Software Engineering using Formal Methods

Similar documents
Lecture 9: LTL and Büchi Automata

CS 267: Automated Verification. Lecture 8: Automata Theoretic Model Checking. Instructor: Tevfik Bultan

Automata Theory 101. Introduction. Outline. Introduction Finite Automata Regular Expressions ω-automata. Ralf Huuck.

Chapter 2 Finite Automata

Convert the NFA into DFA

Deterministic Finite Automata

Non-Deterministic Finite Automata. Fall 2018 Costas Busch - RPI 1

Minimal DFA. minimal DFA for L starting from any other

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Chapter Five: Nondeterministic Finite Automata. Formal Language, chapter 5, slide 1

Non-deterministic Finite Automata

Formal Methods in Software Engineering

Finite-State Automata: Recap

Homework 3 Solutions

Speech Recognition Lecture 2: Finite Automata and Finite-State Transducers

AUTOMATA AND LANGUAGES. Definition 1.5: Finite Automaton

Formal Languages and Automata

Non-deterministic Finite Automata

Designing finite automata II

CMPSCI 250: Introduction to Computation. Lecture #31: What DFA s Can and Can t Do David Mix Barrington 9 April 2014

CS415 Compilers. Lexical Analysis and. These slides are based on slides copyrighted by Keith Cooper, Ken Kennedy & Linda Torczon at Rice University

Java II Finite Automata I

Theory of Computation Regular Languages. (NTU EE) Regular Languages Fall / 38

Converting Regular Expressions to Discrete Finite Automata: A Tutorial

CSCI 340: Computational Models. Kleene s Theorem. Department of Computer Science

Regular expressions, Finite Automata, transition graphs are all the same!!

CISC 4090 Theory of Computation

Regular Expressions (RE) Regular Expressions (RE) Regular Expressions (RE) Regular Expressions (RE) Kleene-*

Finite Automata-cont d

Theory of Computation Regular Languages

Grammar. Languages. Content 5/10/16. Automata and Languages. Regular Languages. Regular Languages

Types of Finite Automata. CMSC 330: Organization of Programming Languages. Comparing DFAs and NFAs. Comparing DFAs and NFAs (cont.) Finite Automata 2

Speech Recognition Lecture 2: Finite Automata and Finite-State Transducers. Mehryar Mohri Courant Institute and Google Research

Some Theory of Computation Exercises Week 1

CMSC 330: Organization of Programming Languages

Boolean algebra.

Lecture 08: Feb. 08, 2019

CS 373, Spring Solutions to Mock midterm 1 (Based on first midterm in CS 273, Fall 2008.)

CHAPTER 1 Regular Languages. Contents

CS 330 Formal Methods and Models

Types of Finite Automata. CMSC 330: Organization of Programming Languages. Comparing DFAs and NFAs. NFA for (a b)*abb.

Design and Analysis of Distributed Interacting Systems

Anatomy of a Deterministic Finite Automaton. Deterministic Finite Automata. A machine so simple that you can understand it in less than one minute

CS103B Handout 18 Winter 2007 February 28, 2007 Finite Automata

KNOWLEDGE-BASED AGENTS INFERENCE

CS 275 Automata and Formal Language Theory

NFAs and Regular Expressions. NFA-ε, continued. Recall. Last class: Today: Fun:

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

Nondeterminism and Nodeterministic Automata

From LTL to Symbolically Represented Deterministic Automata

NFAs continued, Closure Properties of Regular Languages

Non Deterministic Automata. Linz: Nondeterministic Finite Accepters, page 51

Formal Language and Automata Theory (CS21004)

Non-Deterministic Finite Automata

a,b a 1 a 2 a 3 a,b 1 a,b a,b 2 3 a,b a,b a 2 a,b CS Determinisitic Finite Automata 1

CS 301. Lecture 04 Regular Expressions. Stephen Checkoway. January 29, 2018

Nondeterminism. Nondeterministic Finite Automata. Example: Moves on a Chessboard. Nondeterminism (2) Example: Chessboard (2) Formal NFA

Lexical Analysis Finite Automate

Assignment 1 Automata, Languages, and Computability. 1 Finite State Automata and Regular Languages

Let's start with an example:

Complexity in Modal Team Logic

CHAPTER 1 Regular Languages. Contents. definitions, examples, designing, regular operations. Non-deterministic Finite Automata (NFA)

Context-Free Grammars and Languages

Foundations of XML Types: Tree Automata

State Minimization for DFAs

More on automata. Michael George. March 24 April 7, 2014

STRUCTURE OF CONCURRENCY Ryszard Janicki. Department of Computing and Software McMaster University Hamilton, ON, L8S 4K1 Canada

Coalgebra, Lecture 15: Equations for Deterministic Automata

Finite Automata. Informatics 2A: Lecture 3. John Longley. 22 September School of Informatics University of Edinburgh

5. (±±) Λ = fw j w is string of even lengthg [ 00 = f11,00g 7. (11 [ 00)± Λ = fw j w egins with either 11 or 00g 8. (0 [ ffl)1 Λ = 01 Λ [ 1 Λ 9.

Scanner. Specifying patterns. Specifying patterns. Operations on languages. A scanner must recognize the units of syntax Some parts are easy:

The University of Nottingham SCHOOL OF COMPUTER SCIENCE A LEVEL 2 MODULE, SPRING SEMESTER LANGUAGES AND COMPUTATION ANSWERS

CSCI 340: Computational Models. Transition Graphs. Department of Computer Science

4 Deterministic Büchi Automata

CS375: Logic and Theory of Computing

Deciding Hyperproperties

1. For each of the following theorems, give a two or three sentence sketch of how the proof goes or why it is not true.

Reasoning and programming. Lecture 5: Invariants and Logic. Boolean expressions. Reasoning. Examples

NFAs continued, Closure Properties of Regular Languages

Tutorial Automata and formal Languages

CMSC 330: Organization of Programming Languages. DFAs, and NFAs, and Regexps (Oh my!)

CS 275 Automata and Formal Language Theory

Hybrid Control and Switched Systems. Lecture #2 How to describe a hybrid system? Formal models for hybrid system

In-depth introduction to main models, concepts of theory of computation:

The size of subsequence automaton

Supervisory Control (4CM30)

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2016

Intermediate Math Circles Wednesday, November 14, 2018 Finite Automata II. Nickolas Rollick a b b. a b 4

Introduction to ω-autamata

CS 275 Automata and Formal Language Theory

CS 330 Formal Methods and Models

FABER Formal Languages, Automata and Models of Computation

Finite Automata. Informatics 2A: Lecture 3. Mary Cryan. 21 September School of Informatics University of Edinburgh

NFA DFA Example 3 CMSC 330: Organization of Programming Languages. Equivalence of DFAs and NFAs. Equivalence of DFAs and NFAs (cont.

3 Regular expressions

Formal languages, automata, and theory of computation

80 CHAPTER 2. DFA S, NFA S, REGULAR LANGUAGES. 2.6 Finite State Automata With Output: Transducers

Table of contents: Lecture N Summary... 3 What does automata mean?... 3 Introduction to languages... 3 Alphabets... 3 Strings...

Automata, Games, and Verification

CS 330 Formal Methods and Models Dana Richards, George Mason University, Spring 2016 Quiz Solutions

Transcription:

Softwre Engineering using Forml Methods Propositionl nd (Liner) Temporl Logic Wolfgng Ahrendt 13th Septemer 2016 SEFM: Liner Temporl Logic /GU 160913 1 / 60

Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU 160913 2 / 60

The Big Picture: Syntx, Semntics, Clculus Syntx Formul x Completeness Semntics Vlid Soundness Clculus Derivle SEFM: Liner Temporl Logic /GU 160913 3 / 60

Simplest Cse: Propositionl Logic Syntx PropositionlProposi FormulsFormuls x = InterprettionInterpr Vr {T, F } Sequent Clculus, SAT Solver,... SEFM: Liner Temporl Logic /GU 160913 4 / 60

Syntx of Propositionl Logic Signture A set of Propositionl Vriles P (with typicl elements p, q, r,...) Propositionl Connectives true, flse,,,,, Set of Propositionl Formuls For 0 Truth constnts true, flse nd vriles P re formuls If φ nd ψ re formuls then φ, φ ψ, φ ψ, φ ψ, φ ψ re lso formuls There re no other formuls (inductive definition) SEFM: Liner Temporl Logic /GU 160913 5 / 60

Remrk on Concrete Syntx Text ook Spin Negtion! Conjunction && Disjunction Impliction, > Equivlence < > We use mostly the textook nottion, except for tool-specific slides, input files. SEFM: Liner Temporl Logic /GU 160913 6 / 60

Propositionl Logic Syntx: Exmples Let P = {p, q, r} e the set of propositionl vriles Are the following chrcter sequences lso propositionl formuls? true p (p(q r)) p p (q ) flse (p (q r)) SEFM: Liner Temporl Logic /GU 160913 7 / 60

Simplest Cse: Propositionl Logic Syntx PropositionlProposi FormulsFormuls x = InterprettionInterpr Vr {T, F } Sequent Clculus, SAT Solver,... SEFM: Liner Temporl Logic /GU 160913 8 / 60

Semntics of Propositionl Logic Interprettion I Assigns truth vlue to ech propositionl vrile I : P {T, F } Exmple Let P = {p, q} p (q p) p q I 1 F F I 2 T F... SEFM: Liner Temporl Logic /GU 160913 9 / 60

Semntics of Propositionl Logic Interprettion I Assigns truth vlue to ech propositionl vrile I : P {T, F } Vlution Function vl I : Continution of I on For 0 vl I : For 0 {T, F } vl I (true) = T vl I (flse) = F vl I (p i ) = I(p i ) (cont d next pge) SEFM: Liner Temporl Logic /GU 160913 9 / 60

Semntics of Propositionl Logic (Cont d) Vlution function (Cont d) { T if vli (φ) = F vl I ( φ) = F otherwise { T if vli (φ) = T nd vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = T or vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = F or vl vl I (φ ψ) = I (ψ) = T F otherwise { T if vli (φ) = vl vl I (φ ψ) = I (ψ) F otherwise SEFM: Liner Temporl Logic /GU 160913 10 / 60

Vlution Exmples Exmple Let P = {p, q} p (q p) p q I 1 F F I 2 T F... How to evlute p (q p) in I 2? vl I2 ( p (q p) ) = T iff vl I2 (p) = F or vl I2 (q p) = T vl I2 (p) = I 2 (p) = T vl I2 ( q p ) = T iff vl I2 (q) = F or vl I2 (p) = T vl I2 (q) = I 2 (q) = F SEFM: Liner Temporl Logic /GU 160913 11 / 60

Semntic Notions of Propositionl Logic Let φ For 0, Γ For 0 Definition (Stisfying Interprettion, Consequence Reltion) I stisfies φ (write: I = φ) iff vl I (φ) = T φ follows from Γ (write: Γ = φ) iff for ll interprettions I: If I = ψ for ll ψ Γ, then lso I = φ Definition (Stisfiility, Vlidity) A formul is stisfile if it is stisfied y some interprettion. If every interprettion stisfies φ (write: = φ) then φ is clled vlid. SEFM: Liner Temporl Logic /GU 160913 12 / 60

Semntics of Propositionl Logic: Exmples Formul (sme s efore) p (q p) Is this formul vlid? = p (q p)? SEFM: Liner Temporl Logic /GU 160913 13 / 60

Semntics of Propositionl Logic: Exmples p (( p) q) Stisfile? Stisfying Interprettion? Other Stisfying Interprettions? Therefore, not vlid! I(p) = T, I(q) = T p (( p) q) = q r Does it hold? Yes. Why? SEFM: Liner Temporl Logic /GU 160913 14 / 60

An Exercise in Formlistion 1 yte n; 2 ctive proctype [2] P() { 3 n = 0; 4 n = n + 1 5 } Cn we chrcterise the sttes of P propositionlly? Find propositionl formul φ P which is true if nd only if it descries possile stte of P. ( ) ((PC03 PC0 φ P := 4 PC0 5 ) ) (( PC0 5 PC1 5 ) = ( N 0 N 7 )) SEFM: Liner Temporl Logic /GU 160913 15 / 60

An Exercise in Formlistion 1 yte n; 2 ctive proctype [2] P() { 3 n = 0; 4 n = n + 1 5 } P : N 0, N 1, N 2,..., N 7 8-it representtion of yte PC0 3, PC0 4, PC0 5, PC1 3, PC1 4, PC1 5 next instruction pointer Which interprettions do we need to exclude? The vrile n is represented y eight its, ll vlues possile A process cnnot e t two positions t the sme time If neither process 0 nor process 1 re t position 5, then n is zero... ( ) ((PC03 PC0 φ P := 4 PC0 5 ) ) (( PC0 5 PC1 5 ) = ( N 0 N 7 )) SEFM: Liner Temporl Logic /GU 160913 15 / 60

Is Propositionl Logic Enough? Cn design for progrm P formul Φ P descriing ll rechle sttes For given property Ψ the consequence reltion Φ p = Ψ holds when Ψ is true in ny possile stte rechle in ny run of P But How to Express Properties Involving Stte Chnges? In ny run of progrm P n will ecome greter thn 0 eventully? n chnges its vlue infinitely often etc. Need more expressive logic: (Liner) Temporl Logic SEFM: Liner Temporl Logic /GU 160913 16 / 60

Trnsition systems (k Kripke Structures) p=t ; x s 0 F F p=t ; s 1 T F q=p; q=f ; s 2 T T p=f ; s 3 F T Nottion nme interp. updte x SEFM: Liner Temporl Logic /GU 160913 17 / 60

Trnsition systems (k Kripke Structures) p=t ; x s 0 F F p=t ; s 1 T F q=p; q=f ; s 2 T T p=f ; s 3 F T Ech stte s i hs its own propositionl interprettion I i Convention: list interprettion of vriles in lexicogrphic order Computtions, or runs, re infinite pths through sttes Intuitively finite runs modelled y looping on lst stte How to express (for exmple) tht p chnges its vlue infinitely often in ech run? SEFM: Liner Temporl Logic /GU 160913 17 / 60

Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU 160913 18 / 60

Liner Temporl Logic Syntx Syntx An extension of propositionl logic tht llows to specify properties of ll runs Bsed on propositionl signture nd syntx Extension with three connectives: Alwys If φ is formul, then so is φ Eventully If φ is formul, then so is φ Until If φ nd ψ re formuls, then so is φ Uψ Concrete Syntx text ook Spin Alwys [ ] Eventully <> Until U U SEFM: Liner Temporl Logic /GU 160913 19 / 60

Liner Temporl Logic Syntx: Exmples Let P = {p, q} e the set of propositionl vriles. p flse p q p q (p q) ( p) (( p) q) p U( q) SEFM: Liner Temporl Logic /GU 160913 20 / 60

Temporl Logic Semntics A run σ is n infinite chin of sttes s 0 I 0 s 1 I 1 s 2 I 2 s 3 I 3 s 4 I 4 I j propositionl interprettion of vriles in stte s j Write more compctly s 0 s 1 s 2 s 3... If σ = s 0 s 1, then σ i denotes the suffix s i s i+1 of σ. SEFM: Liner Temporl Logic /GU 160913 21 / 60

Temporl Logic Semntics (Cont d) Vlution of temporl formul reltive to run (infinite sequence of sttes) Definition (Vlidity Reltion) Vlidity of temporl formul depends on runs σ = s 0 s 1... σ = p iff I 0 (p) = T, for p P. σ = φ iff not σ = φ (write σ = φ) σ = φ ψ iff σ = φ nd σ = ψ σ = φ ψ iff σ = φ or σ = ψ σ = φ ψ iff σ = φ or σ = ψ Temporl connectives? SEFM: Liner Temporl Logic /GU 160913 22 / 60

Temporl Logic Semntics (Cont d) Run σ s 0 s 1 s k 1 s k φ φ φ ψ φ Definition (Vlidity Reltion for Temporl Connectives) Given run σ = s 0 s 1 σ = φ iff σ k = φ for ll k 0 σ = φ iff σ k = φ for some k 0 σ = φ Uψ iff σ k = ψ for some k 0, nd σ j = φ for ll 0 j<k (if k = 0 then φ needs never hold) SEFM: Liner Temporl Logic /GU 160913 23 / 60

Sfety nd Liveness Properties Sfety Properties Alwys-formuls clled sfety properties: something d never hppens Let mutex ( mutul exclusion ) e vrile tht is true when two processes do not ccess criticl resource t the sme time mutex expresses tht simultneous ccess never hppens Liveness Properties Eventully-formuls clled liveness properties: something good hppens eventully Let s e vrile tht is true when process delivers service s expresses tht service is eventully provided SEFM: Liner Temporl Logic /GU 160913 24 / 60

Complex Properties Wht does this men?infinitely Often σ = φ During run σ the formul φ ecomes true infinitely often SEFM: Liner Temporl Logic /GU 160913 25 / 60

Vlidity of Temporl Logic Definition (Vlidity) φ is vlid, write = φ, iff σ = φ for ll runs σ = s 0 s 1. Recll tht ech run s 0 s 1 essentilly is n infinite sequence of interprettions I 0 I 1 Representtion of Runs Cn represent set of runs s sequence of propositionl formuls: φ 0 φ 1, represents ll runs s 0 s 1 such tht s i = φ i for i 0 SEFM: Liner Temporl Logic /GU 160913 26 / 60

Semntics of Temporl Logic: Exmples φ Vlid? No, there is run where it is not vlid: ( φ φ φ...) Vlid in some run? Yes, for exmple: ( φ φ φ...) φ φ ( φ) ( φ) φ (true Uφ) All re vlid! (proof is exercise) is reflexive nd re dul connectives nd cn e expressed with only using U SEFM: Liner Temporl Logic /GU 160913 27 / 60

Trnsition Systems: Forml Definition Definition (Trnsition System) A trnsition system T = (S, Ini, δ, I) is composed of set of sttes S, set Ini S of initil sttes, trnsition reltion δ S S, nd leling I of ech stte s S with propositionl interprettion I s. Definition (Run of Trnsition System) A run of T is sequence of sttes σ = s 0 s 1 such tht s 0 Ini nd for ll i is s i S s well s (s i, s i+1 ) δ. SEFM: Liner Temporl Logic /GU 160913 28 / 60

Temporl Logic Semntics (Cont d) Extension of vlidity of temporl formuls to trnsition systems: Definition (Vlidity Reltion) Given trnsition system T = (S, Ini, δ, I), temporl formul φ is vlid in T (write T = φ) iff σ = φ for ll runs σ of T. SEFM: Liner Temporl Logic /GU 160913 29 / 60

Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU 160913 30 / 60

ω-lnguges Given finite lphet (voculry) Σ An ω-word w Σ ω is n infinite sequence w = o nk with i Σ, i {0,..., n}n L ω Σ ω is clled n ω-lnguge SEFM: Liner Temporl Logic /GU 160913 31 / 60

Büchi Automton Definition (Büchi Automton) A (non-deterministic) Büchi utomton over n lphet Σ consists of finite, non-empty set of loctions Q non-empty set of initil/strt loctions I Q set of ccepting loctions F = {F 1,..., F n } Q trnsition reltion δ Q Σ Q Exmple Σ = {, }, Q = {q 1, q 2, q 3 }, I = {q 1 }, F = {q 2 }, strt q 1 q 2 q 3 SEFM: Liner Temporl Logic /GU 160913 32 / 60

Büchi Automton Executions nd Accepted Words Definition (Execution) Let B = (Q, I, F, δ) e Büchi utomton over lphet Σ. An execution of B is pir (w, v), with w = o k Σ ω v = q o q k Q ω where q 0 I, nd (q i, i, q i+1 ) δ, for ll i N Definition (Accepted Word) A Büchi utomton B ccepts word w Σ ω, if there exists n execution (w, v) of B where some ccepting loction f F ppers infinitely often in v. SEFM: Liner Temporl Logic /GU 160913 33 / 60

Büchi Automton Lnguge Let B = (Q, I, F, δ) e Büchi utomton, then L ω (B) = {w Σ ω w Σ ω is n ccepted word of B} denotes the ω-lnguge recognised y B. An ω-lnguge for which n ccepting Büchi utomton exists is clled ω-regulr lnguge. SEFM: Liner Temporl Logic /GU 160913 34 / 60

Exmple, ω-regulr Expression Which lnguge is ccepted y the following Büchi utomton?, strt q 1 q 2 q 3 Solution: ( + ) () ω [NB: () ω = () ω ] ω-regulr expressions similr to stndrd regulr expression followed y + or ritrrily, ut finitely often new: ω infinitely often SEFM: Liner Temporl Logic /GU 160913 35 / 60

Decidility, Closure Properties Mny properties for regulr finite utomt hold lso for Büchi utomt Theorem (Decidility) It is decidle whether the ccepted lnguge L ω (B) of Büchi utomton B is empty. Theorem (Closure properties) The set of ω-regulr lnguges is closed with respect to intersection, union nd complement: if L 1, L 2 re ω-regulr then L 1 L 2 nd L 1 L 2 re ω-regulr L is ω-regulr then Σ ω \L is ω-regulr But in contrst to regulr finite utomt: Non-deterministic Büchi utomt re strictly more expressive thn deterministic ones. SEFM: Liner Temporl Logic /GU 160913 36 / 60

Büchi Automt More Exmples Lnguge: ( + ) ω q 0 q 1 Lnguge: ( ) ω q 0 q 1 SEFM: Liner Temporl Logic /GU 160913 37 / 60

Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU 160913 38 / 60

Liner Temporl Logic nd Büchi Automt Recll Definition (Vlidity Reltion) LTL nd Büchi Automt re connected Given trnsition system T = (S, Ini, δ, I), temporl formul φ is vlid in T (write T = φ) iff σ = φ for ll runs σ of T. A run of the trnsition system is n infinite sequence of interprettions I. Intended Connection Given n LTL formul φ: Construct Büchi utomton ccepting exctly those runs (infinite sequences of interprettions) tht stisfy φ. SEFM: Liner Temporl Logic /GU 160913 39 / 60

Encoding n LTL Formul s Büchi Automton P set of propositionl vriles, e.g., P = {r, s} Suitle lphet Σ for Büchi utomton? A stte trnsition of Büchi utomton must represent n interprettion Choose Σ to e the set of ll interprettions over P, encoded s 2 P Exmple Σ = {, {r}, {s}, {r, s} } I (r) = F, I (s) = F, I {r} (r) = T, I {r} (s) = F,... SEFM: Liner Temporl Logic /GU 160913 40 / 60

Büchi Automton for LTL Formul By Exmple Exmple (Büchi utomton for formul r over P = {r, s}) A Büchi utomton B ccepting exctly those runs σ stisfying r strt {r},{r, s} Σ In the first stte s 0 (of σ) t lest r must hold, the rest is ritrry Exmple (Büchi utomton for formul r over P = {r, s}) strt {r},{r, s}σ r Σ r := {I I Σ, r I } In ll sttes s (of σ) t lest r must hold SEFM: Liner Temporl Logic /GU 160913 41 / 60

Büchi Automton for LTL Formul By Exmple Exmple (Büchi utomton for formul r over P = {r, s}) strt {r},{r, s}σ r {r},{r, s}σ r Σ SEFM: Liner Temporl Logic /GU 160913 42 / 60

Recpitultion: FormlistionFormlistion: Syntx, SemnticsFormlistion: Syntx, Semntics, ProvingForml Verifiction: Model Checking Syntx TL Promel Syntx Trnsltion of NegtionTemporl Propositionl Promel Forml BüchiLogic + Temporl Lnguge Automton Promel Logic Logic Rel World Formlistion Syntx Syntx Trnsition Sem. Semntics System Semntics All Trnsition Forml Runs σ = hs model Trnsition Artifcts System System Intersection All How Forml Runs to σ do+ ccepts Vlution Semntics proving? no run? in σ SEFM: Liner Temporl Logic /GU 160913 43 / 60

Model Checking Check whether formul is vlid in ll runs of trnsition system. Given trnsition system T (e.g., derived from Promel progrm). Verifiction tsk: is the LTL formul φ stisfied in ll runs of T, i.e., T = φ? Temporl model checking with Spin: Topic of next lecture Tody: Bsic principle ehind Spin model checking SEFM: Liner Temporl Logic /GU 160913 44 / 60

Spin Model Checking Overview T = φ? 1. Represent trnsition system T s Büchi utomton B T such tht B T ccepts exctly those words corresponding to runs through T 2. Construct Büchi utomton B φ for negtion of formul φ 3. If then T = φ holds. L ω (B T ) L ω (B φ ) = If L ω (B T ) L ω (B φ ) then ech element of the set is counterexmple for φ. To check L ω (B T ) L ω (B φ ) construct intersection utomton nd serch for cycle through ccepting stte. SEFM: Liner Temporl Logic /GU 160913 45 / 60

Representing Model s Büchi Automton First Step: Represent trnsition system T s Büchi utomton B T ccepting exctly those words representing run of T Exmple ctive proctype P () { do :: tomic {!wq; wp = true }; Pcs = true; tomic { Pcs = flse; wp = flse } od } strt 0 1 {wp, Pcs} {wp} {wq} 2 3 4 5 Similr code for process Q. Second tomic lock just to keep utomton smll. {wq, Qcs} SEFM: Liner Temporl Logic /GU 160913 46 / 60

Büchi Automton B φ for φ Second Step: Construct Büchi utomton corresponding to negted LTL formul T = φ holds iff there is no ccepting run σ of T s.t. σ = φ Simplify φ = Pcs = Pcs Büchi Automton B φ P = {wp, wq, Pcs, Qcs}, Σ = 2 P Σ Pcs strt 0 1 Σ Σ c Pcs Σ Pcs = {I I Σ, Pcs I }, Σ c Pcs = Σ Σ Pcs SEFM: Liner Temporl Logic /GU 160913 47 / 60

Checking for Emptiness of Intersection Automton Third Step: L ω (B T ) L ω (B φ ) =? Counterexmple Construction of intersection utomton: Appendix Intersection Automton (skipping first step of T for simplicity) {wp} {wp, Pcs} strt 10 1 20 2 41 2 11 1 {wp} {wp, Pcs} {wq} 10 2 21 1 {wp} {wq} {wp} {wq, Qcs} 30 2 50 2 11 2 {wp, Pcs} 41 1 21 2 SEFM: Liner Temporl Logic /GU 160913 48 / 60

Literture for this Lecture Ben-Ari Section 5.2.1 (only syntx of LTL) Bier nd Ktoen Principles of Model Checking, My 2008, The MIT Press, ISBN: 0-262-02649-X SEFM: Liner Temporl Logic /GU 160913 49 / 60

Appendix I: Intersection Automton Construction SEFM: Liner Temporl Logic /GU 160913 50 / 60

Construction of Intersection Automton Given: two Büchi utomt B i = (Q i, δ i, I i, F i ), i = 1, 2 Wnted: Büchi utomton B 1 2 = (Q 1 2, δ 1 2, I 1 2, F 1 2 ) ccepting word w iff w is ccepted y B 1 nd B 2 Mye just the product utomton s for regulr utomt? SEFM: Liner Temporl Logic /GU 160913 51 / 60

First Attempt: Product Automt for Intersection Σ = {, }, ( + ) ω ( ) ω =? No, e.g., () ω ( + ) ω : 0 1 ( ) ω : 0 1 Product Automton: ccepting loction 11 never reched 00 01 10 11 SEFM: Liner Temporl Logic /GU 160913 52 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 10 1 11 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 10 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 10 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 00 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Explicit Construction of Intersection Automton ( + ) ω : 0 1 ( ) ω : 0 1 (i) Product Automton(ii) Rechle Loctions(iii) Clone(iv) Initil Loctions Restricted to First Copy(v) Finl Loctions Restricted to First Atomton of First Copy(vi) Ensure Acceptnce in Both Copies 1 2(vii) Ensure Acceptnce in Both Copies 2 1(viii) Trnsitions of Product Automton 00 1 01 1 00 2 01 2 10 2 SEFM: Liner Temporl Logic /GU 160913 53 / 60

Appendix II: Construction of Büchi Automton B φ for n LTL-Formul φ SEFM: Liner Temporl Logic /GU 160913 54 / 60

The Generl Cse: Generlised Büchi Automt A generlised Büchi utomton is defined s: B g = (Q, δ, I, F) Q, δ, I s for stndrd Büchi utomt F = {F 1,..., F n }, where F i = {q i1,..., q imi } Q Definition (Acceptnce for generlised Büchi utomt) A generlised Büchi utomton ccepts n ω-word w Σ ω iff for every i {1,..., n} t lest one q ik F i is visited infinitely often. SEFM: Liner Temporl Logic /GU 160913 55 / 60

Norml vs. Generlised Büchi Automt: Exmple 1 strt 0 2 {}}{{}}{ B norml with F = {1, 2}, B generl with F = { {1}, {2} } Which ω-word is ccepted y which utomton? ω-word B norml B generl () ω () ω F 1 F 2 SEFM: Liner Temporl Logic /GU 160913 56 / 60

Fischer-Ldner Closure Fischer-Ldner closure of n LTL-formul φ FL(φ) = {ϕ ϕ is suformul or negted suformul of φ} ( ϕ is identified with ϕ) Exmple FL(r Us) = {r, r, s, s, r Us, (r Us)} SEFM: Liner Temporl Logic /GU 160913 57 / 60

B φ -Construction: Loctions Assumption: U only temporl logic opertor in LTL-formul (cn express, with U) Loctions of B φ re Q 2 FL(φ) where ech q Q stisfies: Consistent, Totl Downwrd Closed ψ FL(φ): exctly one of ψ nd ψ in q ψ 1 Uψ 2 (FL(φ)\q) then ψ 2 q ψ 1 ψ 2 q: ψ 1 q nd ψ 2 q... other propositionl connectives similr ψ 1 Uψ 2 q then ψ 1 q or ψ 2 q FL(r Us) = {r, r, s, s, r Us, (r Us)} Q {r Us, r, s} {r Us, r, s} { (r Us), r, s} { (r Us), r, s} SEFM: Liner Temporl Logic /GU 160913 58 / 60

B φ -Construction: Trnsitions {r Us, r, s}, {r Us, r, s}, {r Us, r, s}, { (r Us), r, s}, { (r Us), r, s} }{{}}{{}}{{}}{{}}{{} q 1 q 2 q 3 q 4 q 5 Trnsitions (q, α, q ) δ φ : q 4 {s} {s} {s} {s} q 1 {s} q 2 {r} q 3 {r} {r} α = q P P set of propositionl vriles outgoing edges of q 1 leled {s}, of q 2 leled {r}, etc. 1. If ψ 1 Uψ 2 q nd ψ 2 q then ψ 1 Uψ 2 q 2. If ψ 1 Uψ 2 (FL(φ)\q) nd ψ 1 q then ψ 1 Uψ 2 q Initil loctions q I φ iff φ q Accepting loctions SEFM: Liner Temporl Logic /GU 160913 59 / 60

Remrks on Generlized Büchi Automt Construction lwys gives exponentil numer of sttes in φ Stisfiility checking of LTL is PSPACE-complete There exist (more complex) constructions tht minimize numer of required sttes One of these is used in Spin, which moreover computes the sttes lzily SEFM: Liner Temporl Logic /GU 160913 60 / 60

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback