advanced logic linear temporal logic computation tree
play

Advanced Logic Linear Temporal Logic Computation Tree Logic - PowerPoint PPT Presentation

Nov 10, 2022 •186 likes •1.26k views

Advanced Logic Linear Temporal Logic Computation Tree Logic Daniel Gebler VU University Amsterdam March 11, 2013 Overview Linear temporal logic (LTL): describes properties of paths (individual executions) no modalities to

  1. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended ? | = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended

  2. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended

  3. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended ? | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  4. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended M | = G ( ¬ extended → X extended) M , s 3 | = G extended ? | = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  5. LTL: Models M , s | = φ if φ is satisfied on every path starting at s . M | = φ if φ is satisfied on every path starting from the initial state. release s 1 s 2 s 3 pull breaks extended extended, malfunction Which of the states satisfies the following? M , s 1 , s 3 | = X extended M , s 3 | = F G extended M , s 2 , s 3 | = X X extended M , s 1 , s 2 , s 3 �| = ¬ F G extended M , s 1 , s 2 , s 3 | = F extended M | = G ( ¬ extended → X extended) M , s 3 | = G extended M , s 1 , s 2 , s 3 �| = G (extended → X ¬ extended) M , s 1 , s 2 , s 3 | = G F extended Note that: M �| = F G extended and M �| = ¬ F G extended !

  6. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths

  7. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  8. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  9. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  10. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  11. LTL: Equivalence of Formulas LTL formulas φ and ψ are semantically equivalent, denoted by φ ≡ ψ , if they are true for the same paths Which of the following are semantically equivalent? X ( φ ∨ ψ ) ≡ X φ ∨ X ψ F F φ ≡ F φ X ( φ ∧ ψ ) ≡ X φ ∧ X ψ G G φ ≡ G φ F ( φ ∧ ψ ) ≡ F φ ∧ F ψ F G φ ≡ G F φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ ¬ F φ ≡ G ¬ φ G ( φ ∧ ψ ) ≡ G φ ∧ F ψ ¬ G φ ≡ F ¬ φ G ( φ ∨ ψ ) ≡ G φ ∨ F ψ F φ ≡ φ ∨ X (F φ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) G φ ≡ φ ∧ X (G φ ) ρ U ( φ ∧ ψ ) ≡ ( ρ U φ ) ∧ ( ρ U ψ ) φ U ψ ≡ φ U ( φ U ψ )

  12. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P

  13. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P Q P non critical non critical . . . . . . C Q critical section C P critical section . . . . . . non critical non critical To solve conflicts: processes agree on a negotiation protocol. ◮ mutual exclusion: never more than one process in the critical section

  14. Mutual Exclusion ◮ multiple processes ◮ a shared resource that can only be used by one process at a time shared resource process Q process P Q P non critical non critical . . . . . . C Q critical section C P critical section . . . . . . non critical non critical To solve conflicts: processes agree on a negotiation protocol. ◮ mutual exclusion: never more than one process in the critical section G ¬ ( C Q ∧ C P )

  15. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1

  16. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1

  17. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0

  18. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0

  19. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0

  20. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1

  21. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0

  22. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  23. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  24. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p1, C Q ,0 p1,q4,0

  25. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p1,q4,0

  26. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p2, C Q ,0 p1,q4,0

  27. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p1,q4,0

  28. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 C P ,q2,0 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p1,q4,0

  29. Mutual Exclusion: Attempt 1 ◮ boolean variable free = 1 Q P loop forever loop forever p1: wait for free = 1 q1: wait for free = 1 p2: free = 0 q2: free = 0 C P : critical section C Q : critical section p4: free = 1 q4: free = 1 For such a program we compute the state space: p1,q1,1 p2,q1,1 C P ,q1,0 p4,q1,0 p1,q2,1 p2,q2,1 C P ,q2,0 p4,q2,0 p1, C Q ,0 p2, C Q ,0 C P , C Q ,0 p4, C Q ,0 p1,q4,0 p2,q4,0 C P ,q4,0 p4,q4,0

  30. Model Checking Formalize the system design 1 Formalize the validation requirements 2 Validate: system meets requirements 3 Req 1 Req 2 System � Reqs System design . . . Promela or Embedded C Req n SPIN engine LTL Verification process

  31. Mutual Exclusion: Peterson ◮ boolean variables x = 0, y = 0, t = 0 Q P loop forever loop forever p1: x = 1 q1: y = 1 p2: turn = 1 q2: turn = 0 p3: wait for y = 0 or t = 0 q3: wait for x = 0 or t = 1 C P : critical section C Q : critical section p4: x = 0 q4: y = 0

  32. LTL: Applications Safety properties ◮ “nothing bad ever happens” G ¬ (reactor temperature > 1000) ◮ invariant: “ a is always false” Liveness properties ◮ “something good will eventually happen” G (ordered → F delivered) ◮ termination: “the system will eventually terminate” ◮ response: “if action a occurs then b eventually will occur” Deadlock freeness ◮ deadlock state: “a state where no actions are possible” ◮ no deadlocks: there is always some next state G ( ¬ terminated → X ⊤ )

  33. Industrial Case Studies I Figure: After Flood Disaster (1953), Maeslant Barrier (Maeslantkering)

  34. Industrial Case Studies: Flood Control Verification of the interface between BOS and BESW: ◮ Beslis- en Ondersteunend Systeem (BOS) ◮ BEsturingsSysteem Waterweg (BESW) ◮ BOS takes the decision to move the barrier ◮ BESW performs this task Even deadlocks were found in BESW!

  35. Industrial Case Studies II Figure: NASA Mission Critical Software: Cassini, Mars Rovers, Deep Impact

  36. Industrial Case Studies III

  37. State Space Explosion

  38. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states

  39. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states.

  40. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states.

  41. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states. This is the state space explosion problem.

  42. State Space Explosion ◮ Assume A 1 , A 2 , . . . are a processes each having 10 states ◮ Then A 1 and A 2 together have 100 states. ◮ Then A 1 , . . . , A n together have 10 n states. This is the state space explosion problem.

  43. Computation Tree Logic (CTL) Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  44. Computation Tree Logic (CTL) Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  45. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  46. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1

  47. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2

  48. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ

  49. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3

  50. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ

  51. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ M , s | = EX φ ( φ holds in some next state) 4

  52. Computation Tree Logic (CTL) exists globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ where p ∈ Ω exists until exists next The formula φ holds model M at state s , M , s | = φ , is defined by: as usual: M , s | = ⊤ , M , s | = p , M , s | = ¬ φ , M , s | = φ 1 ∧ φ 2 1 M , s | = φ EU ψ ( φ until ψ holds on some path starting from s ) 2 iff there is a path s = s 1 → s 2 → . . . , such that for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ M , s | = EG φ ( φ holds globally on some path starting from s ) 3 iff there is a path s = s 1 → s 2 → . . . such that for all i ≥ 1, M , s i | = φ M , s | = EX φ ( φ holds in some next state) 4 iff ( M , s 2 ) | = φ for some s 2 such that s → s 2

  53. CTL: Extensions Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω

  54. CTL: Extensions Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until

  55. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until

  56. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next

  57. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1

  58. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ

  59. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ

  60. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2

  61. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2

  62. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ

  63. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3

  64. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3 iff for all paths s = s 1 → s 2 → . . . we have: for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ

  65. CTL: Extensions always globally Computation Tree Logic (CTL) is defined by: φ ::= p | ⊤ | ¬ φ | φ ∧ φ | φ EU φ | EG φ | EX φ | φ AU φ | AG φ | AX φ where p ∈ Ω always until always next M , s | = AG φ ( φ holds globally on all paths starting from s ) 1 iff for all paths s = s 1 → s 2 → . . . we have: for all i ≥ 1, M , s i | = φ AG φ = ¬ EF ¬ φ M , s | = AX φ ( φ holds in all next states) 2 iff ( M , s 2 ) | = φ for all s 2 such that s → s 2 AX φ = ¬ EX ¬ φ M , s | = φ AU ψ ( φ until ψ holds on all paths starting from s ) 3 iff for all paths s = s 1 → s 2 → . . . we have: for some i ≥ 1, M , s i | = ψ and for all j < i , M , s j | = φ φ AU ψ = ¬ ( ¬ ψ EU ( ¬ φ ∧ ¬ ψ )) ∧ ¬ EG ¬ ψ

  66. CTL: Examples Which of the states satisfies the following? s 1 ? | = AF t ? | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  67. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t ? | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  68. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r ? | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  69. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 ? | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  70. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r ? | = AX q ? | = EF q s 4 q , r

  71. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r M , s 2 , s 3 | = AX q ? | = EF q s 4 q , r

  72. CTL: Examples Which of the states satisfies the following? s 1 M , s 2 , s 3 , s 4 | = AF t M , s 3 | = ¬ EG r r M , s 2 , s 3 , s 4 | = t EU q s 2 s 3 M , s 1 , s 2 , s 3 | = EX q p , q p , t , r M , s 2 , s 3 | = AX q M , s 1 , s 2 , s 3 , s 4 | = EF q s 4 q , r

  73. CTL: Examples s 1 r Which of the states satisfies the following? s 2 s 3 ? | = AG (EF p ) q p ? | = AG (( q ∨ r ) AU p ) ? | = AG (EF ( q ∧ r )) s 4 q , r s 5 p

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk

Formal Verifjcation Lecture 5: Computation Tree Logic (CTL) Jacques Fleuriot 1 jdf@inf.ac.uk 1With thanks to Bob Atkey for some of the diagrams. Recap Previously: Linear-time Temporal Logic Tiis time: A branching-time logic:

723 views • 35 slides
Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

EECS 294-98: Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture Linear Temporal Logic Signal Temporal Logic (by Alex Donze) S. A. Seshia 2 Behavior, Run, Computation Path Define in

767 views • 28 slides
Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola

Tree-shaped one-pass tableau systems for Linear Temporal Logic satisfiability checking Nicola Gigante University of Udine, Italy Joint work with Angelo Montanari, Mark Reynolds, Luca Geatti The need for formal verification Safety-critical

489 views • 47 slides
Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland

Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland

Temporal Logic of Actions Temporal Logic of Actions Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Temporal Logic of Actions Outline Basic Concepts Transition Systems Temporal Operators Fairness

480 views • 32 slides
Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap

Formal Verifjcation Lecture 2: Linear Temporal Logic Jacques Fleuriot jdf@inf.ed.ac.uk Recap Previously: Model Checking, and an informal introduction to LTL Tiis time: Linear Temporal Logic Syntax Semantics Equivalences

228 views • 21 slides
Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic

Hoare Logic and Model Checking Model Checking Lecture 10: Computation Tree Logic (CTL) Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge Academic year

1.15k views • 48 slides
Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.5 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

2.06k views • 183 slides
Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

1.95k views • 194 slides
Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL

Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL

Programming in Linear Temporal Logic Wolfgang Jeltsch The Temporal CurryHoward Programming in Linear Temporal Logic Correspondence Categorical Semantics for Restricted LTL and FRP Wolfgang Jeltsch Hybrid Signals Functional Reactive

285 views • 25 slides
Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic Promela Critical Sections Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Linear Temporal Logic Promela Critical Sections Where

569 views • 35 slides
Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of

Linear Temporal Logic Promela Critical Sections Linear Temporal Logic, Critical Sections and Promela Modelling Dr. Liam OConnor University of Edinburgh LFCS (and UNSW) Term 2 2020 1 Linear Temporal Logic Promela Critical Sections Where

1.12k views • 98 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen,

Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen,

Temporal and Modal Logic Based on paper: E.A. Emerson. Temporal and Modal Logic J. van Leeuwen, editor, Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics, pages 9951072, Elsevier, 1990. Temporal and Modal

554 views • 27 slides
Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata

Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata

ormal ethods roup Linear Temporal Logics and Grammars Joachim Baran The University of Manchester April 2006 Overview Word Systems Regular expressiveness Linear temporal logic B uchi-automata Right-linear grammars TL,

512 views • 33 slides
Informatics 1 connections between Computation and Logic computation and logic. We Sets of

Informatics 1 connections between Computation and Logic computation and logic. We Sets of

This course provides a first glimpse of the deep Informatics 1 connections between Computation and Logic computation and logic. We Sets of States: Venn Diagrams and Truth Tables will focus primarily on the Michael Fourman @mp4man simplest

322 views • 11 slides
INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for

INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for

INF5140 Specification and Verification of Parallel Systems Spring 2018 Institutt for informatikk, Universitetet i Oslo February 16, 2018 1 / 47 Linear-Time Temporal Logic (LTL) Introduction Temporal Logic? Temporal logic is the logic of

515 views • 47 slides
L ECTURE IV: C OMPUTATION T REE L OGIC (CTL) Alessandro Artale Faculty of Computer Science

L ECTURE IV: C OMPUTATION T REE L OGIC (CTL) Alessandro Artale Faculty of Computer Science

F ORMAL M ETHODS L ECTURE IV: C OMPUTATION T REE L OGIC (CTL) Alessandro Artale Faculty of Computer Science Free University of Bolzano artale@inf.unibz.it http://www.inf.unibz.it/ artale/ Some material (text, figures) displayed in these

782 views • 41 slides
Nanoclusters Nanoparticle vs. Nanocluster 2-3 nm Nanoclusters Nanoparticles No surface plasmon

Nanoclusters Nanoparticle vs. Nanocluster 2-3 nm Nanoclusters Nanoparticles No surface plasmon

Nanoclusters Nanoparticle vs. Nanocluster 2-3 nm Nanoclusters Nanoparticles No surface plasmon resonance Prominent SPR http://www.sigmaaldrich.com/materials- science/nanomaterials/gold-nanoparticles.html

302 views • 15 slides
Developments in Particle Therapy using Nuclear Science and Technology Helsinki, NUSPRASEN

Developments in Particle Therapy using Nuclear Science and Technology Helsinki, NUSPRASEN

WIR SCHAFFEN WISSEN HEUTE FR MORGEN Marco Schippers, Paul Scherrer Institut, Villigen Developments in Particle Therapy using Nuclear Science and Technology Helsinki, NUSPRASEN workshop, November 26, 2019 Helsinki, Nov 2019 1

335 views • 29 slides
OWCM: One-Way Counter Mode Danilo Gligoroski and Hristina Mihajloska and Hkon Jacobsen

OWCM: One-Way Counter Mode Danilo Gligoroski and Hristina Mihajloska and Hkon Jacobsen

1 OWCM: One-Way Counter Mode Danilo Gligoroski and Hristina Mihajloska and Hkon Jacobsen Department of Telematics, Faculty of Information Technology, Mathematics and Electrical Engineering Norwegian University of Science and

1.1k views • 45 slides
CTL vs. LTL Robert Bellarmine Krug Department of Computer Sciences University of Texas at Austin

CTL vs. LTL Robert Bellarmine Krug Department of Computer Sciences University of Texas at Austin

CTL vs. LTL Robert Bellarmine Krug Department of Computer Sciences University of Texas at Austin May 25, 2010 Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs. LTL CTL vs. LTL (2 / 40) Outline 1. Some Definitions And

858 views • 40 slides
Computation Tree Logic B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Computation Tree Logic B. Srivathsan Chennai Mathematical Institute Model Checking and Systems

Computation Tree Logic B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2016 1 / 35 Module 1: Tree behaviour of a transition system 2 / 35 { p 1 } { p 2 } s 0 s 1 Transition System s 3 s 2

1.79k views • 150 slides
Model Checking and Predicate Abstrac5on CSE 501 Spring

Model Checking and Predicate Abstrac5on CSE 501 Spring

Model Checking and Predicate Abstrac5on CSE 501 Spring 15 1 With slides from Emina Torlak (507) Course Outline Sta5c analysis Language design Program

813 views • 52 slides
Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or

Temporal Logic and Model Checking Model mathematical structure extracted from hardware or software Temporal logic provides a language for specifying functional properties Model checking checks whether a given property holds

1.56k views • 131 slides

More recommend