From Löwenheim to Pnueli, from Pnueli to PSL and SVA

Similar documents
From Philosophical to Industrial Logic

Logic, Automata, Games, and Algorithms

From Church and Prior to PSL

Branching vs. Linear Time: Semantical Perspective

Automata, Logic and Games: Theory and Application

Temporal Logic Model Checking

Matching Trace Patterns With Regular Policies

A Logical Revolution. Moshe Y. Vardi. Rice University

Computer-Aided Program Design

A Revisionist History of Algorithmic Game Theory

A Symbolic Approach to Safety LTL Synthesis

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Linear-time Temporal Logic

Temporal Logic with Past is Exponentially More Succinct

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Socratic Proofs for Some Temporal Logics RESEARCH REPORT

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Automata Construction for PSL

The Expressiveness of Metric Temporal Logic II:

A Hierarchy for Accellera s Property Specification Language

The theory of regular cost functions.

Decision Procedures for CTL

On Regular Temporal Logics with Past

Title: The Definition of a Temporal Clock Operator. Authors:

Overview. CS389L: Automated Logical Reasoning. Lecture 7: Validity Proofs and Properties of FOL. Motivation for semantic argument method

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

On the Characterization of Until as a Fixed Point Under Clocked Semantics

Decision Procedures for CTL

Monodic fragments of first-order temporal logics

Applied Automata Theory

Strategy Logic. 1 Introduction. Krishnendu Chatterjee 1, Thomas A. Henzinger 1,2, and Nir Piterman 2

Alternating nonzero automata

Automata-Theoretic LTL Model-Checking

Model Theoretic Syntax and Parsing: An Application to Temporal Logic

Recent Challenges and Ideas in Temporal Synthesis

From Liveness to Promptness

Reactive Synthesis. Swen Jacobs VTSA 2013 Nancy, France u

PSL Model Checking and Run-time Verification via Testers

Linear Temporal Logic and Büchi Automata

Alternating Time Temporal Logics*

Overview. overview / 357

Chapter 5: Linear Temporal Logic

Branching vs. Linear Time: Semantical Perspective

From Liveness to Promptness

Games and Synthesis. Nir Piterman University of Leicester Telč, July-Autugst 2014

Model Checking with CTL. Presented by Jason Simas

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

LTL is Closed Under Topological Closure

The Expressive Completeness of Metric Temporal Logic

Temporal logics and model checking for fairly correct systems

The State Explosion Problem

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

Timo Latvala. February 4, 2004

Reasoning about Strategies: From module checking to strategy logic

of concurrent and reactive systems is now well developed [2] as well as a deductive methodology for proving their properties [3]. Part of the reason f

Computation Tree Logic

Temporal Logic with Forgettable Past

Synthesis of Designs from Property Specifications

Büchi Automata and Linear Temporal Logic

Chapter 3: Linear temporal logic

T Reactive Systems: Temporal Logic LTL

SAT-Based Explicit LTL Reasoning

Logic in Automatic Verification

of acceptance conditions (nite, looping and repeating) for the automata. It turns out,

The Planning Spectrum One, Two, Three, Infinity

Some Complexity Results for SystemVerilog Assertions

Modal Logic XIII. Yanjing Wang

Languages, logics and automata

Abstract model theory for extensions of modal logic

Linear-Time Logic. Hao Zheng

Trace Semantics Is Fully Abstract

An Introduction to Temporal Logics

TheTwo-VariableGuardedFragmentwith Transitive Guards Is 2EXPTIME-Hard

Abstractions and Decision Procedures for Effective Software Model Checking

Automata, Logic and Games. C.-H. L. Ong

A tableau-based decision procedure for a branching-time interval temporal logic

Rabin Theory and Game Automata An Introduction

Automata, Logic and Games. C.-H. L. Ong

Lecture Notes on Emptiness Checking, LTL Büchi Automata

Visibly Linear Dynamic Logic

Weak Cost Monadic Logic over Infinite Trees

Minimizing Generalized Büchi Automata

The Safety Simple Subset

Logic and Automata I. Wolfgang Thomas. EATCS School, Telc, July 2014

Symbolic Model Checking Property Specification Language*

Impartial Anticipation in Runtime-Verification

Branching vs. Linear Time: Final Showdown

Monadic Second Order Logic and Automata on Infinite Words: Büchi s Theorem

Theoretical results around Electrum

for Propositional Temporal Logic with Since and Until Y. S. Ramakrishna, L. E. Moser, L. K. Dillon, P. M. Melliar-Smith, G. Kutty

Predicate Logic: Sematics Part 1

From Monadic Second-Order Definable String Transformations to Transducers

Enhanced Vacuity Detection in Linear Temporal Logic. Alon Flaisher

Regular Linear Temporal Logic

Counter Automata and Classical Logics for Data Words

Focus Games for Satisfiability and Completeness of Temporal Logic

Lecture 13: Soundness, Completeness and Compactness

CHURCH SYNTHESIS PROBLEM and GAMES

Syntax. Notation Throughout, and when not otherwise said, we assume a vocabulary V = C F P.

overview overview proof system for basic modal logic proof systems advanced logic lecture 8 temporal logic using temporal frames

Transcription:

From Löwenheim to Pnueli, from Pnueli to PSL and SVA Moshe Y. Vardi Rice University

Thread I: Monadic Logic Monadic Class: First-order logic with = and monadic predicates captures syllogisms. ( x)p(x), ( x)(p(x) Q(x)) = ( x)q(x) [Löwenheim, 1915]: The Monadic Class is decidable. Proof: Bounded-model property if a sentence is satisfiable, it is satisfiable in a structure of bounded size. Proof technique: quantifier elimination. Monadic Second-Order Logic: Allow secondorder quantification on monadic predicates. [Skolem, 1919]: Monadic Second-Order Logic is decidable via bounded-model property and quantifier elimination. Question: What about <? 1

Thread II: Sequential Circuits Church, 1957: circuits. Use logic to specify sequential Sequential circuits: C = (I,O,R, f, g, R 0 ) I: input signals O: output signals R: sequential elements f : 2 I 2 R 2 R : transition function g : 2 R 2 O : output function R 0 2 R : initial assignment Trace: element of (2 I 2 R 2 O ) ω t = (I 0, R 0, O 0 ),(I 1,R 1, O 1 ),... R j+1 = f(i j, R j ) O j = g(r j ) 2

Specifying Traces View infinite trace t = (I 0,R 0,O 0 ), (I 1, R 1, O 1 ),... as a mathematical structure: Domain: N Binary relation: < Unary relations: I R O First-Order Logic (FO): Unary atomic formulas: P(x) (P I R O) Binary atomic formulas: x < y Example: ( x)( y)(x < y P(y)) P holds i.o. Monadic Second-Order Logic (MSO): Monadic second-order quantifier: Q New unary atomic formulas: Q(x) Model-Checking Problem: Given circuit C and formula ϕ; does ϕ hold in all traces of C? Easy Observation: Model-checking problem reducible to satisfiability problem use FO to encode the logic (i.e., f,g) of the circuit C. 3

Büchi Automata Büchi Automaton: A = (Σ, S,S 0,ρ, F) Alphabet: Σ States: S Initial states: S 0 S Transition function: ρ : S Σ 2 S Accepting states: F S Input word: a 0,a 1,... Run: s 0, s 1,... s 0 S 0 s i+1 ρ(s i,a i ) for i 0 Acceptance: F visited infinitely often 1 0 infinitely many 1 s 0 1 Fact: Büchi automata define the class ω-reg of ω- regular languages. 4

Logic vs. Automata Paradigm: Compile high-level logical specifications into low-level finite-state language Compilation-Theorem: [Büchi,1960] Given an MSO formula ϕ, one can construct a Büchi automaton A ϕ such that a trace σ satisfies ϕ if and only if σ is accepted by A ϕ. MSO Satisfiability Algorithm: 1. ϕ is satisfiable iff L(A ϕ ) 2. L(Σ, S,S 0, ρ, F) iff there is a path from S 0 to a state f F and a cycle from f to itself. Corollary [Church, 1960]: Model checking sequential circuits wrt MSO specs is decidable. Church, 1960: Algorithm not very efficient (nonelementary complexity, [Stockmeyer, 1974]). 5

Thread III: Temporal Logic Prior, 1914 1969, Philosophical Preoccupations: Religion: Methodist, Presbytarian, atheist, agnostic Ethics: Logic and The Basis of Ethics, 1949 Free Will, Predestination, and Foreknowledge: The future is to some extent, even if it is only a very small extent, something we can make for ourselves. Of what will be, it has now been the case that it will be. There is a deity who infallibly knows the entire future. Mary Prior: I remember his waking me one night [in 1953], coming and sitting on my bed,..., and saying he thought one could make a formalised tense logic. 1957: Time and Modality 6

Temporal and Classical Logics Key Theorem: Kamp, 1968: Linear temporal logic with past and binary temporal connectives ( until and since ) has precisely the expressive power of FO over the integers. 7

The Temporal Logic of Programs Precursors: Prior: There are practical gains to be had from this study too, for example in the representation of time-delay in computer circuits Rescher & Urquhart, 1971: applications to processes ( a programmed sequence of states, deterministic or stochastic ) Big Bang 1 [Pnueli, 1977]: Future linear temporal logic (LTL) as a logic for the specification of non-terminating programs Temporal logic with always and eventually (later, next and until ) Model checking via reduction to MSO and automata Crux: Need to specify ongoing behavior rather than input/output relation! 8

Linear Temporal Logic Linear Temporal logic (LTL): logic of temporal sequences (Pnueli, 1977) Main feature: time is implicit next ϕ: ϕ holds in the next state. eventually ϕ: ϕ holds eventually always ϕ: ϕ holds from now on ϕ until ψ: ϕ holds until ψ holds. π,w = next ϕ if w ϕ... π,w = ϕ until ψ if w ϕ ϕ ϕ ψ... 9

Examples always not (CS 1 and CS 2 ): (safety) mutual exclusion always (Request implies eventually Grant): liveness always (Request implies (Request until Grant)): liveness always (always eventually Request) implies eventually Grant: liveness 10

Expressive Power Gabbay, Pnueli, Shelah & Stavi, 1980: Propositional LTL has precisely the expressive power of FO over the naturals. Thomas, 1979: FO over naturals has the expressive power of star-free ω-regular expressions LTL=FO=star-free ω-re < MSO=ω-RE Meyer on LTL, 1980, in Ten Thousand and One Logics of Programming : The corollary due to Meyer I have to get in my controversial remark is that that [GPSS 80] makes it theoretically uninteresting. 11

Computational Complexity Recall: Satisfiability of FO over traces is nonelementary! Contrast with LTL: Wolper, 1981: LTL satisfiability is in EXPTIME. Halpern & Reif, 1981, Sistla & Clarke, 1982: LTL satisfiability is PSPACE-complete. Basic Technique: tableau 12

Model Checking Big Bang 2 [Clarke & Emerson, 1981, Queille & Sifakis, 1982]: Model checking programs of size m wrt CTL formulas of size n can be done in time mn. Note: CTL was a slight extension of UB, a branching-time logic introduce in [Ben-Ari, Manna, Pnueli, 1981]. Linear-Time Response [Lichtenstein & Pnueli, 1985]: Model checking programs of size m wrt LTL formulas of size n can be done in time m2 O(n) (tableau-based). Seemingly: Automata: Nonelementary Tableaux: exponential 13

Back to Automata Exponential-Compilation Theorem: [V. & Wolper,1983 1986] Given an LTL formula ϕ of size n, one can construct a Büchi automaton A ϕ of size 2 O(n) such that a trace σ satisfies ϕ if and only if σ is accepted by A ϕ. Automata-Theoretic Algorithms: 1. LTL Satisfiability: ϕ is satisfiable iff L(A ϕ ) (PSPACE) 2. LTL Model Checking: M = ϕ iff L(M A ϕ ) = (m2 O(n) ) 14

Enhancing Expressiveness Wolper, 1981: Enhance LTL with grammar operators, retaining EXPTIME-ness (PSPACE [SC 82]) V. & Wolper, 1983: Enhance LTL with automata, retaining PSPACE-completeness Sistla, V. & Wolper, 1985: Enhance LTL with 2ndorder quantification, losing elementariness V., 1989: Enhance LTL with fixpoints, retaining PSPACE-completeness Bottom Line: ETL (LTL w. automata) = µtl (LTL w. fixpoints) = MSO, and has exponentialcompilation property. 15

Thread IV: From Philosophy to Industry Dr. Vardi Goes to Intel: 1997: (w. Fix, Hadash, Kesten, & Sananes) V.: How about LTL? F., H., K., & S.: Not expressive enough. V.: How about ETL? µtl? F., H., K., & S.: Users will object. 1998 (w. Landver) V.: How about ETL? L.: Users will object. L.: How about regular expressions? V.: They are equivalent to automata! RELTL: LTL plus dynamic-logic modalities, interpreted linearly [e]ϕ Easy: RELTL=ω-RE ForSpec: RELTL + hardware features (clocks and resets) [Armoni, Fix, Flaisher, Gerth, Ginsburg, Kanza, Landver, Mador-Haim, Singerman, Tiemeyer, V., Zbar] 16

From ForSpec to PSL and SVA Industrial Standardization: Process started in 2000 Four candidates: IBM s Sugar, Intel s ForSpec, Mororola s CBV, and Verisity s E. Outcome: Big political win for IBM (see references to PSL/Sugar) Big technical win for Intel PSL is essentially LTL + RE + clocks + resets Some evolution over time in hardware features Major influence on the design of SVA (another industrial standard) Bottom Line: Huge push for model checking in industry. 17

Pnueli s Seminal Contributions Applying an obscure philosophical logic (LTL) to computer-science problems Reasoning about ongoing behavior Ease of use Computational tractability Facilitating the emergence of model checking by introducing branching-time logic Showing that LTL has an exponential-time model-checking algorithm 18

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback