CTL vs. LTL Robert Bellarmine Krug Department of Computer Sciences - PowerPoint PPT Presentation

CTL vs. LTL Robert Bellarmine Krug Department of Computer Sciences University of Texas at Austin May 25, 2010

Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs. LTL CTL vs. LTL (2 / 40)

Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs. LTL CTL vs. LTL Some Definitions And Notation (3 / 40)

Kripke Structures — Definition Let AP be a set of labels — i.e., a set of atomic propositions such as Boolean expressions over variables, constants, and predicate symbols. A Kripke structure is a 4-tuple, M = ( S , I , R , L ): ◮ a finite set of states, S , ◮ a set of initial states, I ⊆ S , ◮ a transition relation, R ⊆ S × S where ∀ s ∈ S , ∃ s ′ ∈ S such that ( s , s ′ ) ∈ R , ◮ a labeling function, L , from states to the power set of atomic propositions, L : S → 2 AP . CTL vs. LTL Some Definitions And Notation (4 / 40)

Kripke Structure — An Example S = { s 0 , s 1 , s 2 , s 3 } I = { s 0 } R = {{ s 0 , s 1 } s_0 s_1 { s 0 , s 2 } p p, q { s 1 , s 1 } { s 1 , s 3 } { s 2 , s 0 } { s 2 , s 3 } { s 3 , s 0 }} p, r v L = {{ s 0 , { p }} { s 1 , { p , q }} s_2 s_3 { s 2 , { p , r }} { s 3 , { v }}} CTL vs. LTL Some Definitions And Notation (5 / 40)

Infinite Paths LTL and CTL are concerned only with infinite paths. From here on, π will always denote an infinite path. Furthermore, π 0 will always denote π ’s first element, π 1 its second element, and so on. π = ( π 0 , π 1 , π 2 , . . . ) is an infinite path in M if it respects M ’s transition relation, i.e., ∀ i , ( π i , π i +1 ) ∈ R . π i denotes π ’s i th suffix, i.e., π i = ( π i , π i +1 , π i +2 , . . . ) ( π i ) j = ( π i , π i +1 , π i +2 , . . . ) j = ( π i + j , π i + j +1 , π i + j +2 , . . . ) = π i + j CTL vs. LTL Some Definitions And Notation (6 / 40)

Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs. LTL CTL vs. LTL LTL (7 / 40)

LTL BNF Syntax A well-formed LTL formula, φ , is recursively defined by the BNF formula: φ ::= ⊤ ; top, or true | ⊥ ; bottom, or false | ; p ranges over AP p | ¬ φ ; negation | φ ∧ φ ; conjunction | φ ∨ φ ; disjunction | X φ ; next time | F φ ; eventually | G φ ; always | ; until φ U φ From here on, lowercase letters such as p , q , and r , will denote atomic propositions. Greek letters such as φ and ψ will denote formulae. CTL vs. LTL LTL (8 / 40)

LTL Semantics — the Basics We now define the binary satisfaction relation, denoted by � , for LTL formulae. This satisfaction is with respect a pair — � M , π � , a Kripke structure and a path thereof. First, the basics: ◮ M , π � ⊤ true is always satisfied ◮ M , π � � ⊥ false is never satisfied ◮ ( M , π � p ) if and only if ( p ∈ L ( π 0 )) atomic propositions are satisfied when they are members of the path’s first element’s labels CTL vs. LTL LTL (9 / 40)

LTL Semantics — Boolean Combinations The use of the Boolean operators ¬ , ∧ , and ∨ in LTL formulae is a deliberate pun on their mathematical meanings. ◮ ( M , π � ¬ φ ) if and only if ( M , π � � φ ) ◮ ( M , π � φ ∧ ψ ) if and only if [( M , π � φ ) ∧ ( M , π � ψ )] ◮ ( M , π � φ ∨ ψ ) if and only if [( M , π � φ ) ∨ ( M , π � ψ )] CTL vs. LTL LTL (10 / 40)

LTL Semantics — Temporal Operators ◮ ( M , π � X φ ) if and only if ( M , π 1 � φ ) next time φ ◮ ( M , π � F φ ) if and only if ( ∃ i such that M , π i � φ ) eventually φ ◮ ( M , π � G φ ) if and only if ( ∀ i such that M , π i � φ ) always φ ◮ ( M , π � φ U ψ ) if and only if [ ∃ i such that ( ∀ j < i ( M , π j � φ )) ∧ ( M , π i � ψ )] φ until ψ N.B., The U used here is the “strong until.” There is also a “weak until,” φ U w ψ is equivalent to ( φ U ψ ) ∨ ( G φ ). CTL vs. LTL LTL (11 / 40)

Xp — Example Path M , ( π 0 , π 1 , . . . ) � Xp p π 1 π 0 CTL vs. LTL LTL (12 / 40)

Fp — Example Path M , ( π 0 , π 1 , π 2 , π 3 , . . . ) � Fp π π 0 1 p π π 2 3 CTL vs. LTL LTL (13 / 40)

Gp — Example Path M , ( π 0 , π 1 , π 2 , π 3 , . . . ) � Gp p p π π 0 1 p p π π 2 3 CTL vs. LTL LTL (14 / 40)

pUq — Example Path M , ( π 0 , π 1 , π 2 , π 3 , . . . ) � pUq p p π π 0 1 p q π π 2 3 CTL vs. LTL LTL (15 / 40)

pUq — Another Example Path M , ( π 0 , . . . ) � pUq q π 0 CTL vs. LTL LTL (16 / 40)

More LTL Semantics ◮ ( M � M φ ) if and only if ∀ π such that π 0 ∈ I , ( M , π � φ ) A model, or Kripke structure, satisfies an LTL formula, when all its paths do. ◮ ( φ ≡ ψ ) if and only if ∀ M [( M � M φ ) ⇔ ( M � M ψ )] Two LTL formulae are equivalent when they are satisfied by the same Kripke structures. CTL vs. LTL LTL (17 / 40)

An LTL Equivalence X ( φ ∧ ψ ) ≡ X φ ∧ X ψ By the previous slide, this is true if, for all M and π : [ M , π � X ( φ ∧ ψ )] ⇔ [ M , π � ( X φ ∧ X ψ )] [ M , π � X ( φ ∧ ψ )] = [ M , π 1 � ( φ ∧ ψ )] = by definition of X [( M , π 1 � φ ) ∧ ( M , π 1 � ψ )] = by definition of ∧ [( M , π � X φ ) ∧ ( M , π � X ψ )] = by definition of X [ M , π � ( X φ ∧ X ψ )] by definition of ∧ CTL vs. LTL LTL (18 / 40)

Some More LTL Equivalences X ( φ ∧ ψ ) ≡ X φ ∧ X ψ X ( φ ∨ ψ ) ≡ X φ ∨ X ψ X ( φ U ψ ) ≡ ( X φ UX ψ ) ¬ X φ ≡ X ¬ φ F ( φ ∨ ψ ) ≡ F φ ∨ F ψ G ( φ ∧ ψ ) ≡ G φ ∧ G ψ ¬ F φ ≡ G ¬ φ ( φ ∧ ψ ) U ρ ≡ ( φ U ρ ) ∧ ( ψ U ρ ) ρ U ( φ ∨ ψ ) ≡ ( ρ U φ ) ∨ ( ρ U ψ ) FF φ ≡ F φ GG φ ≡ G φ CTL vs. LTL LTL (19 / 40)

Outline 1. Some Definitions And Notation 2. LTL 3. CTL 4. CTL vs. LTL CTL vs. LTL CTL (20 / 40)

CTL BNF Syntax A well-formed CTL formula, φ , is recursively defined by the BNF formula (N.B., AX , AF , etc., are each single symbols, not pairs of symbols): φ ::= ⊤ | ⊥ | p | ¬ φ | φ ∧ φ | φ ∨ φ | AX φ ; A — for all paths | AF φ | AG φ | φ AU φ | ; E — there exists a path EX φ | EF φ | EG φ | φ EU ψ CTL vs. LTL CTL (21 / 40)

CTL Semantics — the Basics As for LTL, we now define the satisfaction relation. Again, this satisfaction is with respect to a pair, but this time � M , s � , a Kripke structure and a state thereof. This change from path to state creates a very different logic. ◮ M , s � ⊤ ◮ M , s � � ⊥ ◮ ( M , s � p ) if and only if ( p ∈ L ( s )) atomic propositions are satisfied when they are members of the state’s labels CTL vs. LTL CTL (22 / 40)

CTL Semantics — Boolean Combinations As for LTL, the use of the Boolean operators ¬ , ∧ , and ∨ in CTL formulae is a deliberate pun on their mathematical meanings. ◮ ( M , s � ¬ φ ) if and only if ( M , s � � φ ) ◮ ( M , s � φ ∧ ψ ) if and only if (( M , s � φ ) ∧ ( M , s � ψ )) ◮ ( M , s � φ ∨ ψ ) if and only if (( M , s � φ ) ∨ ( M , s � ψ )) CTL vs. LTL CTL (23 / 40)

CTL Semantics — Temporal Operators, the A team ◮ ( M , s � AX φ ) if and only if ( ∀ π such that π 0 = s , M , π 1 � φ ) for all paths starting at s , next time φ ◮ ( M , s � AF φ ) if and only if ( ∀ π such that π 0 = s , ∃ i such that M , π i � φ ) for all paths starting at s , eventually φ ◮ ( M , s � AG φ ) if and only if ( ∀ π such that π 0 = s , ∀ i M , π i � φ ) for all paths starting at s , always φ ◮ ( M , s � φ AU ψ ) if and only if ( ∀ π such that π 0 = s , ∃ i such that ( ∀ j < i ( M , π j � φ )) ∧ ( M , π i � ψ )) for all paths starting at s , φ until ψ CTL vs. LTL CTL (24 / 40)

CTL Semantics — Temporal Operators, the E team ◮ ( M , s � EX φ ) if and only if ( ∃ π such that π 0 = s , M , π 1 � φ ) there exists a path such that next time φ ◮ ( M , s � EF φ ) if and only if ( ∃ π such that π 0 = s , ∃ i such that M , π i � φ ) there exists a path such that eventually φ ◮ ( M , s � EG φ ) if and only if ( ∃ π such that π 0 = s , ∀ i M , π i � φ ) there exists a path such that always φ ◮ ( M , s � φ EU ψ ) if and only if ( ∃ π such that π 0 = s , ∃ i such that ( ∀ j < i ( M , π j � φ )) ∧ ( M , π i � ψ )) there exists a path such that φ until ψ CTL vs. LTL CTL (25 / 40)

AXp S = { s 0 , s 1 , s 2 , s 3 } M , s 0 � AXp I = { s 0 } R = {{ s 0 , s 1 } { s 0 , s 2 } s_0 s_1 { s 1 , s 1 } { s 1 , s 3 } p p, q { s 2 , s 0 } { s 2 , s 3 } { s 3 , s 0 }} L = {{ s 0 , { p }} p, r v { s 1 , { p , q }} { s 2 , { p , r }} s_2 s_3 { s 3 , { v }}} CTL vs. LTL CTL (26 / 40)

EFv S = { s 0 , s 1 , s 2 , s 3 } M , s 0 � EFv I = { s 0 } R = {{ s 0 , s 1 } { s 0 , s 2 } s_0 s_1 { s 1 , s 1 } { s 1 , s 3 } p p, q { s 2 , s 0 } { s 2 , s 3 } { s 3 , s 0 }} L = {{ s 0 , { p }} p, r v { s 1 , { p , q }} { s 2 , { p , r }} s_2 s_3 { s 3 , { v }}} CTL vs. LTL CTL (27 / 40)

AG ( p ∨ v ) S = { s 0 , s 1 , s 2 , s 3 } M , s 0 � AG ( p ∨ v ) I = S R = {{ s 0 , s 1 } { s 0 , s 2 } s_0 s_1 { s 1 , s 1 } { s 1 , s 3 } p p, q { s 2 , s 0 } { s 2 , s 3 } { s 3 , s 0 }} L = {{ s 0 , { p }} p, r v { s 1 , { p , q }} { s 2 , { p , r }} s_2 s_3 { s 3 , { v }}} CTL vs. LTL CTL (28 / 40)