Software Engineering using Formal Methods

Size: px

Start display at page:

Download "Software Engineering using Formal Methods"

Sibyl Nichols
6 years ago
Views:

1 Softwre Engineering using Forml Methods Propositionl nd (Liner) Temporl Logic Wolfgng Ahrendt 13th Septemer 2016 SEFM: Liner Temporl Logic /GU / 60

2 Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU / 60

3 The Big Picture: Syntx, Semntics, Clculus Syntx Formul x Completeness Semntics Vlid Soundness Clculus Derivle SEFM: Liner Temporl Logic /GU / 60

4 Simplest Cse: Propositionl Logic Syntx PropositionlProposi FormulsFormuls x = InterprettionInterpr Vr {T, F } Sequent Clculus, SAT Solver,... SEFM: Liner Temporl Logic /GU / 60

5 Syntx of Propositionl Logic Signture A set of Propositionl Vriles P (with typicl elements p, q, r,...) Propositionl Connectives true, flse,,,,, Set of Propositionl Formuls For 0 Truth constnts true, flse nd vriles P re formuls If φ nd ψ re formuls then φ, φ ψ, φ ψ, φ ψ, φ ψ re lso formuls There re no other formuls (inductive definition) SEFM: Liner Temporl Logic /GU / 60

6 Remrk on Concrete Syntx Text ook Spin Negtion! Conjunction && Disjunction Impliction, > Equivlence < > We use mostly the textook nottion, except for tool-specific slides, input files. SEFM: Liner Temporl Logic /GU / 60

7 Propositionl Logic Syntx: Exmples Let P = {p, q, r} e the set of propositionl vriles Are the following chrcter sequences lso propositionl formuls? true p (p(q r)) p p (q ) flse (p (q r)) SEFM: Liner Temporl Logic /GU / 60

8 Simplest Cse: Propositionl Logic Syntx PropositionlProposi FormulsFormuls x = InterprettionInterpr Vr {T, F } Sequent Clculus, SAT Solver,... SEFM: Liner Temporl Logic /GU / 60

9 Semntics of Propositionl Logic Interprettion I Assigns truth vlue to ech propositionl vrile I : P {T, F } Exmple Let P = {p, q} p (q p) p q I 1 F F I 2 T F... SEFM: Liner Temporl Logic /GU / 60

10 Semntics of Propositionl Logic Interprettion I Assigns truth vlue to ech propositionl vrile I : P {T, F } Vlution Function vl I : Continution of I on For 0 vl I : For 0 {T, F } vl I (true) = T vl I (flse) = F vl I (p i ) = I(p i ) (cont d next pge) SEFM: Liner Temporl Logic /GU / 60

11 Semntics of Propositionl Logic (Cont d) Vlution function (Cont d) { T if vli (φ) = F vl I ( φ) = F otherwise { T if vli (φ) = T nd vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = T or vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = F or vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = vl vl I (φ ψ) = I (ψ) F otherwise SEFM: Liner Temporl Logic /GU / 60

12 Vlution Exmples Exmple Let P = {p, q} p (q p) p q I 1 F F I 2 T F... How to evlute p (q p) in I 2? vl I2 ( p (q p) ) = T iff vl I2 (p) = F or vl I2 (q p) = T vl I2 (p) = I 2 (p) = T vl I2 ( q p ) = T iff vl I2 (q) = F or vl I2 (p) = T vl I2 (q) = I 2 (q) = F SEFM: Liner Temporl Logic /GU / 60

13 Semntic Notions of Propositionl Logic Let φ For 0, Γ For 0 Definition (Stisfying Interprettion, Consequence Reltion) I stisfies φ (write: I = φ) iff vl I (φ) = T φ follows from Γ (write: Γ = φ) iff for ll interprettions I: If I = ψ for ll ψ Γ, then lso I = φ Definition (Stisfiility, Vlidity) A formul is stisfile if it is stisfied y some interprettion. If every interprettion stisfies φ (write: = φ) then φ is clled vlid. SEFM: Liner Temporl Logic /GU / 60

14 Semntics of Propositionl Logic: Exmples Formul (sme s efore) p (q p) Is this formul vlid? = p (q p)? SEFM: Liner Temporl Logic /GU / 60

15 Semntics of Propositionl Logic: Exmples p (( p) q) Stisfile? Stisfying Interprettion? Other Stisfying Interprettions? Therefore, not vlid! I(p) = T, I(q) = T p (( p) q) = q r Does it hold? Yes. Why? SEFM: Liner Temporl Logic /GU / 60

16 An Exercise in Formlistion 1 yte n; 2 ctive proctype [2] P() { 3 n = 0; 4 n = n } Cn we chrcterise the sttes of P propositionlly? Find propositionl formul φ P which is true if nd only if it descries possile stte of P. ( ) ((PC03 PC0 φ P := 4 PC0 5 ) ) (( PC0 5 PC1 5 ) = ( N 0 N 7 )) SEFM: Liner Temporl Logic /GU / 60

17 An Exercise in Formlistion 1 yte n; 2 ctive proctype [2] P() { 3 n = 0; 4 n = n } P : N 0, N 1, N 2,..., N 7 8-it representtion of yte PC0 3, PC0 4, PC0 5, PC1 3, PC1 4, PC1 5 next instruction pointer Which interprettions do we need to exclude? The vrile n is represented y eight its, ll vlues possile A process cnnot e t two positions t the sme time If neither process 0 nor process 1 re t position 5, then n is zero... ( ) ((PC03 PC0 φ P := 4 PC0 5 ) ) (( PC0 5 PC1 5 ) = ( N 0 N 7 )) SEFM: Liner Temporl Logic /GU / 60

18 Is Propositionl Logic Enough? Cn design for progrm P formul Φ P descriing ll rechle sttes For given property Ψ the consequence reltion Φ p = Ψ holds when Ψ is true in ny possile stte rechle in ny run of P But How to Express Properties Involving Stte Chnges? In ny run of progrm P n will ecome greter thn 0 eventully? n chnges its vlue infinitely often etc. Need more expressive logic: (Liner) Temporl Logic SEFM: Liner Temporl Logic /GU / 60

19 Trnsition systems (k Kripke Structures) p=t ; x s 0 F F p=t ; s 1 T F q=p; q=f ; s 2 T T p=f ; s 3 F T Nottion nme interp. updte x SEFM: Liner Temporl Logic /GU / 60

20 Trnsition systems (k Kripke Structures) p=t ; x s 0 F F p=t ; s 1 T F q=p; q=f ; s 2 T T p=f ; s 3 F T Ech stte s i hs its own propositionl interprettion I i Convention: list interprettion of vriles in lexicogrphic order Computtions, or runs, re infinite pths through sttes Intuitively finite runs modelled y looping on lst stte How to express (for exmple) tht p chnges its vlue infinitely often in ech run? SEFM: Liner Temporl Logic /GU / 60

21 Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU / 60

22 Liner Temporl Logic Syntx Syntx An extension of propositionl logic tht llows to specify properties of ll runs Bsed on propositionl signture nd syntx Extension with three connectives: Alwys If φ is formul, then so is φ Eventully If φ is formul, then so is φ Until If φ nd ψ re formuls, then so is φ Uψ Concrete Syntx text ook Spin Alwys [ ] Eventully <> Until U U SEFM: Liner Temporl Logic /GU / 60

23 Liner Temporl Logic Syntx: Exmples Let P = {p, q} e the set of propositionl vriles. p flse p q p q (p q) ( p) (( p) q) p U( q) SEFM: Liner Temporl Logic /GU / 60

24 Temporl Logic Semntics A run σ is n infinite chin of sttes s 0 I 0 s 1 I 1 s 2 I 2 s 3 I 3 s 4 I 4 I j propositionl interprettion of vriles in stte s j Write more compctly s 0 s 1 s 2 s 3... If σ = s 0 s 1, then σ i denotes the suffix s i s i+1 of σ. SEFM: Liner Temporl Logic /GU / 60

25 Temporl Logic Semntics (Cont d) Vlution of temporl formul reltive to run (infinite sequence of sttes) Definition (Vlidity Reltion) Vlidity of temporl formul depends on runs σ = s 0 s 1... σ = p iff I 0 (p) = T, for p P. σ = φ iff not σ = φ (write σ = φ) σ = φ ψ iff σ = φ nd σ = ψ σ = φ ψ iff σ = φ or σ = ψ σ = φ ψ iff σ = φ or σ = ψ Temporl connectives? SEFM: Liner Temporl Logic /GU / 60

26 Temporl Logic Semntics (Cont d) Run σ s 0 s 1 s k 1 s k φ φ φ ψ φ Definition (Vlidity Reltion for Temporl Connectives) Given run σ = s 0 s 1 σ = φ iff σ k = φ for ll k 0 σ = φ iff σ k = φ for some k 0 σ = φ Uψ iff σ k = ψ for some k 0, nd σ j = φ for ll 0 j<k (if k = 0 then φ needs never hold) SEFM: Liner Temporl Logic /GU / 60

27 Sfety nd Liveness Properties Sfety Properties Alwys-formuls clled sfety properties: something d never hppens Let mutex ( mutul exclusion ) e vrile tht is true when two processes do not ccess criticl resource t the sme time mutex expresses tht simultneous ccess never hppens Liveness Properties Eventully-formuls clled liveness properties: something good hppens eventully Let s e vrile tht is true when process delivers service s expresses tht service is eventully provided SEFM: Liner Temporl Logic /GU / 60

28 Complex Properties Wht does this men?infinitely Often σ = φ During run σ the formul φ ecomes true infinitely often SEFM: Liner Temporl Logic /GU / 60

29 Vlidity of Temporl Logic Definition (Vlidity) φ is vlid, write = φ, iff σ = φ for ll runs σ = s 0 s 1. Recll tht ech run s 0 s 1 essentilly is n infinite sequence of interprettions I 0 I 1 Representtion of Runs Cn represent set of runs s sequence of propositionl formuls: φ 0 φ 1, represents ll runs s 0 s 1 such tht s i = φ i for i 0 SEFM: Liner Temporl Logic /GU / 60

30 Semntics of Temporl Logic: Exmples φ Vlid? No, there is run where it is not vlid: ( φ φ φ...) Vlid in some run? Yes, for exmple: ( φ φ φ...) φ φ ( φ) ( φ) φ (true Uφ) All re vlid! (proof is exercise) is reflexive nd re dul connectives nd cn e expressed with only using U SEFM: Liner Temporl Logic /GU / 60

31 Trnsition Systems: Forml Definition Definition (Trnsition System) A trnsition system T = (S, Ini, δ, I) is composed of set of sttes S, set Ini S of initil sttes, trnsition reltion δ S S, nd leling I of ech stte s S with propositionl interprettion I s. Definition (Run of Trnsition System) A run of T is sequence of sttes σ = s 0 s 1 such tht s 0 Ini nd for ll i is s i S s well s (s i, s i+1 ) δ. SEFM: Liner Temporl Logic /GU / 60

32 Temporl Logic Semntics (Cont d) Extension of vlidity of temporl formuls to trnsition systems: Definition (Vlidity Reltion) Given trnsition system T = (S, Ini, δ, I), temporl formul φ is vlid in T (write T = φ) iff σ = φ for ll runs σ of T. SEFM: Liner Temporl Logic /GU / 60

33 Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU / 60

34 ω-lnguges Given finite lphet (voculry) Σ An ω-word w Σ ω is n infinite sequence w = o nk with i Σ, i {0,..., n}n L ω Σ ω is clled n ω-lnguge SEFM: Liner Temporl Logic /GU / 60

35 Büchi Automton Definition (Büchi Automton) A (non-deterministic) Büchi utomton over n lphet Σ consists of finite, non-empty set of loctions Q non-empty set of initil/strt loctions I Q set of ccepting loctions F = {F 1,..., F n } Q trnsition reltion δ Q Σ Q Exmple Σ = {, }, Q = {q 1, q 2, q 3 }, I = {q 1 }, F = {q 2 }, strt q 1 q 2 q 3 SEFM: Liner Temporl Logic /GU / 60

36 Büchi Automton Executions nd Accepted Words Definition (Execution) Let B = (Q, I, F, δ) e Büchi utomton over lphet Σ. An execution of B is pir (w, v), with w = o k Σ ω v = q o q k Q ω where q 0 I, nd (q i, i, q i+1 ) δ, for ll i N Definition (Accepted Word) A Büchi utomton B ccepts word w Σ ω, if there exists n execution (w, v) of B where some ccepting loction f F ppers infinitely often in v. SEFM: Liner Temporl Logic /GU / 60

37 Büchi Automton Lnguge Let B = (Q, I, F, δ) e Büchi utomton, then L ω (B) = {w Σ ω w Σ ω is n ccepted word of B} denotes the ω-lnguge recognised y B. An ω-lnguge for which n ccepting Büchi utomton exists is clled ω-regulr lnguge. SEFM: Liner Temporl Logic /GU / 60

38 Exmple, ω-regulr Expression Which lnguge is ccepted y the following Büchi utomton?, strt q 1 q 2 q 3 Solution: ( + ) () ω [NB: () ω = () ω ] ω-regulr expressions similr to stndrd regulr expression followed y + or ritrrily, ut finitely often new: ω infinitely often SEFM: Liner Temporl Logic /GU / 60

39 Decidility, Closure Properties Mny properties for regulr finite utomt hold lso for Büchi utomt Theorem (Decidility) It is decidle whether the ccepted lnguge L ω (B) of Büchi utomton B is empty. Theorem (Closure properties) The set of ω-regulr lnguges is closed with respect to intersection, union nd complement: if L 1, L 2 re ω-regulr then L 1 L 2 nd L 1 L 2 re ω-regulr L is ω-regulr then Σ ω \L is ω-regulr But in contrst to regulr finite utomt: Non-deterministic Büchi utomt re strictly more expressive thn deterministic ones. SEFM: Liner Temporl Logic /GU / 60

40 Büchi Automt More Exmples Lnguge: ( + ) ω q 0 q 1 Lnguge: ( ) ω q 0 q 1 SEFM: Liner Temporl Logic /GU / 60

41 Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU / 60

42 Liner Temporl Logic nd Büchi Automt Recll Definition (Vlidity Reltion) LTL nd Büchi Automt re connected Given trnsition system T = (S, Ini, δ, I), temporl formul φ is vlid in T (write T = φ) iff σ = φ for ll runs σ of T. A run of the trnsition system is n infinite sequence of interprettions I. Intended Connection Given n LTL formul φ: Construct Büchi utomton ccepting exctly those runs (infinite sequences of interprettions) tht stisfy φ. SEFM: Liner Temporl Logic /GU / 60

43 Encoding n LTL Formul s Büchi Automton P set of propositionl vriles, e.g., P = {r, s} Suitle lphet Σ for Büchi utomton? A stte trnsition of Büchi utomton must represent n interprettion Choose Σ to e the set of ll interprettions over P, encoded s 2 P Exmple Σ = {, {r}, {s}, {r, s} } I (r) = F, I (s) = F, I {r} (r) = T, I {r} (s) = F,... SEFM: Liner Temporl Logic /GU / 60

44 Büchi Automton for LTL Formul By Exmple Exmple (Büchi utomton for formul r over P = {r, s}) A Büchi utomton B ccepting exctly those runs σ stisfying r strt {r},{r, s} Σ In the first stte s 0 (of σ) t lest r must hold, the rest is ritrry Exmple (Büchi utomton for formul r over P = {r, s}) strt {r},{r, s}σ r Σ r := {I I Σ, r I } In ll sttes s (of σ) t lest r must hold SEFM: Liner Temporl Logic /GU / 60

45 Büchi Automton for LTL Formul By Exmple Exmple (Büchi utomton for formul r over P = {r, s}) strt {r},{r, s}σ r {r},{r, s}σ r Σ SEFM: Liner Temporl Logic /GU / 60

46 Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU / 60

47 Model Checking Check whether formul is vlid in ll runs of trnsition system. Given trnsition system T (e.g., derived from Promel progrm). Verifiction tsk: is the LTL formul φ stisfied in ll runs of T, i.e., T = φ? Temporl model checking with Spin: Topic of next lecture Tody: Bsic principle ehind Spin model checking SEFM: Liner Temporl Logic /GU / 60

48 Spin Model Checking Overview T = φ? 1. Represent trnsition system T s Büchi utomton B T such tht B T ccepts exctly those words corresponding to runs through T 2. Construct Büchi utomton B φ for negtion of formul φ 3. If then T = φ holds. L ω (B T ) L ω (B φ ) = If L ω (B T ) L ω (B φ ) then ech element of the set is counterexmple for φ. To check L ω (B T ) L ω (B φ ) construct intersection utomton nd serch for cycle through ccepting stte. SEFM: Liner Temporl Logic /GU / 60

49 Representing Model s Büchi Automton First Step: Represent trnsition system T s Büchi utomton B T ccepting exctly those words representing run of T Exmple ctive proctype P () { do :: tomic {!wq; wp = true }; Pcs = true; tomic { Pcs = flse; wp = flse } od } strt 0 1 {wp, Pcs} {wp} {wq} Similr code for process Q. Second tomic lock just to keep utomton smll. {wq, Qcs} SEFM: Liner Temporl Logic /GU / 60

50 Büchi Automton B φ for φ Second Step: Construct Büchi utomton corresponding to negted LTL formul T = φ holds iff there is no ccepting run σ of T s.t. σ = φ Simplify φ = Pcs = Pcs Büchi Automton B φ P = {wp, wq, Pcs, Qcs}, Σ = 2 P Σ Pcs strt 0 1 Σ Σ c Pcs Σ Pcs = {I I Σ, Pcs I }, Σ c Pcs = Σ Σ Pcs SEFM: Liner Temporl Logic /GU / 60

51 Checking for Emptiness of Intersection Automton Third Step: L ω (B T ) L ω (B φ ) =? Counterexmple Construction of intersection utomton: Appendix Intersection Automton (skipping first step of T for simplicity) {wp} {wp, Pcs} strt {wp} {wp, Pcs} {wq} {wp} {wq} {wp} {wq, Qcs} {wp, Pcs} SEFM: Liner Temporl Logic /GU / 60

52 Literture for this Lecture Ben-Ari Section (only syntx of LTL) Bier nd Ktoen Principles of Model Checking, My 2008, The MIT Press, ISBN: X SEFM: Liner Temporl Logic /GU / 60

53 Appendix I: Intersection Automton Construction SEFM: Liner Temporl Logic /GU / 60

54 Construction of Intersection Automton Given: two Büchi utomt B i = (Q i, δ i, I i, F i ), i = 1, 2 Wnted: Büchi utomton B 1 2 = (Q 1 2, δ 1 2, I 1 2, F 1 2 ) ccepting word w iff w is ccepted y B 1 nd B 2 Mye just the product utomton s for regulr utomt? SEFM: Liner Temporl Logic /GU / 60

55 First Attempt: Product Automt for Intersection Σ = {, }, ( + ) ω ( ) ω =? No, e.g., () ω ( + ) ω : 0 1 ( ) ω : 0 1 Product Automton: ccepting loction 11 never reched SEFM: Liner Temporl Logic /GU / 60

56 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

57 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

58 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

59 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

60 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

61 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

62 Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton SEFM: Liner Temporl Logic /GU / 60

63 Appendix II: Construction of Büchi Automton B φ for n LTL-Formul φ SEFM: Liner Temporl Logic /GU / 60

64 The Generl Cse: Generlised Büchi Automt A generlised Büchi utomton is defined s: B g = (Q, δ, I, F) Q, δ, I s for stndrd Büchi utomt F = {F 1,..., F n }, where F i = {q i1,..., q imi } Q Definition (Acceptnce for generlised Büchi utomt) A generlised Büchi utomton ccepts n ω-word w Σ ω iff for every i {1,..., n} t lest one q ik F i is visited infinitely often. SEFM: Liner Temporl Logic /GU / 60

65 Norml vs. Generlised Büchi Automt: Exmple 1 strt 0 2 {}}{{}}{ B norml with F = {1, 2}, B generl with F = { {1}, {2} } Which ω-word is ccepted y which utomton? ω-word B norml B generl () ω () ω F 1 F 2 SEFM: Liner Temporl Logic /GU / 60

66 Fischer-Ldner Closure Fischer-Ldner closure of n LTL-formul φ FL(φ) = {ϕ ϕ is suformul or negted suformul of φ} ( ϕ is identified with ϕ) Exmple FL(r Us) = {r, r, s, s, r Us, (r Us)} SEFM: Liner Temporl Logic /GU / 60

67 B φ -Construction: Loctions Assumption: U only temporl logic opertor in LTL-formul (cn express, with U) Loctions of B φ re Q 2 FL(φ) where ech q Q stisfies: Consistent, Totl Downwrd Closed ψ FL(φ): exctly one of ψ nd ψ in q ψ 1 Uψ 2 (FL(φ)\q) then ψ 2 q ψ 1 ψ 2 q: ψ 1 q nd ψ 2 q... other propositionl connectives similr ψ 1 Uψ 2 q then ψ 1 q or ψ 2 q FL(r Us) = {r, r, s, s, r Us, (r Us)} Q {r Us, r, s} {r Us, r, s} { (r Us), r, s} { (r Us), r, s} SEFM: Liner Temporl Logic /GU / 60

68 B φ -Construction: Trnsitions {r Us, r, s}, {r Us, r, s}, {r Us, r, s}, { (r Us), r, s}, { (r Us), r, s} }{{}}{{}}{{}}{{}}{{} q 1 q 2 q 3 q 4 q 5 Trnsitions (q, α, q ) δ φ : q 4 {s} {s} {s} {s} q 1 {s} q 2 {r} q 3 {r} {r} α = q P P set of propositionl vriles outgoing edges of q 1 leled {s}, of q 2 leled {r}, etc. 1. If ψ 1 Uψ 2 q nd ψ 2 q then ψ 1 Uψ 2 q 2. If ψ 1 Uψ 2 (FL(φ)\q) nd ψ 1 q then ψ 1 Uψ 2 q Initil loctions q I φ iff φ q Accepting loctions SEFM: Liner Temporl Logic /GU / 60

69 Remrks on Generlized Büchi Automt Construction lwys gives exponentil numer of sttes in φ Stisfiility checking of LTL is PSPACE-complete There exist (more complex) constructions tht minimize numer of required sttes One of these is used in Spin, which moreover computes the sttes lzily SEFM: Liner Temporl Logic /GU / 60

Lecture 9: LTL and Büchi Automata

Lecture 9: LTL and Büchi Automata Lecture 9: LTL nd Büchi Automt 1 LTL Property Ptterns Quite often the requirements of system follow some simple ptterns. Sometimes we wnt to specify tht property should only hold in certin context, clled