{\pi }^i,{\phi }_1\bigsqcup {\phi }_2⟧$.

Conclusion (14) Established.

Proof of Conclusion (15). For all $s\in S$,

$⟦s,{\forall (\phi }_1\wedge {\phi }_2)⟧=\underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,{(\phi }_1\wedge {\phi }_2)⟧$$=\underset{\pi \in Path\left(s\right)}{\bigwedge }\underset{i\ge 0}{\bigwedge }⟦{\pi }^i,{\phi }_1\wedge {\phi }_2⟧$$=\underset{\pi \in Path\left(s\right)}{\bigwedge }(\underset{i\ge 0}{\bigwedge }⟦{\pi }^i,{\phi }_1⟧\wedge \underset{i\ge 0}{\bigwedge }⟦{\pi }^i,{\phi }_2⟧)$$=\left(\underset{\pi \in Path\left(s\right)}{\bigwedge }\underset{i\ge 0}{\bigwedge }⟦{\pi }^i,{\phi }_1⟧\right)\wedge \left(\underset{\pi \in Path\left(s\right)}{\bigwedge }\underset{i\ge 0}{\bigwedge }⟦{\pi }^i,{\phi }_2⟧\right)$$=\underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,{\phi }_1⟧\wedge \underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,⟦\pi ,{\phi }_2⟧⟧$$=⟦s,{\forall \phi }_1⟧\wedge ⟦s,{\forall \phi }_2⟧$$=⟦s,{\forall \phi }_1\wedge {\forall \phi }_2⟧$.

Conclusion (15) Established.

The proof for Conclusion (16) is identical to that of Conclusion (15) and will not be repeated here. This completes the proof of Theorem 1. □

Proposition 1. The set $\{\neg ,\vee ,{⨁}_{\lambda },Q_P(\bullet ),\exists \mathrm{◯},\exists \bigsqcup ,\forall \bigsqcup \}$ constitutes a functionally complete set of operators for QFCTL.

With the functionally complete set of operators for QFCTL, we only need to consider the operators within this set during model checking.

Proposition 2 [Inequality Relations Among QFCTL Formulas]Let$M=(S,I,\delta ,AP,L)$be an FKS,$\phi$signifies a QFCTL state formula, and$\psi$denotes a QFCTL path formula. Then,

(1) ${\lambda }_{cp}\left(\phi \right)\le {\lambda }_{cf}\left(\phi \right)\le {\lambda }_{ne}\left(\phi \right)$, with equality holding if and only if $\lambda =1$;

(2) $\square \phi \le ◯\phi \le \mathrm{◇}\phi$;

(3) $\forall \psi \le \exists \psi$.

The aforementioned conclusions can be readily proven by simple calculations according to Definition 6.

The characteristic predicate operator $Q_P(\bullet )$ qualitatively characterizes the relationship between the satisfaction value of a QFCTL formula and a quality predicate $P\subseteq \left[\mathrm{0,1}\right]\cap \mathbb{Q}$. Below are the properties and decision theorems for the characteristic predicate operator.

Theorem 2 [Fundamental Properties and Decisions of the Characteristic Predicate Operator]Let$=(S,I,\delta ,AP,L)$be an FKS,

$\psi$denotes a QFCTL path formula. Let$P=[\alpha ,\beta ]\subseteq \left[\mathrm{0,1}\right]$be a quality predicate, where$\overline{P}$ denotes the complement of$P$in [0,1], and$v\left[s,\psi \right]=\left\{⟦\pi ,\psi ⟧\right|\pi \in Path\left(s\right)\}$represents the set of satisfaction values of$\psi$over all paths starting from state$s\in S$. Then,

(1) $Q_P\left(\psi \right)+Q_{\overline{P}}\left(\psi \right)=1,Q_P\left(\neg \psi \right)=Q_{\overline{P}}\left(\psi \right)$;

(2) $Q_P\left(\psi \right)=0$ if and only if $\forall \psi >\beta$ or $\exists \psi <\alpha$;

(3) $Q_P\left(\psi \right)=1$ if and only if $\alpha \le \forall \psi \le \exists \psi \le \beta$;

(4) $Q_P\left(\psi \right)=0.5$ if and only if $\forall \psi <\alpha \le \exists \psi \le \beta$ or $\alpha \le \forall \psi \le \beta <\exists \psi$.

Proof: (1) For all $s\in S$, if $⟦s,Q_P\left(\psi \right)⟧=1$, then for all $\pi \in Path\left(s\right)$,$⟦\pi ,\psi ⟧\in P$. Consequently, for all $\pi \in Path\left(s\right)$,$⟦\pi ,\psi ⟧\notin \overline{P}$, where $\overline{P}$ denotes the complement of $P$. This implies $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0$, so we have $Q_P\left(\psi \right)+Q_{\overline{P}}\left(\psi \right)=1$. Conversely, if $⟦s,Q_P\left(\psi \right)⟧=0$, then it follows that $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=1$, again yielding $Q_P\left(\psi \right)+Q_{\overline{P}}\left(\psi \right)=1$.

For all $s\in S$, if $⟦s,Q_P\left(\psi \right)⟧=0.5$, then there exist $\pi ,\pi \mathrm{\text{'}}\in Path\left(s\right),⟦\pi ,\psi ⟧\in P$ and $⟦\pi \mathrm{\text{'}},\psi ⟧\notin P$ simultaneously. Consequently,$⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0.5$. Therefore,$Q_P\left(\psi \right)+Q_{\overline{P}}\left(\psi \right)=1$.

This demonstrates that the sum of the predicates $Q_P\left(\psi \right) \mathrm{a}\mathrm{n}\mathrm{d} Q_{\overline{P}}\left(\psi \right)$ is always unity, reflecting the complementary nature of the sets $P$ and $\overline{P}$ within the logical framework defined.

For all $s\in S$, if $⟦s,Q_P\left(\neg \psi \right)⟧=1$, then for all $\pi \in Path\left(s\right)$,$⟦\pi ,\neg \psi ⟧\in P$. Consequently, for all $\pi \in Path\left(s\right)$,$1-⟦\pi ,\psi ⟧\in P$, which implies $⟦\pi ,\psi ⟧\in \overline{P}$. Thus ,$⟦s,Q_{\overline{P}}\left(\psi \right)⟧=1=⟦s,Q_P\left(\neg \psi \right)⟧$. Conversely, if $⟦s,Q_P\left(\neg \psi \right)⟧=0$, then $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0$, and also $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0=⟦s,Q_P\left(\neg \psi \right)⟧$.

For all $s\in S$, if $⟦s,Q_P\left(\neg \psi \right)⟧=0.5$, then there exist $\pi ,\pi \mathrm{\text{'}}\in Path\left(s\right),⟦\pi ,\neg \psi ⟧\in P$ and $⟦\pi \mathrm{\text{'}},\neg \psi ⟧\notin P$. This implies that $⟦\pi ,\psi ⟧\in \overline{P}$ and $⟦\pi \mathrm{\text{'}},\psi ⟧\notin \overline{P}$. Hence $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0.5$. Therefore, $⟦s,Q_{\overline{P}}\left(\psi \right)⟧=0.5=⟦s,Q_P\left(\neg \psi \right)⟧$.

(2) First, prove the sufficiency. When $\forall \psi >\beta$, for all $s\in S$, since $\beta <⟦s,\forall \psi ⟧=\underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,\psi ⟧$, it follows that for all $\pi \in Path\left(s\right),⟦\pi ,\psi ⟧>\beta$. Given that $\beta$ is the upper bound of $P=[\alpha ,\beta ]$, it implies that for all $\pi \in Path\left(s\right)$, $⟦\pi ,\psi ⟧\notin P$. According to Definition 6, we conclude that $⟦s,Q_P\left(\psi \right)⟧=0$. This intuitive result is illustrated in Figure 2.

when $\forall \psi >\beta .$When $\exists \psi <\alpha$, for all $s\in S$, since $\alpha >⟦s,\exists \psi ⟧=\underset{\pi \in Path\left(s\right)}{\bigvee }⟦\pi ,\psi ⟧$, it follows that for all $\pi \in Path\left(s\right),⟦\pi ,\psi ⟧<\alpha$. Given that $\alpha$ is the lower bound of $P=[\alpha ,\beta ]$,, it implies that for all $\pi \in Path\left(s\right), ⟦\pi ,\psi ⟧\notin P$. According to Definition 6, we conclude that $⟦s,Q_P\left(\psi \right)⟧=0$. This intuitive result is illustrated in Figure 3.

when $\exists \psi <\alpha .$In fact, (2) corresponds to $v\left[s,\psi \right]\cap P=\Phi$, which means that $v\left[s,\psi \right] \mathrm{a}\mathrm{n}\mathrm{d} P$ are disjoint. Conversely, when proving the necessity, $Q_P\left(\psi \right)=0$ corresponds to two scenarios depicted in Figure 2 and Figure 3, leading straightforwardly to the conclusion that either $\forall \psi >\beta$ or $\exists \psi <\alpha$. Thus, conclusion (2) is proven.

(3) First, prove the sufficiency. When $\alpha \le \forall \psi \le \exists \psi \le \beta$, for all $s\in S$, on one hand, we have $\alpha \le ⟦s,\forall \psi ⟧=\underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,\psi ⟧$, implying that for all $\pi \in Path\left(s\right),⟦\pi ,\psi ⟧\ge \alpha$. On the other hand, $\beta \ge ⟦s,\exists \psi ⟧=\underset{\pi \in Path\left(s\right)}{\bigvee }⟦\pi ,\psi ⟧$, implying that for all $\pi \in Path\left(s\right),⟦\pi ,\psi ⟧\le \beta$. Consequently, for all $\pi \in Path\left(s\right),⟦\pi ,\psi ⟧\in P$. According to Definition 6, we conclude that $⟦s,Q_P\left(\psi \right)⟧=1$. This intuitive result is illustrated in Figure 4. In fact, (3) corresponds to $v\left[s,\psi \right]\subseteq P$, i.e., $v\left[s,\psi \right]$is contained within $P$.

when $\alpha \le \forall \psi \le \exists \psi \le \beta .$With reference to Figure 4, it is straightforward to demonstrate the necessity of conclusion (3). Thus, conclusion (3) is proven.

(4) First, prove the sufficiency. When $\forall \psi <\alpha \le \exists \psi \le \beta$, for all $s\in S$, on one hand, $\alpha >⟦s,\forall \psi ⟧=\underset{\pi \in Path\left(s\right)}{\bigwedge }⟦\pi ,\psi ⟧$, which implies that there exists $\pi \in Path\left(s\right)$, so that $⟦\pi ,\psi ⟧\notin P$. On the other hand, from $\alpha \le ⟦s,\exists \psi ⟧\le \beta$, we know that $\alpha \le \underset{\pi \in Path\left(s\right)}{\bigvee }⟦\pi ,\psi ⟧\le \beta$, which indicates that there exists $\pi \text{'},\in Path\left(s\right)$, so that $\alpha \le ⟦\pi \text{'},\psi ⟧\le \beta$. . Therefore, there exists $\pi \text{'},\in Path\left(s\right)$, so that $⟦\pi \text{'},\psi ⟧\in P$. According to Definition 6, we conclude that $⟦s,Q_P\left(\psi \right)⟧=0.5$. This intuitive result is illustrated in Figure 5.

when $\forall \psi <\alpha \le \exists \psi \le \beta .$When $\alpha \le \forall \psi \le \beta <\exists \psi$, similarly, it can be proven that $Q_P\left(\psi \right)=0.5$. This is intuitively illustrated in Figure 6.

when $\alpha \le \forall \psi \le \beta <\exists \psi .$In fact, (4) corresponds to the case where $v\left[s,\psi \right]$ partially intersects with $P$. With reference to Figure 5 and Figure 6, the proof of the necessity of conclusion (4) is also evident.

Proof of Theorem 4 is complete. □

Corollary 1. Let$M=(S,I,\delta ,AP,L)$be an FKS, and$\psi$be a QFCTL path formula. When the quality predicate$P$is an open or half-open interval, the conclusion (1) of Theorem 2 holds. The conditions for conclusions (2), (3), and (4) can be slightly modified to yield the following conclusions:

When$P=\left(\alpha ,\beta \right)\subset \left[\mathrm{0,1}\right]$, we have:

(1) $Q_P\left(\psi \right)=0$ if and only if $\forall \psi \ge \beta$ or $\exists \psi \le \alpha$;

(2) $Q_P\left(\psi \right)=1$ if and only if $\alpha <\forall \psi \le \exists \psi <\beta$;

(3) $Q_P\left(\psi \right)=0.5$ if and only if $\forall \psi \le \alpha <\exists \psi <\beta$ or $\alpha <\forall \psi <\beta \le \exists \psi$.

When$P=(\alpha ,\beta ]\subset \left[\mathrm{0,1}\right]$, we have:

(4) $Q_P\left(\psi \right)=0$ if and only if $\forall \psi >\beta$ or $\exists \psi \le \alpha$;

(5) $Q_P\left(\psi \right)=1$ if and only if $\alpha <\forall \psi \le \exists \psi \le \beta$;

(6) $Q_P\left(\psi \right)=0.5$ if and only if $\forall \psi \le \alpha <\exists \psi \le \beta$ or $\alpha <\forall \psi \le \beta <\exists \psi$.