chapter 1
play

Chapter 1 Logics Course Model checking Volker Stolz, Martin - PowerPoint PPT Presentation

Chapter 1 Logics Course Model checking Volker Stolz, Martin Steffen Autumn 2019 Chapter 1 Learning Targets of Chapter Logics. The chapter gives some basic information about standard logics, namely propositional logics and


  1. Substitution IN5110 – Verification and specification of parallel systems • basically: • generalize substitution from terms to formulas • careful about binders especially don’t let substitution Targets & Outline Introduction lead to variables being “captured” by binders Propositional logic Example Algebraic and first-order signatures ϕ = ∃ x.x + 1 . First-order logic = y θ = [ y/x ] Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  2. Satisfaction IN5110 – Verification and specification of parallel systems Definition ( | = ) M, σ | = ϕ Targets & Outline Introduction • Σ fixed Propositional logic • in model M and with variable assignment σ formula ϕ Algebraic and first-order is true (holds signatures First-order logic • M and σ satisfy ϕ Syntax Semantics • minority terminology: M, σ model of ϕ Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  3. Exercises IN5110 – Verification and specification of parallel systems • substitutions and variable assignments: Targets & Outline similar/different? Introduction • there are infinitely many primes Propositional logic • there is a person with at least 2 neighbors (or exactly) Algebraic and first-order • every even number can be written as the sum of 2 signatures primes First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  4. Proof theory IN5110 – • how to infer, derive, deduce formulas (from others) Verification and specification of parallel systems • mechanical process • soundness and completeness Targets & Outline • proof = deduction (sequence or tree of steps) Introduction • theorem Propositional logic • syntactic: derivable formula Algebraic and first-order • semantical a formula which holds (in a given model) signatures • (fo)-theory: set of formulas which are First-order logic Syntax • derivable Semantics • true (in a given model) Proof theory Modal logics • soundness and completeness Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  5. Deductions and proof systems IN5110 – Verification and A proof system for a given logic consists of specification of parallel systems • axioms (or axiom schemata ), which are formulae assumed to be true, and Targets & Outline Introduction • inference rules, of approx. the form Propositional logic Algebraic and ϕ 1 . . . ϕ n first-order signatures First-order logic ψ Syntax Semantics Proof theory • ϕ 1 , . . . , ϕ n are premises and ψ conclusion. Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  6. A simple form of derivation Derivation of ϕ IN5110 – Verification and specification of Sequence of formulae, where each formula is parallel systems • an axiom or • can be obtained by applying an inference rule to Targets & Outline formulae earlier in the sequence. Introduction Propositional logic Algebraic and • ⊢ ϕ first-order signatures • more general: set of formulas Γ First-order logic Γ ⊢ ϕ Syntax Semantics Proof theory Modal logics Introduction • proof = derivation Semantics Proof theory and axiomatic • theorem: derivable formula (= last formula in a proof) systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  7. Proof systems and proofs: remarks • “definitions” from the previous slides: not very formal IN5110 – Verification and in general: a proof system: a “mechanical” (= formal and specification of parallel systems constructive) way of conclusions from axioms (= “given” formulas), and other already proven formulas Targets & Outline • Many different “representations” of how to draw Introduction conclusions exists, the one sketched on the previous Propositional logic slide Algebraic and • works with “sequences” first-order signatures • corresponds to the historically oldest “style” of proof First-order logic systems (“Hilbert-style”), some would say outdated . . . Syntax • otherwise, in that naive form: impractical (but sound & Semantics Proof theory complete). Modal logics • nowadays, better ways and more suitable for computer Introduction support of representation exists (especially using trees). Semantics Proof theory and axiomatic For instance natural deduction style system systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  8. A proof system for prop. logic IN5110 – Verification and specification of Observation parallel systems We can axiomatize a subset of propositional logic as follows. Targets & Outline ϕ → ( ψ → ϕ ) (Ax1) Introduction ( ϕ → ( ψ → χ )) → (( ϕ → ψ ) → ( ϕ → χ )) (Ax2) Propositional logic Algebraic and (( ϕ → ⊥ ) → ⊥ ) → ϕ (DN) first-order signatures ϕ ϕ → ψ First-order logic (MP) Syntax Semantics ψ Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  9. A proof system IN5110 – Verification and Example specification of parallel systems p → p is a theorem of PPL: Targets & Outline ( p → (( p → p ) → p )) → Ax 2 (1) Introduction (( p → ( p → p )) → ( p → p )) Propositional logic p → (( p → p ) → p ) Ax 1 (2) Algebraic and first-order signatures ( p → ( p → p )) → ( p → p ) MP on (1) and (2) (3) First-order logic p → ( p → p ) Ax 1 (4) Syntax Semantics p → p MP on (3) and (4) (5) Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  10. Section Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Chapter 1 “Logics” Course “Model checking” Volker Stolz, Martin Steffen Autumn 2019

  11. Introduction • Modal logic: logic of “necessity” and “possibility” , in IN5110 – that originally the intended meaning of the modal Verification and specification of operators � and ♦ was parallel systems • � ϕ : ϕ is necessarily true. • ♦ ϕ : ϕ is possibly true. Targets & Outline • Depending on what we intend to capture: we can Introduction interpret � ϕ differently. Propositional logic Algebraic and temporal ϕ will always hold. first-order signatures doxastic I believe ϕ . First-order logic epistemic I know ϕ . Syntax Semantics intuitionistic ϕ is provable. Proof theory deontic It ought to be the case that ϕ . Modal logics Introduction We will restrict here the modal operators to � and ♦ (and Semantics Proof theory and axiomatic mostly work with a temporal “mind-set”. systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  12. Kripke structures IN5110 – Verification and Definition (Kripke frame and Kripke model) specification of parallel systems • A Kripke frame is a structure ( W, R ) where Targets & Outline • W is a non-empty set of worlds , and Introduction • R ⊆ W × W is called the accessibility relation between Propositional logic worlds. Algebraic and first-order signatures First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  13. Kripke structures IN5110 – Verification and Definition (Kripke frame and Kripke model) specification of parallel systems • A Kripke frame is a structure ( W, R ) where Targets & Outline • W is a non-empty set of worlds , and Introduction • R ⊆ W × W is called the accessibility relation between Propositional logic worlds. Algebraic and first-order • A Kripke model M is a structure ( W, R, V ) where signatures • ( W, R ) is a frame, and First-order logic • V a function of type V : W → ( P → B ) (called Syntax Semantics valuation). Proof theory Modal logics Introduction isomorphically: V : W → 2 P Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  14. Illustration 1 IN5110 – Verification and specification of parallel systems p p p 4 2 Targets & Outline 5 Introduction Propositional logic q 3 Algebraic and first-order signatures Example (Kripke model) First-order logic Syntax Semantics Let P = { p, q } . Then let M = ( W, R, V ) be the Kripke Proof theory model such that Modal logics Introduction • W = { w 1 , w 2 , w 3 , w 4 , w 5 } Semantics Proof theory and axiomatic • R = { ( w 1 , w 5 ) , ( w 1 , w 4 ) , ( w 4 , w 1 ) , . . . } systems Exercises • V = [ w 1 �→ ∅ , w 2 �→ { p } , w 3 �→ { q } , . . . ] Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  15. Satisfaction Definition (Satisfaction) IN5110 – Verification and A modal formula ϕ is true in the world w of a model V , specification of parallel systems written V, w | = ϕ , if: Targets & Outline Introduction V, w | = p iff V ( w )( p ) = ⊤ Propositional logic Algebraic and first-order signatures V, w | = ¬ ϕ iff V, w �| = ϕ First-order logic V, w | = ϕ 1 ∨ ϕ 2 iff V, w | = ϕ 1 or V, w | = ϕ 2 Syntax Semantics Proof theory Modal logics V, w ′ | = ϕ , for all w ′ such that wRw ′ = � ϕ V, w | iff Introduction Semantics V, w ′ | = ϕ , for some w ′ such that wRw ′ = ♦ ϕ Proof theory and axiomatic V, w | iff systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  16. “Box” and “diamond” IN5110 – Verification and specification of parallel systems • modal operators � and ♦ Targets & Outline • often pronounced “nessecarily” and “possibly” Introduction • mental picture: depends on “kind” of logic (temporal, Propositional logic epistemic, deontic . . . ) and (related to that) the form Algebraic and first-order of accessibility relation R signatures • formal definition: see previous slide First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  17. Different kinds of relations IN5110 – Verification and specification of parallel systems R a binary relation on a set, say W , i.e., R ⊆ W • reflexive Targets & Outline • transitive Introduction • (right) Euclidian Propositional logic Algebraic and • total first-order signatures • order relation First-order logic Syntax • . . . . Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  18. Valid in frame/for a set of frames IN5110 – If ( W, R, V ) , s | = ϕ for all s and V , we write Verification and specification of parallel systems ( W, R ) | = ϕ Targets & Outline Introduction Propositional logic Example (Samples) Algebraic and first-order • ( W, R ) | = � ϕ → ϕ iff R is reflexive. signatures First-order logic • ( W, R ) | = � ϕ → ♦ ϕ iff R is total. Syntax Semantics • ( W, R ) | = � ϕ → �� ϕ iff R is transitive. Proof theory • ( W, R ) | = ¬ � ϕ → � ¬ � ϕ iff R is Euclidean. Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  19. Some exercises IN5110 – Verification and specification of parallel systems Targets & Outline Introduction Prove the double implications from the slide before! Propositional logic Algebraic and first-order signatures First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  20. Base line axiomatic system (“K”) IN5110 – Verification and ϕ is a propositional tautology specification of parallel systems PL ϕ Targets & Outline K Introduction � ( ϕ 1 → ϕ 2 ) → ( � ϕ 1 → � ϕ 2 ) Propositional logic Algebraic and ϕ → ψ ϕ first-order signatures MP First-order logic ψ Syntax Semantics ϕ Proof theory G Modal logics Introduction � ϕ Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  21. Sample axioms for different accessibility relations IN5110 – Verification and specification of parallel systems � ( ϕ → ψ ) → ( � ϕ → � ψ ) (K) Targets & Outline � ϕ → ♦ ϕ (D) Introduction Propositional logic � ϕ → ϕ (T) Algebraic and � ϕ → �� ϕ (4) first-order signatures ¬ � ϕ → � ¬ � ϕ (5) First-order logic Syntax � ( � ϕ → ψ ) → � ( � ψ → ϕ ) (3) Semantics Proof theory � ( � ( ϕ → � ϕ ) → ϕ ) → ( ♦� ϕ → ϕ )) (Dum) Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  22. Different “flavors” of modal logic IN5110 – Verification and specification of parallel systems Logic Axioms Interpretation Properties of R D K D deontic total Targets & Outline T K T reflexive Introduction K45 K 4 5 doxastic transitive/euclidean Propositional logic S4 K T 4 reflexive/transitive Algebraic and first-order S5 K T 5 epistemic reflexive/euclidean signatures reflexive/symmetric/transitive First-order logic equivalence relation Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  23. Some exercises Consider the frame ( W, R ) with W = { 1 , 2 , 3 , 4 , 5 } and IN5110 – Verification and ( i, i + 1) ∈ R specification of parallel systems p p, q p, q q q Targets & Outline 1 2 3 4 5 Introduction Propositional logic • M, 1 | = ♦� p Algebraic and first-order signatures • M, 1 | = ♦� p → p First-order logic Syntax • M, 3 | = ♦ ( q ∧ ¬ p ) ∧ � ( q ∧ ¬ p ) Semantics Proof theory • M, 1 | = q ∧ ♦ ( q ∧ ♦ ( q ∧ ♦ ( q ∧ ♦ q ))) Modal logics Introduction • M | Semantics = � q Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  24. Exercises (2): bidirectional frames Bidirectional frame A frame ( W, R ) is bidirectional iff R = R F + R P s.t. IN5110 – ∀ w, w ′ ( wR F w ′ ↔ w ′ R P w ) . Verification and specification of parallel systems p p, q p, q q q Targets & Outline 1 2 3 4 5 Introduction Propositional logic Algebraic and Consider M = ( W, R, V ) from before. Which of the first-order signatures following statements are correct in M and why? First-order logic = ♦� p 1. M, 1 | Syntax Semantics = ♦� p → p 2. M, 1 | Proof theory Modal logics = ♦ ( q ∧ ¬ p ) ∧ � ( q ∧ ¬ p ) 3. M, 3 | Introduction Semantics = q ∧ ♦ ( q ∧ ♦ ( q ∧ ♦ ( q ∧ ♦ q ))) 4. M, 1 | Proof theory and axiomatic systems = � q 5. M | Exercises Dynamic logics = � q → ♦♦ p 6. M | Multi-modal logic Dynamic logics Semantics of PDL

  25. Exercises (3): validities IN5110 – Verification and specification of parallel systems Which of the following are valid in modal logic. For those that are not, argue why and find a class of frames on which Targets & Outline they become valid. Introduction 1. � ⊥ Propositional logic Algebraic and 2. ♦ p → � p first-order signatures 3. p → �♦ p First-order logic 4. ♦� p → �♦ p Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  26. Section Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL Chapter 1 “Logics” Course “Model checking” Volker Stolz, Martin Steffen Autumn 2019

  27. Introduction IN5110 – Verification and specification of Problem parallel systems • FOL: “very” expressive but undecidable. Perhaps good Targets & Outline for mathematics but not ideal for computers. Introduction !! FOL can talk about the state of the system. But how Propositional logic to talk about change of state in a natural way? Algebraic and first-order • modal logic: gives us the power to talk about changing signatures of state . Modal logics is natural when one is interested First-order logic Syntax in systems that are essentially modeled as states and Semantics Proof theory transitions between states. Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  28. Multi-modal logic IN5110 – “Kripke frame” ( W, R a , R b ) , where R a and R b are two Verification and specification of relations over W . parallel systems Targets & Outline Introduction Propositional logic Algebraic and first-order signatures First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  29. Multi-modal logic IN5110 – “Kripke frame” ( W, R a , R b ) , where R a and R b are two Verification and specification of relations over W . parallel systems Syntax (2 relations) Targets & Outline Multi-modal logic has one modality for each relation: Introduction Propositional logic ϕ ::= p | ⊥ | ϕ → ϕ | ♦ a ϕ | ♦ b ϕ (6) Algebraic and first-order signatures Semantics: “natural” generalization of the “mono”-case First-order logic Syntax Semantics = ♦ a ϕ iff ∃ w ′ : wR a w ′ and M, w ′ | M, w | = ϕ (7) Proof theory Modal logics Introduction • analogously for modality ♦ b and relation R b Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  30. Remarks IN5110 – Verification and specification of parallel systems As multi- modal logic: obvious generalization of modal logic from before Targets & Outline 1. The relations can overlap; i.e., their intersection need Introduction not be empty Propositional logic 2. of course: more than 2 relations possible, for each Algebraic and first-order relation one modality. signatures First-order logic 3. There may be infinitely many relations and infinitely Syntax many modalities. Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  31. Dynamic logics IN5110 – Verification and specification of parallel systems • different variants Targets & Outline • can be seen as special case of multi-modal logics Introduction • variant of Hoare-logics Propositional logic Algebraic and • here: PDL on regular programs first-order signatures • “P” stands for “propositional” First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  32. Regular programs DL IN5110 – Dynamic logic is a multi-modal logic to talk about programs. Verification and specification of parallel systems here: dynamic logic talks about regular programs Targets & Outline Introduction Propositional logic Algebraic and first-order signatures First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  33. Regular programs DL IN5110 – Dynamic logic is a multi-modal logic to talk about programs. Verification and specification of parallel systems here: dynamic logic talks about regular programs Regular programs are formed syntactically from: Targets & Outline • atomic programs Π 0 = { a, b, ... } , which are indivisible, Introduction single-step, basic programming constructs Propositional logic • sequential composition α · β , which means that program Algebraic and first-order α is executed/done first and then β . signatures First-order logic • nondeterministic choice α + β , which Syntax nondeterministically chooses one of α and β and Semantics Proof theory executes it. Modal logics Introduction • iteration α ∗ , which executes α some Semantics Proof theory and axiomatic nondeterministically chosen finite number of times. systems Exercises • the special skip and fail programs (denoted 1 resp. 0 Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  34. Regular programs and tests IN5110 – Definition (Regular programs) Verification and specification of The syntax of regular programs α, β ∈ Π is given according parallel systems to the grammar: Targets & Outline α ::= a ∈ Π 0 | 1 | 0 | α · α | α + α | α ∗ | ϕ ? . (8) Introduction Propositional logic The clause ϕ ? is called test . Algebraic and first-order signatures First-order logic Syntax Tests can be seen as special atomic programs which may Semantics Proof theory have logical structure, but their execution terminates in the Modal logics same state iff the test succeeds (is true), otherwise fails if Introduction Semantics the test is deemed false in the current state. Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  35. Tests IN5110 – Verification and specification of parallel systems • simple Boolean tests: Targets & Outline Introduction ϕ ::= ⊤ | ⊥ | ϕ → ϕ | ϕ ∨ ϕ | ϕ ∧ ϕ Propositional logic • complex tests: ϕ ? where ϕ is a logical formula in Algebraic and dynamic logic first-order signatures First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  36. Propositional Dynamic Logic: Syntax Definition (DPL syntax) IN5110 – Verification and The formulas ϕ of propositional dynamic logic (PDL) over specification of parallel systems regular programs α are given as follows. a ∈ Π 0 | 1 | 0 | α · α | α + α | α ∗ | ϕ ? α ::= Targets & Outline Introduction ϕ ::= p, q ∈ Φ 0 | ⊤ | ⊥ | ϕ → ϕ | [ α ] ϕ Propositional logic (9) Algebraic and where Φ 0 is a set of atomic propositions. first-order signatures First-order logic 1. programs, which we denote α... ∈ Π Syntax Semantics 2. formulas, which we denote ϕ... ∈ Φ Proof theory Modal logics Introduction Semantics Propositional Dynamic Logic (PDL): because based on Proof theory and axiomatic systems propositional logic, only Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  37. PDL: remarks • Programs α interpreted as a relation R α ⇒ multi-modal logic. IN5110 – • [ α ] ϕ defines many modalities, one modality for each Verification and specification of program, each interpreted over the relation defined by parallel systems the program α . • The relations of the basic programs are just given. Targets & Outline • Operations on/composition of programs are interpreted Introduction as operations on relations. Propositional logic Algebraic and • ∞ many complex programs ⇒ ∞ many first-order signatures relations/modalities First-order logic • But we think of a single modality [ .. ] ϕ with programs Syntax Semantics inside. Proof theory • [ .. ] ϕ is the universal one, with � .. � ϕ defined as usual. Modal logics Introduction Semantics Intiutive meaning/semantics of [ α ] ϕ Proof theory and axiomatic systems Exercises “If program α is started in the current state, then, if it Dynamic logics terminates, then in its final state, ϕ holds.” Multi-modal logic Dynamic logics Semantics of PDL

  38. Exercises: “programs” Define the following programming constructs in PDL: � skip � fail � if ϕ then α else β � if ϕ then α � case ϕ 1 then α 1 ; . . . case ϕ n then α n � while ϕ do α � repeat α until ϕ (General while loop) while ϕ 1 then α 1 | · · · | ϕ n then α n od �

  39. Exercises: “programs” Define the following programming constructs in PDL: � skip ⊤ ? � ⊥ ? fail � if ϕ then α else β ( ϕ ? · α ) + ( ¬ ϕ ? · β ) � if ϕ then α ( ϕ ? · α ) + ( ¬ ϕ ? · skip ) � case ϕ 1 then α 1 ; . . . ( ϕ 1 ? · α 1 ) + . . . + ( ϕ n ? · α n ) case ϕ n then α n ( ϕ ? · α ) ∗ · ¬ ϕ ? � while ϕ do α α · ( ¬ ϕ ? · α ) ∗ · ϕ ? � repeat α until ϕ (General while loop) while ϕ 1 then α 1 | · · · | ϕ n then α n od � ( ϕ 1 ? · α 1 + . . . + ϕ n ? · α n ) ∗ · · ( ¬ ϕ 1 ∧ . . . ¬ ∧ ϕ n )?

  40. Making Kripke structures “multi-modal-prepared” Definition (Labeled Kripke structures) IN5110 – Verification and specification of Assume a set of labels Σ . A labeled Kripke structure is a parallel systems tuple ( W, R, Σ) where Targets & Outline � R = R l Introduction l ∈ Σ Propositional logic Algebraic and is the disjoint union of the relations indexed by the labels of first-order Σ . signatures First-order logic for us (at leat now): The labels of Σ can be thought as Syntax Semantics programs Proof theory Modal logics • Σ : aka alphabet, Introduction Semantics • alternative: R ⊆ W × Σ × W Proof theory and axiomatic systems • labels l, l 1 . . . but also a, b, . . . or others Exercises Dynamic logics a a a • often: − → , like w 1 → w 2 or s 1 − − → s 2 Multi-modal logic Dynamic logics Semantics of PDL

  41. Regular Kripke structures • “labels” now have “strucuture” IN5110 – Verification and • remember regular program syntax specification of parallel systems • interpretation of certain programs/labels fixed, • 0 : failing program Targets & Outline • α 1 · α 2 : sequential composition Introduction • . . . Propositional logic • thus, relations like 0 , R α 1 · α 2 , . . . must obey Algebraic and first-order side-conditions signatures First-order logic Basically Syntax Semantics Proof theory leaving open the interpretation of the “atoms” a , we fix the Modal logics interpretation/semantics of the constructs of regular Introduction Semantics programs Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  42. Regular Kripke structures IN5110 – Definition (Regular Kripke structures) Verification and specification of parallel systems A regular Kripke structure is a Kripke structure labeled as follows. For all basic programs a ∈ Π 0 , choose some relation Targets & Outline R a . For the remaining syntactic constructs (except tests), Introduction the corresponding relations are defined inductively as follows. Propositional logic Algebraic and R 1 = Id first-order signatures R 0 = ∅ First-order logic R α 1 · α 2 = R α 1 ◦ R α 2 Syntax Semantics R α 1 + α 2 = R α 1 ∪ R α 2 Proof theory n ≥ 0 R n R α ∗ = � Modal logics α Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  43. Kripke models and interpreting PDL formulas Now: add valutions ⇒ Kripke model Definition (Semantics) A PDL formula ϕ is true in the world w of a regular Kripke model M , i.e., we have attached a valuation V also, written M, w | = ϕ , if: M, w | = p i iff p i ∈ V ( w ) for all propositional constants M, w �| = ⊥ and M, w | = ⊤ M, w | = ϕ 1 → ϕ 2 iff whenever M, w | = ϕ 1 then also M, w | = ϕ 2 M, w ′ | = ϕ for all w ′ such that wR α w ′ M, w | = [ α ] ϕ iff M, w ′ | = ϕ for some w ′ such that wR α w ′ M, w | = � α � ϕ iff

  44. Semantics (cont’d) IN5110 – Verification and specification of parallel systems • programs and formulas: mutually dependent Targets & Outline • omitted so far: what relationship corresponds to Introduction Propositional logic ϕ ? Algebraic and first-order signatures • remember the intuitive meaning (semantics) of tests First-order logic Syntax Semantics Proof theory Modal logics Introduction Semantics Proof theory and axiomatic systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  45. Test programs Intuition: tests interpreted as subsets of the identity relation. IN5110 – Verification and specification of R ϕ ? = { ( w, w ) | w | = ϕ } ⊆ I (10) parallel systems More precisely: Targets & Outline • for ⊤ ? the relation becomes R ⊤ ? = Id Introduction (testing ⊤ succeeds everywhere and is as the skip Propositional logic program) Algebraic and first-order • for ⊥ ? the relation becomes R ⊥ ? = ∅ signatures First-order logic ( ⊥ is nowhere true and is as the fail program) Syntax • R ( ϕ 1 ∧ ϕ 2 )? = { ( w, w ) | w | Semantics = ϕ 1 and w | = ϕ 2 } Proof theory • Testing a complex formula involving [ α ] ϕ is like looking Modal logics Introduction into the future of the program and then deciding on the Semantics Proof theory and axiomatic action to take... systems Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  46. Axiomatic System of PDL Take all tautologies of propositional logic (i.e., the axiom IN5110 – system of PL from Lecture 2) and add Verification and specification of Axioms: parallel systems [ α ]( φ 1 → φ 2 ) → ([ α ] φ 1 → [ α ] φ 2 ) (1) Targets & Outline [ α ]( φ 1 ∧ φ 2 ) ↔ [ α ] φ 1 ∧ [ α ] φ 2 (2) Introduction Propositional logic [ α + β ] φ ↔ [ α ] φ ∧ [ β ] φ (3) Algebraic and [ α · β ] φ ↔ [ α ][ β ] φ (4) first-order signatures [ φ ?] ψ ↔ φ → ψ (5) First-order logic Syntax φ ∧ [ α ][ α ∗ ] φ ↔ [ α ∗ ] φ (6) Semantics Proof theory φ ∧ [ α ∗ ]( φ → [ α ] φ ) → [ α ∗ ] φ (IND) Modal logics Introduction Semantics Rules: take the (MP) modus ponens and (G) generalization Proof theory and axiomatic systems of Modal Logic. Exercises Dynamic logics Multi-modal logic Dynamic logics Semantics of PDL

  47. Chapter 2 LTL model checking Course “Model checking” Volker Stolz, Martin Steffen Autumn 2019

  48. Chapter 2 Learning Targets of Chapter “LTL model check- ing”. The chapter covers LTL and how to do model checking for that logic, using Büchi-automata.

  49. Chapter 2 Outline of Chapter “LTL model checking”. Introduction LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example

  50. Section Introduction Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Chapter 2 “LTL model checking” Course “Model checking” Volker Stolz, Martin Steffen Autumn 2019

  51. Temporal logic? IN5110 – Verification and specification of parallel systems • Temporal logic: is the/a logic of “time” • modal logic. Targets & Outline • different ways of modeling time. Introduction LTL • linear vs. branching time Syntax • time instances vs. time intervals Semantics The Past • discrete time vs. continuous time Examples • past and future vs. future only Nested waiting-for Formalization • . . . Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-5

  52. LTL IN5110 – Verification and specification of parallel systems • linear time temporal logic Targets & Outline Introduction • one central temporal logic in CS LTL • supported by Spinand other model checkers Syntax Semantics • many variations The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-6

  53. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline Introduction LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  54. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline • � x : 21 , y : 49 � | | = x < y Introduction LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  55. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline • � x : 21 , y : 49 � | | = x < y Introduction • � x : 21 , y : 7 � �| | = x < y LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  56. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline • � x : 21 , y : 49 � | | = x < y Introduction • � x : 21 , y : 7 � �| | = x < y LTL • A computation is a sequence of states. Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  57. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline • � x : 21 , y : 49 � | | = x < y Introduction • � x : 21 , y : 7 � �| | = x < y LTL • A computation is a sequence of states. Syntax Semantics The Past • To express properties of computations, we need to Examples Nested waiting-for extend FOL. Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  58. FOL (repetition) IN5110 – Verification and specification of First Order Logic parallel systems • We have used FOL to express properties of states. Targets & Outline • � x : 21 , y : 49 � | | = x < y Introduction • � x : 21 , y : 7 � �| | = x < y LTL • A computation is a sequence of states. Syntax Semantics The Past • To express properties of computations, we need to Examples Nested waiting-for extend FOL. Formalization Duals • This we can do using temporal logic. Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-7

  59. Section LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence

  60. LTL: speaking about “time” IN5110 – Verification and specification of In Linear Temporal Logic (LTL), also called linear-time parallel systems temporal logic, we can describe such properties as, for instance, the following: assume time is a sequence of Targets & Outline discrete points i in time, then: if i is now , Introduction • p holds in i and every following point (the future) LTL Syntax • p holds in i and every preceding point (the past) Semantics The Past Examples Nested waiting-for Formalization • p • p • p • p • p Duals . . . . . . i − 2 i − 1 i i +1 i +2 Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-9

  61. Syntax IN5110 – Verification and specification of parallel systems ψ propositional/first-order formula ϕ ::= ψ formulas of the “core” logics Targets & Outline | ¬ ϕ | ϕ ∧ ϕ | ϕ → ϕ | . . . boolean combinations Introduction | � ϕ next ϕ LTL � ϕ | always ϕ Syntax ♦ ϕ Semantics | eventually ϕ The Past | ϕ U ϕ “until” Examples Nested waiting-for | ϕ R ϕ “release” Formalization Duals | ϕ W ϕ “waiting for”, “weak until” Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-10

  62. Paths and computations IN5110 – Verification and specification of Definition (Path) parallel systems Targets & Outline • A path is an infinite sequence Introduction LTL σ = s 0 , s 1 , s 2 , . . . Syntax Semantics The Past of states. Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-11

  63. Paths and computations IN5110 – Verification and specification of Definition (Path) parallel systems Targets & Outline • A path is an infinite sequence Introduction LTL σ = s 0 , s 1 , s 2 , . . . Syntax Semantics The Past of states. Examples Nested waiting-for • σ k denotes the path s k , s k +1 , s k +2 , . . . Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-11

  64. Paths and computations IN5110 – Verification and specification of Definition (Path) parallel systems Targets & Outline • A path is an infinite sequence Introduction LTL σ = s 0 , s 1 , s 2 , . . . Syntax Semantics The Past of states. Examples Nested waiting-for • σ k denotes the path s k , s k +1 , s k +2 , . . . Formalization Duals Classification • σ k denotes the state s k . Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-11

  65. Satisfaction (semantics) Definition IN5110 – Verification and An LTL formula ϕ is true relative to a path σ , written specification of parallel systems σ | = ϕ , as follows. σ | = ψ iff σ 0 | = ul ϕ where ψ in underlying core language Targets & Outline Introduction σ | = ¬ ϕ iff σ �| = ϕ LTL σ | = ϕ 1 ∨ ϕ 2 iff σ | = ϕ 1 or σ | = ϕ 2 Syntax Semantics The Past Examples σ k | Nested waiting-for = � ϕ σ | = ϕ for all k ≥ 0 iff Formalization Duals σ k | σ | = ♦ ϕ = ϕ for some k ≥ 0 iff Classification Properties σ 1 | Safety and Liveness σ | = � ϕ iff = ϕ Recurrence and Persistence Reactivity GCD Example (cont.) Exercises 2-12

  66. Satisfaction (semantics) (2) IN5110 – Definition Verification and specification of (cont.) parallel systems σ k | σ | = ϕ 1 U ϕ 2 iff = ϕ 2 for some k ≥ 0 , and Targets & Outline σ i | Introduction = ϕ 2 for every i such that 0 ≤ i < k LTL Syntax Semantics σ | = ϕ 1 R ϕ 2 iff for every j ≥ 0 , The Past Examples if σ i �| = ϕ 1 for every i < j then σ j | Nested waiting-for = ϕ 2 Formalization Duals Classification Properties = � ϕ 1 σ | = ϕ 1 W ϕ 2 iff σ | = ϕ 1 U ϕ 2 or σ | Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-13

  67. Validity and semantic equivalence Definition IN5110 – Verification and specification of • We say that ϕ is (temporally) valid, written | = ϕ , if parallel systems σ | = ϕ for all paths σ . Targets & Outline Introduction LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-14

  68. Validity and semantic equivalence Definition IN5110 – Verification and specification of • We say that ϕ is (temporally) valid, written | = ϕ , if parallel systems σ | = ϕ for all paths σ . • We say that ϕ and ψ are equivalent, written ϕ ∼ ψ , if Targets & Outline Introduction | = ϕ ↔ ψ (i.e. σ | = ϕ iff σ | = ψ , for all σ ). LTL Syntax Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-14

  69. Validity and semantic equivalence Definition IN5110 – Verification and specification of • We say that ϕ is (temporally) valid, written | = ϕ , if parallel systems σ | = ϕ for all paths σ . • We say that ϕ and ψ are equivalent, written ϕ ∼ ψ , if Targets & Outline Introduction | = ϕ ↔ ψ (i.e. σ | = ϕ iff σ | = ψ , for all σ ). LTL Syntax Semantics Example The Past Examples Nested waiting-for � distributes over ∧ , while ♦ distributes over ∨ . Formalization Duals Classification � ( ϕ ∧ ψ ) ∼ ( � ϕ ∧ � ψ ) Properties Safety and Liveness Recurrence and ♦ ( ϕ ∨ ψ ) ∼ ( ♦ ϕ ∨ ♦ ψ ) Persistence Reactivity GCD Example Exercises 2-14

  70. Semantics IN5110 – = � p σ | Verification and specification of parallel systems • p • p • p • p • p . . . 0 1 2 3 4 Targets & Outline = ♦ p σ | Introduction LTL Syntax • p • 0 • 1 • 2 • 4 . . . Semantics 3 The Past Examples Nested waiting-for σ | = � p Formalization Duals Classification Properties • p • 0 • 2 • 3 • 4 . . . Safety and Liveness 1 Recurrence and Persistence Reactivity GCD Example Exercises 2-15

  71. σ | = p U q (sequence of p ’s is finite) IN5110 – Verification and • p • p • p • q • 4 . . . specification of 0 1 2 3 parallel systems σ | = p R q ( The sequence of q s may be infinite) Targets & Outline Introduction • q • q • q • p,q • 4 . . . 0 1 2 3 LTL Syntax Semantics The Past σ | = p W q . The sequence of p s may be infinite. Examples Nested waiting-for ( p W q ∼ p U q ∨ � p ). Formalization Duals Classification • p • p • p • p • p . . . Properties 0 1 2 3 4 Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-16

  72. The past Observation IN5110 – • [1] uses pairs ( σ, j ) of paths and positions instead of Verification and specification of just the path σ because they have past-formulae: parallel systems formulae without future operators (the ones we use) but possibly with past operators, like � − 1 and ♦ − 1 . Targets & Outline Introduction = � − 1 ϕ ( σ, j ) | ( σ, k ) | = ϕ for all k , 0 ≤ k ≤ j iff LTL Syntax = ♦ − 1 ϕ ( σ, j ) | iff ( σ, k ) | = ϕ for some k , 0 ≤ k ≤ j Semantics The Past Examples Nested waiting-for Formalization Duals Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-17

  73. The past Observation IN5110 – • [1] uses pairs ( σ, j ) of paths and positions instead of Verification and specification of just the path σ because they have past-formulae: parallel systems formulae without future operators (the ones we use) but possibly with past operators, like � − 1 and ♦ − 1 . Targets & Outline Introduction = � − 1 ϕ ( σ, j ) | ( σ, k ) | = ϕ for all k , 0 ≤ k ≤ j iff LTL Syntax = ♦ − 1 ϕ ( σ, j ) | iff ( σ, k ) | = ϕ for some k , 0 ≤ k ≤ j Semantics The Past Examples • However, it can be shown that for any formula ϕ , there Nested waiting-for Formalization is a future-formula (formulae without past operators) ψ Duals Classification such that Properties Safety and Liveness Recurrence and Persistence ( σ, 0) | ( σ, 0) | = ϕ iff = ψ Reactivity GCD Example Exercises 2-17

  74. The past: examples IN5110 – Example Verification and specification of parallel systems What is a future version of � ( p → ♦ − 1 q ) ? = � ( p → ♦ − 1 q ) ( σ, 0) | Targets & Outline Introduction • p → ♦ − 1 q • p → ♦ − 1 q • p → ♦ − 1 q • p → ♦ − 1 q LTL • . . . Syntax Semantics The Past Examples ( σ, 0) | = q R ( p → q ) Nested waiting-for Formalization Duals Classification Properties • p → q • p → q • p → q,q • • . . . Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-18

  75. Examples IN5110 – Verification and Example specification of parallel systems ϕ → ♦ ψ : If ϕ holds initially, then ψ holds eventually. Targets & Outline • ϕ • ψ • • • . . . Introduction LTL Syntax This formula will also hold in every path where ϕ does not Semantics The Past hold initially. Examples Nested waiting-for Formalization Duals • ¬ ϕ • • • • . . . Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-19

  76. Example: Response Example (Response) IN5110 – Verification and � ( ϕ → ♦ ψ ) specification of parallel systems Every ϕ -position coincides with or is followed by a ψ -position. Targets & Outline Introduction LTL • ϕ • ψ • ϕ,ψ • • • . . . Syntax Semantics The Past Examples This formula will also hold in every path where ϕ never Nested waiting-for Formalization holds. Duals Classification Properties Safety and Liveness Recurrence and • ¬ ϕ • ¬ ϕ • ¬ ϕ • ¬ ϕ • ¬ ϕ Persistence . . . Reactivity GCD Example Exercises 2-20

  77. Examples IN5110 – Verification and specification of Example parallel systems �♦ ψ Targets & Outline There are infinitely many ψ -positions. Introduction LTL Syntax • ψ • ψ • ψ • • • • Semantics . . . The Past Examples Nested waiting-for Formalization This formula can be obtained from the previous one, Duals � ( ϕ → ♦ ψ ) , by letting ϕ = ⊤ : � ( ⊤ → ♦ ψ ) . Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-21

  78. Example: permanence IN5110 – Verification and specification of parallel systems Example ♦� ϕ Targets & Outline Eventually ϕ will hold permanently. Introduction LTL Syntax Semantics • ϕ • ϕ • ϕ • ϕ • • • . . . The Past Examples Nested waiting-for Formalization Duals Equivalently: there are finitely many ¬ ϕ -positions. Classification Properties Safety and Liveness Recurrence and Persistence Reactivity GCD Example Exercises 2-22

Recommend


More recommend