Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)"— Presentation transcript:

1 1 Translating from LTL to automata

2 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure) satisfies this property. The check (“model-checking”) will be based on automata operations – hence we need to translate the property to automata.

3 3 From formulas to Buchi automta Gp Fpp U q GFp p p T T q p T p T Now try yourself: FGp, a U (b U c), X(p U (q Æ r))

4 4 A translation algorithm So now we need to show an algorithmic translation from LTL to Buchi It will work in two stages: Translate to Generalized Buchi Degeneralization.

5 5 Preprocessing Convert into normal form, where negation only applies to propositional variables. ¬G  becomes F¬ . ¬F  becomes G¬ . ¬(  U  ) becomes (¬  ) R (¬  ), ¬(  R  ) becomes (¬  ) U (¬  ).

6 6 Convert to Negation Normal Form Push negations over propositional conenctives, and eliminate operators other than Æ, Ç Eliminate G Replace G  by (False R  ). (in general we can stay with U, R, X) Preprocessing

7 7 Example Translate (GF P ) ! ( GF Q ) Eliminate implication ¬ ( GF P ) Ç ( GF Q ) Eliminate G, F : ¬ ( False R ( True U P ) ) Ç ( False R ( True U Q ) ) Push negation inwards: (True U (False R ¬ P ) ) Ç ( False R ( True U Q ) )

8 8 And now... We need to build an automaton that accepts exactly those words that satisfy .

9 9 Content The construction continues as follows: 1. Build the Local Automaton This automaton guarantees that the word satisfies all conditions imposed by the formula 2. Build the Eventuality Automaton Eventualities : formulas of the form F φ and φ 1 U φ 2 The problem is that nothing prevents us from postponing forever the time at which (eventuality) formula will be true 3. Compose them

10 10 The Local Automaton Closure of  all the subformulas of  and their negations. Formally: cl(  ) is the smallest set of formulas satisfying the following conditions φ ∈ cl( φ ) φ 1 ∈ cl( φ ) ⇒ ¬ φ 1 ∈ cl( φ ) φ 1 ∧ φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) φ 1 ∨ φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) X φ 1 ∈ cl( φ ) ⇒ φ 1 ∈ cl( φ ) F φ 1 ∈ cl( φ ) ⇒ φ 1 ∈ cl( φ ) φ 1 U φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) φ 1 R φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ )

11 11 The Local Automaton / Alphabet, states The local automaton is L = (∑, S L, ρ L, I L, F L ) The alphabet ∑ ∑ µ 2 cl(φ) ∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s  ¬f ∉ s The states S L All propositionally consistent subsets s of cl(φ): φ1 ∈ s  ¬φ1 ∉ s

12 12 The Local Automaton / Transition relation The edges: ρ L (s, a) must check the next state is compatible with the semantics of the temporal operators. Let t ∈ ρ L (s, a). Then: X φ 1 ∈ s  φ 1 ∈ t F φ 1 ∈ s  φ 1 ∈ s or F φ 1 ∈ t φ 1 U φ 2 ∈ s  ( φ 2 ∈ s) or ( φ 1 ∈ s and φ 1 U φ 2 ∈ t) φ 1 R φ 2 ∈ s  ( φ 1 ⋀ φ 2 ∈ s) or ( φ 2 ∈ s and φ 1 R φ 2 ∈ t) The labeling on the edges: For a state s  ;, s is the label on all the outgoing edges from s.

13 13 The initial states I L... is the set of states that include the formula The accepting states F L... is the set of all states The Local Automaton / Initial + final states

14 14 Example: Local Automaton for Fp Closure of F p cl( F p) = { F p, p, ¬F p, ¬ p} S L = {{ F p, p}, { ¬F p, p}, { F p, ¬ p}, { ¬F p, ¬ p}}

15 15 Local Automaton for F p { ¬ Fp, p} {Fp, ¬ p} { ¬ Fp, ¬ p} Recall the defnition: (Fp ∈ s)  (p ∈ s or Fp ∈ t)(t is the target state) Top-right: Since p  s then t can only be such that Fp 2 t. Top left: Since p 2 s then all states can be t. {Fp, p} Bottom left: contradictory, hence no point in this state (can be removed) Bottom right: since the condition above is iff relation, then we need that ( : p 2 s) and ( : Fp 2 t).

16 16 Local Automaton for F p (labels) { ¬ Fp, p} {Fp, ¬ p} { ¬ Fp, ¬ p} {Fp, p} { ¬ Fp, ¬ p} {Fp, ¬ p} {Fp, p} Recall: the edge labels are equivalent to the source state names.

17 17 Eventuality automaton is supposed to check that the eventualities are realized Check formulas of the form φ 1 U φ 2 F φ // special case of U The Eventuality Automaton

18 18 The Eventuality Automaton/ Alphabet, states Ev = ( ∑, 2 ev( φ ), ρ F, {{}}, F ) The alphabet ∑ µ 2 cl( φ ) ∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s  ¬f ∉ s The states 2 ev( φ ) The set of subsets of the eventualities of the formula φ A state {e 1, …, e k } means that the eventualities e 1, …, e k still have to be realized

19 19 The Eventuality Automaton/ Transition relation, initial state The transition ρ F Let t ∈ ρ F (s,a) For F φ : F φ ∈ t  φ ∉ a For φ 1 U φ 2 : φ 1 U φ 2 ∈ t  φ 2 ∉ a The initial state : {}

20 20 The Eventuality Automaton/ accepting states The acceptance condition F is complicated...  When can we accept a state s? if s has an eventuality, it satisfies it. Examples: s is accepting: s = {pUq, : p, q} s = { : pUq, : p, : q} s is not accepting: s = {pUq, p, : q} s = {pUq, : p, : q}

21 21 The Eventuality Automaton/ accepting states The acceptance condition, formaly: Let e i be an eventuality condition  i ’ U  i Suppose we have the eventuality conditions e 1,...,e m. Then F is a generalized Buchi condition: F = { Á 1,..., Á m } where Á i = {s 2 S | e i 2 s !  i 2 s} In our example: We have two states: {} and {Fp} Thus, F contains the single state {}

22 22 Example Eventuality automaton {Fp} {} { Fp, p} { ¬Fp, p} { ¬Fp, ¬ p} { Fp, ¬ p} { Fp, p}{ ¬Fp, p} { ¬Fp, ¬ p} { Fp, ¬ p} We can begin with all edges and all labels and then remove those that are incompatible with the condition we saw in the previous slide: The condition is: Fp ∈ t  p ∉ a Q: When is this automaton satisfied? A: When all eventualities are satisfied.

23 23 M = ( ∑, S M, ρ M,N M0, F M ) ∑ µ 2 cl(  ) S M = S L x 2 ev( φ ) (Cartesian Product) (p, q) ∈ ρ M ((s, t), a)  p ∈ ρ L (s, a) and q ∈ ρ F (t, a) N M0 = N φ x {} F M = N L x {} Composing the two automata

24 24 Example Composing the two automata ({Fp, p}, Fp) ({Fp, ¬ p}, Fp) ({ ¬ Fp, ¬ p}, Fp) ({Fp, p}, {}) ({Fp, ¬ p}, {}) ({ ¬ Fp, ¬ p}, {}) The propositions are the ‘real’ labels. p p :p:p :p:p :p:p

25 25 Example Composing the two automata ({Fp, p}, Fp) ({Fp, ¬ p}, Fp) ({Fp, p}, {}) ({ ¬ Fp, ¬ p}, {}) p :p:p :p:p :p:p Equivalently: labels move to outgoing edges. p p :p:p p :p:p p p ({Fp, ¬ p}, {})

26 26 Optimizations... There are optimizations that make the automaton much smaller: p :p:p :p:p :p:p p p If we define the alphabet ∑ as formulas over AP we can do better: p :p:p true p Ç : p

27 27 Conclusion The number of States Local Automaton : 2 cl( φ ) = O(2 2| φ | ) Eventuality Automaton : 2 ev( φ ) = O(2 | φ | ) Composed Automata : 2 cl( φ ) X 2 ev( φ ) = O(2 3| φ | ) | φ | is length of formula φ

Download ppt "1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)"

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Translating from logic to automata Book: Chapter 6.

Translating from logic to automata Book: Chapter 6.
An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.

An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
Possible World Semantics for Modal Logic

Possible World Semantics for Modal Logic
CSC 361NFA vs. DFA1. CSC 361NFA vs. DFA2 NFAs vs. DFAs NFAs can be constructed from DFAs using transitions: Called NFA- Suppose M 1 accepts L 1, M 2 accepts.

CSC 361NFA vs. DFA1. CSC 361NFA vs. DFA2 NFAs vs. DFAs NFAs can be constructed from DFAs using transitions: Called NFA- Suppose M 1 accepts L 1, M 2 accepts.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.

LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 

Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.

1 Generalized Buchi automaton. 2 Reminder: Buchi automata A=  Alphabet (finite). S: States (finite).  : S x  x S ) S is the transition relation. I.
Lecture 23. Subset Sum is NPC

Lecture 23. Subset Sum is NPC
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.

 Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
EE1J2 - Slide 1 EE1J2 – Discrete Maths Lecture 3 Syntax of Propositional Logic Parse trees revised Construction of parse trees Semantics of propositional.

EE1J2 - Slide 1 EE1J2 – Discrete Maths Lecture 3 Syntax of Propositional Logic Parse trees revised Construction of parse trees Semantics of propositional.
Introduction to Computability Theory

Introduction to Computability Theory
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

Similar presentations

Ads by Google