1 / 29

モデル検査( 2 )

知能ソフトウェア特論 Intelligent Software. モデル検査( 2 ). 時相論理. Model Checking (2) Temporal Logic. 1. 時相論理の概要 2. 状態遷移系の 形式化 3.線形時相論理 LTL 4.計算木時相論理 CTL. 1. Overview of temporal logic 2. Formalization of state transition systems 3. Linear Temporal Logic: LTL 4. Computational Tree Logic: CTL.

coen
Télécharger la présentation

モデル検査( 2 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 知能ソフトウェア特論Intelligent Software モデル検査(2) 時相論理 Model Checking (2)Temporal Logic 1.時相論理の概要 2.状態遷移系の形式化 3.線形時相論理 LTL 4.計算木時相論理 CTL 1. Overview of temporal logic 2. Formalization of state transition systems 3. Linear Temporal Logic: LTL 4. Computational Tree Logic: CTL ■Reference Model Checking, E.M. Clarke, Jr. et al, MIT Press (1999)

  2. モデル検査器の概要 (Overview of model checker) モデル検査器 model checker モデル model 検査結果result 状態遷移系 OK/反例 性質property (state transition system) The result is either OK or a counterexample (error trace). モデル記述言語 • プロセス代数 • C言語風言語 安全性,活性 (safety, liveness) 性質記述言語 • 時相論理

  3. 1.時相論理の概要 (Overview of temporal logic) To verify sequential programs, it is enough to represent the systems by input/output relationships in classical logic. To verify reactive, concurrent systems, which are often non-terminating, it is important to represent the internal state transitions of the systems in non-classical logic.

  4. 時相論理の概要 (Overview of temporal logic) Temporal logic allows you to describe properties of reactive, concurrent systems, describe properties related to time, describe properties of state transition using temporal operators. LTL: Linear Temporal Logic CTL: Computational Tree Logic

  5. 2. 状態遷移系の形式化 (Formalization of state transition systems) (the set of variables in a concurrent system) (domain: a finite set of values taken by the variables) (state: a vector of values taken by the variables) (the set of atomic propositions: Their truth values are determined in each state. For example, “v1=3” is an atomic proposition whose value is true in the states where the value of v1 is 3.)

  6. クリプキ構造 (Kripke structure) :状態遷移系の一種 State transition systems are formally modeled by the Kripke structure defined as 4-tuple. (S is a finite set of states) (S0⊆ S is a set of initial states) (R⊆ S×S is a state transition relation) (L: S→2AP is a labeling function, which assigns each state in S with a label, i.e. a subset of AP that are true in that state) ベキ集合(APのすべての部分集合の集合) powerset(the set of all subsets of AP)

  7. クリプキ構造の例(オーブンレンジ) (An example of Kripke structure: an oven) 初期状態 (initial state) start oven open door cook open door close door done close door start oven open door reset start cooking warmup

  8. パス (Path) We assume every state s has a state s’ to which transition from s is possible.Otherwise, we will fix R so that transition from s to s itself is possible. A path from a state s is an infinite sequence of states p=(s0s1s2…). where s0=s and (si , si+1) ∈R for all i.

  9. 3.線形時相論理 LTL (Linear Temporal Logic: LTL) Is c true in this path? false false true false b c a b a a このパスでは,いつか必ず cが成り立つ LTLでは,この性質を Fcで表す In this path, c will be eventually true. In LTL, this property is expressed as Fc.

  10. LTLの構文論 (Syntax of LTL) The syntax for LTL formulas are defined inductively by using temporal operatorsX, F, G, and U as follows. LTL式 (LTL formulas) An atomic proposition p is an LTL formula. These eight formulas are LTL formulas, if f and g are LTL formulas.

  11. LTLの直観的な意味(1/2) (Intuitive meaning of LTL) The truth of an LTL formula is determined for each path. f is true in the neXt state on the path. f will be Finally true in some state on the path. f is true in all the states (Globally) on the path. g is true in some state s on the path, and f is true in all the states before s (Until g is true).

  12. LTLの直観的な意味(2/2) (Intuitive meaning of LTL) p pwith no temporal operators f neXtf ¬f ¬f ¬f f Futuref f f f f f Globally f f∧¬g g f∧¬g f∧¬g f Untilg

  13. LTLの形式的意味論(1/3) 表記法 (Formal semantics of LTL: Notation) A path is represented by an infinite sequence p=(s0s1s2…) of states. A subpath of p starting from si, i.e. (sisi+1…), is denoted by pi. The LTL formula f is true for the path p (p fulfills f). The negation of the above formula

  14. LTLの形式的意味論(2/3) 時相演算子を含まないときLTLの形式的意味論(2/3) 時相演算子を含まないとき (Formal semantics of LTL: When no temporal operators involved) The inductive definition of the truth for LTL formulas, where p is an atomic proposition and f, g are LTL formulas. s0に付けられたラベル(原始命題の集合) the label (a subset of AP) attached to s0 If f involves no temporal operators,the truth of f is its truth in the initial state s0 of the path p.

  15. LTLの形式的意味論(3/3) 時相演算子を含むときLTLの形式的意味論(3/3) 時相演算子を含むとき (Formal semantics of LTL: When temporal operators involved) p=(s0s1s2…) pi=(sisi+1…)

  16. LTLモデル検査器 (LTL Model Checker) SPINなど When an LTL formula f is input to an LTL model checker such as SPIN, it checks all the paths p starting from the initial states to see if p |= f. If it finds a path with p |= ¬f, it will output that path.

  17. 4.計算木時相論理 CTL (Computation Tree Logic: CTL) クリプキ構造 計算木 a b Kripke structure computation tree a b b c c b c c a b c c path

  18. CTLの構文論 (Syntax of CTL) (CTL uses the path quantifiers Eand A in addition to LTL temporal operators) CTL式 (CTL formulas) An atomic proposition p is a CTL formula. These 12 formulas are CTL formulas, if f and g are CTL formulas.

  19. CTLの直観的な意味: E,A (Intuitive meaning of CTL: E,A) The truth of a CTL formula is determined for each computation tree starting from a state. There exists a path in the computation tree for which f is true. f is true for all paths in the computation tree.

  20. CTLの直観的な意味: Eの使用例 (Intuitive meaning of CTL: Sample use of E) E(gray U blue) EXblue EFblue EGblue There exists a path that is grayuntilblue. There exists a path that is globallyblue. There exists a path such that the next state is blue. There exists a path that will, in future, get blue.

  21. CTLの直観的な意味: Aの使用例 (Intuitive meaning of CTL: Sample use of A) A(gray U blue) AXblue AFblue AGblue For all paths, it is grayuntilblue. For all paths, it is globallyblue. For all paths, the next state is blue. For all paths, it will finally become blue.

  22. CTLの形式的意味論(1/3) 表記法 (Formal semantics of CTL: Notation) The CTL formula f is true for the computation tree starting from the state s (sfulfills f). (The negation of the above formula)

  23. CTLの形式的意味論(2/3) 時相演算子を含まないときCTLの形式的意味論(2/3) 時相演算子を含まないとき (Formal semantics of CTL: When no temporal operators involved) The inductive definition of the truth for CTL formulas, where p is an atomic proposition and f, g are CTL formulas. s に付けられたラベル(原始命題の集合) the label (a set of atomic propositions) attached to s If f involves no temporal operators,the truth of f is its truth in the state s , the root of the computation tree.

  24. CTLの形式的意味論(3/3) 時相演算子を含むときCTLの形式的意味論(3/3) 時相演算子を含むとき (Formal semantics of CTL: When temporal operators involved)

  25. CTL式の例(1/4) (Example of CTL formula) There exists a path where infuture we will see that start is true but readyis not. start ready ready start

  26. CTL式の例(2/4) (Example of CTL formula) For all paths, we will see that deviceEnabled will be finally true. devEn devEn =deviceEnabled devEn

  27. CTL式の例(3/4) (Example of CTL formula) In any path, it is always true that if req is true at that time, then for all paths after that, ackwill be eventually true. ack req ack

  28. CTL式の例(4/4) (Example of CTL formula) From anystate, there is a path to reach a restart state. restart

  29. 演習問題4 Exercise 4 Prove the following identical equations. 参考

More Related