Fondements pour la v erification des syst` emes temps-r eel et - PowerPoint PPT Presentation

Fondements pour la v´ erification des syst` emes temps-r´ eel et concurrents Lecture 3 Alternation and LTL extensions St´ ephane Demri October 8th, 2007

Summary from previous lecture B φ = (Σ , S , S 0 , ρ, F 1 , . . . , F k ) ◮ S is the set of maximally consistent sets wrt φ , ◮ Σ = P ( PROP ), ◮ S 0 = {X ∈ S : φ ∈ X} , ◮ Y ∈ ρ ( X , a ) iff ◮ X ∩ PROP = a , ◮ for X ψ ∈ cl ( φ ), X ψ ∈ X iff ψ ∈ Y , ◮ If ψ 1 U ψ ′ 1 , . . . , ψ k U ψ ′ k occurs in φ , then = {X ∈ S : either ψ i U ψ ′ def i �∈ X or ψ ′ F i i ∈ X} ◮ If U does not occur in φ , then k = 1 and F 1 = S . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Simple complexity properties ◮ L ( B φ ) = Models( φ ). ◮ Checking whether X ⊆ cl ( φ ) belongs to S [resp. S 0 , F 1 , . . . , F k ] can be done in polynomial-time in | φ | . ◮ Checking whether Y ∈ ρ ( X , a ) can be done in polynomial-time in | φ | . ◮ | S | is in 2 O ( | φ | ) . ◮ Elements in S can be encoded in polynomial-space in | φ | . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

NPSpace algorithm 1. Guess s 0 ∈ S 0 , s 1 ∈ F 1 , . . . , s k ∈ F k ; 2. i := 0; s := s 0 (current state); 3. While s � = s 1 and i < | S | do 3.1 Guess s ′ such that s → s ′ for some a ∈ Σ; a − 3.2 i := i + 1; s := s ′ . 4. If s � = s 1 , then abort otherwise 4.1 i := 0; j := 2; 4.2 While i := 0 or ( j � = 1 and i < | S | × k ) do 4.2.1 Guess s ′ such that s → s ′ for some a ∈ Σ; a − 4.2.2 i := i + 1; s := s ′ . 4.2.3 if s ′ ∈ F j then nondeterministically choose either j := ( j mod k ) + 1 or skip; 4.3 If s = s 1 , then accept, otherwise abort. St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Complexity ◮ B φ is in exponential size in | φ | . ◮ Testing on-the-fly the nonemptiness of B φ can be done in NPSpace . ◮ By Savitch’s theorem: NPSpace = PSpace . ◮ Satisfiability for LTL is in PSpace . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

What about model-checking? ◮ Let M = ( W , R , L ) be a finite and total Kripke structure and s 0 ∈ W . ◮ L ( A M , s 0 ) = Paths( M , s 0 ): A M , s 0 = ( P ( PROP ) , W , { s 0 } , ρ, W ) = { s ′ : ( s , s ′ ) ∈ R , a = L ( s ) } for all s ∈ W and def where ρ ( s , a ) a ⊆ PROP . ◮ M , s 0 | = ∃ φ iff L ( A M , s 0 ) ∩ L ( B φ ) � = ∅ . ◮ LTL model-checking is in PSpace . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Exercise (bis) ◮ Adapt the automata-based approach to deal with X − 1 : = X − 1 φ def σ, i | ⇔ i > 0 and σ, i − 1 | = φ . ◮ Adapt the automata-based approach to deal with S: def σ, i | = φ S ψ ⇔ there is j ≤ i such that σ, j | = ψ and for j < k ≤ i , we have σ, k | = φ . ◮ Characterize the complexity of model-checking and satisfiability problems for LTL(U , X , X − 1 , S). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

LTL and alternating B¨ uchi automata St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Positive Boolean formulae ◮ Given a finite set X , B + ( X ) denotes the set of positive Boolean formulae built over X ∪ {⊥ , ⊤} . ◮ Example: ( s ∨ s ′ ) ∧ s ′′ ∈ B + ( { s , s ′ , s ′′ } ). ◮ Each subset Y ⊆ X can be viewed as a propositional valuation: s ∈ Y iff s is interpreted as true. def ◮ Y | = φ ∈ B + ( X ) ⇔ φ holds true in the interpretation Y . ◮ Example: { s , s ′′ } | = ( s ∨ s ′ ) ∧ s ′′ . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Alternating B¨ uchi automata ◮ A = (Σ , S , s 0 , ρ, F ) with ◮ Σ: finite alphabet, ◮ S : finite set of states, ◮ s 0 ∈ S : initial state, ◮ ρ : S × Σ → B + ( S ): transition relation, ◮ F ⊆ S : set of accepting states. ◮ Encoding nondeterministic BA in alternating BA: � s ′ ρ ( s , a ) �→ s ′ ∈ ρ ( s , a ) St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Accepting runs ◮ A run r on the ω -sequence a 0 a 1 a 2 . . . ∈ Σ ω is a (possibly infinite) tree whose nodes are labelled by states in S and s.t. ◮ r = ( T , T ) where T is a tree and T : T → S , ◮ Root of T is labelled by s 0 (i.e. T ( ǫ ) = s 0 ), ◮ For x ∈ T , if | x | = i (depth in T ) and T ( x ) = s then {T ( x 1 ) , . . . , T ( x k ) } | = ρ ( s , a i ) where x 1 , . . . , x k are the children of x . def ◮ A run is accepting ⇔ for every infinite branch of T , an accepting state is repeated infinitely often. ◮ L ( A ): set of ω -sequences in Σ ω for which there is an accepting run. St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Properties ◮ ABA are closed under intersection, union and complementation (with quadratic blow-up). ◮ Nonemptiness problem for ABA is PSpace -complete [Chandra & Kozen & Stockmeyer, JACM 81] . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

From ABA to NBA ◮ Given an ABA A = (Σ , S , s 0 , ρ, F ), there is a NBA A n = (Σ , S ′ , S ′ 0 , ρ ′ , F ′ ) s.t. L ( A ) = L ( A n ). ◮ Idea of the proof: A n guesses the set of states at each level of an accepting run of A . ◮ A state of A n is a set of states from A . ◮ One needs to encode which states are visited infinitely often on each branch of the accepting run of A . ◮ A state of A is divided in two subsets in order to distinguish branches that visit recently an accepting state. St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

◮ S ′ def = P ( S ) × P ( S ) if ( X , Y ) ∈ S then Y is the set of states on branches that visit recently an accepting state, def ◮ S ′ = { ( { s 0 } , ∅ ) } ; 0 ◮ F ′ def = ∅ × P ( S ); ◮ Transition relation ρ ′ (2 subcases): ◮ (( ∅ , X ′ )): ρ ( s , a ) , Y = Z\ F , Y ′ = Z∩ F } def � ρ ′ (( ∅ , X ′ ) , a ) = { ( Y , Y ′ ) : ∃Z | = s ∈X ′ ◮ ( X � = ∅ ): = { ( Y , Y ′ ) : ∃Z , Z ′ such that def ρ ′ (( X , X ′ ) , a ) ρ ( s , a ) , Z ′ | ρ ( s , a ) , Y = Z\ F , Y ′ = Z ′ ∪ ( Z∩ F ) } . � � Z | = = s ∈X s ∈X ′ St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Negative normal form def ◮ φ R ψ = ¬ ( ¬ φ U ¬ ψ ). ◮ A formula built over ∨ , ∧ , X , U , R , ¬ and PROP in which negation occurs only in front of propositional variables is said to be in negative normal form. ◮ Every formula in LTL is equivalent to a formula in negative normal form (reduction in polynomial-time). ◮ Some essential properties: ◮ ¬ X φ is equivalent to X ¬ φ , ◮ ¬ ( φ U ψ ) is equivalent to ( ¬ φ R ¬ ψ ), ◮ ¬ ( φ ∧ ψ ) is equivalent to ( ¬ φ ∨ ¬ ψ ). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

From LTL formulae to ABA A = (Σ , S , s 0 , ρ, F ) ◮ S is the set of subformulae of φ , def ◮ s 0 = φ , def ◮ Σ = P ( PROP ), ◮ F is equal to S restricted to formulae whose outermost connective is not U. ◮ Transition relation: def def ◮ ρ ( p , a ) = ⊤ if p ∈ a ; ρ ( ¬ p , a ) = ⊤ if p �∈ a , def def ◮ ρ ( p , a ) = ⊥ if p �∈ a ; ρ ( ¬ p , a ) = ⊥ if p ∈ a , def ◮ ρ ( ψ ∧ ψ ′ , a ) = ρ ( ψ, a ) ∧ ρ ( ψ ′ , a ), def ◮ ρ (X ψ, a ) = ψ , def ◮ ρ ( ψ U ϕ, a ) = ρ ( ϕ, a ) ∨ ( ρ ( ψ, a ) ∧ ( ψ U ϕ )), def ◮ ρ ( ψ R ϕ, a ) = ρ ( ϕ, a ) ∧ ( ρ ( ψ, a ) ∨ ( ψ R ϕ )). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Example ◮ Extensions: def def ◮ ρ ( ⊤ , a ) = ⊤ ; ρ ( ⊥ , a ) = ⊥ ; def ◮ ρ (F ψ, a ) = ρ ( ψ, a ) ∨ F ψ ; def ◮ ρ (G ψ, a ) = ρ ( ψ, a ) ∧ G ψ . ◮ Transition relation for FG p : ρ ( s , ∅ ) ρ ( s , { p } ) s G p ∨ FG p FG p FG p ⊥ G p G p ⊥ ⊤ p St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Summary ◮ L ( A φ ) is the set of models for φ . ◮ The number of states of A φ is polynomial in | φ | . ◮ The difficulty is in the nonemptiness test for ABA. ◮ Corollary: When PROP is finite and fixed, satisfiability for LTL is in PSpace . ◮ NB: LTL satisfiability/model-checking can be reduced in logspace to LTL satisfiability/model-checking with at most 2 propositional variables. St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Exercise ◮ Construct the ABA for FG p ∧ FG q with the previous systematic construction and compare it with a direct construction. ◮ Represent an accepting run for { p }{ q }{ q }{ p }{ p , q } ω . St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Wolper’s automata-based operators St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co