ϕ CTL (Clarke & Emerson 81) Definition: Computation Tree Logic CTL(AP , X , U ) Basics of Verification 1 Syntax: https://wikimpri.dptinfo.ens-cachan.fr/doku.php?id=cours:c-1-22 ϕ ::= ⊥ | p ( p ∈ AP) | ¬ ϕ | ϕ ∨ ϕ | EX ϕ | AX ϕ | E ϕ U ϕ | A ϕ U ϕ The semantics is inherited from CTL ∗ . Thomas Chatain Remark: All CTL formulae are state formulae chatain@lsv.ens-cachan.fr ] M = { s ∈ S | M, s | [ [ ϕ ] = ϕ } http://www.lsv.ens-cachan.fr/~chatain/ Examples: Macros MPRI – M1 2014 – 2015 ◮ EF ϕ = E ⊤ U ϕ and AG ϕ = ¬ EF ¬ ϕ ◮ AF ϕ = A ⊤ U ϕ and EG ϕ = ¬ AF ¬ ϕ ◮ AG (req → EF grant) ◮ AG (req → AF grant) 1 Thanks to Paul Gastin for previous versions of this material CTL (Clarke & Emerson 81) CTL (Clarke & Emerson 81) Example: p, r p, r p, q Definition: Semantics 5 6 7 8 All CTL -formulae are state formulae. Hence, we have a simpler semantics. Let M = ( S, T, I, AP , ℓ ) be a Kripke structure without deadlocks and let s ∈ S . M, s | p ∈ ℓ ( s ) = p if ∃ s → s ′ with M, s ′ | 1 2 3 4 M, s | = EX ϕ if = ϕ ∀ s → s ′ we have M, s ′ | q p, q q r M, s | = AX ϕ if = ϕ M, s | = E ϕ U ψ if ∃ s = s 0 → s 1 → s 2 → · · · s k finite path, with [ [ EX p ] ] = { 1 , 2 , 3 , 5 , 6 } M, s k | = ψ and M, s j | = ϕ for all 0 ≤ j < k [ [ AX p ] ] = { 3 , 6 } M, s | = A ϕ U ψ if ∀ s = s 0 → s 1 → s 2 → · · · infinite paths, ∃ k ≥ 0 with [ [ EF p ] ] = { 1 , 2 , 3 , 4 , 5 , 6 , 7 , 8 } M, s k | = ψ and M, s j | = ϕ for all 0 ≤ j < k [ [ AF p ] ] = { 2 , 3 , 5 , 6 , 7 } [ [ E q U r ] ] = { 1 , 2 , 3 , 4 , 5 , 6 } ] = { 2 , 3 , 4 , 5 , 6 } [ [ A q U r ] CTL (Clarke & Emerson 81) Model checking of CTL Definition: Existential and universal model checking Let M = ( S, T, I, AP , ℓ ) be a Kripke structure and ϕ ∈ CTL a formula. Remark: Equivalent formulae ◮ AX ϕ ≡ ¬ EX ¬ ϕ , M | = ∃ ϕ if M, s | = ϕ for some s ∈ I . M | = ∀ ϕ if M, s | = ϕ for all s ∈ I . ◮ ¬ ( ϕ U ψ ) ≡ G ¬ ψ ∨ ( ¬ ψ U ( ¬ ϕ ∧ ¬ ψ )) Remark: ◮ A ϕ U ψ ≡ ¬ EG ¬ ψ ∧ ¬ E ( ¬ ψ U ( ¬ ϕ ∧ ¬ ψ )) M | = ∃ ϕ iff I ∩ [ [ ϕ ] ] � = ∅ ◮ AG (req → F grant) ≡ AG (req → AF grant) M | = ∀ ϕ iff I ⊆ [ [ ϕ ] ] ◮ A G F ϕ ≡ AG AF ϕ infinitely often M | = ∀ ϕ iff M �| = ∃ ¬ ϕ ◮ E F G ϕ ≡ EF EG ϕ ultimately Definition: Model checking problems MC ∀ CTL and MC ∃ CTL ◮ EG EF ϕ �≡ E G F ϕ �≡ EG AF ϕ Input: A Kripke structure M = ( S, T, I, AP , ℓ ) and a formula ϕ ∈ CTL ◮ AF AG ϕ �≡ A F G ϕ �≡ AF EG ϕ 1 2 3 Question: Does M | = ∀ ϕ ? or Does M | = ∃ ϕ ? ¬ ϕ ¬ ϕ ◮ EG EX ϕ �≡ E G X ϕ �≡ EG AX ϕ Theorem: Let M = ( S, T, I, AP , ℓ ) be a Kripke structure and ϕ ∈ CTL a formula. The model checking problem M | = ∃ ϕ is decidable in time O ( | M | · | ϕ | ) References References [6] S. Demri and P. Gastin. [1] Christel Baier and Joost-Pieter Katoen. Specification and Verification using Temporal Logics . Principles of Model Checking . In Modern applications of automata theory, IISc Research Monographs 2. MIT Press, 2008. World Scientific, 2012. [2] B. B´ erard, M. Bidoit, A. Finkel, F. Laroussinie, A. Petit, L. Petrucci, http://www.lsv.ens-cachan.fr/~gastin/mes-publis.php Ph. Schnoebelen. [7] D. Gabbay, I. Hodkinson and M. Reynolds. Systems and Software Verification. Model-Checking Techniques and Tools . Temporal logic: mathematical foundations and computational aspects . Springer, 2001. Vol 1, Clarendon Press, Oxford, 1994. [3] E.M. Clarke, O. Grumberg, D.A. Peled. [8] D. Gabbay, A. Pnueli, S. Shelah, and J. Stavi. Model Checking . On the temporal analysis of fairness. MIT Press, 1999. In 7th Annual ACM Symposium PoPL’80 , 163–173. ACM Press. [4] Z. Manna and A. Pnueli. [9] O. Lichtenstein and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification . Checking that finite state concurrent programs satisfy their linear specification. Springer, 1991. In ACM Symposium PoPL’85 , 97–107. [5] Z. Manna and A. Pnueli. [10] A. Sistla and E. Clarke. Temporal Verification of Reactive Systems: Safety . The complexity of propositional linear temporal logic. Springer, 1995. Journal of the Association for Computing Machinery . 32 (3), 733–749, (1985).
Recommend
More recommend
