570 likes | 868 Views
Translating Linear Temporal Logic into Büchi Automata. Presented by Choi, Chang-Beom. Overview Linear Temporal Logic Büchi Automata Translating LTL formula into Büchi Automata Local Automaton Eventuality Automaton Model Automata Further Study Reference. Content. Model checking
E N D
Translating Linear Temporal Logic into Büchi Automata Presented by Choi, Chang-Beom
Overview • Linear Temporal Logic • Büchi Automata • Translating LTL formula into Büchi Automata • Local Automaton • Eventuality Automaton • Model Automata • Further Study • Reference Content Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Model checking • Specify requirement properties and build system model • Generate possible states from the model and then check whether given requirement properties are satisfied within the state space Overview OK Target Program or Model Check Requirement Properties (F W) Error TraceFound Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
A process of Model Checking • Modeling • Build a model of program or system • Specification • Describe requirement properties • Verification • Checking that a model of the program or system satisfies a given specification Overview Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
How can we model check of a program or system? • Modeling • Build a Büchi automaton for a given program or system • Specification • Describe requirement properties using Temporal Logic • Verification • Automatically (semi-automatic) Overview Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
OverviewProcess of Model Checking Model Checker Requirement Properties Target Program (F W) Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
LTL is an extension of propositional logic geared to reasoning about infinite sequences of states • Time is viewed as linear • Each time instant has a unique successor • The sequences considered are isomorphic to the natural numbers and each state is a propositional interpretation OverviewLinear Temporal Logic The living being always, eventually breathe. … 0 5 10 Time Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
The formulas of linear temporal logic built from a set of atomic propositions P are following • true, false, p, and ¬p, ∀ p ∈P; • φ1∧ φ2, and φ1∨ φ2are LTL formulas; • ○ φ1, φ1 U φ2, and φ1 Ũ φ2are LTL formulas • Sequence σ = σ[0…] = σ0σ[1…] • σ[i] = si • σ[…i] = s0s1…si • σ[i…] = sisi+1… • The definition of sequence is from “Recognizing Safety and Livness, B. Alpern, F. Schneider” OverviewSyntax of Linear Temporal Logic Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Operator ○ • Reads : “next” • Means : atnext state • Operator U • Reads : “strong until” • Means : second argument holds at the current or a future position, and first argument has to hold until that position • Operator Ũ • Reads : “weak until” • Means : first argument be true until its second argument is true (does not require that the second argument ever become true) OverviewTemporal Operators Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
DefinitionA transition system M = (S,→,L) is a set of states S endowed with a transition relation → (a binary relation on S), such that every s ∈ S has some s’ ∈ S with s → s’, and a labeling function L :S → P(Atoms) Atoms : Atomic Propositions (Atomic description)e.g. : Atoms = {p, q}, P(Atoms)={{}, {p}, {q}, {p, q}} L(s) : contains all atoms which are true in state s e.g. : L(s0) = {p, q},L(s1) = {q, r}, L(s2) = {r} OverviewSemantic of Linear Temporal Logic s0 p, q s2 s1 q, r r Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Definition • A path in a model M = (S,→,L) is an infinite sequence of sate s1, s2, s3, … in S such that, for each i > 1, si → si+1. We write the path π as s1 → s2 → … • π ≡ σ = σ[0…] = σ[0]σ[1…] OverviewSemantic of Linear Temporal Logic Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Operator U • Reads : “strong until” • Means : second argument holds at the current or a future position, and first argument has to hold until that position OverviewSemantic of Linear Temporal Logic σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U q σ[2…] ⊨ p, σ[2...] ⊭ q, σ[2…] ⊨ p U q σ[3…] ⊭ p, σ[3…] ⊨ q, σ[3…] ⊨ p U q σ[4…] ⊭ p, σ[4…] ⊨ q, σ[4...] ⊨ p U q σ[5...] ⊭ p, σ[5...] ⊭ q, σ[5...] ⊭ p U q … Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Operator Ũ • Reads : “weak until” • Means : first argument be true until its second argument is true (does not require that the second argument ever become true) OverviewSemantic of Linear Temporal Logic p σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U q σ[2…] ⊨ p, σ[2…] ⊭ q, σ[2…] ⊨ p U q σ[3…] ⊨ p, σ[3…] ⊭ q, σ[3…] ⊨ p U q σ[4…] ⊨ p, σ[4…] ⊭ q, σ[4…] ⊨ p U q σ[5…] ⊨ p, σ[5…] ⊭ q, σ[5…] ⊨ p U q q p Ũ q … 0 1 2 3 4 5 6 7 Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
ㅁφ • always • φ Ũ false • Requires that its argument be true always • At all future points • ⋄φ • eventually • true U φ • Requires that its argument be true eventually • At some point in the future OverviewSemantic of Linear Temporal Logic Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
For all, we have σ⊨true and σ⊭false For σ⊨p for p ∈ P iffp ∈L(σ[0]) = L(s0) For σ⊨¬p for p ∈ P iffp∉L(σ[0]) σ⊨ φ1∧ φ2, iffσ⊨ φ1andσ⊨ φ2 σ⊨ φ1∨ φ2, iffσ⊨ φ1or σ⊨ φ2 OverviewSemantic of Linear Temporal Logic Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
σ⊨ ○ φ1, iffσ[1] ⊨ φ1 • σ[0…] ⊨ ○ φ1, iffσ[1] ⊨ φ1 • σ[i…]⊨ φ1 Ũ φ2iffσ[i]⊨ φ2 ∨ (σ[i]⊨ φ1 ∧ σ[i+1…] ⊨ φ1 Ũ φ2) • σ[i…]⊨ φ1 U φ2iffσ[i…]⊨ φ1 Ũ φ2 ∧ ∃j, j≥ i, σ[j]⊨ φ2 • ㅁφ = ¬⋄¬ φ OverviewSemantic of Linear Temporal Logic: Temporal logic Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Overview • Linear Temporal Logic • Büchi Automata • Translating LTL formula into Büchi Automata • Local Automaton • Eventuality Automaton • Model Automata • Further Study • Reference Content Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Büchi Automata • Automata which accepts infinite word • Büchi Automata m accepts the sequences of program states that are in L(m) OverviewBüchi Automata Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Definition • A = (Σ, S, S0, ρ, F)Σ: alphabet (set of program states)S : set of automaton states S0 : set of initial stateρ : a transition function (S xΣx S) F : a set of accepting states OverviewBüchi Automata Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
A = (Σ, S, S0, ρ, F) • The input of A is infinite w : a0, a1, … (∈ Σω) • A run is a sequence of states r: s0,s1, … (∈ Sω) • Initiation: s0∈ S0 • Consecution : si+1∈ρ(si, ai) • Accepting run (r = s0,s1, … ) • There is some state s ∈ F • An infinite number of integers i ∈ N such that si = s OverviewBüchi Automata Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
OverviewBüchi Automata run : q0, q1, q1, q1, … • S = {q0, q1} • S0 = {q0} • ρ = {(q0,true, q0), (q0, P, q1), (q1,true, q1) • F = {q1} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Overview • Linear Temporal Logic • Büchi Automata • Translating LTL formula into Büchi Automata • Local Automaton • Eventuality Automaton • Model Automata • Conclusion and Further Study • Reference Content Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Create Local Automaton • Checks that the sequence satisfies all conditions imposed by the formula • It checks conditions a step by step check on the sequence • Create Eventuality Automaton • Checks that the eventualities are realized • The problem is that nothing prevents us from postponing forever the time at which (eventuality) formula will be true • Eventualities : formulas of the form ⋄φand φ1 U φ2 • ㅁ φ ≡ (φ ∧ ○ㅁ φ) • ⋄φ ≡ (φ ∨ ○ ⋄ φ) • ¬(φ1 Ũ φ2 )≡ (¬φ1 ∧¬φ2 ∨ (¬φ1 ∧○¬(φ1 Ũ φ2))) • Determine which eventualities have to be realized • Compose two automaton Translating LTL formula into Büchi AutomataProcess of translating LTL into Büchi Automata Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Closure cl() • Smallest set of formulas satisfying the following conditions • φ ∈ cl(φ) • φ1∧ φ2∈ cl(φ) ⇒ φ1 , φ2∈ cl(φ) • φ1∨ φ2∈ cl(φ) ⇒ φ1 , φ2∈ cl(φ) • φ1→ φ2∈ cl(φ) ⇒ φ1 , φ2∈ cl(φ) • ¬ φ1∈ cl(φ) ⇒ φ1∈ cl(φ) • φ1∈ cl(φ) ⇒ ¬ φ1 ∈ cl(φ) • ○ φ1∈ cl(φ) ⇒ φ1 ∈ cl(φ) • ㅁ φ1∈ cl(φ) ⇒ φ1 ∈ cl(φ) • ⋄ φ1∈ cl(φ) ⇒ φ1 ∈ cl(φ) • φ1 Ũ φ2∈ cl(φ) ⇒ φ1 , φ2∈ cl(φ) Translating LTL formula into Büchi AutomataLocal Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
L = (∑, NL, ρL, Nφ, NL) • ∑ : ∑ ⊂ 2cl(φ) • s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s • NL includes all subsets s of cl(φ) that are propositionally consistent. • For every φ1∈ cl(φ), we have φ1∈ s iff ¬φ1∉s • For every φ1∧ φ2∈ cl(φ), we have φ1∧ φ2 ∈ s iff φ1∈ s and φ2 ∈ s • For every φ1∨ φ2∈ cl(φ), we have φ1∧ φ2 ∈ s iff φ1∈ s or φ2 ∈ s • For every φ1→ φ2∈ cl(φ), we have φ1∧ φ2 ∈ s iff ¬ φ1∈ s or φ2 ∈ s Translating LTL formula into Büchi AutomataLocal Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
L = (∑, NL, ρL, Nφ, NL) • If ρL(s, a) is non-empty then a = s • Symbol being read is compatible with the state of the automaton • ρL(s, a) must check the next state is compatible with the semantics of the temporal operators ( t∈ ρL(s, a)) • ∀○φ1∈ cl(φ), we have ○φ1∈ s iff φ1∈ t • ∀ㅁφ1∈ cl(φ) we have ㅁφ1∈ s iff φ1 ∈ s and ㅁφ1∈ t • ∀⋄φ1∈ cl(φ) we have ⋄φ1∈ s iff either φ1 ∈ s, or ⋄φ1∈ t • ∀φ1 Ũ φ2∈ cl(φ) we have φ1 U φ2∈ s iff either φ2∈ s, or φ1∈ s and φ1 Ũ φ2∈ t • ∀φ1 U φ2∈ cl(φ) we have φ1 U φ2∈ s iff either φ1 ⋀φ2∈ s, or φ2∈ s or φ1 U φ2∈ t Translating LTL formula into Büchi AutomataLocal Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
L = (∑, NL, ρL, Nφ, NL) • The set Nφ of initial states is the set of states that include the formula • The set NL of accpeting states is , the set of all states Translating LTL formula into Büchi AutomataLocal Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Closure of ⋄p • cl(⋄p) = {⋄p, p, true,¬⋄p, ¬p, false} • NL= {{⋄p, p, true}, {⋄p, p, false}, {¬⋄p, p, true}, {¬⋄p, p, false}, {⋄p, ¬p, true}, {⋄p, ¬p, false}, {¬⋄p, ¬p, true}, {¬⋄p, ¬p, false}} ExampleLocal Automaton : ⋄p Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
ExampleLocal Automaton for ⋄p {⋄p, p, true} {⋄p, ¬p, true} {¬⋄p, p, true} {¬⋄p, ¬p, true} {¬⋄p, ¬p, false} {¬⋄p, p, false} σ⊭false {⋄p, p, false} {⋄p, ¬p, false} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
ExampleLocal Automaton for ⋄p (some optimization) {⋄p, p} {⋄p, ¬p} {¬⋄p, p} {¬⋄p, ¬p} cl(⋄p) = {⋄p, p, ¬⋄p, ¬p} NL= {{⋄p, p}, {¬⋄p, p}, {⋄p, ¬p}, {¬⋄p, ¬p}} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Eventuality automaton is supposed to check that the eventualities are realized • Check each time a formula of the form (or φ1 U φ2) • ⋄φ ≡ (φ ∨ ○ ⋄ φ) • ¬(φ1 Ũ φ2) ≡ (¬φ1∧¬φ2)∨ (¬φ2 ∧ ○¬(φ1 Ũ φ2)) • Eventuality automaton starts by finding out which eventualities have to be realized at the initial time instant, then it checks that these are realized Translating LTL formula into Büchi AutomataEventuality Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
F = (∑, 2ev(φ), ρF, {{}}, {{}}) • ∑ : ∑ ⊂ 2cl(φ) • s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s • The set 2ev(φ) of states is the set of subsets of the eventualities of the formula φ(a state {e1, …, ek} means that the eventualities e1, …, ek still have to be realized) Translating LTL formula into Büchi AutomataEventuality Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
F = (∑, 2ev(φ), ρF, {{}}, {{}}) • ρF(s,a), t∈ ρF(s,a) • s = {} • ∀ ⋄φ ∈ a, one has ⋄φ ∈ t iff φ ∉ a • ∀ ¬(φ1 Ũ φ2 )∈ a, one has ¬(φ1 Ũ φ2 )∈ t iff ¬φ1∧¬φ2∉ a • s ≠ {} • ∀ ⋄φ ∈ s, one has ⋄φ ∈ t iff φ ∉ a • ∀ ¬(φ1 Ũ φ2 )∈ s, one has ¬(φ1 Ũ φ2 )∈ t iff ¬φ1∧¬φ2∉ a • Initial state : {} • Finial state : {} Translating LTL formula into Büchi AutomataEventuality Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
ExampleEventuality automaton {⋄p, p} {¬⋄p, ¬p} {¬⋄p, p} {⋄p, ¬p} {⋄p, ¬p} {} ⋄p {¬⋄p, ¬p} {¬⋄p, p} {⋄p, p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
M = (∑, NM, ρM ,NM0, FM) • NM = NL X 2ev(φ) (Cartesian Product) • (p, q) ∈ ρM((s, t), a) iff p ∈ ρL(s, a) and q ∈ ρF(t, a) • NM0 = Nφ X {} • FM = NL X {} • Given two Büchi automata A1 = (∑, S1, ρ1, S01, F1) and A2 = (∑, S2, ρ2, S02, F2), it is possible to build a Büchi automaton accepting the language L(A1) ∩ L(A2) Translating LTL formula into Büchi AutomataComposing the two automata Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Example Composing the two automata ({¬⋄p, ¬p} , ⋄p) ({¬⋄p, p}, ⋄p) ({⋄p, ¬p} , ⋄p) ({⋄p, p}, ⋄p) ({¬⋄p, ¬p} ,{}) ({¬⋄p, p},{}) ({⋄p, ¬p} ,{}) ({⋄p, p},{}) Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
M = (∑, NM, ρM ,NM0, FM) ⇓ • M’ = (2P, NM, ρM’ ,NM0, FM) • t∈ ρM’(s, a) iff some b ∈ ∑such that a = b∩P and t∈ ρM(s, b) Translating LTL formula into Büchi AutomataThe automaton on the 2P Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Final automaton for ⋄p p ¬p p ¬p true ¬p Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Overview • Linear Temporal Logic • Büchi Automata • Translating LTL formula into Büchi Automata • Local Automaton • Eventuality Automaton • Model Automata • Conclusion and Further Study • Reference Content Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
# of States • Local Automaton : 2cl(φ) = O(22|φ|) • Eventuality Automaton : 2ev(φ) = O(2|φ|) • Composed Automata : 2cl(φ) X 2ev(φ) = O(23|φ|) • |φ| is length of formula φ Conclusion Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Translate LTL to Büchi Automata • Using Alternating Büchi Automata • Tableau Method • On the fly method • Next Topic? • On-line Algorithm • More specific research on Interactive Systems • Symbolic graph representation: Ordered Binary Decision Diagram Further Study Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
On the Relation of Programs and Computations to Models of Temporal Logic by Pierre Wolper, In Proc. Temporal Logic in Specification, vol. 398 of LNCS, pages 75-123. Springer-Verlag, 1989. Constructing Automata from Temporal Logic Formulas: A Tutorial by Pierre Wolper In Lectures on Formal Methods in Performance Analysis, vol. 2090 of LNCS, pages 261-277. Springer-Verlag, July 2001. From Modal Logic to Deductive Databasesby A. Thayse et al., Wiley, 1989 Logic in Computer Science, second editionby M. Huth and M. Ryan, Cambridgepress Reference Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Closure of φ = ㅁ⋄p • cl(φ) = {ㅁ⋄p, ¬ㅁ⋄p, ⋄p, ¬⋄p,p, ¬p} • NL= {{ㅁ⋄p, ⋄p, p}, {¬ㅁ⋄p, ⋄p, p}, {ㅁ⋄p, ¬⋄p, p}, {ㅁ⋄p, ⋄p, ¬ p }, {¬ㅁ⋄p, ¬⋄p,p}, {¬ㅁ⋄p, ⋄p, ¬p}, {ㅁ⋄p, ¬⋄p, ¬p}, {¬ㅁ⋄p, ¬⋄p, ¬p}} = {{ㅁ⋄p, ⋄p, p}, {⋄¬⋄p, ⋄p, p}, {ㅁ⋄p, ¬⋄p, p}, {ㅁ⋄p, ⋄p, ¬ p }, {⋄¬⋄p, ¬⋄p,p}, {⋄¬⋄p, ⋄p, ¬p}, {ㅁ⋄p, ¬⋄p, ¬p}, {⋄¬⋄p, ¬⋄p, ¬p}} Complicated Example Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {ㅁ⋄p, ⋄p} {⋄¬⋄p, ⋄p} {ㅁ⋄p, ¬⋄p} {ㅁ⋄p, ⋄p} {⋄¬⋄p, ¬⋄p} {⋄¬⋄p, ⋄p} {⋄¬⋄p, ¬⋄p} {ㅁ⋄p, ¬⋄p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {⋄p, p} {⋄p, p} {¬⋄p, p} {⋄p, ¬p} {¬⋄p,p} {⋄p, ¬p} {¬⋄p, ¬p} {¬⋄p, ¬p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {ㅁ⋄p, ⋄p, p} {⋄¬⋄p, ⋄p, p} {ㅁ⋄p, ¬⋄p, p} {ㅁ⋄p, ⋄p, ¬ p } {⋄¬⋄p, ¬⋄p,p} {⋄¬⋄p, ⋄p, ¬p} {⋄¬⋄p, ¬⋄p, ¬p} {ㅁ⋄p, ¬⋄p, ¬p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {ㅁ⋄p, ⋄p} {⋄¬⋄p, ⋄p} {ㅁ⋄p, ¬⋄p} {ㅁ⋄p, ⋄p} {⋄¬⋄p, ¬⋄p} {⋄¬⋄p, ⋄p} {⋄¬⋄p, ¬⋄p} {ㅁ⋄p, ¬⋄p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {⋄p, p} {⋄p, p} {¬⋄p, p} {⋄p, ¬p} {¬⋄p,p} {⋄p, ¬p} {¬⋄p, ¬p} {¬⋄p, ¬p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Local Automaton {ㅁ⋄p, ⋄p, p} {⋄¬⋄p, ⋄p, p} {ㅁ⋄p, ¬⋄p, p} {ㅁ⋄p, ⋄p, ¬ p } {⋄¬⋄p, ¬⋄p,p} {⋄¬⋄p, ⋄p, ¬p} {⋄¬⋄p, ¬⋄p, ¬p} {ㅁ⋄p, ¬⋄p, ¬p} Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
ev(φ) = {⋄¬⋄p, ⋄p} 2ev(φ) = {{}, {⋄¬⋄p}, {⋄p}, {⋄¬⋄p,⋄p} = {{¬⋄¬⋄p, ¬⋄p}, {⋄¬⋄p, ¬⋄p}, {¬⋄¬⋄p, ⋄p}, {⋄¬⋄p, ⋄p}} Eventuality Automaton Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST