DOCSLIB.ORG

Lecture 3 Automata-Based Representation of Linear-Time Properties and Linear Temporal Logic (LTL)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Lecture 3 Automata-Based Representation of Linear-Time Properties and Linear Temporal Logic (LTL) Lecture 3 Automata-Based Representation of Linear-Time Properties and Linear Temporal Logic (LTL) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu EECI, 14 May 2012 Outline Principles of Model • Automata-based representation of Checking, linear-time properties Christel Baier and • Syntax and semantics of LTL Joost-Pieter Katoen. • Specifying properties in LTL MIT Press, 2008. • Equivalence of LTL formulas • Fairness in LTL Chapter 5 • Other temporal logics (if time) Representations of linear-time properties Two more representations of linear-time properties: • Automata-based: • Linear temporal logic (LTL): readable by machine readable by humans • LTL is a formal language for describing linear-time properties • It provides particularly useful operators for constructing linear-time properties without explicitly specifying sets (of, e.g., infinite sequences of subsets of atomic propositions) 2 Nondeterministic finite automaton (NFA) A nondeterministic finite automaton =(Q, Σ, δ,Q0,F) is a tuple with - A is a set of states, A - Σ is an alphabet, - δ : Q Σ 2Q is a transition function, × → - Q0 Q is a set of initial states, and - F ⊆Q is a set of accept (or: final) states. ⊆ set of finite words Q = q0,q1,q2 , Σ = A, B { } { } Q0 = q0 ,F= q2 Let w = A ...A Σ∗ be a finite word. { } { } 1 n ∈ A run for w in is a finite sequence of δ(q0,A)= q0 , δ(q0,B)= q0,q1 A states q q ...q s.t. δ(q1,A)={q2}, δ(q1,B)={q2 } 0 1 n { } { } - q0 Q0 δ(q2,A)= , δ(q0,B)= ∈A ∅ ∅ - q i+1 q for all 0 i<n. word run i −−−→ i+1 ≤ empty word q0 A run q0q1 ...qn is called accepting if qn F . ∈ B q0q1 A finite word in accepted if it leads to an accepting run. ABA q0q0q0q0 BBA q0q0q0q0 The accepted language ( ) of is the set BA q0q1q2 L A A of finite words in Σ∗ accepted by . BBA q0q0q1q2 A accepted 3 NFA: =(Q, Σ, δ,Q ,F) A 0 Regular safety properties language (set of finite words) A set Σ∗ of finite strings is called a regular language L ⊆ accepted by if there is a nondeterministic finite automaton s.t. = ( ). the NFA A L L A A safety property Psafe over AP is called regular if its set of bad prefixes constitutes a regular language over 2AP . That is: NFA s.t. ( ) = bad prefixes of P ∃ A L A safe yellow Example: AP = {red, green, yellow} “Each red must be preceded immediately by a yellow” q1 is a regular safety property. yellow ¬ red Sample bad prefixes: ¬yellow∧ • {}{}{red} • {}{red} q0 red • {yellow}{yellow}{green}{red} ¬yellow∧ • ¬ A0A1 ...An s.t. n>0, red An, and yellow / An 1 red ∈ ∈ − general form of minimal bad prefixes q2 4 Verifying regular safety properties Given a transition system TS and a regular safety property Psafe, both over the atomic propositions AP. Let be an NFA s.t. ( )=BadP ref(P ). A L A safe TS = Psafe iff T races(TS) Psafe | ⊆ AP ω iff T races(TS) ((2 ) Psafe)= ∩ \ ∅AP ω iff T races(TS) BadP ref(Psafe).(2 ) = iff pref(T races∩(TS)) BadP ref(P )= ∅ ∩ safe ∅ iff pref(T races(TS)) ( )= AP ω ∩ L A ∅ (2 ) finite prefixes (2AP )ω P \ safe T races(TS) Psafe For words w and σ, w.σ denotes their concatenation. 5 Invariant Safety Liveness state condition something bad something good never happens will happen eventually violated at any infinite run violated only by infinite individual states violating the property runs has a finite prefix verification: find the verification: based on verification: reachable states and check nondeterministic finite the invariant condition automaton which accepts ? “finite runs” 6 Nondeterministic Buchi automaton (NBA) A nondeterministic Buchi automaton is same as an NFA =(Q, Σ, δ,Q0,F) with its runs interpreted differently. A Let w = A A ... Σω be an infinite string. A run for w in 1 2 ∈ A is an infinite sequence q0q1 ... of states s.t. - q0 Q0 and ∈A A A AP = {red, green} - q 1 q 2 q 3 .... 0 −−→ 1 −−→ 2 −−→ A run is accepting if q F for infinitely many j. j ∈ A string w is accepted by if there is an accepting run of w in . A A input word: ( ): set of infinite strings accepted by . Lω A A green green green ... { }{}{ }{}{ }{} A set of infinite string Σω is run: Lω ⊆ called an ω-regular language if there q0q1q0q1q0q1 ... is an NBA s.t. = ( ). A Lω Lω A input word: ( green, red green red )ω { }{}{ }{ } The NBA on the right accepts the infinite words run: q0q1q0q1q0q1 ... satisfying the LT property: “infinitely often green.” 7 NBA: =(Q, Σ, δ,Q0,F) ω -regular properties A An LT property P over AP is called ω-regular if P is an ω-regular language over 2AP . Invariant, regular safety, and various liveness properties are ω-regular. Let P be an ω-regular property and be an NBA that represents the ”bad traces” for P. A Basic idea behind model checking ω-regular properties: TS = P if and only if Traces(TS) P | ⊆ if and only if Traces(TS) (2AP )ω P = ∩ \ ∅ if and only if Traces(TS) P = ∩ ∅ if and only if Traces(TS) ( ) = ∩ Lω A ∅ 8 Invariant Safety Liveness state condition something bad something good never happens will happen eventually violated at any infinite run violated only by infinite individual states violating the property runs has a finite prefix verification: find the verification: based on verification: based on reachable states and check nondeterministic finite nondeterministic Buchi the invariant condition automaton which accepts automaton which “finite runs” accepts infinite runs 9 Representations of linear-time properties Two more representations of linear-time properties: • Automata-based: • Linear temporal logic (LTL): readable by machine readable by humans • LTL is a formal language for describing linear-time properties • It provides particularly useful operators for constructing linear-time properties without explicitly specifying sets (of, e.g., infinite sequences of subsets of atomic propositions) 10 Temporal logic Two key operators in temporal logic • ◊ “eventually” - a property is satisfied at some point in the future • ¨ “always” - a property is satisfied now and forever into the future “Temporal” refers underlying nature of time • Linear temporal logic ⇒ each moment in time has a well-defined successor moment • Branching temporal logic ⇒ reason about multiple possible time courses • “Temporal” here refers to “ordered events”; no explicit notion of time LTL = linear temporal logic • Specific class of operators for specifying linear time properties • Introduced by Pneuli in the 1970s (recently passed away) • Large collection of tools for specification, design, analysis Other temporal logics • CTL = computation tree logic (branching time; will see later, if time) • TCTL = timed CTL - check to make sure certain events occur in a certain time • TLA = temporal logic of actions (Lamport) [variant of LTL] • µ calculus = add “least fixed point” operator (more tomorrow) 11 Syntax of LTL LTL formulas: • a = atomic proposition • ◯ = “next”: φ is true at next step • U = “until”: φ2 is true at some point, φ1 is true until that time Formula evaluation: evaluate LTL propositions over a sequence of subsets of atomic propositions 12 Additional operators and formulas Derived temporal logic operators • Eventually ◊ϕ := true U ϕ ϕ will become true at some point in the future • Always ¨ϕ := ¬◊¬ϕ ϕ is always true; “(never (eventually (¬ϕ)))” Operator precedence Some common composite operators • Unary binds stronger than binary • p → ◊q p implies eventually q (response) ¬ φ1 U ◯ φ2 = (¬ φ1)U (◯ φ2) • p → q U r p implies q until r (precedence) • ¨◊p always eventually p (progress) • Bind from right to left: ¨◊p = (¨ (◊p)) • ◊¨p eventually always p (stability) p U q U r = p U (q U r) • ◊p → ◊q eventually p implies eventually q • U takes precedence over (correlation) ∧, ∨ and → 13 Semantics: when does a path satisfy an LTL spec? Let φ be an LTL formula over AP. The linear-time property induced by φ is where the satisfaction relation is the smallest relation with the properties For σ=A0 A1 A2..., σ[j...]=Aj Aj+1... For derived operators: Sample derivation: 14 Semantics: when does a system satisfy an LTL spec? Putting together: [Bullet 3 above] [Definition of satisfaction for LT properties] [Definition of Words(φ)] [Bullet 2 above] 15 Example: traffic light System description • Focus on lights in on particular direction • Light can be any of three colors: green, yellow, read • Atomic propositions = light color Ordering specifications • Liveness: “traffic light is green infinitely often” ☐◊green • Chronological ordering: “once red, the light cannot become green immediately” ☐ (red → ¬ ◯ green) • More detailed: “once red, the light always becomes green eventually after being yellow for some time” ☐(red → (◊ green ∧ (¬ green U yellow))) ☐(red → ◯ (red U (yellow ∧ ◯ (yellow U green)))) Progress property • Every request will eventually lead to a response ☐ (request → ◊response) 16 Example: autonomous navigation Specify safe, allowable, required, or desired behavior of system and/ or environment. Reduced Speed Zone ck pt position : x Traffic rules: • No collision (dist(x, Obs) X dist(x, Loc(Veh)) X ) ≥ safe ∧ ≥ safe • Obey speed limits ((x Reduced Speed Zone) (v vreduced)) • Stay in travel lane unless blocked∈ → ≤ • Intersection precedence & merging, stop line, passing,... Goals: • Eventually visit the check point ♦(x =ckpt) • Every time check point is reached, eventually come to start ((x =ckpt) (x = start)) → ♦ Environment assumptions: • Each intersection is clear infinitely often ♦(Intersection = empty) • Limited sensing range, detect obstacles before too late,... 17 ”Quiz” Consider the following transition system with AP = {a,b} Property 1: TS |= [] a? • Yes, all states are labeled with a Property 2: TS |= X (a ^ b)? • No: From s2 or s3, there are transitions for which
Load more

Recommended publications
  • Reasoning in the Temporal Logic of Actions Basic Research in Computer Science
    BRICS BRICS DS-96-1 U. Engberg: Reasoning in the Temporal Logic of Actions Basic Research in Computer Science Reasoning in the Temporal Logic of Actions The design and implementation of an interactive computer system Urban Engberg BRICS Dissertation Series DS-96-1 ISSN 1396-7002 August 1996 Copyright c 1996, BRICS, Department of Computer Science University of Aarhus. All rights reserved. Reproduction of all or part of this work is permitted for educational or research use on condition that this copyright notice is included in any copy. See back inner page for a list of recent publications in the BRICS Dissertation Series. Copies may be obtained by contacting: BRICS Department of Computer Science University of Aarhus Ny Munkegade, building 540 DK - 8000 Aarhus C Denmark Telephone: +45 8942 3360 Telefax: +45 8942 3255 Internet: [email protected] BRICS publications are in general accessible through WWW and anonymous FTP: http://www.brics.dk/ ftp ftp.brics.dk (cd pub/BRICS) Reasoning in the Temporal Logic of Actions The design and implementation of an interactive computer system Urban Engberg Ph.D. Dissertation Department of Computer Science University of Aarhus Denmark Reasoning in the Temporal Logic of Actions The design and implementation of an interactive computer system A Dissertation Presented to the Faculty of Science of the University of Aarhus in Partial Fulfillment of the Requirements for the Ph.D. Degree by Urban Engberg September 1995 Abstract Reasoning about algorithms stands out as an essential challenge of computer science. Much work has been put into the development of formal methods, within recent years focusing especially on concurrent algorithms.
    [Show full text]
  • The Rise and Fall of LTL
    The Rise and Fall of LTL Moshe Y. Vardi Rice University Monadic Logic Monadic Class: First-order logic with = and monadic predicates – captures syllogisms. • (∀x)P (x), (∀x)(P (x) → Q(x)) |=(∀x)Q(x) [Lowenheim¨ , 1915]: The Monadic Class is decidable. • Proof: Bounded-model property – if a sentence is satisfiable, it is satisfiable in a structure of bounded size. • Proof technique: quantifier elimination. Monadic Second-Order Logic: Allow second- order quantification on monadic predicates. [Skolem, 1919]: Monadic Second-Order Logic is decidable – via bounded-model property and quantifier elimination. Question: What about <? 1 Nondeterministic Finite Automata A = (Σ,S,S0,ρ,F ) • Alphabet: Σ • States: S • Initial states: S0 ⊆ S • Nondeterministic transition function: ρ : S × Σ → 2S • Accepting states: F ⊆ S Input word: a0, a1,...,an−1 Run: s0,s1,...,sn • s0 ∈ S0 • si+1 ∈ ρ(si, ai) for i ≥ 0 Acceptance: sn ∈ F Recognition: L(A) – words accepted by A. 1 - - Example: • • – ends with 1’s 6 0 6 ¢0¡ ¢1¡ Fact: NFAs define the class Reg of regular languages. 2 Logic of Finite Words View finite word w = a0,...,an−1 over alphabet Σ as a mathematical structure: • Domain: 0,...,n − 1 • Binary relation: < • Unary relations: {Pa : a ∈ Σ} First-Order Logic (FO): • Unary atomic formulas: Pa(x) (a ∈ Σ) • Binary atomic formulas: x < y Example: (∃x)((∀y)(¬(x < y)) ∧ Pa(x)) – last letter is a. Monadic Second-Order Logic (MSO): • Monadic second-order quantifier: ∃Q • New unary atomic formulas: Q(x) 3 NFA vs. MSO Theorem [B¨uchi, Elgot, Trakhtenbrot, 1957-8 (independently)]: MSO ≡ NFA • Both MSO and NFA define the class Reg.
    [Show full text]
  • Alternation-Free Modal Mu-Calculus for Data Trees (Extended Abstract)
    Alternation-free modal mu-calculus for data trees (Extended abstract) Marcin Jurdzi´nski and Ranko Lazi´c∗ Department of Computer Science, University of Warwick, UK Abstract The recent survey by Segoufin [30] summarises the sub- stantial progress made on reasoning about data words and An alternation-free modal µ-calculus over data trees is data trees. A data word is a word over a finite alphabet, introduced and studied. A data tree is an unranked or- with an equivalence relation on word positions. Implicitly, dered tree whose every node is labelled by a letter from every word position is labelled by an element (“datum”) a finite alphabet and an element (“datum”) from an infi- from an infinite set (“data domain”), but since the infinite nite set. For expressing data-sensitive properties, the calcu- set is equipped only with the equality predicate, it suffices lus is equipped with freeze quantification. A freeze quanti- to know which word positions are labelled by equal data, fier stores in a register the datum labelling the current tree and that is what the equivalence relation represents. Simi- node, which can then be accessed for equality comparisons larly, a data tree is a tree (countable, unranked and ordered) deeper in the formula. whose every node is labelled by a letter from a finite alpha- The main results in the paper are that, for the fragment bet, with an equivalence relation on the set of its nodes. with forward modal operators and one register, satisfiabi- First-order logic for data words was considered in [5], lity over finite data trees is decidable but not primitive re- where variables range over word positions ({0,...,l− 1} cursive, and that for the subfragment consisting of safety or N), there is a unary predicate for each letter from the formulae, satisfiability over countable data trees is decid- finite alphabet, and there is a binary predicate x ∼ y for able but not elementary.
    [Show full text]
  • Lecture 7: Computation Tree Logics
    Lecture 7: Computation Tree Logics Model of Computation Computation Tree Logics The Logic CTL Path Formulas and State Formulas CTL and LTL Expressive Power of Logics 1 Model of Computation a b State Transition Graph or Kripke Model b c c a b b c c a b c c Infinite Computation Tree (Unwind State Graph to obtain Infinite Tree) 2 Model of Computation (Cont.) Formally, a Kripke structure is a triple , where is the set of states, is the transition relation, and gives the set of atomic propositions true in each state. We assume that is total (i.e., for all states there exists a state such that ). A path in M is an infinite sequence of states, such that for , . We write to denote the suffix of starting at . Unless otherwise stated, all of our results apply only to finite Kripke structures. 3 Computation Tree Logics Temporal logics may differ according to how they handle branching in the underlying computation tree. In a linear temporal logic, operators are provided for describing events along a single computation path. In a branching-time logic the temporal operators quantify over the paths that are possible from a given state. 4 The Logic CTL The computation tree logic CTL combines both branching-time and linear-time operators. In this logic a path quantifier can prefix an assertion composed of arbitrary combinations of the usual linear-time operators. 1. Path quantifier: A—“for every path” E—“there exists a path” 2. Linear-time operators: X — holds next time. F — holds sometime in the future G — holds globally in the future U — holds until holds 5 Path Formulas and State Formulas The syntax of state formulas is given by the following rules: If , then is a state formula.
    [Show full text]
  • Computation Tree Logic Is Equivalent to Failure Trace Testing
    COMPUTATION TREE LOGIC IS EQUIVALENT TO FAILURE TRACE TESTING by A. F. M. NOKIB UDDIN A thesis submitted to the Department of Computer Science in conformity with the requirements for the degree of Master of Science Bishop’s University Sherbrooke, Quebec, Canada July 2015 Copyright c A. F. M. Nokib Uddin, 2015 Abstract The two major systems of formal verification are model checking and algebraic techniques such as model-based testing. Model checking is based on some form of temporal logic such as linear temporal logic (LTL) or computation tree logic (CTL). CTL in particular is capable of expressing most interesting properties of processes such as liveness and safety. Alge- braic techniques are based on some operational semantics of processes (such as traces and failures) and its associated preorders. The most fine-grained practical preorder is based on failure traces. The particular algebraic technique for formal verification based on failure traces is failure trace testing. It was shown earlier [8] that CTL and failure trace testing are equivalent; that is, for any failure trace test there exists a CTL formula equivalent to it, and the other way around. Both conversions are constructive and algorithmic. The proof of the conversion from fail- ure trace tests to CTL formulae and implicitly the associated algorithm is however incor- rect [6]. We now provide a correct proof for the existence of a conversion from failure trace tests to CTL formulae. We also offer intuitive support for our proof by providing worked ex- amples related to the examples used earlier [9] to support the conversion the other way around, thus going full circle not only with the conversion but also with our examples.
    [Show full text]
  • Model Checking with Mbeddr
    Model Checking for State Machines with mbeddr and NuSMV 1 Abstract State machines are a powerful tool for modelling software. Particularly in the field of embedded software development where parts of a system can be abstracted as state machine. Temporal logic languages can be used to formulate desired behaviour of a state machine. NuSMV allows to automatically proof whether a state machine complies with properties given as temporal logic formulas. mbedder is an integrated development environment for the C programming language. It enhances C with a special syntax for state machines. Furthermore, it can automatically translate the code into the input language for NuSMV. Thus, it is possible to make use of state-of-the-art mathematical proofing technologies without the need of error prone and time consuming manual translation. This paper gives an introduction to the subject of model checking state machines and how it can be done with mbeddr. It starts with an explanation of temporal logic languages. Afterwards, some features of mbeddr regarding state machines and their verification are discussed, followed by a short description of how NuSMV works. Author: Christoph Rosenberger Supervising Tutor: Peter Sommerlad Lecture: Seminar Program Analysis and Transformation Term: Spring 2013 School: HSR, Hochschule für Technik Rapperswil Model Checking with mbeddr 2 Introduction Model checking In the words of Cavada et al.: „The main purpose of a model checker is to verify that a model satisfies a set of desired properties specified by the user.” [1] mbeddr As Ratiu et al. state in their paper “Language Engineering as an Enabler for Incrementally Defined Formal Analyses” [2], the semantic gap between general purpose programming languages and input languages for formal verification tools is too big.
    [Show full text]
  • Finite-State Abstractions for Probabilistic Computation Tree Logic
    Imperial College London Department of Computing Finite-State Abstractions for Probabilistic Computation Tree Logic Daniel Wagner 2011 Supervised by Dr. Michael Huth Submitted in part fulfilment of the requirements for the degree of Doctor of Philosophy in Computing of Imperial College London and the Diploma of Imperial College London Declaration I herewith certify that all material in this dissertation which is not my own work has been duly acknowledged. Selected results from this dissertation have been disseminated in scientific publications as detailed in Chapter 1.10. Daniel Wagner 2 Abstract Probabilistic Computation Tree Logic (PCTL) is the established temporal logic for probabilistic verification of discrete-time Markov chains. Probabilis- tic model checking is a technique that verifies or refutes whether a property specified in this logic holds in a Markov chain. But Markov chains are of- ten infinite or too large for this technique to apply. A standard solution to this problem is to convert the Markov chain to an abstract model and to model check that abstract model. The problem this thesis therefore stud- ies is whether or when such finite abstractions of Markov chains for model checking PCTL exist. This thesis makes the following contributions. We identify a sizeable frag- ment of PCTL for which 3-valued Markov chains can serve as finite abstrac- tions; this fragment is maximal for those abstractions and subsumes many practically relevant specifications including, e.g., reachability. We also de- velop game-theoretic foundations for the semantics of PCTL over Markov chains by capturing the standard PCTL semantics via a two-player games.
    [Show full text]
  • The Complexity of Generalized Satisfiability for Linear Temporal Logic
    Logical Methods in Computer Science Vol. 5 (1:1) 2009, pp. 1–1–21 Submitted Mar. 28, 2008 www.lmcs-online.org Published Jan. 26, 2009 THE COMPLEXITY OF GENERALIZED SATISFIABILITY FOR LINEAR TEMPORAL LOGIC MICHAEL BAULAND a, THOMAS SCHNEIDER b, HENNING SCHNOOR c, ILKA SCHNOOR d, AND HERIBERT VOLLMER e a Knipp GmbH, Martin-Schmeißer-Weg 9, 44227 Dortmund, Germany e-mail address: [email protected] b School of Computer Science, University of Manchester, Oxford Road, Manchester M13 9PL, UK e-mail address: [email protected] c Inst. f¨ur Informatik, Christian-Albrechts-Universit¨at zu Kiel, 24098 Kiel, Germany e-mail address: [email protected] d Inst. f¨ur Theoretische Informatik, Universit¨at zu L¨ubeck, Ratzeburger Allee 160, 23538 L¨ubeck, Germany e-mail address: [email protected] e Inst. f¨ur Theoretische Informatik, Universit¨at Hannover, Appelstr. 4, 30167 Hannover, Germany e-mail address: [email protected] Abstract. In a seminal paper from 1985, Sistla and Clarke showed that satisfiability for Linear Temporal Logic (LTL) is either NP-complete or PSPACE-complete, depending on the set of temporal operators used. If, in contrast, the set of propositional operators is restricted, the complexity may decrease. This paper undertakes a systematic study of satisfiability for LTL formulae over restricted sets of propositional and temporal opera- tors. Since every propositional operator corresponds to a Boolean function, there exist infinitely many propositional operators. In order to systematically cover all possible sets of them, we use Post’s lattice. With its help, we determine the computational complexity of LTL satisfiability for all combinations of temporal operators and all but two classes of propositional functions.
    [Show full text]
  • Model Checking
    1 MODEL CHECKING Arie Gurfinkel 2 Overview • Kripke structures as models of computation • CTL, LTL and property patterns • CTL model-checking and counterexample generation • State of the Art Model-Checkers 3 SW/HW Correct? Correctness Artifact properties Model Translation Extraction Abstraction Finite Temporal Model logic Model Yes/No + Checker Counter-example 4 Models: Kripke Structures s 0 req req, s1 Conventional state machines busy • K = (V, S, s0, I , R) • V is a (finite) set of atomic s2 s3 propositions busy • S is a (finite) set of states • s0 S is a start state • I: S 2V is a labelling function that maps each state to the set of propositional variables that hold in it • That is, I(S) is a set of interpretations specifying which propositions are true in each state • R S S is a transition relation 5 Propositional Variables Fixed set of atomic propositions, e.g, {p, q, r} Atomic descriptions of a system “Printer is busy” “There are currently no requested jobs for the printer” “Conveyer belt is stopped” Do not involve time! 6 Modal Logic Extends propositional logic with modalities to qualify propositions • “it is raining” – rain • “it will rain tomorrow” – ☐rain • it is raining in all possible futures • “it might rain tomorrow” – ⃟rain • it is raining in some possible futures Modal logic formulas are interpreted over a collection of possible worlds connected by an accessibility relation Temporal logic is a modal logic that adds temporal modalities: next, always, eventually, and until 7 Computation Tree Logic (CTL) CTL: Branching-time
    [Show full text]
  • On Finite Domains in First-Order Linear Temporal Logic Denis Kuperberg, Julien Brunel, David Chemouil
    On Finite Domains in First-Order Linear Temporal Logic Denis Kuperberg, Julien Brunel, David Chemouil To cite this version: Denis Kuperberg, Julien Brunel, David Chemouil. On Finite Domains in First-Order Linear Temporal Logic. 14th International Symposium on Automated Technology for Verification and Analysis, Oct 2016, Chiba, Japan. 10.1007/978-3-319-46520-3_14. hal-01343197 HAL Id: hal-01343197 https://hal.archives-ouvertes.fr/hal-01343197 Submitted on 7 Jul 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. On Finite Domains in First-Order Linear Temporal Logic? Denis Kuperberg1, Julien Brunel2, and David Chemouil2 1 TU Munich, Germany 2 DTIM, Université fédérale de Toulouse, ONERA, France Abstract. We consider First-Order Linear Temporal Logic (FO-LTL) over linear time. Inspired by the success of formal approaches based upon finite-model finders, such as Alloy, we focus on finding models with finite first-order domains for FO-LTL formulas, while retaining an infinite time domain. More precisely, we investigate the complexity of the following problem: given a formula ' and an integer n, is there a model of ' with domain of cardinality at most n? We show that depending on the logic considered (FO or FO-LTL) and on the precise encoding of the problem, the problem is either NP-complete, NEXPTIME-complete, PSPACE- complete or EXPSPACE-complete.
    [Show full text]
  • Lecture Notes on Computations & Computation Tree Logic
    15-414: Bug Catching: Automated Program Verification Lecture Notes on Computations & Computation Tree Logic Matt Fredrikson Andre´ Platzer Carnegie Mellon University Lecture 16 1 Introduction Linear temporal logic is a very important logic for model checking [Eme90, CGP99, BKL08] but has the downside that its verification algorithms are rather complex. To get a good sense of how model checking works, we, thus, consider the closely related but different(!) Computation Tree Logic (CTL) instead. Both LTL and CTL are common in model checking even if they have different advantages and downsides. The main point about LTL is that its semantics fixes a trace and then talks about temporal properties along that particular trace. CTL instead switches to a new trace every time a temporal operator is used. CTL has the advantage of having a pretty simple model checking algorithm. 2 Kripke Structures Definition 1 (Kripke structure). A Kripke frame (W; y) consists of a set W with a transi- tion relation y ⊆ W ×W where s y t indicates that there is a direct transition from s to t in the Kripke frame (W; y). The elements s 2 W are also called states. A Kripke struc- ture K = (W; y; v) is a Kripke frame (W; y) with a mapping v : W ! Σ ! ftrue; falseg assigning truth-values to all the propositional atoms in all states. The program semantics [[α]] which was defined as a relation of initial and final states in Lecture 3 is an example of a Kripke structure. Definition 2 (Computation structure). A Kripke structure K = (W; y; v) is called a computation structure if W is a finite set of states and every element s 2 W has at least one direct successor t 2 W with s y t.
    [Show full text]
  • Modal Mu-Calculi
    Modal Mu-Calculi Julian Bradfield and Colin Stirling Contents 1 Introduction 2 2 Contextual background 2 2.1 Modal logics in program verification 2 2.2 Precursors to modal mu-calculus 4 2.3 The small model property 5 3 Syntax and semantics of modal mu-calculus 5 3.1 Fixpoints as recursion 6 3.2 Approximating fixpoints and µ as ‘finitely’ 6 3.3 Syntax of Lµ 7 3.4 Semantics of Lµ 8 3.5 Examples 9 3.6 Fixpoint regeneration and the ‘fundamental semantic theorem’ 10 3.7 Modal equation systems 12 4 Expressive power 12 4.1 CTL and friends as fragments of Lµ 13 4.2 Bisimulation and tree model property 13 4.3 Lµ and automata 14 4.4 Lµ and games 15 5 Decidability of satisfiability 16 5.1 The aconjunctive fragment 17 5.2 Towards automata 17 5.3 Alternating parity automata 18 5.4 Automaton normal form 20 6 Complete axiomatization 21 7 Alternation 21 8 Bisimulation invariance 23 8.1 Lµ and MSOL 23 8.2 Multi-dimensional Lµ and Ptime 24 8.3 Bisimulation quantifiers and interpolation 25 9 Generalized mu-calculi 25 9.1 Lµ with past 25 9.2 Least fixpoint logic 26 9.3 Finite variable fixpoint logics 26 9.4 Guarded fragments 27 9.5 Inflationary mu-calculus 27 References 28 Preprint submitted to 15 November 2005 1 Introduction Modal mu-calculus is a logic used extensively in certain areas of computer science, but also of considerable intrinsic mathematical and logical interest. Its defining feature is the addition of inductive definitions to modal logic; thereby it achieves a great increase in expressive power, and an equally great increase in difficulty of understanding.
    [Show full text]