specification and analysis of contracts lectures 3 and 4
play

Specification and Analysis of Contracts Lectures 3 and 4 - PowerPoint PPT Presentation

Specification and Analysis of Contracts Lectures 3 and 4 Background: Modal Logics Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov. 7, 2008 Cape Town,


  1. Temporal Logic Semantics σ | = p U q – The sequence of p is finite p p p q . . . 0 1 2 3 4 σ | = p R q – The sequence of q may be infinite q q q q, p . . . 0 1 2 3 4 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 17 / 56

  2. Temporal Logic Semantics σ | = p U q – The sequence of p is finite p p p q . . . 0 1 2 3 4 σ | = p R q – The sequence of q may be infinite q q q q, p . . . 0 1 2 3 4 σ | = p W q – The sequence of p may be infinite ( p W q ≡ ( p U q ) ∨ ✷ p ) p p p q . . . 0 1 2 3 4 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 17 / 56

  3. Temporal Logic Examples Example (Response) � ( ϕ ⇒ ✸ ψ ) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 18 / 56

  4. Temporal Logic Examples Example (Response) � ( ϕ ⇒ ✸ ψ ) Every ϕ -position coincides with or is followed by a ψ -position ϕ ψ ϕ, ψ . . . 0 1 2 3 4 5 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 18 / 56

  5. Temporal Logic Examples Example (Response) � ( ϕ ⇒ ✸ ψ ) Every ϕ -position coincides with or is followed by a ψ -position ϕ ψ ϕ, ψ . . . 0 1 2 3 4 5 6 This formula will also hold in every path where ϕ never holds ¬ ϕ ¬ ϕ ¬ ϕ ¬ ϕ ¬ ϕ . . . 0 1 2 3 4 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 18 / 56

  6. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? � ( ϕ ⇒ ψ ) ? ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  7. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? � ( ϕ ⇒ ψ ) ? ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  8. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  9. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  10. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ψ holds in every state ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  11. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ψ holds in every state ϕ ⇒ ✸ ψ ? � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  12. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ψ holds in every state ϕ ⇒ ✸ ψ ? If ϕ holds in the initial state, ψ will hold in some state � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  13. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ψ holds in every state ϕ ⇒ ✸ ψ ? If ϕ holds in the initial state, ψ will hold in some state � ( ϕ ⇒ ✸ ψ ) ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  14. Temporal Logic Formalization It can be difficult to correctly formalize informally stated requirements in temporal logic Example How does one formalize the informal requirement “ ϕ implies ψ ”? ϕ ⇒ ψ ? ϕ ⇒ ψ holds in the initial state � ( ϕ ⇒ ψ ) ? ϕ ⇒ ψ holds in every state ϕ ⇒ ✸ ψ ? If ϕ holds in the initial state, ψ will hold in some state � ( ϕ ⇒ ✸ ψ ) ? As above, but iteratively university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 19 / 56

  15. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  16. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  17. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? And of ✸ ? Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  18. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? And of ✸ ? Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  19. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? And of ✸ ? � and ✸ are duals: ¬ � ϕ ∼ ✸ ¬ ϕ , ¬ ✸ ϕ ∼ � ¬ ϕ Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  20. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? And of ✸ ? � and ✸ are duals: ¬ � ϕ ∼ ✸ ¬ ϕ , ¬ ✸ ϕ ∼ � ¬ ϕ Any other? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  21. Temporal Logic Duals For a binary boolean connective ◦ (such as ∧ ), a binary boolean connective • is its dual if ¬ ( ϕ ◦ ψ ) is equivalent to ( ¬ ϕ • ¬ ψ ) Similarly for unary connectives; • is the dual of ◦ if ¬ ◦ ϕ is equivalent to •¬ ϕ . Duality is symmetrical; if • is the dual of ◦ then ◦ is the dual of • , thus we may refer to two connectives as dual ∧ and ∨ are duals; ¬ ( ϕ ∧ ψ ) is equivalent to ( ¬ ϕ ∨ ¬ ψ ) ¬ is its own dual What is the dual of � ? And of ✸ ? � and ✸ are duals: ¬ � ϕ ∼ ✸ ¬ ϕ , ¬ ✸ ϕ ∼ � ¬ ϕ Any other? U and R are duals: ¬ ( ϕ U ψ ) ∼ ( ¬ ϕ ) R ( ¬ ψ ) ¬ ( ϕ R ψ ) ∼ ( ¬ ϕ ) U ( ¬ ψ ) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 20 / 56

  22. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  23. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  24. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  25. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  26. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  27. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  28. Temporal Logic Classification of Properties Classification We can classify a number of properties expressible in LTL: safety � ϕ liveness ✸ ϕ obligation � ϕ ∨ ✸ ψ recurrence � ✸ ϕ persistence ✸ � ϕ reactivity � ✸ ϕ ∨ ✸ � ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 21 / 56

  29. Plan Temporal Logic 1 Propositional Modal Logic 2 Multimodal Logic 3 Dynamic Logic 4 Mu-calculus 5 Real-Time Logics 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 22 / 56

  30. Propositional Modal Logic The logic of possibility and necessity � ϕ : ϕ is “necessarily true”, or “ ϕ holds in all possible worlds” ✸ ϕ : ϕ is “possibly true”, or “there is a possible world that realizes ϕ ” The modalities are dual def ✸ ϕ = ¬ � ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 23 / 56

  31. Propositional Modal Logic Semantics: Kripke Frames Definition A Kripke frame M is a structure ( W , R , ν ) where W is a finite non-empty set of states (or worlds) – W is called the universe of M R ⊆ W × W is an accessibility relation between states (transition relation) → 2 K determines the truth assignment to the atomic ν : P − propositional variables in each state university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 24 / 56

  32. Propositional Modal Logic Semantics: Kripke Frames Definition We define the notion that a modal formula ϕ is true in the world w in the model M , written M , w | = ϕ as follows: M , w | = p iff w ∈ ν ( p ) M , w | = ¬ ϕ iff M , w �| = ϕ M , w | = ϕ 1 ∨ ϕ 2 iff M , w | = ϕ 1 or M , w | = ϕ 2 M , w ′ | = ϕ for all w ′ such that ( w , w ′ ) ∈ R M , w | = � ϕ iff M , w ′ | = ϕ for some w ′ such that ( w , w ′ ) ∈ R M , w | = ✸ ϕ iff university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 25 / 56

  33. Propositional Modal Logic Examples Example (Logic T) R reflexive M , w | = � ¬ p � ¬ p ¬ p university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 26 / 56

  34. Propositional Modal Logic Examples Example (Logic T) R reflexive M , w | = � ¬ p � ¬ p ¬ p Example (Logic S4) R reflexive and transitive M , w | = � ¬ p ¬ p ¬ p � ¬ p university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 26 / 56

  35. Propositional Modal Logic Semantics: Kripke Frames Remarks The semantics is alternatively called relational semantics, frame semantics, world semantics, possible world semantics, Kripke semantics/frame/structure There are different variations of the definition of Kripke semantics Sometimes a Kripke frame is defined to be a structure ( W , R ) , and then the triple ( W , R , ν ) is called a Kripke model The Kripke model may be defined as ( W , R , | =) instead Sometimes a set of starting states W 0 ⊆ W is added to the definition In other cases a valuation function V : K → 2 P is given instead of ν The semantics of � and ✸ depend on the properties of R R can be reflexive, transitive, euclidean, etc Axioms and theorems will be determined by R (or vice-versa!) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 27 / 56

  36. Propositional Modal Logic Semantics: Kripke Frames Remarks The semantics is alternatively called relational semantics, frame semantics, world semantics, possible world semantics, Kripke semantics/frame/structure There are different variations of the definition of Kripke semantics Sometimes a Kripke frame is defined to be a structure ( W , R ) , and then the triple ( W , R , ν ) is called a Kripke model The Kripke model may be defined as ( W , R , | =) instead Sometimes a set of starting states W 0 ⊆ W is added to the definition In other cases a valuation function V : K → 2 P is given instead of ν The semantics of � and ✸ depend on the properties of R R can be reflexive, transitive, euclidean, etc Axioms and theorems will be determined by R (or vice-versa!) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 27 / 56

  37. Propositional Modal Logic Semantics: Kripke Frames Remarks The semantics is alternatively called relational semantics, frame semantics, world semantics, possible world semantics, Kripke semantics/frame/structure There are different variations of the definition of Kripke semantics Sometimes a Kripke frame is defined to be a structure ( W , R ) , and then the triple ( W , R , ν ) is called a Kripke model The Kripke model may be defined as ( W , R , | =) instead Sometimes a set of starting states W 0 ⊆ W is added to the definition In other cases a valuation function V : K → 2 P is given instead of ν The semantics of � and ✸ depend on the properties of R R can be reflexive, transitive, euclidean, etc Axioms and theorems will be determined by R (or vice-versa!) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 27 / 56

  38. Plan Temporal Logic 1 Propositional Modal Logic 2 Multimodal Logic 3 Dynamic Logic 4 Mu-calculus 5 Real-Time Logics 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 28 / 56

  39. Multimodal Logic A multimodal logic contains a set A = { a , . . . } of modalities We can augment propositional logic with one modality for each a ∈ A If ϕ is a formula and a ∈ A , then [ a ] ϕ is a formula We also define � a � ϕ def = ¬ [ a ] ¬ ϕ The semantics of � a � and [ a ] are defined as for ✸ a and � a , but “labelling” the transition with a university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 29 / 56

  40. Multimodal Logic Definition A Kripke frame now is a structure M = ( W , R , ν ) where W is a finite non-empty set of states (or worlds) – W is called the universe of M R ( a ) ⊆ W × W is the accessibility relation between states (transition relation), associating each modality in a ∈ A to a transition We get a labelled Kripke frame → 2 K determines the truth assignment to the atomic ν : P − propositional variables in each state university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 30 / 56

  41. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  42. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  43. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  44. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  45. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? NO What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  46. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? NO What about M , w 2 | = [ b ] ¬ p ? university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  47. Multimodal Logic Examples Example a a b ¬ p p p a w 1 w 2 w 3 M , w 1 | = [ a ] p M , w 1 | = � a � p M , w 1 | = � b � p , and also M , w 1 | = [ b ] p What about M , w 2 | = � b �¬ p ? NO What about M , w 2 | = [ b ] ¬ p ? YES university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 31 / 56

  48. Plan Temporal Logic 1 Propositional Modal Logic 2 Multimodal Logic 3 Dynamic Logic 4 Mu-calculus 5 Real-Time Logics 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 32 / 56

  49. Propositional Dynamic Logic (PDL) The dynamic aspect of modal logic fits well the framework of program execution K : universe of all possible execution states of a program With any program α , define a relation R over K s.t. ( s , t ) ∈ R iff t is a possible final state of the program α with initial state s “possible” since programs may be non-deterministic Syntactically, each program gives rise to a modality of a multimodal logic � α � ϕ : it is possible to execute α and halt in a state satisfying ϕ [ α ] ϕ : whenever α halts, it does so in a state satisfying ϕ Dynamic logic (PDL) is more than just multimodal logic applied to programs It uses various calculi of programs, together with predicate logic, giving rise to a reasoning system for interacting programs Dynamic logic subsumes Hoare logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 33 / 56

  50. Propositional Dynamic Logic (PDL) The dynamic aspect of modal logic fits well the framework of program execution K : universe of all possible execution states of a program With any program α , define a relation R over K s.t. ( s , t ) ∈ R iff t is a possible final state of the program α with initial state s “possible” since programs may be non-deterministic Syntactically, each program gives rise to a modality of a multimodal logic � α � ϕ : it is possible to execute α and halt in a state satisfying ϕ [ α ] ϕ : whenever α halts, it does so in a state satisfying ϕ Dynamic logic (PDL) is more than just multimodal logic applied to programs It uses various calculi of programs, together with predicate logic, giving rise to a reasoning system for interacting programs Dynamic logic subsumes Hoare logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 33 / 56

  51. Propositional Dynamic Logic (PDL) The dynamic aspect of modal logic fits well the framework of program execution K : universe of all possible execution states of a program With any program α , define a relation R over K s.t. ( s , t ) ∈ R iff t is a possible final state of the program α with initial state s “possible” since programs may be non-deterministic Syntactically, each program gives rise to a modality of a multimodal logic � α � ϕ : it is possible to execute α and halt in a state satisfying ϕ [ α ] ϕ : whenever α halts, it does so in a state satisfying ϕ Dynamic logic (PDL) is more than just multimodal logic applied to programs It uses various calculi of programs, together with predicate logic, giving rise to a reasoning system for interacting programs Dynamic logic subsumes Hoare logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 33 / 56

  52. Propositional Dynamic Logic (PDL) The dynamic aspect of modal logic fits well the framework of program execution K : universe of all possible execution states of a program With any program α , define a relation R over K s.t. ( s , t ) ∈ R iff t is a possible final state of the program α with initial state s “possible” since programs may be non-deterministic Syntactically, each program gives rise to a modality of a multimodal logic � α � ϕ : it is possible to execute α and halt in a state satisfying ϕ [ α ] ϕ : whenever α halts, it does so in a state satisfying ϕ Dynamic logic (PDL) is more than just multimodal logic applied to programs It uses various calculi of programs, together with predicate logic, giving rise to a reasoning system for interacting programs Dynamic logic subsumes Hoare logic university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 33 / 56

  53. Propositional Dynamic Logic Syntax PDL contains syntax constructs from: Propositional logic Modal logic Algebra of regular expressions Expressions are of two sorts Propositions and formulas: ϕ, ψ, . . . Programs: α, β, γ, . . . university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 34 / 56

  54. Propositional Dynamic Logic Syntax Definition Programs and propositions of regular PDL are built inductively using the following operators Propositional operators → implication 0 falsity Program operators ; composition choice ∪ ∗ iteration Mixed operators [ ] necessity university-logo ? test Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 35 / 56

  55. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  56. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  57. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  58. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  59. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  60. Propositional Dynamic Logic Intuitive Meaning [ α ] ϕ : It is necessary that after executing α , ϕ is true (necessity) α ∪ β : Choose either α or β non-deterministically and execute it (choice) α ; β : Execute α , then execute β (concatenation, sequencing) α ∗ : Execute α a non-deterministically chosen finite of times –zero or more (Kleene star) ϕ ? : Test ϕ ; proceed if true, fail if false (test) We define � α � ϕ def = ¬ [ α ] ¬ ϕ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 36 / 56

  61. Propositional Dynamic Logic Additional Programs def = 1 ? skip def fail = 0 ? def if ϕ 1 → α 1 | . . . | ϕ n → α n fi = ϕ 1 ?; α 1 ∪ . . . ∪ ϕ n ?; α n def ( ϕ 1 ?; α 1 ∪ . . . ∪ ϕ n ?; α n ) ∗ ; ( ¬ ϕ 1 ∧ . . . ∧ ¬ ϕ n )? do ϕ 1 → α 1 | . . . | ϕ n → α n od = def if ϕ then α else β = if ϕ → α | ¬ ϕ → β fi = ϕ ?; α ∪ ¬ ϕ ?; β def while ϕ do α = do ϕ → α od ( ϕ ?; α ) ∗ ; ¬ ϕ ? = def repeat α until ϕ = α ; while ¬ ϕ do α od α ; ( ¬ ϕ ?; α ) ∗ ; ϕ ? = def { ϕ } α { ψ } = ϕ → [ α ] ψ university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 37 / 56

  62. Propositional Dynamic Logic Remark It is possible to reason about programs by using PDF proof system We will not see the semantics here The semantics of PDL comes from that from modal logic Kripke frames We will see its application in our contract language university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 38 / 56

  63. Plan Temporal Logic 1 Propositional Modal Logic 2 Multimodal Logic 3 Dynamic Logic 4 Mu-calculus 5 Real-Time Logics 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 39 / 56

  64. µ -calculus µ -calculus is a powerful language to express properties of transition systems by using least and greatest fixpoint operators ν is the greatest fixpoint meaning looping µ is the least fixpoint meaning finite looping Many temporal and program logics can be encoded into the µ -calculus Efficient model checking algorithms Formulas are interpreted relative to a transition system The Kripke structure needs to be slightly modified university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 40 / 56

  65. µ -calculus: Syntax Let Var = { Z , Y , . . . } be an (infinite) set of variable names Let Prop = { P , Q , . . . } be a set of atomic propositions Let L = { a , b , . . . } be a set of labels (or actions ) Definition The set of µ -calculus formulae (w.r.t. ( Var , Prop , L ) ) is defined as follows: P is a formula Z is a formula If φ 1 and φ 2 are formulae, so is φ 1 ∧ φ 2 If φ is a formula, so is [ a ] φ If φ is a formula, so is ¬ φ If φ is a formula, then ν Z .φ is a formula Provided every free occurrence of Z in φ occurs positively (within the scope of an even number of negations) university-logo ν is the only binding operator Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 41 / 56

  66. µ -calculus: Syntax If φ ( Z ) , then the subsequent writing φ ( ψ ) means φ with ψ substituted for all free occurrences of Z The positivity requirement syntactically guarantees monotonicity in Z Unique minimal and maximal fixpoint Derived operators def φ 1 ∨ φ 2 = ¬ ( ¬ φ 1 ∧ ¬ φ 2 ) def � a � φ = ¬ [ a ] ¬ φ def µ Z .φ ( Z ) = ¬ ν Z . ¬ φ ( ¬ Z ) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 42 / 56

  67. µ -calculus: Syntax If φ ( Z ) , then the subsequent writing φ ( ψ ) means φ with ψ substituted for all free occurrences of Z The positivity requirement syntactically guarantees monotonicity in Z Unique minimal and maximal fixpoint Derived operators def φ 1 ∨ φ 2 = ¬ ( ¬ φ 1 ∧ ¬ φ 2 ) def � a � φ = ¬ [ a ] ¬ φ def µ Z .φ ( Z ) = ¬ ν Z . ¬ φ ( ¬ Z ) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 42 / 56

  68. µ -calculus: Syntax If φ ( Z ) , then the subsequent writing φ ( ψ ) means φ with ψ substituted for all free occurrences of Z The positivity requirement syntactically guarantees monotonicity in Z Unique minimal and maximal fixpoint Derived operators def φ 1 ∨ φ 2 = ¬ ( ¬ φ 1 ∧ ¬ φ 2 ) def � a � φ = ¬ [ a ] ¬ φ def µ Z .φ ( Z ) = ¬ ν Z . ¬ φ ( ¬ Z ) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 42 / 56

  69. µ -calculus: Semantics Definition A labelled transition system (LTS) is a triple M = ( S , T , L ) , where: S is a nonempty set of states L is a set of labels (actions) as defined before T ⊆ S × L × S is a transition relation A modal µ -calculus structure T (over Prop and L ) is a LTS ( S , T , L ) together with an interpretation V Prop : Prop → 2 S for the atomic propositions university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 43 / 56

  70. µ -calculus Semantics Definition Given a structure T and an interpretation V : Var → 2 S of the variables, the set � φ � T V is defined as follows: � P � T = V Prop ( P ) V � Z � T = V ( Z ) V �¬ φ � T S − � φ � T = V V � φ 1 ∧ φ 2 � T � φ 1 � T V ∩ � φ 2 � T = V V � [ a ] φ � T { s | ∀ t . ( s , a , t ) ∈ T ⇒ t ∈ � φ � T = V } V � ν Z .φ � T � { S ⊆ S | S ⊆ � φ � T = V [ Z := S ] } V where V [ Z := S ] is the valuation mapping Z to S and otherwise agrees with V university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 44 / 56

  71. µ -calculus Semantics If we consider only positive formulae, we may add the following derived operators Interpretation � φ 1 ∨ φ 2 � T � φ 1 � T V ∪ � φ 2 � T = V V �� a � φ � T { s | ∃ t . ( s , a , t ) ∈ T ∧ t ∈ � φ � T = V V � µ Z .φ � T � { S ⊆ S | S ⊇ � φ � T = V [ Z := S ] } V university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 45 / 56

  72. µ -calculus Example µ is liveness “On all length a -path, P eventually holds” µ Z . ( P ∨ [ a ] Z ) “On some a -path, P holds until Q holds” µ Z . ( Q ∨ ( P ∧ � a � Z ) ν is safety “ P is true along every a -path” ν Z . ( P ∧ [ a ] Z ) “On every a -path P holds while Q fails” ν Z . ( Q ∨ ( P ∧ [ a ] Z )) university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 46 / 56

  73. Plan Temporal Logic 1 Propositional Modal Logic 2 Multimodal Logic 3 Dynamic Logic 4 Mu-calculus 5 Real-Time Logics 6 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 47 / 56

  74. Real-time Logics Temporal logic (TL) is concerned with the qualitative aspect of temporal system requirements Invariance, responsiveness, etc TL cannot refer to metric time: Not suitable for the specification of quantitative temporal requirements There are many ways to extend a temporal logic with real-time Replace the unrestricted temporal operators with time-bounded versions 1 Extend temporal logic with explicit references to the times of temporal 2 contexts (freeze quantification) Add an explicit clock variable 3 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 48 / 56

  75. Real-time Logics Temporal logic (TL) is concerned with the qualitative aspect of temporal system requirements Invariance, responsiveness, etc TL cannot refer to metric time: Not suitable for the specification of quantitative temporal requirements There are many ways to extend a temporal logic with real-time Replace the unrestricted temporal operators with time-bounded versions 1 Extend temporal logic with explicit references to the times of temporal 2 contexts (freeze quantification) Add an explicit clock variable 3 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 48 / 56

  76. Real-time Logics Temporal logic (TL) is concerned with the qualitative aspect of temporal system requirements Invariance, responsiveness, etc TL cannot refer to metric time: Not suitable for the specification of quantitative temporal requirements There are many ways to extend a temporal logic with real-time Replace the unrestricted temporal operators with time-bounded versions 1 Extend temporal logic with explicit references to the times of temporal 2 contexts (freeze quantification) Add an explicit clock variable 3 university-logo Gerardo Schneider (UiO) Specification and Analysis of e-Contracts SEFM, 3-7 Nov 2008 48 / 56

Recommend


More recommend