3 COMP 1 5 9 3 Algorithmic Verification Timed CTL and TCTL C - - PowerPoint PPT Presentation

TCTL TCTLC

COMP 3 9 1 5 3 Algorithmic Verification

Timed CTL and TCTLC

• Dr. Liam O’Connor

CSE, UNSW (and LFCS, University of Edinburgh) Term 1 2020

1

TCTL TCTLC

Timed Logic

Timed CTL TCTL is CTL with clock constraints (as in TA) attached to U (and derived operators).

2

TCTL TCTLC

Timed Logic

Timed CTL TCTL is CTL with clock constraints (as in TA) attached to U (and derived operators). Note: The next-state operator X has no meaning in dense time.

3

TCTL TCTLC

Timed Logic

Timed CTL TCTL is CTL with clock constraints (as in TA) attached to U (and derived operators). Note: The next-state operator X has no meaning in dense time. Syntax ϕ ::= p | ¬ϕ | ϕ ∧ ϕ |

4

TCTL TCTLC

Timed Logic

Timed CTL TCTL is CTL with clock constraints (as in TA) attached to U (and derived operators). Note: The next-state operator X has no meaning in dense time. Syntax ϕ ::= p | ¬ϕ | ϕ ∧ ϕ | E ϕ U∼c ϕ | A ϕ U∼c ϕ Where p ∈ P is an atomic proposition and (∼) ∈ {<, ≤, =, ≥, >}.

5

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures).

6

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state).

7

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s,

8

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ.

9

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ. s | = p ⇔ p ∈ L(s)

10

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ. s | = p ⇔ p ∈ L(s) s | = A ϕ U∼k ψ ⇔ ∀ρ ∈ Exec(s). ρ | = ϕ U∼k ψ

11

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ. s | = p ⇔ p ∈ L(s) s | = A ϕ U∼k ψ ⇔ ∀ρ ∈ Exec(s). ρ | = ϕ U∼k ψ s | = E ϕ U∼k ψ ⇔ ∃ρ ∈ Exec(s). ρ | = ϕ U∼k ψ

12

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ. s | = p ⇔ p ∈ L(s) s | = A ϕ U∼k ψ ⇔ ∀ρ ∈ Exec(s). ρ | = ϕ U∼k ψ s | = E ϕ U∼k ψ ⇔ ∃ρ ∈ Exec(s). ρ | = ϕ U∼k ψ

13

TCTL TCTLC

TCTL Semantics

Semantics are defined on a timed transition system. Timed Transition Systems A TTS is a timed automaton with a labelling function L associating sets of atomic propositions to states (analogous to Kripke structures). Our modelling relation is defined on a configuration (state). Let Exec(s) be the set of executions from configuration s, and Dur(p|≤k) be the sum of delays along the prefix ρ|≤k of the execution ρ. s | = p ⇔ p ∈ L(s) s | = A ϕ U∼k ψ ⇔ ∀ρ ∈ Exec(s). ρ | = ϕ U∼k ψ s | = E ϕ U∼k ψ ⇔ ∃ρ ∈ Exec(s). ρ | = ϕ U∼k ψ ρ | = ϕ U∼k ψ ⇔ ∃i. Dur(ρ|≤i) ∼ k ∧ ρi | = ψ ∧ ∀j < i. ρj | = ϕ

14

TCTL TCTLC

Derived Operators

Standard U is just U≥0.

15

TCTL TCTLC

Derived Operators

Standard U is just U≥0. Path formulae F∼k and G∼k are similar to normal CTL:

16

TCTL TCTLC

Derived Operators

Standard U is just U≥0. Path formulae F∼k and G∼k are similar to normal CTL: F∼k ϕ ≡ True U∼k ϕ G∼k ϕ ≡ ¬F∼k ¬ϕ

17

TCTL TCTLC

Derived Operators

Standard U is just U≥0. Path formulae F∼k and G∼k are similar to normal CTL: F∼k ϕ ≡ True U∼k ϕ G∼k ϕ ≡ ¬F∼k ¬ϕ Definition A timed automaton A satisfies a formula ϕ, written A | = ϕ iff its initial configuration (q0, 0) satisfies ϕ i.e. (q0, 0) | = ϕ.

18

TCTL TCTLC

Derived Operators

Standard U is just U≥0. Path formulae F∼k and G∼k are similar to normal CTL: F∼k ϕ ≡ True U∼k ϕ G∼k ϕ ≡ ¬F∼k ¬ϕ Definition A timed automaton A satisfies a formula ϕ, written A | = ϕ iff its initial configuration (q0, 0) satisfies ϕ i.e. (q0, 0) | = ϕ. Example The alarm is activated at most 10 time units after a problem

• ccurs.

19

TCTL TCTLC

Derived Operators

Standard U is just U≥0. Path formulae F∼k and G∼k are similar to normal CTL: F∼k ϕ ≡ True U∼k ϕ G∼k ϕ ≡ ¬F∼k ¬ϕ Definition A timed automaton A satisfies a formula ϕ, written A | = ϕ iff its initial configuration (q0, 0) satisfies ϕ i.e. (q0, 0) | = ϕ. Example The alarm is activated at most 10 time units after a problem

• ccurs.

AG(problem ⇒ AF≤10 alarm)

20

TCTL TCTLC

Converting to Automata

Let’s try to construct a timed (B¨ uchi) automaton that accepts all timed words that satisfy this property: AG(problem ⇒ AF≤10 alarm) How do we know where to introduce clocks?

21

TCTL TCTLC

TCTLC

TCTL is CTL with explicit clock constraints and reset. Syntax ϕ ::= x ∼ k | x.ϕ | p | ¬ϕ | ϕ ∧ ϕ | E ϕ U ϕ | A ϕ U ϕ Where x ∈ X is a clock variable and (∼) ∈ {<, ≤, =, ≥, >}. x.ϕ is a clock reset.

22

TCTL TCTLC

TCTLC

TCTL is CTL with explicit clock constraints and reset. Syntax ϕ ::= x ∼ k | x.ϕ | p | ¬ϕ | ϕ ∧ ϕ | E ϕ U ϕ | A ϕ U ϕ Where x ∈ X is a clock variable and (∼) ∈ {<, ≤, =, ≥, >}. x.ϕ is a clock reset. Example (Alarm) How do we express: AG(problem ⇒ AF≤10 alarm) in TCTLC?

23

TCTL TCTLC

Expressivity

Result All TCTL formulae are expressive in TCTL by introducing a fresh clock for each constrained operator: E ϕ U∼k ψ ≡ (x. E ϕ U (ψ ∧ x ∼ k))

24

TCTL TCTLC

Expressivity

Result All TCTL formulae are expressive in TCTL by introducing a fresh clock for each constrained operator: E ϕ U∼k ψ ≡ (x. E ϕ U (ψ ∧ x ∼ k)) The converse direction does not hold (Bouyer et al. 2005):

• x. EF(ϕ ∧ x < 1 ∧ EG(x < 1 ⇒ ¬ψ))

cannot be expressed in TCTL.

25

TCTL TCTLC

Model Checking

Same techniques as reachability:

1

Convert timed system A to discrete systems A′ via region automata.

26

TCTL TCTLC

Model Checking

Same techniques as reachability:

1

Convert timed system A to discrete systems A′ via region automata.

2

Convert TCTLC formula ϕ to standard CTL formula ϕ′ on region automata.

27

TCTL TCTLC

Model Checking

Same techniques as reachability:

1

Convert timed system A to discrete systems A′ via region automata.

2

Convert TCTLC formula ϕ to standard CTL formula ϕ′ on region automata.

3

A | = ϕ ⇐ ⇒ A′ | = ϕ′, so apply standard CTL model checking.

28

TCTL TCTLC

Model Checking

Same techniques as reachability:

1

Convert timed system A to discrete systems A′ via region automata.

2

Convert TCTLC formula ϕ to standard CTL formula ϕ′ on region automata.

3

A | = ϕ ⇐ ⇒ A′ | = ϕ′, so apply standard CTL model checking.

4

Checking is still PSPACE complete.

29

TCTL TCTLC

UPPAAL

A mature model checking framework for timed transition systems.

• B. Srivathsan has released a video lecture on using UPPAAL on

several examples here: https://www.youtube.com/watch?v=tUSxi_rSXwo

30