1 / 26

Specification Formalisms: Temporal Logic and Automata on Infinite Words

Specification Formalisms: Temporal Logic and Automata on Infinite Words. Literature: Peled ch. 5 Mads Dam. Temporal Logic. Logic of transition system executions Propositional/first-order logic = state assertions Temporal assertions = assertions on system executions

quant
Download Presentation

Specification Formalisms: Temporal Logic and Automata on Infinite Words

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Specification Formalisms:Temporal Logic and Automata on Infinite Words Literature: Peled ch. 5 Mads Dam

  2. Temporal Logic Logic of transition system executions Propositional/first-order logic = state assertions Temporal assertions = assertions on system executions • Invariably (along this execution) x · y + z • Sometime (along this execution) an acknowledgement packet is sent • If T is infinitely often enabled (along this execution) then T is eventually executed • Last packet received along channel a (along this execution) had the shape (b,c,d) • No matter which execution is followed from now (this state), a reply will eventually (along that execution) be sent • No matter what choice B made in the past, it would necessarily come to pass that 

  3. Runs/Executions/Paths Fix transition system T = (Q,R,Q0) Computation path (aka run, execution sequence): Infinite sequence = q0q1q2...qi... such that for all i¸ 0, qi R qi+1 Notation: • (k) = qk (= k’th state of ) • k = qkqk+1 ... (= k’th suffix of , i.e. the path)

  4. LTL – Linear Time Temporal Logic Logic of future time path properties : Primitive state assertions Syntax:  ::=  | : | Æ | <> | [] |  U  | O • :  holds now/at the current time instant • <>: At some future time instant  is true • []: For all future time instants  is true • U :  is true until  becomes true • O:  is true at the next time instant

  5. Pictorially

  6. Semantics Satisfaction relation  ² Assume interpretation function :   Q’ µ Q (): Set of states for which  holds  ² iff (0) 2 ()  ²: iff not ²  ²Æ iff ² and ²  ² <> iff exists k2N. k²  ² [] iff for all k2N. k² ² U  iff exists k2N. k² and for all i: 0· i < k. i² ² O iff 1² For transition system T = (Q,R,Q0): T ² iff for all runs  of T with (0)2 Q0, ²

  7. Some LTL Formulas • Ç = :(:Æ:) • ! = :Ç (! is seriously overloaded!) • <> = true U  • [] = :<>: •  V  = []Ç ( U (Æ)) • (aka ”release” in Peled) • <>[] •  holds from some point forever • []<> •  holds infinitely often • []<>! []<> • if  holds infinitely often then so does 

  8. Spring Example Primitive state assertions: extended, malfunction Sample paths: • q0 q1 q0 q1 q2 q2 q2 ... • q0 q1 q2 q2 q2 ... • q0 q1 q0 q1 q0 q1 ... release release q0 q1 q2 pull extended extended malfunction

  9. Satisfaction by Single Path ²extended? ² Oextended? ² OOextended? ² <>extended? ² []extended? ² <>[]extended? ² <>[]malfunction? release release = q0q1q0q1q2q2q2 ... q0 q1 q2 pull extended extended malfunction ² []<>extended? ²extended U malfunction? ² (:extended) U extended? ² (<>extended) U malfunction? ² (<>:extended) U malfunction? ² [](:extended! Oextended)

  10. Satisfaction by Transition System T²extended? T² Oextended? T² OOextended? T² <>extended? T² []extended? T² <>[]extended? T² <>[]malfunction? release release T: q0 q1 q2 pull extended extended malfunction T² []<>extended? T²extended U malfunction? T² (:extended) U extended? T² (<>extended) U malfunction? T² (<>:extended) U malfunction? T² [](:extended! Oextended)

  11. Example: Mutex Assume there are 2 processes, Pl and Pr State assertions: • tryCSi: Process i is trying to enter critical section E.g. tryCSl: pcl = l4 • inCSi: Process i is inside its critical section E.g. inCSl: pcl = l5Ç pcl = l6 Mutual exclusion: [](:(inCSlÆ inCSr)) Responsiveness: [](tryCSi! <>inCSi) Process keeps trying until access is granted: [](tryCSi! ((tryCSi U inCSi) Ç []tryCSi))

  12. Example: Fairness States: Pairs (q,)  label of last transition taken, so q! q’ (q,) ! (q’,) : Finite set of labels partitioned into subsets P P: ”(finite) set of labels of some process” State assertions: • enP: Some transition labelled  2 P is enabled i.e. (q,)2(en) iff 9 q’.q! q’ • execP: Label of last executed transition is in P i.e. (q,)2(execP) iff 2 P Note: enP$Ç2 Pen{} and execP$Ç2 Pexec{}

  13. Fairness Conditions Weak transition fairness: Æ2:<>[](en{}Æ: exec{}) Or equivalently Æ2(<>[]en{}! []<>exec{}) Strong transition fairness: Æ2([]<>en{}! []<>exec{}) Weak process fairness: ÆP:<>[](enPÆ: execP) Strong process fairness: ÆP ([]<>enP! []<>execP)

  14. Sets of paths? Or computation tree? Branching Time Logic . . . . . . . . . . . . . . . . . . . .

  15. Computation Tree Logic - CTL Syntax:  ::=  | : | Æ | AF | AG | A( U ) | AX Formulas hold of states, not paths A: Path quantifier, along all paths from this state F: <>, G: [], X: O So: • AF: Along all paths, at some future time instant  is true • AG: Along all paths, for all future time instants  is true • A(U ): Along all paths,  is true until  becomes true • AX:  is true for all next states Note: CTL is closed under negation so also express dual modalities EF, EG, EU, EX (E is existential path quantifier)

  16. CTL, Semantics Interpretation function :   Q’ µ Q the same q² iff q 2 () q ²: iff not q ² q²Æ iff q² and q² q² AF iff for all  such that (0)=q exists k2N such that (k) ² q² AG iff for all  such that (0)=q, for all k2N, (k)² q² A( U ) iff for all  such that (0)=q, exists k2N. (k) ² and for all i: 0· i < k. (i) ² q² AX iff for all  such that (0) = q, (1) ² (iff for all q’ such that q ! q’, q’²) For transition system T = (Q,R,Q0): T ² iff for all q02 Q0, q0²

  17. CTL – LTL: Brief Comparison LTL in branching time framework: •  A (  to hold for all paths) CTL * LTL: EF not expressible in LTL LTL * CTL: <>[] not expressible in CTL CTL*: Extension of CTL with free alternation A, F, G, U, X Advantages and disadvantages: • LTL often ”more natural” • Satisfiability: LTL: PSPACE complete, CTL: DEXPTIME complete • Model checking: LTL: PSPACE complete, CTL: In P

  18. Automata Over Finite Words Finite state automaton A = (Q,,,I,F): • Q: Finite set of states • : Finite alphabet • µ Q££ Q: Transition relation Write q!a q’ for (q,a,q’) as before • Iµ Q: Start states • Fµ Q: Accepting states Word a1a2...an is accepted, if there is sequence q0!a1 q1!a2 ... !an qn such that q02 I and qn2 F a b b a

  19. Automata Over Infinite Words Intuition: Letters a2 might represent states, or state properties A computation path is an infinite word over object states Infinite word w: • Function w: N! • Equivalently: Infinite sequence w = a0a1a2 ... an ... Buchi automaton: Finite state automaton, but on infinite words Word w is accepted if accepting state visited infinitely often

  20. Example Which infinite words are accepted? • ababab ... (= ab) ? • aaaaaa... (= a^\omega) ? • bbbbbb... (= b^\omega) ? • aaabbbbb... (= aaab^\omega) ? • ababbabbbabbbba... ? a b b a

  21. Nondeterminism • What is the language accepted by this automaton? • What is the corresponding LTL property if b = inCS and a = : b? a a a,b

  22. Another Example Letters represent propositions Example: []<>inCS, a=inCS, b=: inCS a b b a

  23. Yet More Examples • a = inCS1Æ inCS2 • b = : a • c = true • Property: []: a • Property: [](d ! <>e) • Idea: • q0; Have seen : d Ç e • q1: Saw d, now wait for e a c b Or just: b d ! e :e dÆ:e q0 q1 e

  24. Even More... Property: [](a ! (bUc)) Idea: • q0: Body of [] immediately ok • q1: Awaiting c Property: [](a ! (bUc)) = <>(a Æ(bUc)) Idea: • (bUc): b becomes false some time without c having become true first • q0: Waiting ... • q1: Have seen a with b and c • q2: Committing ... :a Ç c b Æ: c a Æ b Æ: c q0 q1 c true b Æ: c a Æ b Æ: c q0 q1 q2 aÆ: b Æ: c :b Æ: c true

  25. Deterministic Buchi Automata Consider  = <>[]a where  = {a,b} Suppose A recognizes  A deterministic A reaches accepting state on some input an1 And on an1ban2 And on an1ban2ban3 And on an1ban2ban3b ... b ... b ... So: Nondeterministic Buchi automata strictly more expressive than deterministic ones And: Deterministic B. A. not closed under complement a a a,b

  26. Alternative Formalisms • Next lecture: LTL  Buchi automata • Buchi automate strictly richer than LTL • B. A. recognisable languages remarkably stable • Monadic second order logic of successor 9 X(02 X Æ8 y8 z(succ(y,z) ! (y2X $: z2X)) Æ 8 y(y2X ! a(y))) (all even symbols are a’s) • LTL with propositional quantification 9 X((X Æ [](X $ O:X) Æ [](x ! a)) • -regular expressions a((a [ b)a) • Linear-time -calculus  X.a Æ OOX

More Related