Compositional Approach to Suspension and Other Improvements to LTL - - PowerPoint PPT Presentation

Compositional Approach to Suspension and Other Improvements to LTL Translation

Tom´ aˇ s Babiak1 Thomas Badie2 Alexandre Duret-Lutz2 Mojm´ ır Kˇ ret´ ınsk´ y1 Jan Strejˇ cek1

1Faculty of Informatics, Masaryk University, Brno, Czech Republic 2LRDE, EPITA, Le Kremlin-Bicˆ

etre, France

SPIN’13, 8–9 July 2013

1 / 16

From LTL to BA: The Big Picture

LTL form.

ϕ

B¨ uchi automaton GFa ∧ GFb 1 2 3 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a

2 / 16

From LTL to BA: The Big Picture

LTL form.

ϕ

LTL rewritings B¨ uchi automaton GFa ∧ GFb G(Fa ∧ Fb) 1 2 3 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a

2 / 16

From LTL to BA: The Big Picture

LTL form.

ϕ

LTL rewritings Core translation B¨ uchi automaton GFa ∧ GFb G(Fa ∧ Fb) ab a¯ b

¯

ab

¯

a¯ b TGBA: Transition-based Generalized B¨ uchi Automaton 1 2 3 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a

2 / 16

From LTL to BA: The Big Picture

LTL form.

ϕ

LTL rewritings Core translation Post- processings B¨ uchi automaton GFa ∧ GFb G(Fa ∧ Fb) ab a¯ b

¯

ab

¯

a¯ b TGBA: Transition-based Generalized B¨ uchi Automaton 1 2 3 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a

2 / 16

From LTL to BA: The Big Picture

LTL form.

ϕ

LTL rewritings Core translation Post- processings B¨ uchi automaton

Our work

GFa ∧ GFb G(Fa ∧ Fb) ab a¯ b

¯

ab

¯

a¯ b TGBA: Transition-based Generalized B¨ uchi Automaton 1 2 3 ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a

2 / 16

From LTL to BA: More Details

◮ Generic workflow: ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions

3 / 16

From LTL to BA: More Details

◮ Generic workflow: ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions

◮ Obligation properties can be translated better!

3 / 16

Temporal Hierarchy

Reactivity Recurrence Persistence Obligation Safety Guarantee Deterministic B¨ uchi Automata Weak B¨ uchi Automata Weak Det. B¨ uchi Automata (WDBA)

• Z. Manna and A. Pnueli. A hierarchy of temporal properties. PODC’90

4 / 16

From LTL to BA: More Details

◮ Generic workflow: ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions

◮ Obligation properties can be translated into

minimal Weak Deterministic B¨ uchi Automata:

ϕ

• Trans. to

TGBA WDBA minimization (WD)BA

• C. Dax, J. Eisinger, and F. Klaedtke. Mechanizing the powerset construction

for restricted classes of ω-automata. ATVA’07

5 / 16

Our Contributions

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA Better translation

• f formulae that contains

suspendable subformulae SCC-aware degeneralization

◮ Better acceptance simplification ◮ BDD-based simulation-based reductions,

with determinism improvement

6 / 16

Our Contributions

This talk

• nly in the paper

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA Better translation

• f formulae that contains

suspendable subformulae SCC-aware degeneralization

◮ Better acceptance simplification ◮ BDD-based simulation-based reductions,

with determinism improvement

6 / 16

Compositional Suspension

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA Better translation

• f formulae that contains

suspendable subformulae

7 / 16

Suspendable Formulae

Pure Eventuality Fµ ≡ µ Purely Universal Gν ≡ ν

• K. Etessami and G. J. Holzmann. Optimizing B¨

uchi Automata. CONCUR’00

8 / 16

Suspendable Formulae

Pure Eventuality Fµ ≡ µ Purely Universal Gν ≡ ν Suspendable Gξ ≡ Fξ ≡ Xξ ≡ ξ

◮ Intuition: subspendable formulae have one F and one G in

each syntactic branch. E.g., all usual fairness constraints:

◮ GFϕ ◮ FGϕ → GFρ ◮ GFϕ → GFρ

• T. Babiak, M. Kˇ

ret´ ınsk´ y, V. ˇ Reh´ ak, and J. Strejˇ

• cek. LTL to B¨

uchi automata translation: Fast and more deterministic. TACAS’12

8 / 16

Suspendable Formulae

Pure Eventuality Fµ ≡ µ Purely Universal Gν ≡ ν Suspendable Gξ ≡ Fξ ≡ Xξ ≡ ξ

◮ Intuition: subspendable formulae have one F and one G in

each syntactic branch. E.g., all usual fairness constraints:

◮ GFϕ ◮ FGϕ → GFρ ◮ GFϕ → GFρ

◮ Key property: a suspendable formula either holds at all steps

• f an execution, or it holds at none.

◮ Consequence: its verification can be “suspended” by any

finite number of steps.

• T. Babiak, M. Kˇ

ret´ ınsk´ y, V. ˇ Reh´ ak, and J. Strejˇ

• cek. LTL to B¨

uchi automata translation: Fast and more deterministic. TACAS’12

8 / 16

Temporal Hierarchy

Reactivity Recurrence Persistence Obligation Safety Guarantee Formulae with suspendable subformulae

9 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd ¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d bcd bd a¯ bcd bcd a¯ bd bd

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc a¯ bc bc

⊤

b a¯ b 4 5

⊤

d d

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d

25

bcd bd a¯ bcd bcd a¯ bd bd

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc a¯ bc bc

⊤

b a¯ b 4 5

⊤

d d

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d

25

bcd bd a¯ bcd bcd a¯ bd bd Suspendable!

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc a¯ bc bc

⊤

b a¯ b 4 5

⊤

d d

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d

25

bcd bd a¯ bcd bcd a¯ bd bd Suspendable! Pointless! No need to check for FGd while

((a U b) R c)

is not in an accepting SCC.

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc a¯ bc bc

⊤

b a¯ b 4 5

⊤

d d

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d

25

bcd bd a¯ bcd bcd a¯ bd bd Reset transitions to be synchronized with transitions out

• f accepting SCCs.

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc a¯ bc bc

⊤

b a¯ b 4 5

⊤

d d

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d a¯ bc bc

10 / 16

Using Suspension During Translation (Intuition)

((a U b) R c) ∧ FGd

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] 4 5

[ξ]

d[ξ] d[ξ]

[ξ] [ξ]

14 24 34 15 35

¯

bc bc a¯ bc

¯

bcd

⊤

d a¯ b b

¯

bcd d a¯ bc bc New atomic proposition so that our special synchronization can be implemented as a synchronous product.

10 / 16

Our Compositional Approach to Suspension

Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

11 / 16

Our Compositional Approach to Suspension

Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′ 3 Remove [ξi] from all transitions that are not in

accepting SCCs.

4 Add [ξi] to transitions that do not have [ξi].

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] 4 5

⊤

d d Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′ 3 Remove [ξi] from all transitions that are not in

accepting SCCs.

4 Add [ξi] to transitions that do not have [ξi]. 5 Translate each ξi into Aξi

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] 4 5

[ξ]

d[ξ] d[ξ]

[ξ] [ξ]

Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′ 3 Remove [ξi] from all transitions that are not in

accepting SCCs.

4 Add [ξi] to transitions that do not have [ξi]. 5 Translate each ξi into Aξi 6 Add [ξi] labels and reset transitions to each

Aξi.

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] 4 5

[ξ]

d[ξ] d[ξ]

[ξ] [ξ]

Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′ 3 Remove [ξi] from all transitions that are not in

accepting SCCs.

4 Add [ξi] to transitions that do not have [ξi]. 5 Translate each ξi into Aξi 6 Add [ξi] labels and reset transitions to each

Aξi.

7 Build the product of all these automata. Strip

[ξi] and [ξi] from the result.

11 / 16

Our Compositional Approach to Suspension

1 2 3

¯

bc[ξ] a¯ bc[ξ]

[ξ]bc [ξ]

b[ξ] a¯ b[ξ] 4 5

[ξ]

d[ξ] d[ξ]

[ξ] [ξ]

Given an LTL formula ϕ: ((a U b) R c) ∧ FGd

1 Rewrite all (maximal) suspendable

subformulae ξi of ϕ as G[ξi]. Call this ϕ′.

ϕ′ = ((a U b) R c) ∧ G[ξ] ξ = FGd

2 Translate ϕ′ as a TGBA Aϕ′ and simplify it. 3 Remove [ξi] from all transitions that are not in

accepting SCCs.

4 Add [ξi] to transitions that do not have [ξi]. 5 Translate each ξi into Aξi and simplify them. 6 Add [ξi] labels and reset transitions to each

Aξi.

7 Build the product of all these automata. Strip

[ξi] and [ξi] from the result.

11 / 16

Compositional Suspension Benefits

◮ Can work on top of any translator. ◮ Largest reduction obtained when Aξi are big, and Aϕ′ have a

lot of non-accepting SCCs.

◮ Suspendable formulae include usual fairness constraints. ◮ Intermediate automata can be simplified independently. ◮ In particular, ϕ′ could be an obligation and Aϕ′ subjected to

WDBA-minimization.

12 / 16

SCC-Aware Degeneralization

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA SCC-aware degeneralization

13 / 16

Classical Degeneralization (TGBA → BA)

1 2 3 4

1 Order the m acceptance sets

F1, F2 . . . , Fm

14 / 16

Classical Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times

14 / 16

Classical Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

14 / 16

Classical Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0.

14 / 16

Classical Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

14 / 16

SCC-Aware Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

We suggest two optimizations:

◮ Level Caching: ◮ Level Reset:

14 / 16

SCC-Aware Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

We suggest two optimizations:

◮ Level Caching: Upon entering an

accepting SCC (of the TGBA), reuse any existing level.

◮ Level Reset:

14 / 16

SCC-Aware Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

We suggest two optimizations:

◮ Level Caching: Upon entering an

accepting SCC (of the TGBA), reuse any existing level.

◮ Level Reset:

14 / 16

SCC-Aware Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

We suggest two optimizations:

◮ Level Caching: Upon entering an

accepting SCC (of the TGBA), reuse any existing level.

◮ Level Reset: Upon leaving an SCC,

reset the level to 0.

14 / 16

SCC-Aware Degeneralization (TGBA → BA)

1,0 2,0 3,0 4,0 1,1 2,1 3,1 4,1 1,2 2,2 3,2 3,2 4,2

1 Order the m acceptance sets

F1, F2 . . . , Fm

2 Duplicate m + 1 times 3 Level i < m redirects outputs from

Fi+1 ∩ Fi+2 ∩ . . . ∩ Fj to level j

4 Wire level m like level 0. 5 Mark level m as accepting.

We suggest two optimizations:

◮ Level Caching: Upon entering an

accepting SCC (of the TGBA), reuse any existing level.

◮ Level Reset: Upon leaving an SCC,

reset the level to 0.

14 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications states transitions time baseline 8207 3928868 114 s

15 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications states transitions time baseline 8207 3928868 114 s + better acceptance simplification 8083 3876308 151 s

15 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions states transitions time baseline 8207 3928868 114 s + better acceptance simplification 8083 3876308 151 s + simulation 3488 782324 178 s

15 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions states transitions time baseline 8207 3928868 114 s + better acceptance simplification 8083 3876308 151 s + simulation 3488 782324 178 s + BA simulation 3371 699096 183 s

15 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions states transitions time baseline 8207 3928868 114 s + better acceptance simplification 8083 3876308 151 s + simulation 3488 782324 178 s + BA simulation 3371 699096 183 s + better degeneralization 3259 727416 181 s

15 / 16

Some Results

100 random formulae of the form ϕi ∧ (GFa → GFb) ∧ (GFc → GFd)

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA ◮ Dead SCCs removal ◮ Acceptance simplifications ◮ Simulation-based reductions ◮ Simulation-based reductions states transitions time baseline 8207 3928868 114 s + better acceptance simplification 8083 3876308 151 s + simulation 3488 782324 178 s + BA simulation 3371 699096 183 s + better degeneralization 3259 727416 181 s + compositional suspension 3091 668768 53 s

15 / 16

Conclusion

ϕ

• Trans. to

TGBA Simplify TGBA Degen- eralize Simplify BA BA Better translation

• f formulae that contains

suspendable subformulae SCC-aware degeneralization

◮ Better acceptance simplification ◮ BDD-based simulation-based reductions,

with determinism improvement

◮ LTL-to-BA translators are already fairly well optimized.

We still managed some improvement.

◮ All these techniques are implemented in Spot 1.1.2. ◮ Compositional suspension can be tested on-line at http://spot.lip6.fr/ltl2tgba.html

16 / 16