advanced logic linear temporal logic computation tree
play

Advanced Logic Linear Temporal Logic Computation Tree Logic - PowerPoint PPT Presentation

Nov 10, 2022 •186 likes •1.26k views

Advanced Logic Linear Temporal Logic Computation Tree Logic Daniel Gebler VU University Amsterdam March 11, 2013 Overview Linear temporal logic (LTL): describes properties of paths (individual executions) no modalities to

  1. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended ? | = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended

  2. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended

  3. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  4. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended M | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  5. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended M | = G ( ¬ extended → X extended) M , s 3 | = G extended M , s 1 , s 2 , s 3 �| = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  6. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths

  7. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  8. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  9. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  10. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  11. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  12. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P

  13. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P Q P non critical non critical . . . . . . C Q critical section C P critical section . . . . . . non critical non critical To solve conflicts: processes agree on a negotiation protocol. ◮ mutual exclusion: never more than one process in the critical section

  14. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P Q P non critical non critical . . . . . . C Q critical section C P critical section . . . . . . non critical non critical To solve conflicts: processes agree on a negotiation protocol. ◮ mutual exclusion: never more than one process in the critical section G ¬ ( C Q ∧ C P )

  15. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1

  16. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1

  17. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0

  18. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0

  19. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0

  20. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1

  21. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0

  22. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  23. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  24. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  25. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p1,q4,0

  26. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p2, C Q ,0 p1,q4,0

  27. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p1,q4,0

  28. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 C P ,q2,0 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p1,q4,0

  29. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 C P ,q2,0 p4,q2,0 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p4, C Q ,0 p1,q4,0 p2,q4,0 C P ,q4,0 p4,q4,0

  30. Model Checking Formalize the system design 1 Formalize the validation requirements 2 Validate: system meets requirements 3 Req 1 Req 2 System � Reqs System design . . . Promela or Embedded C Req n SPIN engine LTL Verification process

  31. Mutual Exclusion: Peterson ◮ boolean variables x = 0, y = 0, t = 0 Q P loop forever loop forever p1: x = 1 q1: y = 1 p2: turn = 1 q2: turn = 0 p3: wait for y = 0 or t = 0 q3: wait for x = 0 or t = 1 C P : critical section C Q : critical section p4: x = 0 q4: y = 0

  32. LTL: Applications Safety properties ◮ “nothing bad ever happens” G ¬ (reactor temperature > 1000) ◮ invariant: “ a is always false” Liveness properties ◮ “something good will eventually happen” G (ordered → F delivered) ◮ termination: “the system will eventually terminate” ◮ response: “if action a occurs then b eventually will occur” Deadlock freeness ◮ deadlock state: “a state where no actions are possible” ◮ no deadlocks: there is always some next state G ( ¬ terminated → X ⊤ )

  33. Industrial Case Studies I Figure: After Flood Disaster (1953), Maeslant Barrier (Maeslantkering)

  34. Industrial Case Studies: Flood Control Verification of the interface between BOS and BESW: ◮ Beslis- en Ondersteunend Systeem (BOS) ◮ BEsturingsSysteem Waterweg (BESW) ◮ BOS takes the decision to move the barrier ◮ BESW performs this task Even deadlocks were found in BESW!

  35. Industrial Case Studies II Figure: NASA Mission Critical Software: Cassini, Mars Rovers, Deep Impact

  36. Industrial Case Studies III

  37. State Space Explosion

  38. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states

  39. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states.

  40. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states.

  41. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states. This is the state space explosion problem.

  42. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states. This is the state space explosion problem.

  43. Computation Tree Logic (CTL) Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  44. Computation Tree Logic (CTL) Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  45. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  46. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  47. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2

  48. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ

  49. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3

  50. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ

  51. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ M , s | = EX φ ( φ holds in some next state) 4

  52. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ M , s | = EX φ ( φ holds in some next state) 4 iff ( M , s 2 ) | = φ for some s 2 such that s → s 2

  53. CTL: Extensions Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω

  54. CTL: Extensions Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until

  55. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until

  56. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next

  57. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1

  58. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ

  59. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ

  60. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2

  61. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2

  62. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ

  63. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3

  64. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3 iff for all paths s = s 1 → s 2 → . . . we have: for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ

  65. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3 iff for all paths s = s 1 → s 2 → . . . we have: for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ φ AU ψ = ¬ ( ¬ ψ EU ( ¬ φ ∧ ¬ ψ )) ∧ ¬ EG ¬ ψ

  66. CTL: Examples Which of the states satisfies the following? s 1 ? | = AF t ? | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  67. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t ? | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  68. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  69. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  70. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  71. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r M , s 2 , s 3 | = AX q ? | = EF q s 4 q , r

  72. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r M , s 2 , s 3 | = AX q M , s 1 , s 2 , s 3 , s 4 | = EF q s 4 q , r

  73. CTL: Examples s 1 r Which of the states satisfies the following? s 2 s 3 ? | = AG (EF p ) q p ? | = AG (( q ∨ r ) AU p ) ? | = AG (EF ( q ∧ r )) s 4 q , r s 5 p

Recommend

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk 1With thanks to Bob Atkey for some of the diagrams. Recap Previously: Linear-time Temporal Logic Tiis time: A branching-time logic:

723 views • 35 slides
Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

EECS 294-98: Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture Linear Temporal Logic Signal Temporal Logic (by Alex Donze) S. A. Seshia 2 Behavior, Run, Computation Path Define in

767 views • 28 slides
Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola Gigante University of Udine, Italy Joint work with Angelo Montanari, Mark Reynolds, Luca Geatti The need for formal verification Safety-critical

489 views • 47 slides
Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland

Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland

Temporal Logic of Actions Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Temporal Logic of Actions Outline Basic Concepts Transition Systems Temporal Operators Fairness

480 views • 32 slides
Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking, and an informal introduction to LTL Tiis time: Linear Temporal Logic Syntax Semantics Equivalences

228 views • 21 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

2.06k views • 183 slides
Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

1.95k views • 194 slides
Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL

Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL

Programming in Linear Temporal Logic Wolfgang Jeltsch The Temporal CurryHoward Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL and FRP Wolfgang Jeltsch Hybrid Signals Functional Reactive

285 views • 25 slides
Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic Promela Critical Sections Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Linear Temporal Logic Promela Critical Sections Where

569 views • 35 slides
Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic Promela Critical Sections Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Linear Temporal Logic Promela Critical Sections Where

1.12k views • 98 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen,

Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen,

Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen, editor, Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics, pages 9951072, Elsevier, 1990. Temporal and Modal

554 views • 27 slides
Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata

Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata

ormal ethods roup Linear Temporal Logics and Grammars Joachim Baran The University of Manchester April 2006 Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata Right-linear grammars TL,

512 views • 33 slides
Informatics 1 connections between Computation and Logic computation and logic. We Sets of

Informatics 1 connections between Computation and Logic computation and logic. We Sets of

This course provides a first glimpse of the deep Informatics 1 connections between Computation and Logic computation and logic. We Sets of States: Venn Diagrams and Truth Tables will focus primarily on the Michael Fourman @mp4man simplest

322 views • 11 slides
INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for

INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for

INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for informatikk, Universitetet i Oslo February 16, 2018 1 / 47 Linear-Time Temporal Logic (LTL) Introduction Temporal Logic? Temporal logic is the logic of

515 views • 47 slides
The complexity of temporal logic with until and since over ordinals S. Demri 1 A. Rabinovich 2 1

The complexity of temporal logic with until and since over ordinals S. Demri 1 A. Rabinovich 2 1

The complexity of temporal logic with until and since over ordinals S. Demri 1 A. Rabinovich 2 1 LSV, ENS Cachan, CNRS, INRIA 2 Tel Aviv University LPAR07, October 15-19, 2007 Linear-time temporal logics Main results in the paper Automata

641 views • 19 slides
Introduction to Temporal Logic Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Modal Logic Modal logic

Introduction to Temporal Logic Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Modal Logic Modal logic

Introduction to Temporal Logic Mehdi Dastani BBL-521 M.M.Dastani@uu.nl Modal Logic Modal logic is developed to model various concepts and phenomena. Logic of and (necessity / possibility) Various flavours: epistemic /

547 views • 18 slides
Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of

Linear Temporal Logic for Hyperproperties (HyperLTL) Course: Specification and Verification of Parallel Systems 29 November 2019 Presented by: Elahe Fazeldehkordi 1 Hyperproperties Trace: a sequence of states System: is modeled by

546 views • 13 slides
Informatics 1 Computation and Logic computation and logic. We A Traffic-Light Controller

Informatics 1 Computation and Logic computation and logic. We A Traffic-Light Controller

This course provides a first glimpse of the deep connections between Informatics 1 Computation and Logic computation and logic. We A Traffic-Light Controller Michael Fourman will focus primarily on the @mp4man simplest non-trivial examples

585 views • 31 slides
Non-Transitive Linear Temporal Logic with UNTIL and NEXT, Logical Knowledge Operations,

Non-Transitive Linear Temporal Logic with UNTIL and NEXT, Logical Knowledge Operations,

Non-Transitive Linear Temporal Logic with UNTIL and NEXT, Logical Knowledge Operations, Admissible Rules V.Rybakov School of Computing, Mathematics and DT, Manchester Metropolitan University, John Dalton Building, Chester Street, Manchester M1

621 views • 32 slides
Modelling Combinatorial Auctions in Linear Logic Daniele Porello and Ulle Endriss Institute for

Modelling Combinatorial Auctions in Linear Logic Daniele Porello and Ulle Endriss Institute for

Modelling Combinatorial Auctions in Linear Logic Daniele Porello and Ulle Endriss Institute for Logic, Language &amp; Computation (ILLC) University of Amsterdam KR 2010, Toronto, May 913 Overview Linear logic, some general features,

742 views • 20 slides
CTL (Clarke &amp; Emerson 81) Definition: Computation Tree Logic CTL(AP , X , U ) Basics of

CTL (Clarke &amp; Emerson 81) Definition: Computation Tree Logic CTL(AP , X , U ) Basics of

CTL (Clarke &amp; Emerson 81) Definition: Computation Tree Logic CTL(AP , X , U ) Basics of Verification 1 Syntax: https://wikimpri.dptinfo.ens-cachan.fr/doku.php?id=cours:c-1-22 ::= | p ( p AP) | | | EX | AX |

374 views • 3 slides
Lecture 3 Linear Temporal Logic (LTL) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu

Lecture 3 Linear Temporal Logic (LTL) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu

Lecture 3 Linear Temporal Logic (LTL) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu California Institute of Technology AFRL, 24 April 2012 Outline Principles of Model Syntax and semantics of LTL Checking , Specifying properties in

472 views • 21 slides

More recommend