Presentation is loading. Please wait.

Presentation is loading. Please wait.

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)

Published byGary Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)"— Presentation transcript:

1 Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)

2 2 On Temporal Reasoning Allen temporal algebra/logic (ATL): Allen’84 –One of the “best established formalism for temporal reasoning” (in AI) – Krokhin et al.’03 (J. of ACM) Linear temporal logic (LTL): Pnueli’77 –One of the best-established formalisms in verification Between the two, so far … –No rigorous connection –No attempt to “systematically reuse” good features of one in the context of the other (visual representation, formal verification, monitoring, etc.)

3 3 Overview Recall Allen temporal algebra/logic and LTL Define Allen linear temporal logic (ALTL) Translate ALTL into LTL –NP completeness of ALTL satisfiability Monitor ALTL Conclusion Future work

4 4 Allen Temporal Algebra/Logic (ATL) Framework dealing with incomplete relative temporal information –Event A is before or overlaps event B Very used in AI planning Interval taken as primitive temporal quantity 13 basic binary relations on intervals ATL formula (aka compatibility) –boolean (finite) combination of such relations ATL models are (dense) total orders –Intervals interpreted as convex subsets

5 5 ATL: Basic Interval Relations (I) Equals(i,j) Before(i,j) or After(j,i) Meets(i,j) or MetBy(j,i) i j i j i j Exactly the same timepoints There are some timepoints between i and j There are no timepoints between i and j

6 6 ATL: Basic Interval Relations (II) Overlaps(i,j) or OverlappedBy(j,i) Contains(i,j) or During(j,i) Starts(i,j) or StartedBy(j,i) Ends(i,j) or EndedBy(j,i) i j i j ij i j

7 7 ATL Models Total orders (T,<), dense or discrete Intervals interpreted as convex subsets –  : Intervals → Convex(T) –C  Convex(T) iff (x,y)  C when x < y in C Model (T,<,  ) satisfies Overlaps(i,j) iff  (i) ∩  (j) ≠  and  x   (j),  y   (i), x <  (i),  (j) < y  (i)  (j) x y

8 8 ATL in Practice Extensively used in AI planning to reason about concurrency and temporal extent; very visual Intervals can express both action instances and states of attributes (state variables); aka tokens Example: McCarthy’s Monkey/Banana

9 9 NASA Ames GROMIT Model Exploration rover

10 10 DDL: A Formal ATL Language Domain-Description Language (DDL) in AI planning –NASA Remote Agent, EUROPA; used for plan synthesis GROMIT model has >1500 DDL lines of ATL spec:

11 11 ATL: Known Results and Evidence Allen introduced it in ’84; no theorems NP-complete satisfiability (Vilain,Kautz,Beek’89) –Not hard, but intricate Much research in tractable fragments –18 tractable subalgebras (Krokhin,Jeavons,Jonsson’03 – J.ACM) Evidence –Visual and intuitive formalism –Easy to comprehend and explain –Large specifications relatively manageable

12 12 Linear Temporal Logic (LTL) Pnueli introduced it in ’77 Sistla, Clarke ’85 –PSPACE-complete satisfiability –LTL□ is NP-complete Extensively used in verification, temp. DB Calvanese, De Giacomo, Vardi ’02 –Propose LTL as a formalism for AI planning Yet, no formal connection between ATL and LTL has been investigated –we could use LTL verification tools and techniques in AI planning, a domain lacking but in need of them …

13 13 From ATL to LTL (I) Step 1 Relate models: –Define Allen Linear Temporal Logic (ALTL), whose models are  -sequences, like in LTL Theory: –Same complexity as the dense variant Practice: –Care needed to generate at least one timepoint in each non-empty interval fragment

14 14 From ATL to LTL (II) Step 2 Encode membership to intervals: –Add an atomic predicate  i for each interval i Step 3 Enforce “interval behavior” (no “gaps”) –Non-emptiness:  i for each interval i –Convexity:  (  (  i    (  i    i ))) j jj jj  j

15 15 From ATL to LTL (III) Step 4 Encode interval relations; e.g.: Overlaps(i,j)  (  j    i    (  j    i    (  j   i ))) i j  j    i  j    i  j    i

16 16 From ATL to LTL: Theoretical Aspects Recent works in ATL, including the DDL language, work with an extended ATL –Add predicates and new relations Holds(p,i) and Occurs(p,i) –New satisfiability is obviously still NP-hard Extends propositional calculus Holds and Occurs can also be translated in LTL –Holds(p,i) is □ (  i   p) –Occurs(p,i) is  (p   i ) Four steps above give us –A reduction from ATL to LTL□, the latter NP-complete Therefore, the extended ATL is NP-complete

17 17 From ATL to LTL: Practical Aspects Implemented the four transformation steps above as a term rewrite system, in Maude –[go to example in technical report] –Unfortunately, resulting LTL formulae are large and hard to understand … But, at least in principle, one can now 1)Use formal verification techniques in domains, e.g., AI planning, whose requirements use ATL 2)Use ATL to specify system requirements and then formally verify them

18 18 Monitoring ATL (I) Importance of monitoring in autonomous systems cannot be overestimated: –Even if a plan is proved to satisfy its spec, many factors can lead to violations of reqs: terrain, power, hardware We know how to monitor LTL “efficiently” –Monitors based on (non-deterministic) Buchi automata Can we use our ATL-to-LTL translation and then use LTL monitors to monitor ATL? –Buchi automata generation appears to be a bottle-neck –ATL-to-LTL-to-Buchi applied on the Monkey formula yields several thousand nodes and ~ 60,000 edges (Oddoux&Gastin LTL2Buchi)

19 19 Specialized Monitoring Algorithm for ATL Idea: divide-and-conquer –Monitor each temporal relation “individually” –Combine the results within the “big-picture” –Check for satisfiability “from time to time” Algorithm: Suppose ATL formula  (r 1, r 2, …, r n ) –  is a boolean formula … where –r 1, r 2, …, r n regarded as “dynamic” variables; they may become true/false during monitoring –At each event, recalculate the “truth status” of variables Maintain a “little” monitor for each –At critical timepoints, check satisfiability of 

20 20 Monitors for Interval Relations Overlaps(j,i) j i There are also “little monitors” ensuring that intervals are non-empty and contiguous …

21 21 GROMIT Experiment Applied the ATL monitor synthesis algorithm above on NASA Ames’ GROMIT specification ATL formula has more than 100 interval relations We did not have access to the execution platform, but were provided 100 execution traces, each containing several hundred events Both monitor synthesis and checking took negligible time –However, for each trace, we checked for satisfiability only once, at the end

22 22 Conclusion Defined Allen linear temporal logic (ALTL) Translated ALTL into LTL –NP completeness of (extended) ALTL satisfiability –Allows using LTL tools and techniques in domains that prefer (or cannot avoid) ATL specifications Explored monitoring problem for ATL –Showed that “blind use” of LTL monitors can be inefficient –Presented efficient, specialized ATL monitoring algorithm

23 23 Future Work, Questions … ATL is a “sugared fragment” of LTL –Monitoring ATL directly is more effective … –Can ATL (instead of general LTL) be used in certain particular system verification efforts? Visual, easy! Formal verification techniques for ATL? –Theorem proving, model checking Extend ATL with repetition? Monitor it? There are many other interval logics (e.g., ITL, MTL) –Monitor synthesis for these?

Download ppt "Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)"

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.

An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.
Comparative Succinctness of KR Formalisms Paolo Liberatore.

Comparative Succinctness of KR Formalisms Paolo Liberatore.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Verification of Graph Transformation Systems Arman Sheikholeslami

Verification of Graph Transformation Systems Arman Sheikholeslami
Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.

Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
Solving Partial Order Constraints for LPO termination.

Solving Partial Order Constraints for LPO termination.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Property-Based Test Generation Li Tan, Oleg Sokolsky, and Insup Lee University of Pennsylvania.

Property-Based Test Generation Li Tan, Oleg Sokolsky, and Insup Lee University of Pennsylvania.
Analysis of Algorithms CS 477/677

Analysis of Algorithms CS 477/677
A logic for reasoning about digital rights Riccardo Pucella, Vicky Weissman Cornell University.

A logic for reasoning about digital rights Riccardo Pucella, Vicky Weissman Cornell University.
Chapter 11: Limitations of Algorithmic Power

Chapter 11: Limitations of Algorithmic Power
February 20, 2015CS21 Lecture 191 CS21 Decidability and Tractability Lecture 19 February 20, 2015.

February 20, 2015CS21 Lecture 191 CS21 Decidability and Tractability Lecture 19 February 20, 2015.

Similar presentations

Ads by Google