Linear Temporal Logic (LTL)

Similar documents
Linear-Time Logic. Hao Zheng

CSC Discrete Math I, Spring Propositional Logic

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

2.2: Logical Equivalence: The Laws of Logic

Chapter 4: Computation tree logic

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Announcements. CS311H: Discrete Mathematics. Propositional Logic II. Inverse of an Implication. Converse of a Implication

A logical framework to deal with variability

Chapter 3: Linear temporal logic

Tecniche di Verifica. Introduction to Propositional Logic

T Reactive Systems: Temporal Logic LTL

Chapter 5: Linear Temporal Logic

Announcements. CS243: Discrete Structures. Propositional Logic II. Review. Operator Precedence. Operator Precedence, cont. Operator Precedence Example

Propositional Logic Language

Chapter 4: Classical Propositional Semantics

Compound Propositions

Timo Latvala. February 4, 2004

CHAPTER 2 INTRODUCTION TO CLASSICAL PROPOSITIONAL LOGIC

KP/Worksheets: Propositional Logic, Boolean Algebra and Computer Hardware Page 1 of 8

Comp487/587 - Boolean Formulas

Propositional Equivalence

Lecture 16: Computation Tree Logic (CTL)

Modal and Temporal Logics

Logic: Propositional Logic (Part I)

Propositional logic (revision) & semantic entailment. p. 1/34

CSCE 222 Discrete Structures for Computing. Propositional Logic. Dr. Hyunyoung Lee. !!!!!! Based on slides by Andreas Klappenecker

Truth-Functional Logic

Logic and Discrete Mathematics. Section 3.5 Propositional logical equivalence Negation of propositional formulae

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Introduction to Quantum Logic. Chris Heunen

Model for reactive systems/software

3 Propositional Logic

Review CHAPTER. 2.1 Definitions in Chapter Sample Exam Questions. 2.1 Set; Element; Member; Universal Set Partition. 2.

cse541 LOGIC FOR COMPUTER SCIENCE

Description Logics. Foundations of Propositional Logic. franconi. Enrico Franconi

Propositional Calculus: Formula Simplification, Essential Laws, Normal Forms

PSPACE-completeness of LTL/CTL model checking

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Ex: Boolean expression for majority function F = A'BC + AB'C + ABC ' + ABC.

Equational Logic: Part 2. Roland Backhouse March 6, 2001

Logic As Algebra COMP1600 / COMP6260. Dirk Pattinson Australian National University. Semester 2, 2017

Chapter 11: Automated Proof Systems (1)

cis32-ai lecture # 18 mon-3-apr-2006

Syntax of propositional logic. Syntax tree of a formula. Semantics of propositional logic (I) Subformulas

Chapter 6: Computation Tree Logic

Section 1.2 Propositional Equivalences. A tautology is a proposition which is always true. A contradiction is a proposition which is always false.

A statement is a sentence that is definitely either true or false but not both.

UNIT-I: Propositional Logic

A brief introduction to Logic. (slides from

Propositional logic ( ): Review from Mat 1348

Sample Problems for all sections of CMSC250, Midterm 1 Fall 2014

Solutions to Homework I (1.1)

THE LOGIC OF COMPOUND STATEMENTS

Finite-State Model Checking

Computation Tree Logic

COMP 2600: Formal Methods for Software Engineeing

Propositional Logic. Jason Filippou UMCP. ason Filippou UMCP) Propositional Logic / 38

Overview. overview / 357

Trace Diagnostics using Temporal Implicants

Part Two: The Basic Components of the SOFL Specification Language

Logic as a Tool Chapter 1: Understanding Propositional Logic 1.1 Propositions and logical connectives. Truth tables and tautologies

Lecture 2. Logic Compound Statements Conditional Statements Valid & Invalid Arguments Digital Logic Circuits. Reading (Epp s textbook)

CHAPTER 4 CLASSICAL PROPOSITIONAL SEMANTICS

Logic and Boolean algebra

Verification Using Temporal Logic

Chapter 11: Automated Proof Systems

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

More Propositional Logic Algebra: Expressive Completeness and Completeness of Equivalences. Computability and Logic

CHAPTER 10. Gentzen Style Proof Systems for Classical Logic

Propositional Logics and their Algebraic Equivalents

DISCRETE STRUCTURES WEEK5 LECTURE1

Logic Synthesis and Verification

Chapter 2: Introduction to Propositional Logic

Homework 2: Temporal logic

EECS 1028 M: Discrete Mathematics for Engineers

MAI0203 Lecture 7: Inference and Predicate Calculus

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Course Runtime Verification

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

The Importance of Being Formal. Martin Henz. February 5, Propositional Logic

Temporal Logic Model Checking

Tautologies, Contradictions, and Contingencies



Discrete Mathematics and Its Applications

02 Propositional Logic

Boolean Algebra CHAPTER 15

Introduction to Sets and Logic (MATH 1190)

Theoretical Foundations of the UML

1.3 Propositional Equivalences

Model Checking with CTL. Presented by Jason Simas

Boolean algebra. Examples of these individual laws of Boolean, rules and theorems for Boolean algebra are given in the following table.

2. The Logic of Compound Statements Summary. Aaron Tan August 2017

Topics in Verification AZADEH FARZAN FALL 2017

Foundations of Mathematics

Propositional Logic and Semantics

Proposition/Statement. Boolean Logic. Boolean variables. Logical operators: And. Logical operators: Not 9/3/13. Introduction to Logical Operators

Part 1: Propositional Logic

We last time we began introducing equivalency laws.

Language of Propositional Logic

Transcription:

Chapter 9 Linear Temporal Logic (LTL) This chapter introduces the Linear Temporal Logic (LTL) to reason about state properties of Labelled Transition Systems defined in the previous chapter. We will first introduce the syntax of LTL. Then, we will give path semantics to LTL. 9.1 Syntax A valid LTL formula has the following syntax: where: a is an atomic proposition ' ::= a ' 1 ^ ' 2 ' X' ' 1 U ' 2 ', ' 1 and ' 2 are valid LTL formulas X denotes the next operator (see below) U denotes the until operator (see below) Precedence The unary operators bind stronger than the binary ones. Negation ( ) and X bind equally strong. Temporal operator until (U) takes precedence over the Boolean connective (^). Operator U is right associative, that is, ' 1 U ' 2 U ' 3 stands for ' 1 U (' 2 U ' 3 ). From negation and conjunction, we define the usual Boolean connectives using De Morgan s rules: ' _ (' ^ ) (disjunction) '! ' _ (implication) From the syntax, we define the following: True ' _ ' False True 73

74 CHAPTER 9. LINEAR TEMPORAL LOGIC (LTL) 9.2 Semantics over Paths In this section, we define the semantics of the main operators of LTL over paths. Figure 9.1: Intuition for the main LTL operators. Figure 9.1 illustrates the intuition behind most LTL operators. Atomic Proposition An atomic proposition is true on a path, if it holds on the first state of the path. On top of Figure 9.1, proposition a holds at the first position, so it holds for that path. Formally, given a path and atomic proposition a we have the following definition: = a a 2 L( [0]) Negation of atomic proposition The negation of an atomic proposition holds on a path if and only if the atomic proposition does not hold in the first state of the path: = a a 62 L( [0]) Conjunction Given two LTL formulas ' and, the conjunction holds on a path if and only if both formulas hold on the path. = ' ^ = ' and = Next The next operator is used to specify that a formula holds at next, that is, at the next position in a path. Given proposition a, formula Xa holds on a path if it holds at the next state, that is, state at position 1 on the path. On top of Figure 9.1, X a holds as a 62 L( [1..]). In the line below, you can see a path where Xa holds.

9.3. SEMANTICS OVER TRANSITION SYSTEMS 75 = X' [1..] = ' Until The until operator specifies that a formula is true until another one is true. There are two parts in the definition of ' U : 1. formula must hold at some position on the path; 2. at all previous positions, formula ' must hold. Formally, the definition is as follows: = ' U 9i 0. [i..] = and 80 apple j<i. [j..] = ' It is important to notice that ' U enforces to hold but it does not enforce ' to be true. If holds at all positions, ' U also holds. From these two temporal operators, we define the semantics of two additional operators: eventually and globally. Eventually This operator is noted F and sometimes. Intuitively (see Figure 9.1) F' means that ' must hold somewhere in the future. Formally, F' is defined as True U '. This expands to the following semantics: = F' 9i 0. [i..] = ' Globally This operator is noted G or sometimes 2. This is the dual of the eventually operator. Intuitively (see Figure 9.1), G' means that ' always holds. It is formally defined as F ', which expands to the following semantics: = G' 8i 0. [i..] = ' 9.3 Semantics over Transition Systems Once we have defined the semantics of the LTL operators over paths, we now define when a transition system satisfies an LTL formula. Intuitively, an LTS satisfies an LTL formula if and only if the formula holds for all paths of the LTS. Validity in a state paths starting in s. An LTL formula ' is valid in state s if and only if ' holds for all s = ' 8 2 Paths(s). = ' Validity for an LTS An LTS formula ' is valid for LTS T if and only ' holds in all the initial states of T. This means that ' holds in all paths starting from any initial state. T = ' 8s 0 2 I.s 0 = '

76 CHAPTER 9. LINEAR TEMPORAL LOGIC (LTL) 9.4 Example Figure 9.2: Another beverage vending machine. Let s have a look at an example. Consider the model of a simple beverage vending machine in Figure 9.2. On this machine, we can express the following requirement: The system shall produce tea if and only if a coin has been inserted and the start button has been pressed. This requirement states that if a coin has been inserted and the start button has been pressed, users should have tea. It also states that users should have tea then a coin has been inserted and the start button has been pressed. To express this formula, we can define the following atomic propositions: coin1 is true if and only if a coin has been inserted. Coins are consumed after a beverage has been produced. start is true if and only if the start button has been pressed. This proposition is reset when beverage has been produced.

9.5. NOTE ON NEGATION 77 ServingTea is true if and only if the system is about to serve tea. Based on this textual definition, we can define the following labelling function: L(s 1 )={coin1 } L(s 2 )={coin1, start, ServingTea} L(s) =;, otherwise. We can then formalise our requirement as follows: G (((coin1 ^ start)! ServingTea) ^ ((ServingTea! (coin1 ^ start)))) 9.5 Note on negation For a path, it holds that a property is true if and only if its negation is not true, that is, = ' 6 = ' Figure 9.3: Negation example. For an LTS, this equivalence does not hold. An LTS might not satisfy a property and also not satisfy the negation of this property. Consider the LTS in Figure 9.3. This LTS does not satisfy Fa nor does it satisfy Fa. Counter-examples to the first formula are paths going to the right from the initial state. Counter-examples to the second formula are paths going to the left from the initial state. 9.6 Several laws 9.6.1 Duality G' F '

78 CHAPTER 9. LINEAR TEMPORAL LOGIC (LTL) F' G ' X' X ' 9.6.2 Idempotency GG' G' FF' F' ' U (' U ) ' U (' U ) U ' U 9.6.3 Absorption FGF' GF' GFG' FG' 9.6.4 Distributivity X(' U ) (X') U (X ) F(' _ ) (F') _ (F ) G(' ^ ) (G') ^ (G ) Note the following: F(' ^ ) 6 (F') ^ (F ) G(' _ ) 6 (G') _ (G ) 9.7 Conclusion We have defined Linear Temporal Logic (LTL) to reason about the infinite behaviour of Labelled Transition Systems. The validity of LTL formulas is defined over paths and an LTS satisfies an LTL formula if and only if it satisfies the formula on all paths starting from any initial state. To show that an LTS violates a property, it is sufficient to exhibit a counter-example, that is, a path for which the property is not true.

9.8. EXERCISES 79 9.8 Exercises Exercise 9.8.1. Consider the formulas ' = a U (b U c) and =(a U b) U c. Prove that these formulas are equivalent or exhibit a counter-example, that is, a path such that one formula holds on the path and the other doesn t. Exercise 9.8.2. Consider a traffic light. Write an LTL formula that formalises the requirement that the light must change colours in the following sequence: red, yellow, and green.

80 CHAPTER 9. LINEAR TEMPORAL LOGIC (LTL)

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback