Translating Linear Temporal Logic into Büchi Automata

Translating Linear Temporal Logic into Büchi

AutomataPresented by Choi, Chang-

Beom

Content• Overview

– Linear Temporal Logic– Büchi Automata

• Translating LTL formula into Büchi Automata– Local Automaton– Eventuality Automaton– Model Automata

• Further Study

• ReferenceTranslating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab,

KAIST 2/42

Overview

Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST 3/42

• Model checking– Specify requirement properties and build system model– Generate possible states from the model and then check

whether given requirement properties are satisfied within the state space

OK

Error TraceFound

or

TargetProgram

RequirementProperties

Model Check

Overview• A process of Model Checking–Modeling• Build a model of program or system

– Specification• Describe requirement properties

– Verification• Checking that a model of the program or

system satisfies a given specification

Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab,

KAIST 4/42

Overview• How can we model check of a program or

system?– Modeling

• Build a Büchi automaton for a given program or system

– Specification• Describe requirement properties using Temporal

Logic– Verification

• Automatically (semi-automatic)


Model Checker

OverviewProcess of Model Checking


Target Program Requirement

Properties

OverviewLinear Temporal Logic

• LTL is an extension of propositional logic geared to reasoning about infinite sequences of states– Time is viewed as linear

• Each time instant has a unique successor– The sequences considered are isomorphic to the natural

numbers and each state is a propositional interpretation


The living being always, eventually breathe.

Time0 105 …

OverviewSyntax of Linear Temporal Logic

• The formulas of linear temporal logic built from a set of atomic propositions P are following– true, false, p, and ¬p, ∀ p ∈P;– φ1 ∧ φ2, and φ1∨ φ2 are LTL formulas;– ○ φ1, φ1 U φ2, and φ1 Ũ φ2 are LTL formulas

• Sequence σ = σ[0…] = σ0σ[1…] – σ[i] = si– σ[…i] = s0s1…si– σ[i…] = sisi+1…

– The definition of sequence is from “Recognizing Safety and Livness, B. Alpern, F. Schneider”


OverviewTemporal Operators

• Operator ○ – Reads : “next” – Means : at next state

• Operator U– Reads : “strong until”– Means : second argument holds at the current or a future

position, and first argument has to hold until that position

• Operator Ũ– Reads : “weak until”– Means : first argument be true until its second argument is

true (does not require that the second argument ever become true)


OverviewSemantic of Linear Temporal Logic

• DefinitionA transition system M = (S,→,L) is a set of states S endowed with a transition relation → (a binary relation on S), such that every s ∈ S has some s’ ∈ S with s → s’, and a labeling function L :S → P(Atoms)

• Atoms : Atomic Propositions (Atomic description)e.g. : Atoms = {p, q}, P(Atoms)={{}, {p}, {q}, {p, q}}

• L(s) : contains all atoms which are true in state se.g. : L(s0) = {p, q}, L(s1) = {q, r}, L(s2) = {r}


p, qq, r r

s0

s1 s2

• Definition– A path in a model M = (S,→,L) is an

infinite sequence of sate s1, s2, s3, … in S such that, for each i > 1, si → si+1. We write the path π as s1 → s2 → …

• π ≡ σ = σ[0…] = σ[0]σ[1…]



• Operator U– Reads : “strong until”– Means : second argument holds at the current or a

future position, and first argument has to hold until that position


σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U qσ[2…] ⊨ p, σ[2...] ⊭ q, σ[2…] ⊨ p U qσ[3…] ⊭ p, σ[3…] ⊨ q, σ[3…] ⊨ p U qσ[4…] ⊭ p, σ[4…] ⊨ q, σ[4...] ⊨ p U qσ[5...] ⊭ p, σ[5...] ⊭ q, σ[5...] ⊭ p U q

…


• Operator Ũ– Reads : “weak until”– Means : first argument be true until its second argument

is true (does not require that the second argument ever become true)


p

q

p Ũ q0 1 2 3 4 5 6 7 …

σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U qσ[2…] ⊨ p, σ[2…] ⊭ q, σ[2…] ⊨ p U qσ[3…] ⊨ p, σ[3…] ⊭ q, σ[3…] ⊨ p U qσ[4…] ⊨ p, σ[4…] ⊭ q, σ[4…] ⊨ p U qσ[5…] ⊨ p, σ[5…] ⊭ q, σ[5…] ⊨ p U q


• ㅁ φ – always– φ Ũ false– Requires that its argument be true always– At all future points

• ⋄φ– eventually– true U φ– Requires that its argument be true eventually– At some point in the future




• For all, we have σ ⊨ true and σ ⊭ false• For σ ⊨ p for p ∈ P iff p ∈ L(σ[0]) = L(s0)• For σ ⊨ ¬p for p ∈ P iff p ∉ L(σ[0])• σ ⊨ φ1 ∧ φ2, iff σ ⊨ φ1 and σ ⊨ φ2

• σ ⊨ φ1∨ φ2 , iff σ ⊨ φ1 or σ ⊨ φ2


OverviewSemantic of Linear Temporal Logic: Temporal logic• σ ⊨ ○ φ1, iff σ[1] ⊨ φ1

– σ[0…] ⊨ ○ φ1, iff σ[1] ⊨ φ1

• σ[i…] ⊨ φ1 Ũ φ2 iff σ[i] ⊨ φ2 ∨ (σ[i] ⊨ φ1 ∧ σ[i+1…] ⊨ φ1 Ũ φ2)• σ[i…] ⊨ φ1 U φ2 iff σ[i…] ⊨ φ1 Ũ φ2 ∧ ∃j, j≥ i, σ[j] ⊨ φ2

• ㅁ φ = ¬ ⋄¬ φ


Content• Overview



• Further Study


KAIST 17/42

OverviewBüchi Automata

• Büchi Automata – Automata which accepts infinite word

• Büchi Automata m accepts the sequences of program states that are in L(m)



• Definition– A = (Σ, S, S0, ρ, F)

Σ: alphabet (set of program states)S : set of automaton statesS0 : set of initial stateρ : a transition function (S xΣx S) F : a set of accepting states


– A = (Σ, S, S0, ρ, F)– The input of A is infinite w : a0, a1, … (∈ Σω)

– A run is a sequence of states r: s0,s1, … (∈ Sω)• Initiation: s0 ∈ S0

• Consecution : si+1∈ρ(si, ai)

– Accepting run (r = s0,s1, … )• There is some state s ∈ F• An infinite number of integers i ∈ N such that si = s





• S = {q0, q1}• S0 = {q0}• ρ = {(q0,true, q0), (q0, P, q1), (q1,true, q1)• F = {q1}

run : q0, q1, q1, q1, …

Content• Overview



• Conclusion and Further Study


KAIST 22/42

Translating LTL formula into Büchi Automata

Process of translating LTL into Büchi Automata• Create Local Automaton

– Checks that the sequence satisfies all conditions imposed by the formula

– It checks conditions a step by step check on the sequence

• Create Eventuality Automaton– Checks that the eventualities are realized

• The problem is that nothing prevents us from postponing forever the time at which (eventuality) formula will be true

• Eventualities : formulas of the form ⋄φ and φ1 U φ2– ㅁ φ ≡ (φ ∧ ○ ㅁ φ)– ⋄φ ≡ (φ ∨ ○ ⋄ φ)– ¬(φ1 Ũ φ2 )≡ (¬φ1 ∧¬φ2 ∨ (¬φ1 ∧○¬(φ1 Ũ φ2)))

– Determine which eventualities have to be realized

• Compose two automaton



Local Automaton• Closure cl()– Smallest set of formulas satisfying the following

conditions• φ ∈ cl(φ)• φ1 ∧ φ2∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)• φ1 ∨ φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)• φ1 → φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)• ¬ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)• φ1 ∈ cl(φ) ⇒ ¬ φ1 ∈ cl(φ)• ○ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)• ㅁ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)• ⋄ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)• φ1 Ũ φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)



Local Automaton• L = (∑, NL, ρL, Nφ, NL)– ∑ : ∑ ⊂ 2cl(φ)

– s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s

– NL includes all subsets s of cl(φ) that are propositionally consistent. • For every φ1 ∈ cl(φ), we have φ1 ∈ s iff ¬φ1 ∉ s • For every φ1 ∧ φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff

φ1 ∈ s and φ2 ∈ s • For every φ1 ∨ φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff

φ1 ∈ s or φ2 ∈ s• For every φ1 → φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff

¬ φ1 ∈ s or φ2 ∈ sTranslating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab,

KAIST 25/42


Local Automaton• L = (∑, NL, ρL, Nφ, NL)

– If ρL(s, a) is non-empty then a = s• Symbol being read is compatible with the state of the

automaton

– ρL(s, a) must check the next state is compatible with the semantics of the temporal operators ( t ∈ ρL(s, a)) • ∀○φ1 ∈ cl(φ), we have ○φ1 ∈ s iff φ1 ∈ t• ∀ ㅁ φ1 ∈ cl(φ) we have ㅁ φ1 ∈ s iff φ1 ∈ s and ㅁ φ1 ∈ t• ∀⋄φ1 ∈ cl(φ) we have ⋄φ1 ∈ s iff either φ1 ∈ s, or ⋄φ1 ∈ t• ∀φ1 Ũ φ2 ∈ cl(φ) we have φ1 U φ2 ∈ s iff either φ2 ∈ s, or φ1 ∈ s and φ1 Ũ φ2 ∈ t• ∀φ1 U φ2 ∈ cl(φ) we have φ1 U φ2 ∈ s iff either φ1 ⋀ φ2 ∈ s,

or φ2 ∈ s or φ1 U φ2 ∈ t


• L = (∑, NL, ρL, Nφ, NL)– The set Nφ of initial states is the set of

states that include the formula

– The set NL of accpeting states is , the set of all states



Local Automaton

ExampleLocal Automaton : ⋄p

• Closure of ⋄p– cl(⋄p) = {⋄p, p, true,¬ ⋄p, ¬p, false}

• NL= {{⋄p, p, true}, {⋄p, p, false}, {¬ ⋄p, p, true}, {¬ ⋄p, p, false}, {⋄p, ¬p, true}, {⋄p, ¬p, false}, {¬ ⋄p, ¬p, true}, {¬ ⋄p, ¬p,

false}}



ExampleLocal Automaton for ⋄p

{ ⋄p, p, true}

{ ⋄p, p, false}

{¬ ⋄p, p, true}

{¬ ⋄p, p, false}

{ ⋄p, ¬p, true}

{ ⋄p, ¬p, false}

{¬ ⋄p, ¬p, true}

{¬ ⋄p, ¬p, false}

σ ⊭ false


ExampleLocal Automaton for ⋄p (some optimization)

{ ⋄p, p}

{¬ ⋄p, p}

{ ⋄p, ¬p}

{¬ ⋄p, ¬p}

cl(⋄p) = {⋄p, p, ¬ ⋄p, ¬p}NL= {{⋄p, p}, {¬ ⋄p, p}, {⋄p, ¬p}, {¬ ⋄p, ¬p}}

• Eventuality automaton is supposed to check that the eventualities are realized– Check each time a formula of the form (or φ1 U φ2)

• ⋄φ ≡ (φ ∨ ○ ⋄ φ)• ¬(φ1 Ũ φ2) ≡ (¬φ1∧¬φ2)∨ (¬φ2 ∧ ○¬(φ1 Ũ φ2))

– Eventuality automaton starts by finding out which eventualities have to be realized at the initial time instant, then it checks that these are realized



Eventuality Automaton

• F = (∑, 2ev(φ), ρF, {{}}, {{}})– ∑ : ∑ ⊂ 2cl(φ)

– s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s

– The set 2ev(φ) of states is the set of subsets of the eventualities of the formula φ(a state {e1, …, ek} means that the eventualities e1, …, ek still have to be realized)




• F = (∑, 2ev(φ), ρF, {{}}, {{}})– ρF(s,a), t ∈ ρF(s,a)

• s = {}– ∀ ⋄φ ∈ a, one has ⋄φ ∈ t iff φ ∉ a– ∀ ¬(φ1 Ũ φ2 ) ∈ a, one has ¬(φ1 Ũ φ2 ) ∈ t iff ¬φ1∧¬φ2∉ a

• s ≠ {}– ∀ ⋄φ ∈ s, one has ⋄φ ∈ t iff φ ∉ a– ∀ ¬(φ1 Ũ φ2 )∈ s, one has ¬(φ1 Ũ φ2 ) ∈ t iff ¬φ1∧¬φ2 ∉ a

• Initial state : {}• Finial state : {}




ExampleEventuality automaton


⋄p{}

{ ⋄p, p}

{¬ ⋄p, p}{¬ ⋄p, ¬p}

{ ⋄p, ¬p}

{ ⋄p, p}{¬ ⋄p, p}

{¬ ⋄p, ¬p}{ ⋄p, ¬p}

• M = (∑, NM, ρM ,NM0, FM)– NM = NL X 2ev(φ) (Cartesian Product)– (p, q) ∈ ρM((s, t), a) iff

p ∈ ρL(s, a) and q ∈ ρF(t, a) – NM0 = Nφ X {}– FM = NL X {}

• Given two Büchi automata A1 = (∑, S1, ρ1, S01, F1) and A2 = (∑, S2, ρ2, S02, F2), it is possible to build a Büchi automaton accepting the language L(A1) ∩ L(A2)



Composing the two automata

Example Composing the two automata


({⋄p, p}, ⋄p)

({⋄p, ¬p} , ⋄p)

({¬ ⋄p, ¬p} , ⋄p) ({¬ ⋄p, p}, ⋄p)

({⋄p, p}, {})

({⋄p, ¬p} , {})

({¬ ⋄p, ¬p} , {})

({¬ ⋄p, p}, {})

• M = (∑, NM, ρM ,NM0, FM) ⇓

• M’ = (2P, NM, ρM’ ,NM0, FM) – t ∈ ρM’(s, a) iff some b ∈ ∑ such that a =

b∩P and t ∈ ρM(s, b)



The automaton on the 2P

Final automaton for ⋄p


¬pp

¬p

¬pp

true

Content• Overview



• Conclusion and Further Study


KAIST 39/42

Conclusion• # of States– Local Automaton : 2cl(φ) = O(22|φ|)– Eventuality Automaton : 2ev(φ) = O(2|φ|)– Composed Automata : 2cl(φ) X 2ev(φ) =

O(23|φ|)

– |φ| is length of formula φ


Further Study• Translate LTL to Büchi Automata

– Using Alternating Büchi Automata– Tableau Method– On the fly method

• Next Topic?– On-line Algorithm– More specific research on Interactive Systems– Symbolic graph representation: Ordered Binary Decision

Diagram


Reference• On the Relation of Programs and Computations to

Models of Temporal Logic by Pierre Wolper, In Proc. Temporal Logic in Specification, vol. 398 of LNCS, pages 75-123. Springer-Verlag, 1989.

• Constructing Automata from Temporal Logic Formulas: A Tutorial by Pierre Wolper In Lectures on Formal Methods in Performance Analysis, vol. 2090 of LNCS, pages 261-277. Springer-Verlag, July 2001.

• From Modal Logic to Deductive Databasesby A. Thayse et al., Wiley, 1989

• Logic in Computer Science, second editionby M. Huth and M. Ryan, Cambridge press


Complicated Example• Closure of φ = ㅁ⋄ p

– cl(φ) = { ㅁ⋄ p, ¬ ㅁ⋄ p, ⋄p, ¬⋄p, p, ¬p}

• NL= {{ ㅁ⋄ p, ⋄p, p}, {¬ ㅁ⋄ p, ⋄p, p}, { ㅁ⋄ p, ¬ ⋄p, p}, { ㅁ⋄ p, ⋄p, ¬ p }, {¬ ㅁ⋄ p, ¬ ⋄p, p}, {¬ ㅁ⋄ p, ⋄p, ¬p}, { ㅁ⋄ p, ¬ ⋄p, ¬p}, {¬ ㅁ⋄ p, ¬ ⋄p, ¬p}}

= {{ ㅁ⋄ p, ⋄p, p}, {⋄¬ ⋄p, ⋄p, p}, { ㅁ⋄ p, ¬ ⋄p, p}, { ㅁ⋄ p, ⋄p, ¬ p }, {⋄¬ ⋄p, ¬ ⋄p, p}, {⋄¬ ⋄p, ⋄p, ¬p}, { ㅁ⋄ p, ¬ ⋄p, ¬p}, {⋄¬ ⋄p, ¬ ⋄p, ¬p}}



Local Automaton

{ ㅁ⋄ p, ⋄p} { ⋄¬ ⋄p, ⋄p}

{ ㅁ⋄ p, ¬ ⋄p} { ㅁ⋄ p, ⋄p}

{ ⋄¬ ⋄p, ¬ ⋄p} { ⋄¬ ⋄p, ⋄p}

{ ㅁ⋄ p, ¬ ⋄p} { ⋄¬ ⋄p, ¬ ⋄p}


Local Automaton

{ ⋄p, p} { ⋄p, p}

{¬ ⋄p, p} { ⋄p, ¬p}

{¬ ⋄p, p} { ⋄p, ¬p}

{¬ ⋄p, ¬p} {¬ ⋄p, ¬p}


{ ㅁ⋄ p, ⋄p, p} { ⋄¬ ⋄p, ⋄p, p}

{ ㅁ⋄ p, ¬ ⋄p, p} { ㅁ⋄ p, ⋄p, ¬ p }

{ ⋄¬ ⋄p, ¬ ⋄p, p} { ⋄¬ ⋄p, ⋄p, ¬p}

{ ㅁ⋄ p, ¬ ⋄p, ¬p} { ⋄¬ ⋄p, ¬ ⋄p, ¬p}

Local Automaton

Local Automaton


{ ㅁ⋄ p, ⋄p} { ⋄¬ ⋄p, ⋄p}

{ ㅁ⋄ p, ¬ ⋄p} { ㅁ⋄ p, ⋄p}

{ ⋄¬ ⋄p, ¬ ⋄p} { ⋄¬ ⋄p, ⋄p}

{ ㅁ⋄ p, ¬ ⋄p} { ⋄¬ ⋄p, ¬ ⋄p}


{ ⋄p, p} { ⋄p, p}

{¬ ⋄p, p} { ⋄p, ¬p}

{¬ ⋄p, p} { ⋄p, ¬p}

{¬ ⋄p, ¬p} {¬ ⋄p, ¬p}

Local Automaton


Local Automaton

{ ㅁ⋄ p, ⋄p, p} { ⋄¬ ⋄p, ⋄p, p}

{ ㅁ⋄ p, ¬ ⋄p, p} { ㅁ⋄ p, ⋄p, ¬ p }

{ ⋄¬ ⋄p, ¬ ⋄p, p} { ⋄¬ ⋄p, ⋄p, ¬p}

{ ㅁ⋄ p, ¬ ⋄p, ¬p} { ⋄¬ ⋄p, ¬ ⋄p, ¬p}

Eventuality Automaton• ev(φ) = {⋄¬ ⋄p, ⋄p}• 2ev(φ) = {{}, {⋄¬ ⋄p}, {⋄p},

{ ⋄¬ ⋄p,⋄p} = {{¬ ⋄¬ ⋄p, ¬ ⋄p}, {⋄¬ ⋄p,

¬ ⋄p},{¬ ⋄¬ ⋄p, ⋄p}, {⋄¬ ⋄p, ⋄p}}



{}

⋄p


⋄¬ ⋄p

⋄¬ ⋄p⋄p,

{¬ ⋄¬ ⋄p, ¬ ⋄p, p}{¬ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, p}

{ ⋄¬ ⋄p, ⋄p, ¬p}

{¬ ⋄¬ ⋄p, ⋄p, ¬ p }

{ ⋄¬ ⋄p, ⋄p, p}

{¬ ⋄¬ ⋄p, ⋄p, p}


{}

⋄p


⋄¬ ⋄p

⋄¬ ⋄p⋄p,

{¬ ⋄¬ ⋄p, ¬ ⋄p, p}

{¬ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, p}

{ ⋄¬ ⋄p, ⋄p, ¬p}

{¬ ⋄¬ ⋄p, ⋄p, ¬p}

{ ⋄¬ ⋄p, ⋄p, p}

{¬ ⋄¬ ⋄p, ⋄p, p}


{}

⋄p


⋄¬ ⋄p

⋄¬ ⋄p⋄p,

{¬ ⋄¬ ⋄p, ¬ ⋄p, p}

{¬ ⋄¬ ⋄p, ¬ ⋄p, ¬p}{ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, p}

{ ⋄¬ ⋄p, ⋄p, ¬p}

{¬ ⋄¬ ⋄p, ⋄p, ¬p}

{ ⋄¬ ⋄p, ⋄p, p}{¬ ⋄¬ ⋄p, ⋄p, p}


{}

⋄p


⋄¬ ⋄p

⋄¬ ⋄p⋄p,

{¬ ⋄¬ ⋄p, ¬ ⋄p, p}

{¬ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, ¬p}

{ ⋄¬ ⋄p, ¬ ⋄p, p}

{ ⋄¬ ⋄p, ⋄p, ¬p}{¬ ⋄¬ ⋄p, ⋄p, ¬p}

{ ⋄¬ ⋄p, ⋄p, p}{¬ ⋄¬ ⋄p, ⋄p, p}

Combining Automata


⋄¬ ⋄p

⋄¬ ⋄p, ⋄p

⋄p

{}

Date post:	19-Mar-2016
Category:	Documents
Upload:	palani
View:	56 times
Download:	0 times

Translating Linear Temporal Logic into Büchi Automata

Documents