Temporal Logic of Actions

Similar documents
CS256/Winter 2009 Lecture #1. Zohar Manna. Instructor: Zohar Manna Office hours: by appointment

THEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006

CS256/Winter 2009 Lecture #6. Zohar Manna

Transition Predicate Abstraction and Fair Termination

Model Checking with CTL. Presented by Jason Simas

Symmetry Reductions. A. Prasad Sistla University Of Illinois at Chicago

The State Explosion Problem

Automata-Theoretic Model Checking of Reactive Systems

Model Checking: An Introduction

CS477 Formal Software Dev Methods

The TLA + proof system

TLA in Pictures Leslie Lamport

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Linear-Time Logic. Hao Zheng

Chapter 6: Computation Tree Logic

Model Checking. Boris Feigin March 9, University College London

Temporal Logic and Fair Discrete Systems

A Constructor-Based Reachability Logic for Rewrite Theories

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Abstractions and Decision Procedures for Effective Software Model Checking

Finite-State Model Checking

Computation Tree Logic

Decomposing Specifications of Concurrent Systems

Linear Temporal Logic and Büchi Automata

Logic in Automatic Verification

CS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Topics in Verification AZADEH FARZAN FALL 2017

Models for Efficient Timed Verification

Automata-based Verification - III

Model Checking of Systems Employing Commutative Functions

Software Verification

Automata-based Verification - III

FORMAL METHODS LECTURE IV: COMPUTATION TREE LOGIC (CTL)

Chapter 4: Computation tree logic

Verification, Refinement and Scheduling of Real-time Programs

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

An Introduction to Temporal Logics

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Alternating-Time Temporal Logic

PSL Model Checking and Run-time Verification via Testers

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Logic Model Checking

State-Space Exploration. Stavros Tripakis University of California, Berkeley

The algorithmic analysis of hybrid system

Automata, Logic and Games: Theory and Application

Modelling and Analysing Variability in Product Families

LTL and CTL. Lecture Notes by Dhananjay Raju

Lecture 3: Semantics of Propositional Logic

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

Reasoning about Strategies: From module checking to strategy logic

Overview. overview / 357

A Temporal Logic of Actions. Leslie Lamport April 1, 1990

Modeling and Developing Systems Using TLA + Stephan Merz. INRIA Lorraine & LORIA. Nancy, France

T Reactive Systems: Temporal Logic LTL

Proving Liveness of Parameterized Programs

7. Queueing Systems. 8. Petri nets vs. State Automata

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Lecture 16: Computation Tree Logic (CTL)

Computer Science and State Machines

Outline. Formale Methoden der Informatik First-Order Logic for Forgetters. Why PL1? Why PL1? Cont d. Motivation

The Temporal Logic of Actions. Leslie Lamport. December 25, 1991

Timo Latvala. February 4, 2004

Reasoning about Time and Reliability

Computation Tree Logic

Separating Fairness and Well-Foundedness for the Analysis of Fair Discrete Systems

Petri Nets and Model Checking. Natasa Gkolfi. University of Oslo. March 31, 2017

Model checking for LTL (= satisfiability over a finite-state program)

The TLA + Proof System

Alternating Time Temporal Logics*

Chapter 3: Linear temporal logic

Foundations of System Development

Transition Predicate Abstraction and Fair Termination

Ranking Abstraction as Companion to Predicate Abstraction

CS357: CTL Model Checking (two lectures worth) David Dill

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Model Checking Algorithms

Relations to first order logic

A Modular Rewriting Semantics for CML

Summary. Computation Tree logic Vs. LTL. CTL at a glance. KM,s =! iff for every path " starting at s KM," =! COMPUTATION TREE LOGIC (CTL)

Safety and Liveness Properties

Propositional and Predicate Logic - VII

Transition Systems and Linear-Time Properties

Notes. Corneliu Popeea. May 3, 2013

MODEL-CHECKING IN DENSE REAL-TIME SHANT HARUTUNIAN

Logic. Propositional Logic: Syntax

An Introduction to Hybrid Systems Modeling

Trace Semantics for the Owicki-Gries Theory Integrated with the Progress Logic from UNITY

Distributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour

Verifying Temporal Properties of Reactive Systems: A STeP Tutorial *

From Liveness to Promptness

Temporal Logic Model Checking

On-the-Fly Model Checking for Extended Action-Based Probabilistic Operators

Special Topics on Applied Mathematical Logic

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

The Underlying Semantics of Transition Systems

Statistics for Financial Engineering Session 2: Basic Set Theory March 19 th, 2006

Time and Timed Petri Nets

Transcription:

Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008

Outline Basic Concepts Transition Systems Temporal Operators Fairness Introduction Definitions Example TLC - A Model Checker for TLA +Cal - An Algorithm Language Based on TLA Introduction Example

Basic Concepts Transition Systems Interpretations Vocabulary V a countable set of variables Expressions over V: x+y Assertions over V: x>0 Interpretations I An interpretation I I maps a set of variables V V to values. Example for V = {x, y, z}: I = x : 2, y : 8, z : abc

Basic Concepts Transition Systems Interpretations An interpretation I satifies an assertion φ iff φ evaluates to true w.r.t. I I = φ Example: I = x : 2, y : 8, z : abc φ := (x < y) (z = abc ) I = φ (I[x] < I[y]) (I[z] = abc ) (2 < 8) ( abc = abc )

Basic Concepts Transition Systems Transition Systems A transition system is a quadruple where Π,Σ, T,Θ Π V a set of state variables divided into data variables and control variables Σ a set of states interpretations of Π T a finite set of transitions transition is a function τ : Σ 2 Σ Θ an initial condition assertion specifying the initial states

Basic Concepts Transition Systems Transitions A transition τ : Σ 2 Σ is characterized by a transition relation ρ τ (Π,Π ) Example with Π = {x}: x > 0 x = x + 1 s is a τ-successor of s iff s τ(s) τ is enabled iff τ(s)

Basic Concepts Transition Systems Transitions a computation is an infinite sequence of states σ : s 0, s 1, s 2,... with s 0 = Θ i τ : s i+1 τ(s i ) implicitly assume idling transition τ I (e.g. to model terminating systems)

Basic Concepts Transition Systems Example Π : {x, y} Θ : x = 0 y = 0 τ x : x = x + 1 τ y : y = y + 1 Possible Computations x : 0, y : 0 x : 0, y : 0 x : 0, y : 0 x : 1, y : 0 x : 0, y : 1 x : 0, y : 0 x : 2, y : 0 x : 1, y : 1 x : 0, y : 0 x : 3, y : 0 x : 1, y : 2 x : 0, y : 0.........

Basic Concepts Temporal Operators Intuition φ Eventually φ: φ φ... φ don t care... φ Always φ: φ φ... φ Next φ: don t care φ don t care... φ U ψ φ Until ψ: φ φ... φ ψ don t care Symmetry φ φ

Basic Concepts Temporal Operators Formal Definition Let σ : s 0, s 1,.... Then σ[i] : s i, s i+1,... i 0 Eventually φ σ = φ i 0 : σ[i] = φ Always φ σ = φ i 0 : σ[i] = φ

Basic Concepts Temporal Operators Formal Definition Let σ : s 0, s 1,.... Then σ[i] : s i, s i+1,... i 0 Next φ σ = φ σ[1] = φ φ Until ψ σ = φ U ψ i 0 : σ[i] = ψ 0 j < i : σ[j] = φ

Basic Concepts Temporal Operators Some Properties Useful expressions infinitely often: eventually always: φ φ Symmetry φ φ φ φ φ φ φ φ

Basic Concepts Fairness Motivation Reconsider the example: Π : {x, y} Θ : x = 0 y = 0 τ x : x = x + 1 τ y : y = y + 1 Does it satisfy (x > 0 y > 0)? No! Only taking the idling transition τ i x : 0, y : 0 x : 0, y : 0 x : 0, y : 0 x : 0, y : 0...

Basic Concepts Fairness Definitions Weak Fairness (Justice) If a transition is continually enabled, it is taken infinitely often. Enabled(τ) Taken(τ) Enabled(τ) Taken(τ)

Basic Concepts Fairness Definitions Strong Fairness (Compassion) If a transition is infinitely often enabled, it is taken infinitely often. Enabled(τ) Taken(τ) Enabled(τ) Taken(τ)

Basic Concepts Fairness Weak vs. Strong Fairness Any computation satisfying a strong fairness condition also satifies the corresponding weak fairness condition: ( Enabled(τ) Taken(τ)) ( Enabled(τ) Taken(τ)) because φ φ

Basic Concepts Fairness Adding Fairness to our Example Since both transitions τ x and τ y are always enabled Enabled(τ x ) = Enabled(τ y ) = true weak fairness is enough to exclude computations where (x > 0 y > 0) doesn t hold. Actually, for all n 0, it holds (x > n) (y > n)

Introduction Basic Facts Developed by Lesley Lamport (Microsoft Research) Specify (concurrent) systems with logical formulas Proof properties of specifications Modular specifications Extension: TLA +

Definitions Basic Definitions State Functions nonboolean expressions built from variables and constants State Predicates boolean expressions containing variables and constants Actions boolean expressions formed from variables, primed variables and constants

Definitions Temporal Operators F (Eventually F ), G (Always G) common temporal operators F G F leads to G equivalent to (F G) Unchangedf f = f Example: Unchanged x, y (x = x) (y = y)

Definitions Additional Operators Stuttering In TLA, there is no implicit idling transition, but there is a special operator to explicitly express stuttering: Progress [A] f A (f = f) To express progress, a new operator is introduced: A f A (f f)

Definitions Fairness To express fairness in TLA, there are special operators: Weak Fairness WF f (A) ( A f ) ( Enabled A f ) Strong Fairness SF f (A) ( A f ) ( Enabled A f )

Example Example revisited in TLA Init Φ M x M y = (x = 0) (y = 0) = (x = x + 1) (y = y) = (y = y + 1) (x = x) M = M x M y Φ = Init Φ [M] x,y WF x,y (M x ) WF x,y (M y )

Example Example revisited in TLA EXTENDS N aturals VARIABLES x, y MODULE Counter Init Φ = (x = 0) (y = 0) M x = (x = x + 1) (y = y) M y = (y = y + 1) (x = x) M = M x M y Φ = Init Φ [M] x,y WF x,y (M x ) WF x,y (M y )

TLC - A Model Checker for TLA The TLC Model Checker designed and implemented by Yuan Yu can handle specifications of the form Init [Next] vars Temporal checks for deadlocks, expressed by (ENABLED N ext) can check various types of properties (e.g. invariants) builds a state graph to proof or disproof properties

TLC - A Model Checker for TLA Exploring the state graph 1. compute the set of states satisfying the initial condition 2. compute for each state the successor states according to the next-state action state space has to be finite

TLC - A Model Checker for TLA Another Example - Mutual Exclusion Init Next i,1 Next i,2 Next i,3... MutExSpec = sem = 1 pc 1 = acq pc 2 = acq = pc i = acq sem > 0 pc i = crit sem = sem 1 pc 1 i = pc 1 i = pc i = crit pc i = rel sem = sem pc 1 i = pc 1 i = pc i = rel pc i = acq =... sem = sem + 1 pc 1 i = pc 1 i = Init [Next] vars SF vars (Next 1 ) SF vars (Next 2 )

TLC - A Model Checker for TLA The state graph 1, acq, acq 0, crit, acq 0, acq, crit 0, rel, acq 0, acq, rel

+Cal - An Algorithm Language Based on TLA Introduction Basic Facts a language for writing (concurrent) algorithms can be automatically translated to TLA can be model-checked (using TLC) uses labels to break a sequence of statements into atomic steps two syntaxes: c-syntax (c-like) p-syntax (prolix)

+Cal - An Algorithm Language Based on TLA Example Fast Mutual Exclusion (pseudo code)

+Cal - An Algorithm Language Based on TLA Example Fast Mutual Exclusion (+CAL)

Conclusion Conclusion TLA Specify (concurrent) systems with logical formulas Automatically proof properties of specifications Model Checker TLC Modular design +CAL Algorithm language for writing (concurrent) algorithms Goal: Combine precision of programming languages with readability of pseudo code Automatic Translations to TLA Model-Checking

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback