FORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC

Similar documents
FORMAL METHODS LECTURE IV: COMPUTATION TREE LOGIC (CTL)

Summary. Computation Tree logic Vs. LTL. CTL at a glance. KM,s =! iff for every path " starting at s KM," =! COMPUTATION TREE LOGIC (CTL)

FORMAL METHODS LECTURE V: CTL MODEL CHECKING

T Reactive Systems: Temporal Logic LTL

Formal Methods Lecture VII Symbolic Model Checking

Logic: Propositional Logic (Part I)

Timo Latvala. February 4, 2004

Automata-Theoretic Model Checking of Reactive Systems

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

LTL and CTL. Lecture Notes by Dhananjay Raju

Linear-time Temporal Logic

Linear-Time Logic. Hao Zheng

Modal and Temporal Logics

Chapter 4: Computation tree logic

Logic: Propositional Logic Truth Tables

First Order Logic: Syntax and Semantics

Chapter 5: Linear Temporal Logic

Description Logics. Deduction in Propositional Logic. franconi. Enrico Franconi

Chapter 6: Computation Tree Logic

PROPOSITIONAL LOGIC. VL Logik: WS 2018/19

Tecniche di Verifica. Introduction to Propositional Logic

Verification Using Temporal Logic

Safety and Liveness Properties

Description Logics. Foundations of Propositional Logic. franconi. Enrico Franconi

Chapter 4: Classical Propositional Semantics

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Learning Goals of CS245 Logic and Computation

Model for reactive systems/software

Theoretical Foundations of the UML

Timo Latvala. March 7, 2004

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

22c:145 Artificial Intelligence

LTL is Closed Under Topological Closure

An Introduction to Temporal Logics

First Order Logic: Syntax and Semantics

Lecture 16: Computation Tree Logic (CTL)

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

THEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Overview. overview / 357

Modal logics: an introduction

Announcements. CS243: Discrete Structures. Propositional Logic II. Review. Operator Precedence. Operator Precedence, cont. Operator Precedence Example

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Logical Structures in Natural Language: Propositional Logic II (Truth Tables and Reasoning

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

COMP9414: Artificial Intelligence Propositional Logic: Automated Reasoning

Linear Temporal Logic (LTL)

Finite-State Model Checking

Propositional logic (revision) & semantic entailment. p. 1/34

Chapter 3: Linear temporal logic

Logic Model Checking

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

FORMAL METHODS LECTURE VI BINARY DECISION DIAGRAMS (BDD S)

Computation Tree Logic

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Logic. Propositional Logic: Syntax. Wffs

CHAPTER 4 CLASSICAL PROPOSITIONAL SEMANTICS

Linear Temporal Logic (LTL)

Alan Bundy. Automated Reasoning LTL Model Checking

Propositional Logic. Spring Propositional Logic Spring / 32

Computer-Aided Program Design

Model Checking: An Introduction

MODEL CHECKING. Arie Gurfinkel

cis32-ai lecture # 18 mon-3-apr-2006

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Propositional Logic Language

Announcements. CS311H: Discrete Mathematics. Propositional Logic II. Inverse of an Implication. Converse of a Implication

The State Explosion Problem

Propositional Logic: Part II - Syntax & Proofs 0-0

ECE473 Lecture 15: Propositional Logic

CTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking

A brief introduction to Logic. (slides from

First-Order Theorem Proving and Vampire

Lecture Notes on Software Model Checking

Mathematical Logic Prof. Arindama Singh Department of Mathematics Indian Institute of Technology, Madras. Lecture - 15 Propositional Calculus (PC)

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Classical First-Order Logic

Model Checking with CTL. Presented by Jason Simas

Topics in Verification AZADEH FARZAN FALL 2017

Principles of Knowledge Representation and Reasoning

Abstractions and Decision Procedures for Effective Software Model Checking

Motivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Propositional Logic: Review

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Semantics and Pragmatics of NLP

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

Propositional and Predicate Logic - V

Temporal Logic and Fair Discrete Systems

15414/614 Optional Lecture 1: Propositional Logic

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester)

Lecture Notes on Emptiness Checking, LTL Büchi Automata

AI Principles, Semester 2, Week 2, Lecture 5 Propositional Logic and Predicate Logic

3. Only sequences that were formed by using finitely many applications of rules 1 and 2, are propositional formulas.

6. Logical Inference

Characterizing Fault-Tolerant Systems by Means of Simulation Relations

Propositional Logic: Syntax

Propositional Logic Not Enough

Transcription:

Alessandro Artale (FM First Semester 2007/2008) p. 1/39 FORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC Alessandro Artale Faculty of Computer Science Free University of Bolzano artale@inf.unibz.it http://www.inf.unibz.it/ artale/ Some material (text, figures) displayed in these slides is courtesy of: M. Benerecetti, A. Cimatti, M. Fisher, F. Giunchiglia, M. Pistore, M. Roveri, R.Sebastiani.

Alessandro Artale (FM First Semester 2007/2008) p. 2/39 Summary of Lecture III Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 3/39 An Introduction to Temporal Logics In classical logic, formulae are evaluated within a single fixed world. For example, a proposition such as it is Monday must be either true or false. Propositions are then combined using constructs such as,, etc. But, most (not just computational) systems are dynamic. In temporal logics, evaluation takes place within a set of worlds. Thus, it is Monday may be satisfied in some worlds, but not in others.

Alessandro Artale (FM First Semester 2007/2008) p. 4/39 An Introduction to Temporal Logics (Cont.) The set of worlds correspond to moments in time. How we navigate between these worlds depends on our particular view of time. The particular model of time is captured by a temporal accessibility relation between worlds. Essentially, temporal logic extends classical propositional logic with a set of temporal operators that navigate between worlds using this accessibility relation.

Typical Models of Time Alessandro Artale (FM First Semester 2007/2008) p. 5/39

Alessandro Artale (FM First Semester 2007/2008) p. 6/39 Summary Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 7/39 Linear Temporal Logic (LTL): Intuitions Consider a simple temporal logic (LTL) where the accessibility relation characterises a discrete, linear model isomorphic to the Natural Numbers. Typical temporal operators used are ϕ ϕ ϕ ϕu ψ Examples: ϕ is true in the next moment in time ϕ is true in all future moments ϕ is true in some future moment ϕ is true until ψ is true (( passport ticket) board_ f light)

Alessandro Artale (FM First Semester 2007/2008) p. 8/39 Computational Example (requested received) (received processed) (processed done) From the above we should be able to infer that it is not the case that the system continually re-sends a request, but never sees it completed ( done); i.e. the statement requested done should be inconsistent.

Alessandro Artale (FM First Semester 2007/2008) p. 9/39 Summary Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 10/39 LTL: Syntax Countable set Σ of atomic propositions: p,q,... the set FORM of formulas is: ϕ, ψ p (atomic proposition) (true) (false) ϕ (complement) ϕ ψ (conjunction) ϕ ψ (disjunction) ϕ (next time) ϕ (always) ϕ (sometime) (until) ϕu ψ

Alessandro Artale (FM First Semester 2007/2008) p. 11/39 Temporal Semantics We interpret our temporal formulae in a discrete, linear model of time. Formally, this structure is represented by M = N,I where I : N 2 Σ maps each Natural number (representing a moment in time) to a set of propositions. The semantics of a temporal formula is provided by the satisfaction relation: =: (M N FORM) {true,false}

Alessandro Artale (FM First Semester 2007/2008) p. 12/39 Semantics: The Propositional Aspect We start by defining when an atomic proposition is true at a time point i M, i = p iff p I(i) (for p Σ) The semantics for the classical operators is as expected: M, i = ϕ iff M, i = ϕ M, i = ϕ ψ iff M, i = ϕ and M, i = ψ M, i = ϕ ψ iff M, i = ϕ or M, i = ψ M, i = ϕ ψ iff if M, i = ϕ then M, i = ψ M, i = M, i =

Alessandro Artale (FM First Semester 2007/2008) p. 13/39 Temporal Operators: next M, i = ϕ iff M, i+1 = ϕ This operator provides a constraint on the next moment in time. Examples: (sad rich) sad ((x = 0) add3) (x = 3)

Alessandro Artale (FM First Semester 2007/2008) p. 14/39 Temporal Operators: sometime M, i = ϕ iff there exists j. ( j i) M, j = ϕ N.B. while we can be sure that ϕ will be true either now or in the future, we can not be sure exactly when it will be true. Examples: ( resigned sad) famous sad happy send receive

Alessandro Artale (FM First Semester 2007/2008) p. 15/39 Temporal Operators: always M, i = ϕ iff for all j. if ( j i) then M, j = ϕ This can represent invariant properties. Examples: lottery-win rich

Alessandro Artale (FM First Semester 2007/2008) p. 16/39 Temporal Operators: until M, i = ϕu ψ iff there exists j. ( j i) M, j = ψ for all k. (i k < j) M, k = ϕ Examples: start_lecture talk U end_lecture born alive U dead request reply U acknowledgement

Alessandro Artale (FM First Semester 2007/2008) p. 17/39 Satisfiability and Validity A structurem = N,I is a model of φ, if M, i = φ, for some i N. Similarly as in classical logic, an LTL formula φ can be satisfiable, unsatisfiable or valid. A formula φ is: Satisfiable, if there is model for φ. Unsatisfiable, if φ is not satisfiable. Valid (i.e., a Tautology): = φ iff M, i N. M, i = φ.

Alessandro Artale (FM First Semester 2007/2008) p. 18/39 Entailment and Equivalence Similarly as in classical logic we can define the notions of entailment and equivalence between two LTL formulas Entailment. φ = ψ iff M, i N. M, i = φ M, i = ψ Equivalence. φ ψ iff M, i N. M, i = φ M, i = ψ

Alessandro Artale (FM First Semester 2007/2008) p. 19/39 Equivalences in LTL The temporal operators and are duals ϕ ϕ (and then ) can be rewritten in terms ofu ϕ U ϕ All the temporal operators can be rewritten using the Until and Next operators

Alessandro Artale (FM First Semester 2007/2008) p. 20/39 Equivalences in LTL (Cont.) distributes over while distributes over (ϕ ψ) ϕ ψ (ϕ ψ) ϕ ψ The following equivalences are useful for generating formulas in Negated Normal Form. ϕ ϕ (ϕu ψ) ( ψu ( ϕ ψ)) ψ

Alessandro Artale (FM First Semester 2007/2008) p. 21/39 LTL Vs. FOL Linear Temporal Logic can be thought of as a specific decidable (PSPACE-complete) fragment of classical first-order logic We just map each proposition to a unary predicate in FOL. In general, the following satisfiability preserving mapping ( ) holds: p p(t) p p(t + 1) p t. (t t) p(t ) p t. (t t) p(t )

Alessandro Artale (FM First Semester 2007/2008) p. 22/39 Summary Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 23/39 Temporal Logic in Computer Science Temporal logic was originally developed in order to represent tense in natural language. Within Computer Science, it has achieved a significant role in the formal specification and verification of concurrent reactive systems. Much of this popularity has been achieved as a number of useful concepts can be formally, and concisely, specified using temporal logics, e.g. safety properties liveness properties fairness properties

Alessandro Artale (FM First Semester 2007/2008) p. 24/39 Safety Properties Safety: something bad will not happen Typical examples: (reactor_temp > 1000) (one_way other_way) ((x = 0) (y = z/x)) and so on... Usually:...

Alessandro Artale (FM First Semester 2007/2008) p. 25/39 Liveness Properties Liveness: something good will happen Typical examples: rich (x > 5) (start terminate) and so on... Usually:...

Alessandro Artale (FM First Semester 2007/2008) p. 26/39 Fairness Properties Often only really useful when scheduling processes, responding to messages, etc. Strong Fairness: if something is attempted/requested infinitely often, then it will be successful/allocated infinitely often Typical example: ready run

Alessandro Artale (FM First Semester 2007/2008) p. 27/39 Summary Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 28/39 Kripke Models and Linear Structures Consider the following Kripke structure:!done done Its paths/computations can be seen as a set of linear structures (computation tree):!done!done!done!done!done!done!done!done done...!done done!done!done done done!done done done!done done done done!done done done done

Alessandro Artale (FM First Semester 2007/2008) p. 29/39 Path-Semantics for LTL LTL formulae are evaluated over the set N of Natural Numbers. Paths in Kripke structures are infinite and linear sequences of states. Thus, they are isomorphic to the Natural Numbers: π = s 0 s 1 s i s i+1 We want to interpret LTL formulas over Kripke structures. Given a Kripke structure,km = (S,I,R,AP,L), a path π inkm, a state s S, and an LTL formula φ, we define: 1. KM,π = φ, and then 2. KM,s = φ Based on the LTL semantics over the Natural Numbers.

Alessandro Artale (FM First Semester 2007/2008) p. 30/39 Path-Semantics for LTL (Cont.) We first extract an LTL model,m π = (π,i π ), from the Kripke structurekm.m π = (π,i π ) is such that: π is a path inkm I π is the restriction of L to states in π: s π and p AP, p I π (s) iff p L(s) Given a Kripke structure,km = (S,I,R,AP,L), a path π inkm, a state s S, and an LTL formula φ: 1. KM,π = φ iff M π,s 0 = φ with s 0 initial state of π 2. KM,s = φ iff KM,π = φ for all paths π starting at s.

Alessandro Artale (FM First Semester 2007/2008) p. 31/39 LTL Model Checking Definition Given a Kripke structure,km = (S,I,R,AP,L), the LTL model checking problemkm = φ: Check if KM,s 0 = φ, for every s 0 I initial state of the Kripke structurekm.

Alessandro Artale (FM First Semester 2007/2008) p. 32/39 Summary Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

Alessandro Artale (FM First Semester 2007/2008) p. 33/39 Example 1: mutual exclusion (safety) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = (C 1 C 2 )?

Alessandro Artale (FM First Semester 2007/2008) p. 33/39 Example 1: mutual exclusion (safety) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = (C 1 C 2 )? YES: There is no reachable state in which (C 1 C 2 ) holds!

Alessandro Artale (FM First Semester 2007/2008) p. 34/39 Example 2: mutual exclusion (liveness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = C 1?

Alessandro Artale (FM First Semester 2007/2008) p. 34/39 Example 2: mutual exclusion (liveness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = C 1? NO: the blue cyclic path is a counterexample!

Alessandro Artale (FM First Semester 2007/2008) p. 35/39 Example 3: mutual exclusion (liveness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = (T 1 C 1 )?

Alessandro Artale (FM First Semester 2007/2008) p. 35/39 Example 3: mutual exclusion (liveness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = (T 1 C 1 )? YES: in every path if T 1 holds afterwards C 1 holds!

Alessandro Artale (FM First Semester 2007/2008) p. 36/39 Example 4: mutual exclusion (fairness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = C 1?

Alessandro Artale (FM First Semester 2007/2008) p. 36/39 Example 4: mutual exclusion (fairness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 T1, C2 KM = C 1? NO: the blue cyclic path is a counterexample!

Alessandro Artale (FM First Semester 2007/2008) p. 37/39 Example 4: mutual exclusion (strong fairness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 KM = T 1 C 1? T1, C2

Alessandro Artale (FM First Semester 2007/2008) p. 37/39 Example 4: mutual exclusion (strong fairness) N = noncritical, T = trying, C = critical N1, N2 User 1 User 2 turn=0 T1, N2 N1, T2 C1, N2 T1, T2 T1, T2 N1, C2 C1, T2 KM = T 1 C 1? T1, C2 YES: every path which visits T 1 infinitely often also visits C 1 infinitely often!

Alessandro Artale (FM First Semester 2007/2008) p. 38/39 LTL Alternative Notation Alternative notations are used for temporal operators. F sometime in the Future G Globally in the future X nextime

Alessandro Artale (FM First Semester 2007/2008) p. 39/39 Summary of Lecture III Introducing Temporal Logics. Intuitions beyond Linear Temporal Logic. LTL: Syntax and Semantics. LTL in Computer Science. LTL Interpreted over Kripke Models. LTL and Model Checking: Intuitions.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback