Temporal Logic

1
Temporal Logic Rosetta

• Kylie Williams

2
Vision Statement

• Automatic verification in Rosetta
• Develop a state space from a facet. Completed.
• Express properties
• Some model checking tools specify properties and
  the model in different formalisms.
• Since Rosetta is heterogeneous it would be
  desirable to be able to specify both properties
  and the model in Rosetta.
• Combine the state space and properties and
  undertake some model checking.

3
Overview of Temporal Logic

• Temporal logic is a form of logic specifically
  tailored for statements and reasoning which
  involve the notion of order in time.
• First suggested by A. Pnueli in 1977
• PTL CTL

4
Overview of Temporal Logic

• Atomic propositions.
• Each state is labeled with a set of (atomic)
  propositions that hold in that state.
• Boolean operators.
• And, Or, Not etc
• Temporal Combinators
• X if P holds in this state then X P states that
  P must hold in the next state.
• U P1 U P2 states that P1 holds until P2 holds.
• F F P states that the property P must hold in
  some future state.
• G G P states that the property P must hold in
  all future states.

5
Path Operators

• A A P states that all executions out of the
  current state satisfy P.
• E E P states that from the current state, there
  exists an execution satisfying P.
• The path operators (A E) and temporal operators
  (G F) are often used in pairs.

6
Example
7
Example

• Some Properties
• From 0 we have F E X error
• G(warm gt F ?warm)

8
Rosetta Domain Hierarchy
9
Addition of Temporal Logic
logic
State-based
Signal-based
PLTL
CTL
10
Addition of Temporal Logic
logic
State-based
Signal-based
PLTL
CTL
State-based-temporal-logic
11

• domain PLTL static is
• execution sequence(univ)
• property lt (arg univ) boolean gt
• X__ lt (rhs property) property gt
• F__ lt (rhs property) property gt
• G__ lt (rhs property) property gt
• __U__ lt (lhs, rhs property) property
  gt
• satisfied_by(sigma execution i natural
  p property) boolean

12

• begin
• satisfied_by_X forall
• (
• sigma execution i
  natural k property satisfiedby(sigma, i, X
  k) (i lt sigma)
• 
  and satisifiedby(sigma, i 1,
  k)
• )
• satisfied_by_F forall
• (
• sigma execution i
  natural p property satisfiedby(sigma, i, F
  k)
• exists(j natural (i
  lt j) and (j lt sigma) and (satisfiedby(sigma,j,k
  )))
• )
• satisfied_by_G forall
• (
• sigma execution i
  natural p property satisfiedby(sigma, i,
  G(k))
• forall(j natural (i
  lt j) and (j lt sigma) and (satisfiedby(sigma,j,k
  )))
• )

13
Alarm Clock

• facet alarmClockStruct(timeInin time
  displayTimeout time
• 
  alarmout boolean setAlarmin boolean
• 
  setTimein boolean alarmTogglein
  boolean)state_based is
• clockTime time
• alarmTime time
• alarmOn bit
• begin
• store_1 store(timeIn, setAlarm, setTime,
  alarmToggle, clockTime, alarmTime, alarmOn)
• counter_1 counter(clockTime)
• comparator_1 comparator(setAlarm, alarmTime,
  clockTime, alarm)
• mux_1 mux(timeIn, displayTime, clockTime,
  setAlarm, setTime)
• end alarmClockStruct

14
Properties

• facet properties()PLTL is
• alarmOn,alarm,setAlarm,setTime,alarmToggle
  boolean
• timeIn, displayTime, time
• x time
• begin
• reference_facet alarmClock(timeIn,
  displayTime, alarm, setAlarm, setTime,
  alarmToggle)
• property_one G(reference_facet.alarmOn
  implies F reference_facet.alarm)
• property_two G (reference_facet.alarmOn and
  reference_facet.alarmToggle implies X not
  reference_facet.alarmOn)
• property_three G(reference_facet.setAlarm and
  reference_facet.timeIn x implies X
  reference_facet.displayTime x)
• end alarmClockStruct

15
Conclusion

• Still need to consider
• Fairness properties
• Weak Until
• CTL Domain
• Temporal logic as applied to signal-based domains