Linear-Time Logic. Hao Zheng

Similar documents
Computation Tree Logic

Chapter 3: Linear temporal logic

Chapter 5: Linear Temporal Logic

Chapter 5: Linear Temporal Logic

Chapter 6: Computation Tree Logic

Overview. overview / 357

Chapter 4: Computation tree logic

Linear Temporal Logic (LTL)

Transition Systems and Linear-Time Properties

Safety and Liveness Properties

T Reactive Systems: Temporal Logic LTL

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Topics in Verification AZADEH FARZAN FALL 2017

Timo Latvala. February 4, 2004

Chapter 5: Linear Temporal Logic

Automata on Infinite words and LTL Model Checking

Computer-Aided Program Design

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Chapter 3: Linear-Time Properties

Model Checking with CTL. Presented by Jason Simas

Linear Temporal Logic and Büchi Automata

Systems Verification. Alessandro Abate. Day 1 January 25, 2016

Basics of Linear Temporal Proper2es

Lecture 2 Automata Theory

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Model for reactive systems/software

FORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC

Computation Tree Logic

Alan Bundy. Automated Reasoning LTL Model Checking

PSL Model Checking and Run-time Verification via Testers

Verification Using Temporal Logic

Modal and Temporal Logics

Model Checking: An Introduction

Lecture 2 Automata Theory

Lecture Notes on Emptiness Checking, LTL Büchi Automata

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Tecniche di Verifica. Introduction to Propositional Logic

Automata-based Verification - III

FORMAL METHODS LECTURE IV: COMPUTATION TREE LOGIC (CTL)

Abstractions and Decision Procedures for Effective Software Model Checking

Course Runtime Verification

CIS 4930/6930: Principles of Cyber-Physical Systems

Automata-Theoretic Model Checking of Reactive Systems

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

LTL Model Checking. Wishnu Prasetya.

Timo Latvala. March 7, 2004

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

Syntax and Semantics of Propositional Linear Temporal Logic

Linear-time Temporal Logic

CHAPTER 4 CLASSICAL PROPOSITIONAL SEMANTICS

An Introduction to Temporal Logics

Temporal Logic of Actions

An On-the-fly Tableau Construction for a Real-Time Temporal Logic

MODEL CHECKING. Arie Gurfinkel

Lecture Notes on Software Model Checking

Comp487/587 - Boolean Formulas

LTL is Closed Under Topological Closure

From Liveness to Promptness

Applied Logic. Lecture 1 - Propositional logic. Marcin Szczuka. Institute of Informatics, The University of Warsaw

Logic in Automatic Verification

CIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns

CS 267: Automated Verification. Lecture 1: Brief Introduction. Transition Systems. Temporal Logic LTL. Instructor: Tevfik Bultan

Temporal Logic Model Checking

Benefits of Interval Temporal Logic for Specification of Concurrent Systems

Verification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna

Homework 2: Temporal logic

Theoretical Foundations of the UML

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

ω-automata Automata that accept (or reject) words of infinite length. Languages of infinite words appear:

Automata-based Verification - III

CDS 270 (Fall 09) - Lecture Notes for Assignment 8.

Chapter 4: Classical Propositional Semantics

First-order resolution for CTL

Tecniche di Specifica e di Verifica. Automata-based LTL Model-Checking

Modelling and Analysing Variability in Product Families

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Lecture 16: Computation Tree Logic (CTL)

ESE601: Hybrid Systems. Introduction to verification

Truth-Functional Logic

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Finite-State Model Checking

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

CS477 Formal Software Dev Methods

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

Temporal & Modal Logic. Acronyms. Contents. Temporal Logic Overview Classification PLTL Syntax Semantics Identities. Concurrency Model Checking

Timed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

A Hierarchy for Accellera s Property Specification Language

A logical framework to deal with variability

Introduction to Formal Verification Methods Exercise 4

LTL and CTL. Lecture Notes by Dhananjay Raju

ENES 489p. Verification and Validation: Logic and Control Synthesis

Model checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]

Guest lecturer: Prof. Mark Reynolds, The University of Western Australia

Decision Procedures for CTL

A brief introduction to Logic. (slides from

Lecture 7. Logic. Section1: Statement Logic.

CSC Discrete Math I, Spring Propositional Logic

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Transcription:

Linear-Time Logic Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng (CSE, USF) Comp Sys Verification 1 / 37

Overview 1 Linear Time Logic: Syntax & Semantics (Section 5.1.1-5.1.3) 2 Linear Time Logic: Equivalences (Section 5.1.4) 3 Linear Time Logic: Additional Operators (Section 5.1.5) 4 Linear Time Logic: Specifying Fairness (Section 5.1.6) Hao Zheng (CSE, USF) Comp Sys Verification 2 / 37

LT Properties An LT property is a set of infinite traces over AP. Specifying such sets explicitly is often inconvenient. Mutual exclusion is specified over AP = { c 1, c 2 } by P mutex = set of infinite words A 0 A 1 A 2... with { c 1, c 2 } A i for all i 0 Starvation freedom is specified over AP = { c 1, w 1, c 2, w 2 } by P nostarve = set of infinite words A 0 A 1 A 2... such that: ( ) ( ) ( ) ( ) j. w1 A j j. c1 A j j. w2 A j j. c2 A j Such properties can be specified succinctly using linear temporal logic. Hao Zheng (CSE, USF) Comp Sys Verification 3 / 37

Contents 1 Linear Time Logic: Syntax & Semantics (Section 5.1.1-5.1.3) 2 Linear Time Logic: Equivalences (Section 5.1.4) 3 Linear Time Logic: Additional Operators (Section 5.1.5) 4 Linear Time Logic: Specifying Fairness (Section 5.1.6) Hao Zheng (CSE, USF) Comp Sys Verification 4 / 37

5.1.1 Linear Temporal Logic (LTL): Syntax Linear temporal logic is a logic for describing LT properties. An extension of propositional logic with temporal modalities. Modal logic over infinite sequences [Pnueli 1977]. Propositional logic: a AP atomic proposition φ and φ ψ negation and conjunction Temporal operators: φ next state fulfills φ φ U ψ φ holds Until a ψ-state is reached Syntax of LTL over AP ϕ ::= true a ϕ ϕ ϕ ϕ ϕ U ϕ where a AP is an atomic proposition. Hao Zheng (CSE, USF) Comp Sys Verification 5 / 37

LTL Derived Operators φ ψ ( φ ψ) φ ψ φ ψ φ ψ (φ ψ) (ψ φ) φ ψ (φ ψ) ( φ ψ) true φ φ false true φ true U φ eventually in the future φ φ globally true Precedence order: The unary operators bind stronger than the binary ones. and bind equally strong. U takes precedence over,, and. Hao Zheng (CSE, USF) Comp Sys Verification 6 / 37

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary arbitrary a (next step) a b a Ub (until) a arbitrary arbitrary arbitrary a b a b b arbitrary a (eventually) a a a a arbitrary a (globally) a a a a a Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 7/ 1 Hao Zheng (CSE, USF) Comp Sys Verification 7 / 37

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary arbitrary a arbitrary arbitrary arbitrary Let σ = A a (next step) 0 A 1 A 2... (2 AP ) ω. σ = a iff a A a b a b a 0 (i.e., A b 0 = a) b arbitrary a Ub (until) a (eventually) a a a a arbitrary a (globally) a a a a a Hao Chris Zheng J. Myers (CSE, (Lecture USF) 5: LTL) Verification Comp of Sys Cyber-Physical Verification Systems 7 / 7/ 37 1

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary a (next step) arbitrary a arbitrary arbitrary arbitrary Let σ = A 0 A 1 Aa 2.. b. (2 AP a ) b. a b b arbitrary a Ub (until) σ = a iff A 1 = a a a a a arbitrary a (eventually) a (globally) a a a a a Hao Chris Zheng J. Myers (CSE, (Lecture USF) 5: LTL) Verification Comp of Sys Cyber-Physical Verification Systems 7 / 7/ 37 1

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary arbitrary a (next step) a b a Ub (until) a arbitrary arbitrary arbitrary a b a b b arbitrary Let σ = A 0 A 1 A 2 a... (2 AP a ) ω. a a arbitrary a (eventually) σ = a U b iff j 0. A j = b and A i = a, 0 i < j a a a a a a (globally) Hao Chris Zheng J. Myers (CSE, (Lecture USF) 5: LTL) Verification Comp of Sys Cyber-Physical Verification Systems 7 / 7/ 37 1

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary arbitrary a (next step) a b a Ub (until) a arbitrary arbitrary arbitrary a b a b b arbitrary a (eventually) a a a a arbitrary Let σ = A 0 A 1 A 2. a.. (2 AP a) ω. a a a a (globally) σ = a iff i 0. A i = a Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 7/ 1 Hao Zheng (CSE, USF) Comp Sys Verification 7 / 37

LTL Intuitive Semantics LTL Intuitive Semantics a (atomic prop.) a arbitrary arbitrary arbitrary arbitrary a (next step) arbitrary a arbitrary arbitrary arbitrary a b a b a b b arbitrary a Ub (until) Let σ = A 0 A 1 A 2... (2 AP ) ω. a a a a arbitrary a (eventually) σ = a iff i 0. A i = a a (globally) a a a a a Hao Chris Zheng J. Myers (CSE, (Lecture USF) 5: LTL) Verification Comp of Sys Cyber-Physical Verification Systems 7 / 7/ 37 1

New Temporal Modalities and Let σ = A 0 A 1 A 2... (2 AP ) ω. ϕ infinitely often ϕ......... σ = ϕ iff i 0 j i. A j = ϕ Hao Zheng (CSE, USF) Comp Sys Verification 8 / 37

New Temporal Modalities and Let σ = A 0 A 1 A 2... (2 AP ) ω. ϕ eventually forever ϕ... σ = ϕ iff i 0 j i. A j = ϕ Hao Zheng (CSE, USF) Comp Sys Verification 9 / 37

Traffic Light Properties Once red, the light cannot become green immediately (red green) The light becomes green eventually: The light becomes green infinitely often: Once red, the light becomes green eventually: green green (red green) Once red, the light always becomes green eventually after being yellow for some time in-between: (red (red U (yellow (yellow U green)))) Note these properties assume European traffic light which goes red, red/yellow, green, yellow, repeat. Hao Zheng (CSE, USF) Comp Sys Verification 10 / 37

LTL General Semantics (5.1.2) Let σ = A 0 A 1 A 2... (2 AP ) ω. σ = true σ = a iff a A 0 (i.e., A 0 = a) σ = ϕ 1 ϕ 2 iff σ = ϕ 1 and σ = ϕ 2 σ = ϕ iff σ = ϕ σ = ϕ iff σ[1..] = A 1 A 2 A 3... = ϕ σ = ϕ 1 U ϕ 2 iff j 0. σ[j..] = ϕ 2 and σ[i..] = ϕ 1, 0 i < j where σ[i..] = A i A i+1 A i+2... is suffix of σ from index i on. Hao Zheng (CSE, USF) Comp Sys Verification 11 / 37

General Semantics of,, and Let σ = A 0 A 1 A 2... (2 AP ) ω. σ = ϕ iff j 0. σ[j..] = ϕ σ = ϕ iff j 0. σ[j..] = ϕ σ = ϕ iff j 0. i j. σ[i...] = ϕ σ = ϕ iff j 0. i j. σ[i...] = ϕ where σ[i..] = A i A i+1 A i+2... is suffix of σ from index i on. Hao Zheng (CSE, USF) Comp Sys Verification 12 / 37

Definition 5.6 Semantics Over Words The LT-property { induced by LTL formula ϕ over AP is: Words(ϕ) = σ (2 AP) ω } σ = ϕ, where = is the smallest satisfaction relation. Hao Zheng (CSE, USF) Comp Sys Verification 13 / 37

Definition 5.7 Semantics Over Paths and States Let TS = (S, Act,, I, AP, L) be a transition system without terminal states, and let ϕ be an LTL-formula over AP. For infinite path fragment π of TS: For state s S: π = ϕ iff trace(π) = ϕ s = ϕ iff π Paths(s). π = ϕ TS satisfies ϕ, denoted TS = ϕ, iff Traces(TS) Words(ϕ) Hao Zheng (CSE, USF) Comp Sys Verification 14 / 37

Semantics for Transition Systems TS = ϕ iff (* transition system semantics *) Traces(TS) Words(ϕ) iff (* definition of = for LT-properties *) TS = Words(ϕ) iff (* Definition of Words(ϕ) *) π = ϕ for all π Paths(TS) iff (* semantics of = for states *) s 0 = ϕ for all s 0 I. Hao Zheng (CSE, USF) Comp Sys Verification 15 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a? TS = a? Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a TS = a? TS = (a b)? Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a TS = (a TS = a? b) TS = ( b (a b))? Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a TS = TS (a = a? b) TS = ( b (a b)) Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a TS = TS (a = a? b) TS = ( b (a b)) TS = b U (a b)? Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

LTL Examples LTL Examples s 1 {a,b } s 2 {a,b } s 3 {a} TS = a TS = TS (a = a? b) TS = ( b (a b)) TS = b U (a b) Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 12 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 16 / 37

Semantics of Negation For paths, it holds π = ϕ if and only if π = ϕ since: Words( ϕ) = ( 2 AP) ω \ Words(ϕ). But: TS = ϕ and TS = ϕ are not equivalent in general. It holds: TS = ϕ implies TS = ϕ, not always the reverse! Note that: TS = ϕ iff Traces(TS) Words(ϕ) iff Traces(TS) \ Words(ϕ) iff Traces(TS) Words( ϕ). TS neither satisfies ϕ nor ϕ if there are paths π 1 and π 2 in TS such that π 1 = ϕ and π 2 = ϕ. Hao Zheng (CSE, USF) Comp Sys Verification 17 / 37

Negation Example Negation Example s 1 s 2 {a} s 0 /0 /0 A transition system for which TS = a and TS = a. A transition system for which TS 6 = a and TS 6 = a. Hao Zheng (CSE, USF) Comp Sys Verification 18 / 37

Contents 1 Linear Time Logic: Syntax & Semantics (Section 5.1.1-5.1.3) 2 Linear Time Logic: Equivalences (Section 5.1.4) 3 Linear Time Logic: Additional Operators (Section 5.1.5) 4 Linear Time Logic: Specifying Fairness (Section 5.1.6) Hao Zheng (CSE, USF) Comp Sys Verification 19 / 37

5.1.4 Equivalence LTL formulas φ, ψ are equivalent, denoted φ ψ, if: Words(φ) = Words(ψ) Hao Zheng (CSE, USF) Comp Sys Verification 20 / 37

Duality and Idempotence Laws Duality: φ φ φ φ φ φ Idempotency: φ φ φ φ φ U (φ U ψ) φ U ψ (φ U ψ) U ψ φ U ψ Hao Zheng (CSE, USF) Comp Sys Verification 21 / 37

Absorption and Distributive Laws Absorption: φ φ φ φ Distribution: (φ U ψ) ( φ) U ( ψ) (φ ψ) φ ψ (φ ψ) φ ψ but......: (φ U ψ) ( φ) U ( ψ) (φ ψ) φ ψ (φ ψ) φ ψ Hao Zheng (CSE, USF) Comp Sys Verification 22 / 37

Distributive Laws Distributive Laws {b } {a} /0 TS 6 = (a ^ b) and TS = a ^ b TS = (a b) and TS = ( a b) Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 18 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 23 / 37

Contents 1 Linear Time Logic: Syntax & Semantics (Section 5.1.1-5.1.3) 2 Linear Time Logic: Equivalences (Section 5.1.4) 3 Linear Time Logic: Additional Operators (Section 5.1.5) 4 Linear Time Logic: Specifying Fairness (Section 5.1.6) Hao Zheng (CSE, USF) Comp Sys Verification 24 / 37

5.1.5 Weak Until The weak-until (or: unless) operator: ϕ W ψ def = (ϕ U ψ) ϕ ϕ W ψ does not require a ψ-state to be reached. Until U and weak until W are dual: (ϕ U ψ) (ϕ ψ) W ( ϕ ψ) (ϕ W ψ) (ϕ ψ) U ( ϕ ψ) Until and weak until are equally expressive: ψ ψ W false ϕ U ψ (ϕ W ψ) ψ Hao Zheng (CSE, USF) Comp Sys Verification 25 / 37

The Release Operator The release operator: ϕ R ψ def = ( ϕ U ψ). ψ always holds, a requirement that is released as soon as ϕ holds.......... Hao Zheng (CSE, USF) Comp Sys Verification 26 / 37

Contents 1 Linear Time Logic: Syntax & Semantics (Section 5.1.1-5.1.3) 2 Linear Time Logic: Equivalences (Section 5.1.4) 3 Linear Time Logic: Additional Operators (Section 5.1.5) 4 Linear Time Logic: Specifying Fairness (Section 5.1.6) Hao Zheng (CSE, USF) Comp Sys Verification 27 / 37

Recall Action-Based Fairness Constraints For set A of actions and infinite run ρ: Unconditional fairness Some action in A occurs infinitely often along ρ. Strong fairness If actions in A are infinitely often enabled (not necessarily always!) then some action in A has to occur infinitely often in ρ. Weak fairness If actions in A are continuously enabled (no temporary disabling!) then it has to occur infinitely often in ρ. This chapter uses state-based fairness assumptions (and constraints). Hao Zheng (CSE, USF) Comp Sys Verification 28 / 37

5.1.6 LTL Fairness Constraints Let Φ and Ψ be propositional logic formulas over AP. 1 An unconditional LTL fairness constraint is of the form: ufair = Ψ 2 A strong LTL fairness condition is of the form: sfair = Φ Ψ 3 A weak LTL fairness constraint is of the form: wfair = Φ Ψ Φ stands for something is enabled ; Ψ for something is taken Hao Zheng (CSE, USF) Comp Sys Verification 29 / 37

Fair Satisfaction For state s in transition system TS (over AP) without terminal states, let FairPaths fair (s) = { π Paths(s) π = fair } FairTraces fair (s) = { trace(π) π FairPaths fair (s) } For LTL-formula ϕ, and LTL fairness assumption fair: s = fair ϕ if and only if π FairPaths fair (s). π = ϕ and TS = fair ϕ if and only if s 0 I. s 0 = fair ϕ = fair is the fair satisfaction relation for LTL; = the standard one for LTL Hao Zheng (CSE, USF) Comp Sys Verification 30 / 37

Example 5.27 Randomized Arbiter noncrit 1 unlock noncrit 2 req 1 req 2 rel wait 1 head rel tail rel wait 2 enter 1 enter 2 crit 1 enter 1 lock enter 2 crit 2 TS 1 k Arbiter k TS 2 6 = = crit 11 But: TS 1 karbiter k TS 2 = fair crit crit 1 1 ^ crit crit 2 2 with fair = head head ^ tail tail Hao Zheng (CSE, USF) Comp Sys Verification 31 / 37

Semaphore-Based Mutual Exclusion Semaphore-Based Mutual Exclusion n 1,n 2,y=1 rel req 2 req 1 rel w 1,n 2,y=1 n 1,w 2,y=1 req 2 enter 2 enter 1 req 1 c 1,n 2,y=0 w 1,w 2,y=1 n 1,c 2,y=0 req rel 2 rel enter 2 enter1 req 1 c 1,w 2,y=0 w 1,c 2,y=0 F = /0, {enter 1 },{enter 2 }, {req 1 },{req 2 } sfair 1 = (wait 1 ^ crit 2 )! crit 1 sfair 1 = wait 1 crit 1 Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 35 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 32 / 37

Semaphore-Based Semaphore-Based Mutual Exclusion Mutual Exclusion n 1,n 2,y=1 rel req 2 req 1 rel w 1,n 2,y=1 n 1,w 2,y=1 req 2 enter 2 enter 1 req 1 c 1,n 2,y=0 w 1,w 2,y=1 n 1,c 2,y=0 req rel 2 rel enter 2 enter1 req 1 c 1,w 2,y=0 w 1,c 2,y=0 F = /0, {enter 1 },{enter 2 }, {req 1 },{req 2 } sfair 1 = (wait 1 ^ crit 2 )! crit 1 fair = sfair 1 sfair 2 Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 35 / 1 Hao Zheng (CSE, USF) Comp Sys Verification 32 / 37

Semaphore-Based Mutual Exclusion Semaphore-Based Mutual Exclusion n 1,n 2,y=1 rel req 2 req 1 rel w 1,n 2,y=1 n 1,w 2,y=1 req 2 enter 2 enter 1 req 1 c 1,n 2,y=0 w 1,w 2,y=1 n 1,c 2,y=0 req rel 2 rel enter 2 enter1 req 1 c 1,w 2,y=0 w 1,c 2,y=0 F = /0, {enter 1 },{enter 2 }, {req 1 },{req 2 } sfair 1 = (wait 1 ^ crit 2 )! crit 1 fair = sfair 1 sfair 2 Chris J. Myers (Lecture 5: LTL) Verification of Cyber-Physical Systems 35 / 1 TS Sem = fair crit 1 crit 2 Hao Zheng (CSE, USF) Comp Sys Verification 32 / 37

Theorem 5.30 Reducing = fair to = For: A transition system TS without terminal states LTL formula ϕ, and LTL fairness assumption fair It holds: TS = fair ϕ if and only if TS = (fair ϕ) Verifying an LTL-formula under a fairness assumption can be done using standard verification algorithms for LTL. Hao Zheng (CSE, USF) Comp Sys Verification 33 / 37

LTL Model-Checking Problem The following decision problem: Given finite transition system TS and LTL-formula ϕ: yields yes if TS = ϕ, and no (plus a counterexample) if TS = ϕ See section 5.2 for details. Hao Zheng (CSE, USF) Comp Sys Verification 34 / 37

A First Attempt TS = ϕ if and only if Traces(TS) Words(ϕ) }{{} L ω(a ϕ) if and only if Traces(TS) L ω (A ϕ ) = But complementation of NBA is quadratically exponential. If A has n states, A has c n2 states in worst case! Use the fact that L ω (A ϕ ) = L ω (A ϕ )! Hao Zheng (CSE, USF) Comp Sys Verification 35 / 37

Observation TS = ϕ if and only if Traces(TS) Words(ϕ) if and only if if and only if if and only if Traces(TS) ( (2 AP ) ω \ Words(ϕ) ) = Traces(TS) Words( ϕ) = }{{} L ω(a ϕ) TS A ϕ = F where F is the set of accepting states of A ϕ. LTL model checking is thus reduced to persistence checking! Hao Zheng (CSE, USF) Comp Sys Verification 36 / 37

Overview ofoverview LTL Model of LTL Checking Model Checking System Negation of property Model of system LTL-formula j model checker Generalised Büchi automaton G j Transition system TS Büchi automaton A j Product transition system TS A j TS A j = P pers(a j) Yes No (counter-example) Hao Zheng (CSE, USF) Comp Sys Verification 37 / 37

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback