CS256/Winter 2009 Lecture #12 Zohar Manna
Chapter 5 Algorithmic Verification (of General Formulas) 12-1
Algorithmic Verification of Finite-state Systems Given finite-state program P , i.e., each x ∈ V assumes only finitely many values in all P -computations. Example: mux-pet1 (Fig. 3.4) is finite-state s = 1 , 2 y 1 = t , f y 2 = t , f π can assume at most 36 different values. We present an algorithm (decision procedure) for establishing properties specified by an arbitrary (quantifier-free) temporal formula. 12-2
Example: Program mux-pet1 (Fig. 3.4) (Peterson’s Algorithm for mutual exclusion) local y 1 , y 2 : boolean where y 1 = f , y 2 = f : integer where s = 1 s loop forever do ℓ 0 : noncritical ℓ 1 : ℓ 2 : ( y 1 , s ) := ( t , 1) P 1 :: ℓ 3 : await ( ¬ y 2 ) ∨ ( s � = 1) ℓ 4 : critical ℓ 5 : y 1 := f � � � � � � loop forever do m 0 : noncritical m 1 : m 2 : ( y 2 , s ) := ( t , 2) P 2 :: m 3 : await ( ¬ y 1 ) ∨ ( s � = 2) m 4 : critical m 5 : y 2 := f 12-3
q ϕ ? Overview Given a temporal formula ϕ 1) Is ϕ satisfiable? i.e., is there a model σ such that σ Apply algorithm for ϕ : YES: ϕ satisfiable produce a model σ satisfying ϕ NO: ϕ unsatisfiable there exists no model σ satisfying ϕ 2) Is ϕ valid? [Is ¬ ϕ unsatisfiable?] Apply algorithm for ¬ ϕ : YES: ¬ ϕ satisfiable = ϕ not valid produce a model σ satisfying ¬ ϕ (counterexample) NO: ¬ ϕ unsatisfiable = ϕ is valid 12-4
q ϕ ? Overview (Cont’d) Given a temporal formula ϕ and a finite-state program P 3) Is ϕ P -satisfiable? i.e., is there a P -computation σ such that σ Apply algorithm for ϕ and P : YES: ϕ P -satisfiable produce a P -computation σ satisfying ϕ NO: ϕ P -unsatisfiable there exists no such computation 12-5
Overview (Cont’d) Given a temporal formula ϕ and a finite-state program P 4) Is ϕ P -valid? [Is ¬ ϕ P -unsatisfiable?] Apply algorithm for ¬ ϕ and P : YES: ¬ ϕ P -satisfiable = ϕ not P -valid (Computation produced is a counterexample) NO: ¬ ϕ P -unsatisfiable = ϕ is P -valid 12-6
q ϕ . Idea of algorithm Construct a directed graph (“tableau”) T ϕ that exactly embeds all models of ϕ , i.e., σ is embedded in T ϕ iff σ Embedding in a graph In the simplest version, the nodes of the graph are la- belled by assertions. A model q σ : s 0 , s 1 , . . . s i , . . . is embedded in the graph if there exists a path π : n 0 , n 1 , . . . n i , . . . (where n 0 is an initial node) such that for all i ≥ 0 , s i satisfies the assertion A i labeling node n i , i.e., s i A i . 12-7
2 0 ( x > 0) Examples: x = 0 embeds all sequences that satisfy ( x = 0) ∧ x > 0 x = 0 embeds all sequences that satisfy ( x = 0) W ( x = 5) x = 5 true 12-8
Example: Construct a graph that embeds exactly all sequences that satisfy p ⇒ p W q ¬ p ∧ ¬ q p ∧ q p ∧ ¬ q ¬ p ∧ q 12-9
0 ( p ∧ ¬ q ) is embedded in the graph (as it 0 ( p ∧ ¬ q ) implies ( p ⇒ p W q ) . 0 ( p ∧ ¬ q ) should be Tableau: Motivation Note that should be since How do we construct a graph that embeds all sequences that satisfy p ⇒ p U q ? Now sequences that satisfy excluded. 12-10
Temporal Tableau vs. ω -Automata To be able to embed exactly all sequences that satisfy a formula like p ⇒ p U q , we need some additional con- ditions on embeddings. The two most popular ways of doing this are: 1. ω -Automata: Add Muller or Streett-like acceptance conditions and interpret the graph as an ω -automaton. 2. Temporal Tableau: In addition to assertions, label the nodes with temporal formulas that determine not only what happens in the current state but also what must happen in the future (i.e., that make promises) and then exclude paths that don’t fulfill their promises. Now we will only use the temproal tableau and we will not further consider the ω -automata approach. We dis- tinguish between 2 types of Temporal Tableaux: Atom Tableau and Particle Tableau. 12-11
Satisfiability of a temporal formula 2 1 0 We consider temporal formulas that consist of t f ¬ ∨ ∧ (logical connectives) U W (temporal operators) Note: In this class we will only deal with future tem- poral operators. The book covers both past and future temporal operators. 12-12
Atom Tableau Closure The closure of a formula ϕ Φ ϕ is the smallest set of formulas satisfying: • ϕ ∈ Φ ϕ • For every ψ ∈ Φ ϕ and subformula ξ of ψ , 0 1 ξ ∈ Φ ϕ 2 • For every ψ ∈ Φ ϕ , ¬ ψ ∈ Φ ϕ ( ¬¬ ψ is considered identical to ψ ) • For every ψ of the form ψ 1 , ψ 1 , ψ 1 U ψ 2 , ψ 1 W ψ 2 , if ψ ∈ Φ ϕ then ψ ∈ Φ ϕ 12-13
1 1 2 1 1 2 1 Definition: Formulas in Φ ϕ are called the closure formulas of ϕ Example: The closure of ϕ 0 : p is Φ ϕ 0 : { p } . p, p, p, ¬ p, ¬ p, ¬ 12-14
0 1 0 1 2 0 2 1 0 1 2 0 2 1 Example: The closure of ϕ 1 : p ∧ ¬ p is Φ ϕ 1 = Φ + ϕ 1 ∪ Φ − ϕ 1 : 0 ϕ 1 , p , ¬ p , p , p , { ¬ p ¬ ϕ 1 , ¬ p , ¬ ¬ p , ¬ p , p , ¬ ¬ ¬ p } 2 2 2 2 Example: The closure of ϕ 2 : ( ¬ p ∨ ( p W q )) � �� � ψ is Φ ϕ 2 = Φ + ϕ 2 ∪ Φ − ϕ 2 : { ϕ 2 , ψ , p , p W q , q , ϕ 2 , ( p W q ) , ¬ ϕ 2 , ¬ ψ , ¬ p , ¬ ( p W q ) , ¬ q , ¬ ϕ 2 , ¬ ( p W q ) } 12-15
Size of Closure The size of the closure is bounded by | Φ ϕ | ≤ 4 | ϕ | 0 where 0 2 0 0 2 0 | Φ ϕ | – # of formulas | ϕ | – size of formula (# of occ. of connectives, operators + # of occ. of propositions, variables) 0 1 Typically a temporal operator contributes 4 formulas to the closure, e.g., for p : p, p, ¬ p, ¬ p and a state formula contributes two, e.g., for p : p, ¬ p ϕ 1 : p ∧ ¬ p Example: | ϕ 1 | = 6 | Φ ϕ 1 | = 12 12 ≤ 4 · 6 12-16
Atoms (Motivation) Atoms are maximal “consistent” subsets of closure formulas that may hold together at some position in the model. 0 2 0 How do we identify consistent subsets? 1 2 1 Intuition: Based on the “Expansion Congruences”. 2 We decompose temporal formulas into what must hold current state, and/or 2 what must hold in the next state. p ≈ p ∧ p p ≈ p ∨ p p U q ≈ q ∨ [ p ∧ ( p U q )] p W q ≈ q ∨ [ p ∧ ( p W q )] 12-17
For this purpose, we classify formulas as • α -formulas (conjunctive flavor) and • β -formulas (disjunctive flavor) based on the top-level connective/operator of the formula. 12-18
0 2 0 α -formulas κ ( α ) α p ∧ q p, q p p, p 0 intended meaning: An α -formula holds at position j 2 0 iff all κ ( α ) -formulas hold at j Example: p holds at position j in σ iff both p and p hold at j 12-19
1 2 1 2 β -formulas 2 κ 1 ( β ) κ 2 ( β ) β p ∨ q p q p p p p U q q p, ( p U q ) p W q q p, ( p W q ) Intended meaning: A β -formula holds at position j 2 iff κ 1 ( β ) -formula holds at j or all κ 2 ( β ) -formulas hold at j (or both) Example: p U q holds at position j iff 12-20 q holds at j or both p and ( p U q ) hold at j
Atoms atom over ϕ ( ϕ -atom) is a subset A ⊆ Φ ϕ satisfying the following requirements: 0 2 0 • R sat : state ( A ) , the conjunction of all state formulas in A is satisfiable • R ¬ : For every ψ ∈ Φ ϕ , ψ ∈ A iff ¬ ψ / ∈ A 2 • R α : For every α -formula ψ ∈ Φ ϕ , ψ ∈ A iff κ ( ψ ) ⊆ A [e.g., p ∈ A iff both p ∈ A and p ∈ A ] • R β : For every β -formula ψ ∈ Φ ϕ , iff κ 1 ( ψ ) ∈ A , ψ ∈ A or κ 2 ( ψ ) ⊆ A (or both) [e.g., p U q ∈ A iff q ∈ A or { p, ( p U q ) } ⊆ A ] 12-21
0 1 Note: Due to R ¬ , ϕ -atom must contain ψ or ¬ ψ for ev- ery ψ of Φ ϕ . Thus the number of formulas in an atom 0 1 2 0 2 1 is always half the number of formulas in the closure. Example: 0 1 2 0 2 1 ϕ 1 : p ∧ ¬ p 0 1 2 0 2 1 closure Φ ϕ 1 : { ϕ 1 , p, ¬ p, p, ¬ p, p ¬ ϕ 1 , . . . } 0 2 0 A : { ϕ 1 , p, ¬ p, p, ¬ p, p } is an atom B : { ϕ 1 , p, ¬ p, p, ¬ ¬ p, ¬ p } ↑ ↑ ↑ is not an atom since by α -table, iff p ∈ B { p, p } ⊆ B 12-22
2 1 Basic Formula 2 1 Definition: A formula is called basic if it is an atomic formula (i.e., no operators or connectives) 0 1 or a formula of the form ψ Example: 2 0 2 1 ϕ 0 : p basic formulas in Φ ϕ 0 : 0 p, p 2 2 Example: ϕ 1 : p ∧ ¬ p basic formulas in Φ ϕ 1 : p, p, ¬ p Example: ϕ 2 : ( ¬ p ∨ ( p W q )) basic formulas in Φ ϕ 2 : ( p W q ) p, q, ϕ 2 , 12-23
Why important? In an atom, the positive/negative presence of the basic formulas uniquely determine the rest of the atom. Thus, if a closure has b basic formulas, then there are 2 b distinct atoms. 12-24
Recommend
More recommend
