1 / 59

An Automata-Theoretic Approach to LTL

An Automata-Theoretic Approach to LTL. Moshe Y. Vardi. Presented By: Tamar Aizikowitz Spring 2006. Presentation Outline. Finite Automata Büchi Automata Finite Alternating Automata Alternating Büchi Automata From LTL to Büchi Automata Satisfiability Validity Verification.

walden
Download Presentation

An Automata-Theoretic Approach to LTL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Automata-Theoretic Approach to LTL Moshe Y. Vardi Presented By: Tamar Aizikowitz Spring 2006

  2. Presentation Outline • Finite Automata • Büchi Automata • Finite Alternating Automata • Alternating Büchi Automata • From LTL to Büchi Automata • Satisfiability • Validity • Verification

  3. Introduction (1) • Program verification: always desirable, but never easy. • Step 1: Define a formal specification • Linear Temporal Logic (LTL) • Specification describes computation • Step 2: Check whether a given program satisfies the specification • A program satisfies a specification iff all computations satisfy the specification.

  4. Introduction (2) • Interesting Questions: • Is a specification satisfiable? • Does a specific program satisfy a specification? • Suggested solutions: • Based on Automata Theory • A computation is an infinite sequence of states  we look at automata on infinite words. • Given an LTL formula, construct an automaton which accepts precisely the computations accepted by the formula.

  5. Finite State Automata (1) • (Nondeterministic) finite automaton:A=,S,S0,,F •  – finite alphabet • S – finite set of states • S0S – initial states • FS – accepting states •  :S 2S – transition function • | S0| = 1 and |(s,a)|1 deterministic automaton • Deterministic ~ nondeterministic for FSA.

  6. Finite State Automata (2) • A runr of A on a finite word w=a0an-1 is a sequence s0,,sn such that: • s0S0 • si+1(si,ai) for 0in-1 • A run r is accepting if snF. • Nondeterministic  many runs on w • Deterministic  one run on w • A wordw is accepted by A iff A has an accepting run on w.

  7. Finite and Infinite Words • A finite word is an element of *, i.e. a finite sequence a0an of symbols from . • An infinite word is an element of , i.e. an  sequence a0a1 of symbols from . • A finitary language is a set of finite words, i.e. a subset of *. • An infinitary language is a set of infinite words, i.e. a subset of .

  8. Büchi Automata (1) • Suppose A=,S,S0,,Freceives an infinite input word w=a0a1 • A run r of A on w is a sequence s0,s1,… s.t.: • s0S0 • si+1(si,ai) for all 0i • Infinite run  acceptance cannot be defined by type of final state. • Instead we consider the limit behavior…

  9. Büchi Automata (2) • Define:lim(r) = {s| s=si for infinitely many i’s} • S is finite lim(r)  • A run r is accepting if lim(r)F. • An infinite word w is accepted by A if A has an accepting run on w. • The infinitary language of A, L(A) = all the infinite words that A accepts. • When A is viewed as an automaton on infinite words, A is called a Büchi automaton.

  10. Example 1 1 • L(A)={0,1}*{1}+ • L(A)={w|whas an infinite number of 1’s} q0 q1 0 1 0

  11. Example 2 • L(A)={0,1}*{1}+ • L(A)={0,1}*{1} 1 q0 q1 0,1 1

  12. Closure: Union • Given two finite automata A1, A2 construct A such that L(A) = L(A1)L(A2): • A=, S1S2, S10S20, , F1F2 • (s1,a) =1(s1,a) , s1S1 • (s2,a) =2(s2,a) , s2S2 • Will the same work for Büchi automata? Yes!

  13. Closure: Intersection • Given two finite automata A1, A2 construct A such that L(A) = L(A1)L(A2): • A=, S1S2, S10 S20, , F1 F2 • ((s,t),a) =1(s,a)  2(t,a) • Called the product automaton. • Will the same work for Büchi automata? No!

  14. 1 1 q0 q1 q0 q1 0 1 0 0 1 0 Example 3 • Intersection should be all infinite words with infinitely many 0’s and 1’s. • Accepting states are visited alternately  suggested product automaton will yield . A1 A2

  15. Büchi Intersection • Proposition: Büchi automata are closed under intersection. • Use labels to remember which type of accepting state we are waiting to see. • A=, S1S2 {1,2}, S10 S20 {1}, , F1 S2 {1} • (s’,t’,j)((s,t,i),a) if s’1(s,a) and t’2(t,a) and: • i=1 and sF1j=2 • i=2 and tF2j=1 • else i=j

  16. 1 1 q0 q1 q0 q1 0 1 0 0 1 0 Büchi Intersection Example w= (001) L(A1)L(A2) A1 0 0 1 0 0 1 . . . 1 2 A2

  17. Closure: Determinization • Given a nondeterministic finite automata A, construct Ad such that L(Ad) = L(A): • Ad=, 2S, {S0}, d, Fd • Fd={T |TF } • d(T,a) = {t|t(s,a)for somesT } • Called the subset automaton. • Will the same work for Büchi automata?No!

  18. Büchi Determinization (1) • Büchi automata are not closed under determinization. • Proof: There is no deterministic Büchi automaton equivalent to the nondeterministic Büchi automaton from example 2 which accepts the language L={0,1}*{1}.

  19. Büchi Determinization (2) Continued proof… • Assume by way of contradiction there is such a deterministic Büchi automaton, Ad. • 1Li00 s.t. (s0,1i0) =sf0F • 1i001Li10 s.t. (s0,1i001i1) =sf1F • … (s0,1i001i101i|F|) =sf|F|F • n,m s.t. sfn=sfm11in(01im)L(Ad) • L(Ad)L■

  20. Closure: Complementation • Given a deterministic finite automata A, construct AC such that L(AC) = *\ L(A):  Simply complement the set of accepting states. • For nondeterministic automaton: existential acceptance  state complementation does not work. • Complementation of nondeterministic automaton: (1) determinize, (2) complement.

  21. Büchi Complementation • Nondeterministic Büchi not closed to determinization  algorithm doesn’t work. • Even for deterministic, a far from trivial task. • Nevertheless, it can be shown that Büchi automata (deterministic and nondeterministic) are closed to complementation. • Complexity: singly exponential with an almost linear exponent.

  22. Automata Algorithms • An automaton is interesting if it defines an interesting language, i.e. , *. • A is nonempty if L(A) . • A is nonuniversal if L(A) *. • The nonemptynessproblem: given A decide whether A is nonempty  easy! • The nonuniversality problem: given A decide whether A is nonuniversal  hard!

  23. Nonemptiness (1) Finite state automaton: • BFS to determine whether there exist sS0 and tF such that there is a path from s to t in the graph representation of A. linear time • Guess sS0. Guess path from s to some tF. NLOGSPACE-complete

  24. Nonemptiness (2) Büchi automaton: • BFS to determine whether there exist sS0 and tF s.t. there is a path from s to t and from t to t in the graph representation of A.Can also be done using SCCs… linear time • Guess sS0. Guess path from s to some tF, and then from t to itself. NLOGSPACE-complete

  25. Nonuniversality (1) Finite state automaton: • Given A, nonuniversality of A is equivalent to nonemptyness of AC. • Complementation is exponential: exponential timePSPACE-complete • AC constructed “on the fly” • Yields NPSPACE algorithm • By Savitch: NPSPACE  PSPACE

  26. Nonuniversality (2) Büchi automaton: • As before, nonuniversality of A is equivalent to nonemptyness of AC. • Complementation is exponential: exponential timePSPACE-complete

  27. Break!

  28. Recap Nondeterministic Büchi automata • Union  linear • Intersection  linear • Complementation  exponential • Determinization  not always possible • Emptyness  linear time NLOGSPACE • Universality  exponential time PSPACE

  29. Alternating Automaton (1) • Nondeterminism gives a computing device the power of existential choice. • It’s dual gives the power of universal choice. • Alternating automaton: a computing device which has both!

  30. Alternating Automaton (2) • Given a set X, B+(X) is the set of positive boolean formulas over X with the addition of true and false. • Let YX. Ysatisfies a formula B+(X) if assigning true to Y and false to X\Y satisfies . Denoted: Y  • Examples: • {s1,s3}  (s1  s2)  (s3  s4) • {s1,s2}(s1  s2)  (s3  s4)

  31. Alternating Automaton (3) • The transition function of a nondeterministic automaton maps a state and input symbol to a set of possible next states. This set can be viewed as a disjunction of states. • Example:(s,a)= {s1,s3}s1s3 • An arbitrary formula from B+(S) can yield transitions combining existential (disjunction) and universal (conjunction) choice.

  32. Alternating Automaton (4) • Example: assume the following transition:(s,a)=(s1  s2)  (s3  s4)The automaton accepts a word aw from state s if it accepts w from s1 and from s3, or from s1 and s4 etc…

  33. Alternating Automaton (5) • Alternating automaton:A=,S,s0,,F •  – finite alphabet • S – finite set of states • s0S – initial state • FS – accepting states • :S B+(S) – transition function • Note the unique initial state…

  34. Alternating Automaton (6) • Universal choice run is a tree • A tree is a (finite or infinite) DAG with a root (), s.t. each inner node has a unique parent. • The level of node x, denoted |x|, is its distance from the root; ||= 0. • A branch=x0,x1,… is a maximal sequence s.t. x0= and xi is the parent of xi+1 for all i>0. • A -labeled tree is a pair (,T) where  is a tree and T maps nodes to , i.e. assigns each node a label.

  35. Alternating Automaton (7) • A run of A on a finite word w=a0an-1 is a finite S-labeled tree r such that: • r() =s0 • |x| =i<n, r(x)=s and (s,ai) =x has k children x1,…,xk, for some k|S|, and {r(x1),…,r(xk)}. • A run tree is accepting if all nodes at depth n are labeled by states in F a branch in an accepting run must hit true or an accepting state after reading the input word w.

  36. Example 4 • A={a,b},{s0,s1},s0,,{s0} • (s0,a) =s0s1 • (s0,b) =s0s1 • (s1,a) =s0 • (s1,b) = true • w1= abba … L(A) • w2= b … L(A)

  37. Equivalence to NFSA (1) • Proposition:ANFSA  there exists an alternating automaton Aa s.t. L(Aa)=L(A). • Proof:Aa=,S{s0}, s0, a, Fa • a(s0,a)=tS0,t’(t,a)t’ • a(s,a)=t(s,a)t • Note: • Empty disjunctions in the definition of a are taken to be false. • Aa is equivalent in size to A.

  38. Equivalence to NFSA (2) • Proposition:A is an alternating automaton  there exists AnNFSA s.t. L(An)=L(A). • Proof:An=,2S, {{s0}}, n, 2F • n(T,a)={T’|T’ tT(t,a)} • Note: • Empty conjunctions in the definition of n are taken to be true. • An is exponential to Aunavoidable!

  39. Alternating Nonemptyness • We showed: • Alternating automata can be converted to NFSA (exponential). • Nonemptyness for NFSA can be solved in linear time and is NLOGSPACE-complete. •  Nonemptyness for alternating automata: • can be decided in exponential time • is PSPACE-complete

  40. Alternating Büchi Automaton • Similarly to FSA, an alternating automaton can also be viewed as an automaton on infinite words alternating Büchi automaton. • A run can now be a possibly infinite tree. • An run is accepting if every infinite branch includes infinitely many labels in F.

  41. Equivalence to Büchi (1) • Proposition:A is a nondeterministic Büchi automaton  there exists an alternating Büchi automaton Aa s.t. L(Aa)=L(A). • Proof: same as in finite case. • Note: • Aa is equivalent in size to A.

  42. Equivalence to Büchi (2) • Proposition:A is an alternating Büchi automaton  there exists a nondeterministic Büchi automaton An s.t. L(An)=L(A). • Proof: more complex than the finite case. Need to make sure each branch hits an infinite number of accepting states. Distinguish between branches that hit an accepting state recently, and those that haven’t. Accepting state after all branches are in the “recent” group. • Note:An is exponential in size to Aunavoidable!

  43. Alt. Büchi Nonemptyness • We showed: • Alternating Büchi automata can be converted to nondeterministic Büchi automata (exponential). • Nonemptyness for NBA can be solved in linear time and is NLOGSPACE-complete. •  Nonemptyness for alternating Büchi automata: • can be decided in exponential time • is PSPACE-complete

  44. Linear Temporal Logic (LTL) • Base: • Set Prop of atomic propositions • Closure: • Boolean connectives: ,  • Unary temporal connective: X(next) • Binary temporal connective: U(until) • Abbreviations: • FtrueU(eventually) • GF (globally)

  45. LTL Semantics (1) • LTL formulae are interpreted over infinite computations. • A computation  is an infinite sequence 0,1,… • iProp is the set of atomic propositions that hold in the i’th position of . • Denote the suffix i,i+1,… by i.

  46. LTL Semantics (2) •   indicates that  holds in . • The relation  is inductively defined: •  true and false •  p for pProp iff p0 •  12 iff  1 and  2 •   iff  •  X iff 1   •  1U2 iff k0 s.t. k2and i1 for all 0i<k.

  47. LTL to Alternating Büchi (1) • Computations can also be view as infinite words over the alphabet 2Prop. • Goal: construct a finite automaton on infinite words such that the set of computations that satisfy the LTL formula is exactly the set of accepting runs. • We show a translation from LTL formulae to alternating Büchi automata.

  48. LTL to Alternating Büchi (2) • Given an LTL formula , construct an alternating Büchi automaton as follows: • A=2Prop,S,s0,,F • S – all subformulas of  and their negation O(||) • s0 –  • F – all formulas in S of the form (U) • Before we can define  we need to define a new variation of duality…

  49. LTL to Alternating Büchi (3) • Define: is obtained from  by switching  with , switching true with false and negating subformulas in S. • Example: p(qXq) =p(qXq)

  50. LTL to Alternating Büchi (4) • We define  inductively on the structure of : • (p,a) =true if pa • (p,a) =false if pa • (,a) =(,a)  (,a) • (,a) =(,a) • (X,a) = • (U,a) =(,a)  ((,a) U)

More Related