Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.

Published byAubrey Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used."— Presentation transcript:

1 Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders. CIS 842: Specification and Verification of Reactive Systems Lecture 3: Temporal Logic Specifications

2 Reasoning about Executions We want to reason about execution trees –tree node = snap shot of the program’s state Reasoning consists of two layers –defining predicates on the program states (control points, variable values) –expressing temporal relationships between those predicates [L3, (mt3, vr3), ….] Explored State-Space (computation tree) Conceptual View [L1, (mt1, vr1), ….] [L2, (mt2, vr2), ….] [L5, (mt5, vr5), ….] L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0

3 Computational Tree Logic (CTL)  ::= P …primitive propositions | !  |  &&  |  ||  |  ->  …propositional connectives | AG  | EG  | AF  | EF  …temporal operators | AX  | EX  | A[  U  ] | E[  U  ] Syntax Semantic Intuition AG p …along All paths p holds Globally EG p …there Exists a path where p holds Globally AF p …along All paths p holds at some state in the Future EF p …there Exists a path where p holds at some state in the Future path quantifiertemporal operator

4 Computational Tree Logic (CTL)  ::= P …primitive propositions | !  |  &&  |  ||  |  ->  …propositional connectives | AG  | EG  | AF  | EF  …path/temporal operators | AX  | EX  | A[  U  ] | E[  U  ] Syntax Semantic Intuition AX p …along All paths, p holds in the neXt state EX p …there Exists a path where p holds in the neXt state A[p U q] …along All paths, p holds Until q holds E[p U q] …there Exists a path where p holds Until q holds

5 Computation Tree Logic p p p p p p p p p p p pppp AG p

6 Computation Tree Logic EG p p p p p

7 Computation Tree Logic AF p p p pp p p

8 Computation Tree Logic EF p p

9 Computation Tree Logic AX p p p p p pp p p p

10 Computation Tree Logic EX p p p p pp p

11 Computation Tree Logic A[p U q] p p p q q p p q q p p

12 Computation Tree Logic E[p U q] p p q q p p q q q

13 Example CTL Specifications For any state, a request (for some resource) will eventually be acknowledged AG(requested -> AF acknowledged) From any state, it is possible to get to a restart state AG(EF restart) An upwards travelling elevator at the second floor does not changes its direction when it has passengers waiting to go to the fifth floor AG((floor=2 && direction=up && button5pressed) -> A[direction=up U floor=5])

14 Semantics for CTL (excerpts) For p  AP: s |= p  p  L(s) s |=  p  p  L(s) s |= f  g  s |= f and s |= g s |= f  g  s |= f or s |= g s |= EXf    =s 0 s 1... from s: s 1 |= f s |= E(f U g)    =s 0 s 1... from s  j  0 [ s j |= g and  i : 0  i  j [s i |= f ] ] s |= EGf    =s 0 s 1... from s  i  0: s i |= f Source: Orna Grumberg

15 CTL Notes Invented by E. Clarke and E. A. Emerson (early 1980’s) Specification language for Symbolic Model Verifier (SMV) model-checker SMV is a symbolic model-checker instead of an explicit-state model-checker Symbolic model-checking uses Binary Decision Diagrams (BDDs) to represent boolean functions (both transition system and specification

16 Linear Temporal Logic Restrict path quantification to “ALL” (no “EXISTS”) Reason in terms of linear traces instead of branching trees

17 Linear Temporal Logic (LTL) Semantic Intuition []  …always  <>  …eventually   U  …  until      ::= P …primitive propositions | !  |  &&  |  ||  |  ->  …propositional connectives | []  | <>  |  U  X  …temporal operators Syntax

18 Linear Time Logic []<> p ppp “Along all paths, it must be the case that globally (I.e., in each state we come to) eventually p will hold” Expresses a form of fairness – –p must occur infinitely often along the path – –To check  under the assumption of fair traces, check []<>p -> 

19 Linear Time Logic p <>[] p pp “Along all paths, eventually it is the case that p holds globally (I.e., at each state)” ppppp

20 Semantics for LTL Semantics of LTL is given with respect to a (usually infinite) path or trace –  = s 1 s 2 s 3 … We write  i for the suffix starting at s i, e.g., –  3 = s 3 s 4 s 5 … A system satisfies an LTL formula f if each path through the system satisfies f.

21 Semantics for LTL For p  AP:  |= p  p  L(s 1 )  |=  p  p  L(s 1 )  |= f  g   |= f and  |= g  |= f  g   |= f or  |= g  |= Xf   2 |= f  |= <>f   i >= 1.  i |= f  |= <>f   i >= 1.  i |= f  |= (f U g)   i >= 1.  i |= g and  j : 1  j  i-1.  i |= f

22 LTL Notes Invented by Prior (1960’s), and first use to reason about concurrent systems by A. Pnueli, Z. Manna, etc. LTL model-checkers are usually explicit-state checkers due to connection between LTL and automata theory Most popular LTL-based checker is Spin (G. Holzman)

23 Comparing LTL and CTL CTL LTL CTL* CTL is not strictly more expression than LTL (and vice versa) CTL* invented by Emerson and Halpern in 1986 to unify CTL and LTL We believe that almost all properties that one wants to express about software lie in intersection of LTL and CTL

24 LTL and Automata Theory

25 LTL Checking in Spin

Download ppt "Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used."

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Copyright 2003-04, Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.

卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
© Katz, 2007CS236368 Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS236368 Shmuel Katz The Technion.

© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Similar presentations

Ads by Google