Specification Formalisms: Temporal Logic and Automata on Infinite Words - PowerPoint PPT Presentation

1 / 26

About This Presentation

Title:

Specification Formalisms: Temporal Logic and Automata on Infinite Words

Description:

1. 2G1516 Formal Methods. 2005 Mads Dam IMIT, KTH ... AX : is true for ... q AX iff for all such that (0) = q, (1) (iff for all q' such ... – PowerPoint PPT presentation

Number of Views:92

Avg rating:3.0/5.0

Slides: 27

Provided by: mads7

Category:

more less

Transcript and Presenter's Notes

Title: Specification Formalisms: Temporal Logic and Automata on Infinite Words

1
Specification FormalismsTemporal Logic and
Automata on Infinite Words

Literature Peled ch. 5
Mads Dam

2
Temporal Logic

Logic of transition system executions
Propositional/first-order logic state
assertions
Temporal assertions assertions on system
executions
Invariably (along this execution) x y z
Sometime (along this execution) an
acknowledgement packet is sent
If T is infinitely often enabled (along this
execution) then T is eventually executed
Last packet received along channel a (along this
execution) had the shape (b,c,d)
No matter which execution is followed from now
(this state), a reply will eventually (along that
execution) be sent
No matter what choice B made in the past, it
would necessarily come to pass that ?

3
Runs/Executions/Paths

Fix transition system T (Q,R,Q0)
Computation path (aka run, execution sequence)
Infinite sequence
? q0q1q2...qi...
such that for all i 0, qi R qi1
Notation
?(k) qk ( kth state of ?)
?k qkqk1 ... ( kth suffix of ?, i.e. the
path)

4
LTL Linear Time Temporal Logic

Logic of future time path properties
? Primitive state assertions
Syntax
? ? ? ?Æ? ltgt? ? ? U ? O?
? ? holds now/at the current time instant
ltgt? At some future time instant ? is true
? For all future time instants ? is true
? U ? ? is true until ? becomes true
O? ? is true at the next time instant

5
Pictorially
6
Semantics

Satisfaction relation ? ² ?
Assume interpretation function ? ? ? Q µ Q
?(?) Set of states for which ? holds
? ² ? iff ?(0) 2 ?(?)
? ² ? iff not ? ² ?
? ² ? Æ ? iff ? ² ? and ? ² ?
? ² ltgt? iff exists k2N. ?k ² ?
? ² ? iff for all k2N. ?k ² ?
? ² ? U ? iff exists k2N. ?k ² ? and for all i
0 i lt k. ?i ² ?
? ² O? iff ?1 ² ?
For transition system T (Q,R,Q0)
T ² ? iff for all runs ? of T with ?(0)2 Q0, ? ² ?

7
Some LTL Formulas

? Ç ? (? Æ ?)
? ! ? ? Ç ? (! is seriously overloaded!)
ltgt? true U ?
? ltgt?
? V ? ? Ç (? U (?Æ?))
(aka release in Peled)
ltgt?
? holds from some point forever
ltgt?
? holds infinitely often
ltgt? ! ltgt?
if ? holds infinitely often then so does ?

8
Spring Example
release
release
q0
q1
q2
pull
extended
extended
malfunction

Primitive state assertions extended, malfunction
Sample paths
q0 q1 q0 q1 q2 q2 q2 ...
q0 q1 q2 q2 q2 ...
q0 q1 q0 q1 q0 q1 ...

9
Satisfaction by Single Path
release
release
? q0q1q0q1q2q2q2 ...
q0
q1
q2
pull
extended
extended
malfunction

? ² extended?
? ² Oextended?
? ² OOextended?
? ² ltgtextended?
? ² extended?
? ² ltgtextended?
? ² ltgtmalfunction?

? ² ltgtextended? ? ² extended U malfunction? ? ²
( extended) U extended? ? ² (ltgtextended) U
malfunction? ? ² (ltgt extended) U malfunction? ?
² ( extended ! Oextended)
10
Satisfaction by Transition System
release
release
T
q0
q1
q2
pull
extended
extended
malfunction

T ² extended?
T ² Oextended?
T ² OOextended?
T ² ltgtextended?
T ² extended?
T ² ltgtextended?
T ² ltgtmalfunction?

T ² ltgtextended? T ² extended U malfunction? T ²
( extended) U extended? T ² (ltgtextended) U
malfunction? T ² (ltgt extended) U malfunction? T
² ( extended ! Oextended)
11
Example Mutex

Assume there are 2 processes, Pl and Pr
State assertions
tryCSi Process i is trying to enter critical
section
E.g. tryCSl pcl l4
inCSi Process i is inside its critical section
E.g. inCSl pcl l5 Ç pcl l6
Mutual exclusion
((inCSl Æ inCSr))
Responsiveness
(tryCSi ! ltgtinCSi)
Process keeps trying until access is granted
(tryCSi ! ((tryCSi U inCSi) Ç tryCSi))

12
Example Fairness

States Pairs (q,?)
? label of last transition taken, so
q!? q
(q,?) !? (q,?)
? Finite set of labels partitioned into subsets
P
P (finite) set of labels of some process
State assertions
enP Some transition labelled ? 2 P is enabled
i.e. (q,?)2?(en?) iff 9 q.q!? q
execP Label of last executed transition is in P
i.e. (q,?)2?(execP) iff ?2 P
Note enP Ç?2 Pen? and execP Ç?2 Pexec?

13
Fairness Conditions

Weak transition fairness
Æ?2?ltgt(en? Æ exec?)
Or equivalently
Æ?2?(ltgten? ! ltgtexec?)
Strong transition fairness
Æ?2?(ltgten? ! ltgtexec?)
Weak process fairness
ÆPltgt(enP Æ execP)
Strong process fairness
ÆP (ltgtenP ! ltgtexecP)

14
Branching Time Logic

Sets of paths?

Or computation tree?

. . . .
. . . .
. . . .
. . . .
. . . .
15
Computation Tree Logic - CTL

Syntax
? ? ? ?Æ? AF? AG? A(? U ?) AX?
Formulas hold of states, not paths
A Path quantifier, along all paths from this
state
F ltgt, G , X O
So
AF? Along all paths, at some future time instant
? is true
AG? Along all paths, for all future time
instants ? is true
A(? U ?) Along all paths, ? is true until ?
becomes true
AX? ? is true for all next states
Note CTL is closed under negation so also
express dual modalities EF, EG, EU, EX (E is
existential path quantifier)

16
CTL, Semantics

Interpretation function ? ? ? Q µ Q the same
q ² ? iff q 2 ?(?)
q ² ? iff not q ² ?
q ² ? Æ ? iff q ² ? and q ² ?
q ² AF? iff for all ? such that ?(0)q exists k2N
such that ?(k) ² ?
q ² AG? iff for all ? such that ?(0)q, for all
k2N, ?(k) ² ?
q ² A(? U ?) iff for all ? such that ?(0)q,
exists k2N. ?(k) ² ? and for all i 0 i lt k.
?(i) ² ?
q ² AX? iff for all ? such that ?(0) q, ?(1) ²
?
(iff for all q such that q ! q, q² ?)
For transition system T (Q,R,Q0)
T ² ? iff for all q02 Q0, q0 ² ?

17
CTL LTL Brief Comparison

LTL in branching time framework
? ? A? ( ? to hold for all paths)
CTL LTL EF? not expressible in LTL
LTL CTL ltgt? not expressible in CTL
CTL Extension of CTL with free alternation A,
F, G, U, X
Advantages and disadvantages
LTL often more natural
Satisfiability LTL PSPACE complete, CTL
DEXPTIME complete
Model checking LTL PSPACE complete, CTL In P

18
Automata Over Finite Words

Finite state automaton A (Q,?,?,I,F)
Q Finite set of states
? Finite alphabet
? µ Q ? Q Transition relation
Write q!a q for ?(q,a,q) as before
I µ Q Start states
F µ Q Accepting states
Word a1a2...an is accepted, if there is sequence
q0 !a1 q1 !a2 ... !an qn
such that q02 I and qn2 F

a
b
b
a
19
Automata Over Infinite Words

Intuition Letters a2? might represent states, or
state properties
A computation path is an infinite word over
object states
Infinite word w
Function w N ! ?
Equivalently Infinite sequence w a0a1a2 ... an
...
Buchi automaton Finite state automaton, but on
infinite words
Word w is accepted if accepting state visited
infinitely often

20
Example
a
b
b
a

Which infinite words are accepted?
ababab ... ( ab?) ?
aaaaaa... ( a?) ?
bbbbbb... ( b?) ?
aaabbbbb... ( aaab?) ?
ababbabbbabbbba... ?

21
Nondeterminism

What is the language accepted by this automaton?
What is the corresponding LTL property if b
inCS and a b?

a
a
a,b
22
Another Example

Letters represent propositions
Example ltgtinCS, ainCS, b inCS

a
b
b
a
23
Yet More Examples

a inCS1 Æ inCS2
b a
c true
Property a
Property (d ! ltgte)
Idea
q0 Have seen d Ç e
q1 Saw d, now wait for e

a
c
b
Or just
b
d ! e
e
dÆ e
q0
q1
e
24
Even More...

Property (a ! (bUc))
Idea
q0 Body of immediately ok
q1 Awaiting c
Property ?(a ! (bUc)) ltgt(a Æ ?(bUc))
Idea
?(bUc) b becomes false some time without c
having become true first
q0 Waiting ...
q1 Have seen a with b and ?c
q2 Committing ...

a Ç c
b Æ c
a Æ b Æ c
q0
q1
c
true
b Æ c
a Æ b Æ c
q0
q1
q2
aÆ b Æ c
b Æ c
true
25
Deterministic Buchi Automata

Consider ? ltgta where ? a,b
Suppose A recognizes ?
A deterministic
A reaches accepting state on some input an1
And on an1ban2
And on an1ban2ban3
And on an1ban2ban3b ... b ... b ...
So Nondeterministic Buchi automata strictly more
expressive than deterministic ones
And Deterministic B. A. not closed under
complement

a
a
a,b
26
Alternative Formalisms