Compositional Approach to Suspension and Other Improvements to LTL - PowerPoint PPT Presentation

Compositional Approach to Suspension and Other Improvements to LTL Translation s Babiak 1 Thomas Badie 2 Alexandre Duret-Lutz 2 Tom´ aˇ y 1 cek 1 Mojm´ ır Kˇ ret´ ınsk´ Jan Strejˇ 1 Faculty of Informatics, Masaryk University, Brno, Czech Republic 2 LRDE, EPITA, Le Kremlin-Bicˆ etre, France SPIN’13, 8–9 July 2013 1 / 16

From LTL to BA: The Big Picture LTL form. B¨ uchi automaton ϕ GF a ∧ GF b ¯ ab ¯ a ab 3 1 a ¯ ab b ¯ ab 2 ¯ b 2 / 16

From LTL to BA: The Big Picture LTL form. LTL B¨ uchi rewritings automaton ϕ GF a ∧ GF b ¯ ab ¯ a ab G ( F a ∧ F b ) 3 1 a ¯ ab b ¯ ab 2 ¯ b 2 / 16

From LTL to BA: The Big Picture LTL form. LTL Core B¨ uchi rewritings automaton ϕ translation GF a ∧ GF b a ¯ b ¯ ab ¯ a ab G ( F a ∧ F b ) 3 1 ab ¯ ab a ¯ ab b a ¯ ¯ ¯ b ab 2 ¯ TGBA: Transition-based b Generalized B¨ uchi Automaton 2 / 16

From LTL to BA: The Big Picture LTL form. LTL Core Post- B¨ uchi rewritings processings automaton ϕ translation GF a ∧ GF b a ¯ b ¯ ab ¯ a ab G ( F a ∧ F b ) 3 1 ab ¯ ab a ¯ ab b a ¯ ¯ ¯ b ab 2 ¯ TGBA: Transition-based b Generalized B¨ uchi Automaton 2 / 16

From LTL to BA: The Big Picture Our work LTL form. LTL Core Post- B¨ uchi rewritings processings automaton ϕ translation GF a ∧ GF b a ¯ b ¯ ab ¯ a ab G ( F a ∧ F b ) 3 1 ab ¯ ab a ¯ ab b a ¯ ¯ ¯ b ab 2 ¯ TGBA: Transition-based b Generalized B¨ uchi Automaton 2 / 16

From LTL to BA: More Details ◮ Generic workflow: Trans. to Simplify Degen- Simplify ϕ BA TGBA eralize TGBA BA ◮ Dead SCCs removal ◮ Simulation-based reductions ◮ Acceptance simplifications ◮ Simulation-based reductions 3 / 16

From LTL to BA: More Details ◮ Generic workflow: Trans. to Simplify Degen- Simplify ϕ BA TGBA eralize TGBA BA ◮ Dead SCCs removal ◮ Simulation-based reductions ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Obligation properties can be translated better! 3 / 16

Temporal Hierarchy Deterministic Weak B¨ uchi B¨ uchi Automata Automata Reactivity Recurrence Persistence Weak Det. B¨ uchi Automata (WDBA) Obligation Safety Guarantee Z. Manna and A. Pnueli. A hierarchy of temporal properties. PODC’90 4 / 16

From LTL to BA: More Details ◮ Generic workflow: Trans. to Simplify Degen- Simplify ϕ BA TGBA eralize TGBA BA ◮ Dead SCCs removal ◮ Simulation-based reductions ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Obligation properties can be translated into minimal Weak Deterministic B¨ uchi Automata: Trans. to ϕ (WD)BA WDBA minimization TGBA C. Dax, J. Eisinger, and F. Klaedtke. Mechanizing the powerset construction for restricted classes of ω -automata. ATVA’07 5 / 16

Our Contributions Better translation of formulae that contains SCC-aware suspendable subformulae degeneralization Trans. to Simplify Degen- Simplify ϕ BA TGBA TGBA eralize BA ◮ Better acceptance simplification ◮ BDD-based simulation-based reductions, with determinism improvement 6 / 16

Our Contributions This talk Better translation of formulae that contains SCC-aware suspendable subformulae degeneralization Trans. to Simplify Degen- Simplify ϕ BA TGBA TGBA eralize BA ◮ Better acceptance simplification ◮ BDD-based simulation-based reductions, with determinism improvement only in the paper 6 / 16

Compositional Suspension Better translation of formulae that contains suspendable subformulae Trans. to Simplify Degen- Simplify ϕ BA TGBA TGBA eralize BA 7 / 16

Suspendable Formulae Pure Eventuality Purely Universal F µ ≡ µ G ν ≡ ν K. Etessami and G. J. Holzmann. Optimizing B¨ uchi Automata. CONCUR’00 8 / 16

Suspendable Formulae Suspendable Pure Eventuality Purely Universal G ξ ≡ F ξ ≡ X ξ ≡ ξ F µ ≡ µ G ν ≡ ν ◮ Intuition : subspendable formulae have one F and one G in each syntactic branch. E.g., all usual fairness constraints: ◮ GF ϕ ◮ FG ϕ → GF ρ ◮ GF ϕ → GF ρ y, V. ˇ T. Babiak, M. Kˇ ret´ ınsk´ Reh´ ak, and J. Strejˇ cek. LTL to B¨ uchi automata translation: Fast and more deterministic. TACAS’12 8 / 16

Suspendable Formulae Suspendable Pure Eventuality Purely Universal G ξ ≡ F ξ ≡ X ξ ≡ ξ F µ ≡ µ G ν ≡ ν ◮ Intuition : subspendable formulae have one F and one G in each syntactic branch. E.g., all usual fairness constraints: ◮ GF ϕ ◮ FG ϕ → GF ρ ◮ GF ϕ → GF ρ ◮ Key property : a suspendable formula either holds at all steps of an execution, or it holds at none. ◮ Consequence : its verification can be “suspended” by any finite number of steps. y, V. ˇ T. Babiak, M. Kˇ ret´ ınsk´ Reh´ ak, and J. Strejˇ cek. LTL to B¨ uchi automata translation: Fast and more deterministic. TACAS’12 8 / 16

Temporal Hierarchy Reactivity Formulae with suspendable subformulae Recurrence Persistence Obligation Safety Guarantee 9 / 16

Using Suspension During Translation (Intuition) (( a U b ) R c ) ∧ FG d ¯ ¯ bc bcd ¯ bcd bcd bc a ¯ a ¯ bcd bc bcd a ¯ a ¯ b bd b bd bd d ⊤ d 10 / 16

Using Suspension During Translation (Intuition) d ⊤ d (( a U b ) R c ) ∧ FG d 4 5 ¯ ¯ ¯ bc bc bcd ¯ bcd bcd 1 14 15 bc a ¯ bc a ¯ a ¯ bc bcd bc bcd a ¯ b 2 24 25 a ¯ a ¯ b bd b b bd bd 3 34 35 d ⊤ ⊤ d 10 / 16

Using Suspension During Translation (Intuition) d ⊤ d (( a U b ) R c ) ∧ FG d 4 5 ¯ ¯ ¯ bc bc bcd Suspendable! ¯ bcd bcd 1 14 15 bc a ¯ bc a ¯ a ¯ bc bcd bc bcd a ¯ b 2 24 25 a ¯ a ¯ b bd b b bd bd 3 34 35 d ⊤ ⊤ d 10 / 16

Using Suspension During Translation (Intuition) d ⊤ d (( a U b ) R c ) ∧ FG d 4 5 ¯ ¯ ¯ bc bc bcd Suspendable! ¯ bcd bcd 1 14 15 bc a ¯ bc a ¯ a ¯ bc bcd bc bcd a ¯ b Pointless! 2 24 25 No need to check a ¯ a ¯ b bd for FG d while b b bd bd (( a U b ) R c ) 3 34 35 d is not in an accepting SCC. ⊤ ⊤ d 10 / 16

Using Suspension During Translation (Intuition) d ⊤ d (( a U b ) R c ) ∧ FG d 4 5 ¯ ¯ ¯ bc bc bcd ¯ bcd Reset transitions bcd 1 14 15 to be synchronized bc a ¯ bc a ¯ a ¯ with transitions out bc bcd bc bcd a ¯ b of accepting SCCs. 2 24 25 a ¯ a ¯ b bd b b bd bd 3 34 35 d ⊤ ⊤ d 10 / 16

Using Suspension During Translation (Intuition) d ⊤ d (( a U b ) R c ) ∧ FG d 4 5 ¯ ¯ ¯ bc bc bcd ¯ bcd 1 14 15 bc a ¯ bc a ¯ bc bc a ¯ a ¯ b bc 2 24 bc a ¯ b b b 3 34 35 d ⊤ ⊤ d 10 / 16

Using Suspension During Translation (Intuition) [ ξ ] d [ ξ ] d [ ξ ] (( a U b ) R c ) ∧ FG d [ ξ ] 4 5 [ ξ ] ¯ bc [ ξ ] ¯ ¯ bc bcd New atomic proposition so that our special ¯ bcd synchronization can 1 14 15 bc a ¯ be implemented as a bc [ ξ ] a ¯ [ ξ ] bc bc a ¯ a ¯ synchronous product. b [ ξ ] bc 2 24 bc a ¯ b b [ ξ ] b 3 34 35 d [ ξ ] ⊤ d 10 / 16

Our Compositional Approach to Suspension Given an LTL formula ϕ : (( a U b ) R c ) ∧ FG d 11 / 16

Our Compositional Approach to Suspension Given an LTL formula ϕ : (( a U b ) R c ) ∧ FG d 1 Rewrite all (maximal) suspendable subformulae ξ i of ϕ as G [ ξ i ] . Call this ϕ ′ . ϕ ′ = (( a U b ) R c ) ∧ G [ ξ ] ξ = FG d 11 / 16

Our Compositional Approach to Suspension ¯ Given an LTL formula ϕ : (( a U b ) R c ) ∧ FG d bc [ ξ ] 1 Rewrite all (maximal) suspendable 1 subformulae ξ i of ϕ as G [ ξ i ] . Call this ϕ ′ . a ¯ bc [ ξ ] [ ξ ] bc ϕ ′ = (( a U b ) R c ) ∧ G [ ξ ] a ¯ ξ = FG d b [ ξ ] 2 2 Translate ϕ ′ as a TGBA A ϕ ′ b [ ξ ] 3 [ ξ ] 11 / 16

Our Compositional Approach to Suspension ¯ Given an LTL formula ϕ : (( a U b ) R c ) ∧ FG d bc [ ξ ] 1 Rewrite all (maximal) suspendable 1 subformulae ξ i of ϕ as G [ ξ i ] . Call this ϕ ′ . a ¯ bc [ ξ ] [ ξ ] bc ϕ ′ = (( a U b ) R c ) ∧ G [ ξ ] a ¯ ξ = FG d b [ ξ ] 2 2 Translate ϕ ′ as a TGBA A ϕ ′ b [ ξ ] 3 Remove [ ξ i ] from all transitions that are not in accepting SCCs. 3 4 Add [ ξ i ] to transitions that do not have [ ξ i ] . [ ξ ] 11 / 16

Our Compositional Approach to Suspension ¯ Given an LTL formula ϕ : (( a U b ) R c ) ∧ FG d bc [ ξ ] 1 Rewrite all (maximal) suspendable 1 subformulae ξ i of ϕ as G [ ξ i ] . Call this ϕ ′ . a ¯ bc [ ξ ] [ ξ ] bc ϕ ′ = (( a U b ) R c ) ∧ G [ ξ ] a ¯ ξ = FG d b [ ξ ] 2 2 Translate ϕ ′ as a TGBA A ϕ ′ b [ ξ ] 3 Remove [ ξ i ] from all transitions that are not in accepting SCCs. 3 4 Add [ ξ i ] to transitions that do not have [ ξ i ] . [ ξ ] 5 Translate each ξ i into A ξ i d ⊤ d 4 5 11 / 16