# Specification Formalisms: Temporal Logic and Automata on Infinite Words - PowerPoint PPT Presentation Download Presentation Specification Formalisms: Temporal Logic and Automata on Infinite Words

Specification Formalisms: Temporal Logic and Automata on Infinite Words Download Presentation ## Specification Formalisms: Temporal Logic and Automata on Infinite Words

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
##### Presentation Transcript

1. Specification Formalisms:Temporal Logic and Automata on Infinite Words Literature: Peled ch. 5 Mads Dam

2. Temporal Logic Logic of transition system executions Propositional/first-order logic = state assertions Temporal assertions = assertions on system executions • Invariably (along this execution) x · y + z • Sometime (along this execution) an acknowledgement packet is sent • If T is infinitely often enabled (along this execution) then T is eventually executed • Last packet received along channel a (along this execution) had the shape (b,c,d) • No matter which execution is followed from now (this state), a reply will eventually (along that execution) be sent • No matter what choice B made in the past, it would necessarily come to pass that 

3. Runs/Executions/Paths Fix transition system T = (Q,R,Q0) Computation path (aka run, execution sequence): Infinite sequence = q0q1q2...qi... such that for all i¸ 0, qi R qi+1 Notation: • (k) = qk (= k’th state of ) • k = qkqk+1 ... (= k’th suffix of , i.e. the path)

4. LTL – Linear Time Temporal Logic Logic of future time path properties : Primitive state assertions Syntax:  ::=  | : | Æ | <> | [] |  U  | O • :  holds now/at the current time instant • <>: At some future time instant  is true • []: For all future time instants  is true • U :  is true until  becomes true • O:  is true at the next time instant

5. Pictorially

6. Semantics Satisfaction relation  ² Assume interpretation function :   Q’ µ Q (): Set of states for which  holds  ² iff (0) 2 ()  ²: iff not ²  ²Æ iff ² and ²  ² <> iff exists k2N. k²  ² [] iff for all k2N. k² ² U  iff exists k2N. k² and for all i: 0· i < k. i² ² O iff 1² For transition system T = (Q,R,Q0): T ² iff for all runs  of T with (0)2 Q0, ²

7. Some LTL Formulas • Ç = :(:Æ:) • ! = :Ç (! is seriously overloaded!) • <> = true U  • [] = :<>: •  V  = []Ç ( U (Æ)) • (aka ”release” in Peled) • <>[] •  holds from some point forever • []<> •  holds infinitely often • []<>! []<> • if  holds infinitely often then so does 

8. Spring Example Primitive state assertions: extended, malfunction Sample paths: • q0 q1 q0 q1 q2 q2 q2 ... • q0 q1 q2 q2 q2 ... • q0 q1 q0 q1 q0 q1 ... release release q0 q1 q2 pull extended extended malfunction

9. Satisfaction by Single Path ²extended? ² Oextended? ² OOextended? ² <>extended? ² []extended? ² <>[]extended? ² <>[]malfunction? release release = q0q1q0q1q2q2q2 ... q0 q1 q2 pull extended extended malfunction ² []<>extended? ²extended U malfunction? ² (:extended) U extended? ² (<>extended) U malfunction? ² (<>:extended) U malfunction? ² [](:extended! Oextended)

10. Satisfaction by Transition System T²extended? T² Oextended? T² OOextended? T² <>extended? T² []extended? T² <>[]extended? T² <>[]malfunction? release release T: q0 q1 q2 pull extended extended malfunction T² []<>extended? T²extended U malfunction? T² (:extended) U extended? T² (<>extended) U malfunction? T² (<>:extended) U malfunction? T² [](:extended! Oextended)

11. Example: Mutex Assume there are 2 processes, Pl and Pr State assertions: • tryCSi: Process i is trying to enter critical section E.g. tryCSl: pcl = l4 • inCSi: Process i is inside its critical section E.g. inCSl: pcl = l5Ç pcl = l6 Mutual exclusion: [](:(inCSlÆ inCSr)) Responsiveness: [](tryCSi! <>inCSi) Process keeps trying until access is granted: [](tryCSi! ((tryCSi U inCSi) Ç []tryCSi))

12. Example: Fairness States: Pairs (q,)  label of last transition taken, so q! q’ (q,) ! (q’,) : Finite set of labels partitioned into subsets P P: ”(finite) set of labels of some process” State assertions: • enP: Some transition labelled  2 P is enabled i.e. (q,)2(en) iff 9 q’.q! q’ • execP: Label of last executed transition is in P i.e. (q,)2(execP) iff 2 P Note: enP$Ç2 Pen{} and execP$Ç2 Pexec{}

13. Fairness Conditions Weak transition fairness: Æ2:<>[](en{}Æ: exec{}) Or equivalently Æ2(<>[]en{}! []<>exec{}) Strong transition fairness: Æ2([]<>en{}! []<>exec{}) Weak process fairness: ÆP:<>[](enPÆ: execP) Strong process fairness: ÆP ([]<>enP! []<>execP)

14. Sets of paths? Or computation tree? Branching Time Logic . . . . . . . . . . . . . . . . . . . .

15. Computation Tree Logic - CTL Syntax:  ::=  | : | Æ | AF | AG | A( U ) | AX Formulas hold of states, not paths A: Path quantifier, along all paths from this state F: <>, G: [], X: O So: • AF: Along all paths, at some future time instant  is true • AG: Along all paths, for all future time instants  is true • A(U ): Along all paths,  is true until  becomes true • AX:  is true for all next states Note: CTL is closed under negation so also express dual modalities EF, EG, EU, EX (E is existential path quantifier)

16. CTL, Semantics Interpretation function :   Q’ µ Q the same q² iff q 2 () q ²: iff not q ² q²Æ iff q² and q² q² AF iff for all  such that (0)=q exists k2N such that (k) ² q² AG iff for all  such that (0)=q, for all k2N, (k)² q² A( U ) iff for all  such that (0)=q, exists k2N. (k) ² and for all i: 0· i < k. (i) ² q² AX iff for all  such that (0) = q, (1) ² (iff for all q’ such that q ! q’, q’²) For transition system T = (Q,R,Q0): T ² iff for all q02 Q0, q0²

17. CTL – LTL: Brief Comparison LTL in branching time framework: •  A (  to hold for all paths) CTL * LTL: EF not expressible in LTL LTL * CTL: <>[] not expressible in CTL CTL*: Extension of CTL with free alternation A, F, G, U, X Advantages and disadvantages: • LTL often ”more natural” • Satisfiability: LTL: PSPACE complete, CTL: DEXPTIME complete • Model checking: LTL: PSPACE complete, CTL: In P

18. Automata Over Finite Words Finite state automaton A = (Q,,,I,F): • Q: Finite set of states • : Finite alphabet • µ Q££ Q: Transition relation Write q!a q’ for (q,a,q’) as before • Iµ Q: Start states • Fµ Q: Accepting states Word a1a2...an is accepted, if there is sequence q0!a1 q1!a2 ... !an qn such that q02 I and qn2 F a b b a

19. Automata Over Infinite Words Intuition: Letters a2 might represent states, or state properties A computation path is an infinite word over object states Infinite word w: • Function w: N! • Equivalently: Infinite sequence w = a0a1a2 ... an ... Buchi automaton: Finite state automaton, but on infinite words Word w is accepted if accepting state visited infinitely often

20. Example Which infinite words are accepted? • ababab ... (= ab) ? • aaaaaa... (= a^\omega) ? • bbbbbb... (= b^\omega) ? • aaabbbbb... (= aaab^\omega) ? • ababbabbbabbbba... ? a b b a

21. Nondeterminism • What is the language accepted by this automaton? • What is the corresponding LTL property if b = inCS and a = : b? a a a,b

22. Another Example Letters represent propositions Example: []<>inCS, a=inCS, b=: inCS a b b a

23. Yet More Examples • a = inCS1Æ inCS2 • b = : a • c = true • Property: []: a • Property: [](d ! <>e) • Idea: • q0; Have seen : d Ç e • q1: Saw d, now wait for e a c b Or just: b d ! e :e dÆ:e q0 q1 e

24. Even More... Property: [](a ! (bUc)) Idea: • q0: Body of [] immediately ok • q1: Awaiting c Property: [](a ! (bUc)) = <>(a Æ(bUc)) Idea: • (bUc): b becomes false some time without c having become true first • q0: Waiting ... • q1: Have seen a with b and c • q2: Committing ... :a Ç c b Æ: c a Æ b Æ: c q0 q1 c true b Æ: c a Æ b Æ: c q0 q1 q2 aÆ: b Æ: c :b Æ: c true

25. Deterministic Buchi Automata Consider  = <>[]a where  = {a,b} Suppose A recognizes  A deterministic A reaches accepting state on some input an1 And on an1ban2 And on an1ban2ban3 And on an1ban2ban3b ... b ... b ... So: Nondeterministic Buchi automata strictly more expressive than deterministic ones And: Deterministic B. A. not closed under complement a a a,b

26. Alternative Formalisms • Next lecture: LTL  Buchi automata • Buchi automate strictly richer than LTL • B. A. recognisable languages remarkably stable • Monadic second order logic of successor 9 X(02 X Æ8 y8 z(succ(y,z) ! (y2X $: z2X)) Æ 8 y(y2X ! a(y))) (all even symbols are a’s) • LTL with propositional quantification 9 X((X Æ [](X$ O:X) Æ [](x ! a)) • -regular expressions a((a [ b)a) • Linear-time -calculus  X.a Æ OOX