15-820A 1 LTL to Büchi Automata Flavio Lerda. 15-820A 2 LTL to Büchi Automata LTL Formulas Subset...

15-820A

1

LTL to Büchi Automata


Flavio Lerda

15-820A

2


LTL Formulas

• Subset of CTL*– Distinct from CTL

• AFG p LTL f CTL . f ≠ AFG p

• Contains a single universal quantifier– The path formula f holds for every path

• Commonly:– A is omitted– G is replaced by (box or always)– F is replaced by (diamond or eventually)

15-820A

3


Examples of LTL formulas

• Always eventually p: p– AGF p or AG AF p

• Always after p eventually q ( p q)– AG (p -> F q) or AG (p -> AF q)

• Fairness– ( p ) – A ((GF p) ) Not a CTL formula

15-820A

4


LTL Semantics

• Derived from the CTL* semantics• Given an infinite execution trace =s0s1…

╞ p p(s0)╞ ¬ ¬( ╞ )

╞ 1 2 ╞ 1 ╞ 2

╞ 1 2 ╞ 1 ╞ 2

╞ i 0 i╞ ╞ i 0 i╞ ╞ 1 U 2i 0 i╞ 2 0 j< i j╞ 1

i is the suffix of starting at si

15-820A

5


Büchi Automata

• Automaton which accepts infinite traces• A Büchi automaton is 4-tupleS, I,, F

– S is a finite set of states– I S is a set of initial states S S is a transition relation– F S is a set of accepting states

• An infinite sequence of states is accepted iff it contains accepting states infinitely often

15-820A

6


Example

S0 S1 S2

1=S0S1S2S2S2S2…

2=S0S1S2S1S2S1…

3=S0S1S2S1S1S1…

ACCEPTED

ACCEPTED

REJECTED

15-820A

7


LTL and Büchi Automata

• LTL formula– Represents a set of infinite traces which

satisfy such formula

• Büchi Automaton– Accepts a set of infinite traces

• We can build an automaton which accepts all and only the infinite traces represented by an LTL formula

15-820A

8


Labeled Büchi Automata

• Given a set of atomic proposition P– Define a labeling function

: S 2P

– Each state is assigned a set of propositions that must be true

• Similar to the labeling for the model M

15-820A

9


Generating Büchi Automata

• We need a procedure to generate a Büchi automaton given an LTL formula– Efficiently

• Formulas are usually small• Büchi automaton exponential in the size of the formula• The cost of model checking is proportional to the size of the

automaton

– Non-deterministic Büchi automata are not equivalent to deterministic Büchi automata

• Cannot use automata minimization algorithms

– Finding the minimal automata is exponential

15-820A

10


Approach

• Formula rewriting– Rewrite the formula in negated normal form– Apply rewriting rules

• Core translation– Turns an LTL formula into a generalized Büchi

automaton

• Degeneralization– Turns a generalized Büchi automaton into a

Büchi automaton

15-820A

11


Rewriting

• Negated normal form– Negation appears only in front of literals– Use the following identities

• ¬¬ = • ¬G = F ¬• ¬F = G ¬• ¬( U ) = (¬) V (¬)• ¬( V ) = (¬) U (¬)

• V (sometimes R) is the Release operator– Dual of Until

15-820A

12


Rewriting

• Additional rewriting rules– They are not guaranteed to yield smaller

automata– The size of the automaton is exponential in

the size of the formula

• Examples– (X ) U (X ) X ( U )– (X ) (X ) X ( )– GF GF GF ( )

15-820A

13


Rewriting

• The core algorithm only handles , , V, U

• Use the following:– F T U – G ¬F ¬ ¬(T U ¬) = F V

15-820A

14


Core Translation

Idea

• Make use of the following U ( X( U ))

V ( X( V ))

15-820A

15


ExampleF p

(T U p)Old:{}New:{T U p}Next:{}

Old:{T U p}New:{T}Next:{T U p}

Old:{T U p}New:{p}Next:{}

Old:{T U p}New:{}Next:{T U p}

Old:{T U p}Next:{T U p}

Old:{T U p, p}New:{}Next:{}

Old:{T U p, p}Next:{}

T pp

Old:{}New:{}Next:{}

Old:{}Next:{}

15-820A

16


Core Translation

• Node– Represent a sub-formula– Contain information about the past, the

present and the future

• State– Represents a state in the final automaton– They are the nodes that have fully expanded

15-820A

17


Core Translation

• Expansion– Select a formula from the New field– If it is a literal, add it to the Old field– Otherwise

(New{},Next{}) and (New{},Next{})

U (New{},New{ U }) and (New{},Next{})

V (New{},New{ V }) and

(New{,},Next{})

U ( X( U )) V ( X( V ))

15-820A

18


Core Translation

• Nodes to states– If a node has no New formulas– Create a new node with all the Next formulas– Create an edge between the two nodes– Check if there is any equivalent state

• With the same Next field• With the same Old field

15-820A

19


Core Translation

• Accepting states– Generalized Büchi automaton

• Multiple accepting sets– One for each Until sub-formula ( U )– Such that

• The Old field doesn’t contain U

or• The Old field does contain

15-820A

20


Degeneralization

• Turn a generalized Büchi automaton into a Büchi automaton

• Consider as many copies of the automaton as the number of accepting sets

• Replace incoming edges from accepting states with edges to the next copy

• Each cycle must go through every copy• Each cycle must contains accepting states from

each accepting set

15-820A

21


Example

T

a b

T

a b

T

1

1,2

2

F a F b

15-820A

22


Example

T

a b

T

a

T

T

a b

T

b

T

15-820A

23


Example

T

a b

T

a

T

T

a b

T

b

T

15-820A

24


Example

T

a b

T

a

T

T

a b

T

15-820A

25


Example

T

a b

T

a

T T

15-820A

26


Example

T

a b

T

a

TT

15-820A

27


Optimizations

• Can be done at each stage• Try to minimize

– The number of states and transitions– The number of accepting states

• Involve– Strongly connected components– Fair (bi)simulation

• Expensive but– The Büchi automaton is usually small– The saving during verification can be very high

Date post:	25-Dec-2015
Category:	Documents
Upload:	clare-bates
View:	232 times
Download:	0 times

15-820A 1 LTL to Büchi Automata Flavio Lerda. 15-820A 2 LTL to Büchi Automata LTL Formulas Subset...

Documents