Fondements pour la v erification des syst` emes temps-r eel et - - PowerPoint PPT Presentation

Fondements pour la v´ erification des syst` emes temps-r´ eel et concurrents Lecture 3 Alternation and LTL extensions

St´ ephane Demri October 8th, 2007

Summary from previous lecture

Bφ = (Σ, S, S0, ρ, F1, . . . , Fk)

◮ S is the set of maximally consistent sets wrt φ, ◮ Σ = P(PROP), ◮ S0 = {X ∈ S : φ ∈ X}, ◮ Y ∈ ρ(X, a) iff

◮ X ∩ PROP = a, ◮ for Xψ ∈ cl(φ), Xψ ∈ X iff ψ ∈ Y,

◮ If ψ1Uψ′ 1, . . . , ψkUψ′ k occurs in φ, then

Fi

def

= {X ∈ S : either ψiUψ′

i ∈ X or ψ′ i ∈ X} ◮ If U does not occur in φ, then k = 1 and F1 = S.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Simple complexity properties

◮ L(Bφ) = Models(φ). ◮ Checking whether X ⊆ cl(φ) belongs to S [resp. S0, F1, . . . ,

Fk] can be done in polynomial-time in |φ|.

◮ Checking whether Y ∈ ρ(X, a) can be done in

polynomial-time in |φ|.

◮ |S| is in 2O(|φ|). ◮ Elements in S can be encoded in polynomial-space in |φ|.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

NPSpace algorithm

• 1. Guess s0 ∈ S0, s1 ∈ F1, . . . , sk ∈ Fk;
• 2. i := 0; s := s0 (current state);
• 3. While s = s1 and i < |S| do

3.1 Guess s′ such that s

a

− → s′ for some a ∈ Σ; 3.2 i := i + 1; s := s′.

• 4. If s = s1, then abort otherwise

4.1 i := 0; j := 2; 4.2 While i := 0 or (j = 1 and i < |S| × k) do

4.2.1 Guess s′ such that s

a

− → s′ for some a ∈ Σ; 4.2.2 i := i + 1; s := s′. 4.2.3 if s′ ∈ Fj then nondeterministically choose either j := (j mod k) + 1 or skip;

4.3 If s = s1, then accept, otherwise abort.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Complexity

◮ Bφ is in exponential size in |φ|. ◮ Testing on-the-fly the nonemptiness of Bφ can be done in

NPSpace.

◮ By Savitch’s theorem: NPSpace = PSpace. ◮ Satisfiability for LTL is in PSpace.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

What about model-checking?

◮ Let M = (W , R, L) be a finite and total Kripke structure and

s0 ∈ W .

◮ L(AM,s0) = Paths(M, s0):

AM,s0 = (P(PROP), W , {s0}, ρ, W ) where ρ(s, a)

def

= {s′ : (s, s′) ∈ R, a = L(s)} for all s ∈ W and a ⊆ PROP.

◮ M, s0 |

=∃ φ iff L(AM,s0) ∩ L(Bφ) = ∅.

◮ LTL model-checking is in PSpace.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Exercise (bis)

◮ Adapt the automata-based approach to deal with X−1:

σ, i | = X−1φ

def

⇔ i > 0 and σ, i − 1 | = φ.

◮ Adapt the automata-based approach to deal with S:

σ, i | = φSψ

def

⇔ there is j ≤ i such that σ, j | = ψ and for j < k ≤ i, we have σ, k | = φ.

◮ Characterize the complexity of model-checking and

satisfiability problems for LTL(U, X, X−1, S).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

LTL and alternating B¨ uchi automata

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Positive Boolean formulae

◮ Given a finite set X, B+(X) denotes the set of positive

Boolean formulae built over X ∪ {⊥, ⊤}.

◮ Example: (s ∨ s′) ∧ s′′ ∈ B+({s, s′, s′′}). ◮ Each subset Y ⊆ X can be viewed as a propositional

valuation: s ∈ Y iff s is interpreted as true.

◮ Y |

= φ ∈ B+(X)

def

⇔ φ holds true in the interpretation Y.

◮ Example: {s, s′′} |

= (s ∨ s′) ∧ s′′.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Alternating B¨ uchi automata

◮ A = (Σ, S, s0, ρ, F) with

◮ Σ: finite alphabet, ◮ S: finite set of states, ◮ s0 ∈ S: initial state, ◮ ρ : S × Σ → B+(S): transition relation, ◮ F ⊆ S: set of accepting states.

◮ Encoding nondeterministic BA in alternating BA:

ρ(s, a) →

• s′∈ρ(s,a)

s′

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Accepting runs

◮ A run r on the ω-sequence a0a1a2 . . . ∈ Σω is a (possibly

infinite) tree whose nodes are labelled by states in S and s.t.

◮ r = (T, T ) where T is a tree and T : T → S, ◮ Root of T is labelled by s0 (i.e. T (ǫ) = s0), ◮ For x ∈ T, if |x| = i (depth in T) and T (x) = s then

{T (x1), . . . , T (xk)} | = ρ(s, ai) where x1, . . . , xk are the children of x.

◮ A run is accepting

def

⇔ for every infinite branch of T, an accepting state is repeated infinitely often.

◮ L(A): set of ω-sequences in Σω for which there is an

accepting run.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Properties

◮ ABA are closed under intersection, union and

complementation (with quadratic blow-up).

◮ Nonemptiness problem for ABA is PSpace-complete [Chandra

& Kozen & Stockmeyer, JACM 81].

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

From ABA to NBA

◮ Given an ABA A = (Σ, S, s0, ρ, F), there is a NBA

An = (Σ, S′, S′

0, ρ′, F ′) s.t. L(A) = L(An). ◮ Idea of the proof: An guesses the set of states at each level of

an accepting run of A.

◮ A state of An is a set of states from A. ◮ One needs to encode which states are visited infinitely often

• n each branch of the accepting run of A.

◮ A state of A is divided in two subsets in order to distinguish

branches that visit recently an accepting state.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

◮ S′ def

= P(S) × P(S) if (X, Y) ∈ S then Y is the set of states on branches that visit recently an accepting state,

◮ S′

def

= {({s0}, ∅)};

◮ F ′ def

= ∅ × P(S);

◮ Transition relation ρ′ (2 subcases):

◮ ((∅, X ′)):

ρ′((∅, X ′), a)

def

= {(Y, Y′) : ∃Z | =

• s∈X ′

ρ(s, a), Y = Z\F, Y′ = Z∩F}

◮ (X = ∅):

ρ′((X, X ′), a)

def

= {(Y, Y′) : ∃Z, Z′ such that Z | =

• s∈X

ρ(s, a), Z′ | =

• s∈X ′

ρ(s, a), Y = Z\F, Y′ = Z′∪(Z∩F)}.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Negative normal form

◮ φRψ

def

= ¬(¬φU¬ψ).

◮ A formula built over ∨, ∧, X, U, R, ¬ and PROP in which

negation occurs only in front of propositional variables is said to be in negative normal form.

◮ Every formula in LTL is equivalent to a formula in negative

normal form (reduction in polynomial-time).

◮ Some essential properties:

◮ ¬Xφ is equivalent to X¬φ, ◮ ¬(φUψ) is equivalent to (¬φR¬ψ), ◮ ¬(φ ∧ ψ) is equivalent to (¬φ ∨ ¬ψ). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

From LTL formulae to ABA

A = (Σ, S, s0, ρ, F)

◮ S is the set of subformulae of φ, ◮ s0

def

= φ,

◮ Σ

def

= P(PROP),

◮ F is equal to S restricted to formulae whose outermost

connective is not U.

◮ Transition relation:

◮ ρ(p, a) def

= ⊤ if p ∈ a; ρ(¬p, a)

def

= ⊤ if p ∈ a,

◮ ρ(p, a) def

=⊥ if p ∈ a; ρ(¬p, a)

def

=⊥ if p ∈ a,

◮ ρ(ψ ∧ ψ′, a) def

= ρ(ψ, a) ∧ ρ(ψ′, a),

◮ ρ(Xψ, a) def

= ψ,

◮ ρ(ψUϕ, a) def

= ρ(ϕ, a) ∨ (ρ(ψ, a) ∧ (ψUϕ)),

◮ ρ(ψRϕ, a) def

= ρ(ϕ, a) ∧ (ρ(ψ, a) ∨ (ψRϕ)).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Example

◮ Extensions:

◮ ρ(⊤, a) def

= ⊤; ρ(⊥, a)

def

=⊥;

◮ ρ(Fψ, a) def

= ρ(ψ, a) ∨ Fψ;

◮ ρ(Gψ, a) def

= ρ(ψ, a) ∧ Gψ.

◮ Transition relation for FGp:

s ρ(s, ∅) ρ(s, {p}) FGp FGp Gp ∨ FGp Gp ⊥ Gp p ⊥ ⊤

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Summary

◮ L(Aφ) is the set of models for φ. ◮ The number of states of Aφ is polynomial in |φ|. ◮ The difficulty is in the nonemptiness test for ABA. ◮ Corollary: When PROP is finite and fixed, satisfiability for

LTL is in PSpace.

◮ NB: LTL satisfiability/model-checking can be reduced in

logspace to LTL satisfiability/model-checking with at most 2 propositional variables.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Exercise

◮ Construct the ABA for FGp ∧ FGq with the previous

systematic construction and compare it with a direct construction.

◮ Represent an accepting run for {p}{q}{q}{p}{p, q}ω.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Wolper’s automata-based operators

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

From BA to LTL formulae?

◮ φ → Aφ [B¨

uchi, 62; Wolper & Vardi, IC 94].

◮ BA A over P(PROP) → LTL formula φA? ◮ ω-sequences accepted by the BA below are exactly the

sequences with {p} on even positions: q0 q1 {p} {p}, {}

◮ What about

• 1. G(p ⇔ XXp) ∧ p ∧ X¬p,
• 2. p ∧ G(p ⇒ XXp),
• 3. q ∧ X¬q ∧ G(q ⇔ XXq) ∧ G(q ⇒ p)

?

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Expressive power

◮ By Kamp’s theorem, LTL(Us, Ss) is as expressive as first-order

theory on (N, <).

◮ LTL is as expressive as first-order theory on (N, <) with

respect to initial equivalence.

◮ B¨

uchi automata are as expressive as monadic second-order theory on (N, <).

◮ Proposition [Wolper, IC 83]

There is no LTL formula φ built over the unique propositional variable p such that Models(φ) is exactly the set of LTL models such that p holds true on every even position (on odd positions, p may hold true or not).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Proof of propostion

◮ Suppose that there is a formula φ built over p and |φ|X be

the number of X occurrences in φ.

◮ N(φ)

def

= {i ∈ N : {p}i · ∅ · {p}ω | = φ}

◮ We shall show that for n ≥ |φ|X + 1, n ∈ N(φ) iff

n + 1 ∈ N(φ).

◮ Consequently, |φ|X + 1 ∈ N(φ) iff |φ|X + 2 ∈ N(φ). ◮ However, exactly one structure among {p}|φ|X+1 · ∅ · {p}ω

and {p}|φ|X+2 · ∅ · {p}ω is a model for φ, a contradiction.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Induction

◮ Base case: φ = p

◮ N(φ) = N \ {0} and |φ|X = 0. ◮ For n ≥ 1, n ∈ N(φ) iff n + 1 ∈ N(φ).

◮ Induction hypothesis: for φ s.t. |φ| ≤ N, for n ≥ |φ|X + 1,

n ∈ N(φ) iff n + 1 ∈ N(φ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Case φ = φ1 ∧ φ2

◮ Cases for ¬ and ∨ are analogous. ◮ |φ|X = |φ1|X + |φ2|X. ◮ Equivalence between the propositions below (n ≥ |φ|X + 1):

◮ n ∈ N(φ), ◮ n ∈ N(φ1) and n ∈ N(φ2) (∧ semantics); ◮ n + 1 ∈ N(φ1) and n + 1 ∈ N(φ2)

(by (IH) since |φ1|, |φ2| ≤ N and n ≥ |φ1|X + 1, |φ2|X + 1),

◮ n + 1 ∈ N(φ) (∧ semantics). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

φ = Xψ

◮ |φ|X = 1 + |ψ|X. ◮ Equivalence between the propositions below

(n ≥ |φ|X + 1 ≥ 2):

◮ n ∈ N(φ), ◮ n − 1 ∈ N(ψ) (X semantics), ◮ n ∈ N(ψ)

(by (IH) since |ψ| ≤ N and n − 1 ≥ |ψ|X + 1),

◮ n + 1 ∈ N(φ) (X semantics). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

φ = φ1Uφ2

◮ |φ|X = |φ1|X + |φ2|X. ◮ Let n ≥ |φ|X + 1 and suppose σn = {p}n∅{p}ω |

= φ.

◮ There exists j ≥ 0 such that σn, j |

= φ2 and for 0 ≤ k < j, we have σn, k | = φ1.

◮ We shall show that σn+1 = {p}n+1∅{p}ω |

= φ, i.e. n + 1 ∈ N(φ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

First part of the until case

◮ Subcase j = 0

◮ |φ2| ≤ N and n ≥ |φ2|X + 1. ◮ By (IH), n + 1 ∈ N(φ2), whence n + 1 ∈ N(φ).

◮ Subcase j ≥ 1

◮ |φ1| ≤ N and n ≥ |φ1|X + 1. ◮ n ∈ N(φ1). ◮ By (IH), n + 1 ∈ N(φ1). ◮ Hence n + 1 ∈ N(φ). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Second part of until case

◮ Now suppose that σn+1 = {p}n+1∅{p}ω |

= φ.

◮ There exists j ≥ 0 s.t. σn+1, j |

= φ2 and for 0 ≤ k < j, we have σn+1, k | = φ1.

◮ If j = 0, then since |φ2| ≤ N and n ≥ |φ2|X + 1, by (IH)

n ∈ N(φ2), whence n ∈ N(φ).

◮ If j ≥ 1, then σn+1, 1 |

= φ, whence n ∈ N(φ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Extended temporal logic ETL

◮ FSA A = (Σ, S, S0, ρ, F) with Σ = a1 < . . . < ak. ◮ ETL = LTL + all formulae A(φ1, . . . , φk). ◮ σ, i |

= A(φ1, . . . , φk)

def

⇔

◮ either S0 ∩ F = ∅ (ǫ ∈ L(A)), ◮ or there is a finite word ai1ai2 . . . ain ∈ L(A) such that for every

1 ≤ j ≤ n, σ, i + (j − 1) | = φij.

◮ If S0 ∩ F = ∅, then A(φ1, . . . , φk) is equivalent to ⊤. ◮ L(A) = {abia : i ≥ 0} and a < b:

p q q q q p a b b b b a ∈ L(A) A(p, q)

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

ETL

◮ Define X and U with automata-based operators. ◮ Define a formula φ in ETL built over p whose models are

exactly those in which p holds true at least on even positions.

◮ Model-checking and satisfiability problems for ETL are

PSpace-complete [Vardi & Wolper, IC 94].

◮ ETL has the same expressive power as B¨

uchi automata:

◮ For any BA A over Σ = {a1, . . . , ak}, for any map l : Σ → X

where X is a set of finite subsets of PROP, there is a formula φ in ETL built over

i l(ai) s.t. L(A) = Models(φ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Expressive power

The class of languages defined by ETL formulae is equal to the class of languages defined by

◮ B¨

uchi automata,

◮ formulae from monadic second-order theory for (ω, <), also

known as S1S,

◮ ω-regular expressions (or by finite union of sets U · V ω with

regular U, V ⊆ Σ∗),

◮ formulae from LTL with second-order quantification.

◮ σ, σ′ : N → P(PROP), p ∈ PROP.

σ ≈p σ′

def

⇔ for i ∈ N, σ(i) \ {p} = σ′(i) \ {p}.

◮ LTL with second-order quantification: σ, i |

= ∀ p φ

def

⇔ for σ′ s.t. σ ≈p σ′, we have σ′, i | = φ.

◮ formulae from LTL with fixed-point operators [Vardi, POPL

88].

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Consiseness

ETL is a powerful and concise extension of LTL:

◮ the nonemptiness problem for B¨

uchi automata is NLogSpace-complete,

◮ MC∃(ETL) and SAT(ETL) are PSpace-complete, ◮ satisfiability for LTL with fixed-point operators is

PSpace-complete [Vardi, POPL 88],

◮ satisfiability for S1S is non-elementary

(time complexity is not bounded by any tower of exponentials

• f fixed height).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Extension with context-free languages

◮ C: class of languages of finite words. ◮ LTL + C: extension of LTL with formulae L(φ1, . . . , φn) for

some L ∈ C.

◮ ETL = LTL + REG where REG is the class of regular

languages represented by finite-state automata.

◮ Context-free languages (in CF) represented by context-free

grammars.

◮ SAT(LTL + CF) is undecidable.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Proof

◮ Language equality between context-free grammars is

undecidable.

◮ Reduction to SAT(LTL + CF). ◮ G1, G2: CF grammars over Σ = {a1, . . . , an}. ◮ G + 1 ,G + 2 : CF grammars over Σ+ = {a1, . . . , an, an+1} s.t.

L(G +

1 ) = L(G1) · {an+1} and L(G + 2 ) = L(G2) · {an+1}. ◮ G + 1 and G + 2 can be effectively computed from G1 and G2,

respectively.

◮ L(G1) = L(G2) iff L(G + 1 ) = L(G + 2 ). ◮ We shall construct φG1,G2 in LTL + CF s.t. φG1,G2 is

satisfiable iff L(G1) = L(G2).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Building φG1,G2

◮ φG1,G2 is built over p1, . . . , pn+1 and holds true only in

structures s.t.

◮ exactly one variable from p1, . . . , pn+1, holds true at each

position,

◮ pn+1 holds true at a unique position (end marker).

◮ UNI encodes these properties:

UNI

def

= G(

• 1≤i≤n+1

pi) ∧ G(

• 1≤i≤n+1

(pi ⇒

• 1≤j=i≤n+1

¬pj)∧ ((pn+1 ∧ XG¬pn+1) ∨ ¬pn+1U(pn+1 ∧ XG¬pn+1))

◮ Equivalence between

◮ L(G +

1 ) = L(G + 2 ),

◮ UNI ∧ ¬(L(G +

1 )(p1, . . . , pn+1) ⇔ L(G + 2 )(p1, . . . , pn+1)) is

satisfiable.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Equivalence (I)

◮ Suppose L(G + 1 ) = L(G + 2 ) with ai1ai2 · · · ailan+1 ∈ L(G + 1 ) and

ai1ai2 · · · ailan+1 ∈ L(G +

2 ). ◮ Wlog, l ≥ 1. ◮ σ:{pi1} · {pi2} · · · {pil} · {pn+1} · {p1}ω. ◮ We have

◮ σ |

= UNI,

◮ σ |

= L(G +

1 )(p1, . . . , pn+1) ,

◮ σ |

= L(G +

2 )(p1, . . . , pn+1) since the only finite word ending by

{pn+1} in σ is {pi1} · {pi2} · · · {pil} · {pn+1} and ai1ai2 · · · ail an+1 ∈ L(G +

2 ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Equivalence (II)

◮ Suppose σ, 0 |

= UNI ∧ ¬(L(G +

1 )(p1, . . . , pn+1) ⇔

L(G +

2 )(p1, . . . , pn+1)). ◮ Assume σ |

= L(G +

1 )(p1, . . . , pn+1) and

σ | = L(G +

2 )(p1, . . . , pn+1). ◮ A simple reasoning allows to deduce that L(G + 1 ) = L(G + 2 ).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Special context-free languages

◮ L0 = {ak 1 · a2 · ak−1 1

· a3 : k ≥ 1}.

◮ L1 = {ak 1 · a2 · ak 1 · a3 : k ≥ 0} (L0 = {a1} · L1). ◮ Valid formulae in LTL + {L0, L1}.

◮ L1(p, q, r) ⇔ (q ∧ Xr) ∨ L0(p, q, p ∧ Xr), ◮ L0(p, q, r) ⇔ p ∧ XL1(p, q, r), ◮ Fφ ⇔ L1(⊤, φ, ⊤), ◮ Xφ ⇔ L1(⊥, ⊤, φ). St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Undecidability

◮ SAT(LTL + {L1}) is undecidable. ◮ Consequently, MC∃(LTL + {L1}) is undecidable.

(satisfiability reduces to it by building a complete Kripke structure)

◮ Reduction from the recurrence problem for domino

games [Harel, 85]. input: a domino game Dom with a distinguished color c.

• utput: 1, if Dom can pave N × N where the color c
• ccurs infinitely often.

◮ Let Dom = (C, D, Col) be a domino game with

◮ C = {1, . . ., n} and c = 1, ◮ D = {d1, . . . , dm}, ◮ Col : D × {up, down, left, right} → {1, . . ., n} St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Syntactic ressources

We use the following propositional variables:

◮ in holds true when the state encodes a position in N2. There

are states in the model that do not correspond to positions in

• N2. out is equivalent to the negation of in.

◮ For 1 ≤ j ≤ m, we introduce j : “position in N2 associated to

the current position has domino type dj”.

◮ For every 1 ≤ i ≤ n, we use the variables upi, downi, lefti,

righti.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

PAVE formula

◮ Every state encoding a position in N2 is occupied by a unique

domino: G(in ⇒

m

• j=1

( j ∧

m

• j′=1,j′=j

¬ j’ ))

◮ Propositional variables for colours are compatible with the

definition of domino types: G(in ⇒

m

• j=1

j = ⇒

• side∈{up,down,right,left}

sideCol(dj,side) ∧

• 1≤j′=Col(dj,side)≤n

¬sidej′)

◮ PAVE: conjunction of above formulae.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

SNAKE formula

SNAKE: conjunction of following formulae:

◮ G(in ⇔ ¬out), ◮ in ∧ Xout ∧ XXin ∧ XXXin ∧ XXXXout, ◮ G(out ⇒ XL1(in, out, in ∧ Xout)).

(L1 = {ak

1 · a2 · ak 1 · a3 : k ≥ 0}). ◮ Only structure (built over in and out) satisfying SNAKE:

{in} · {out} · {in}2 · {out} · {in}3 · {out} · {in}4 . . .

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

• ut, ⇑
• ut, ⇑
• ut, ⇑
• ut, ⇓
• ut, ⇓

in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇓

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

DIRECTION formula

◮ Difficulty of the proof is not to design a path through N2 but

to define a path on which it is easy to access to neighbours (right or top).

◮ DIRECTION: conjunction of formulae:

◮ G(⇑⇔ ¬ ⇓), ◮ ⇓ ∧X ⇑, ◮ G(in ∧ Xin∧ ⇑⇒ X ⇑)

(“we stay on ascending chain”),

◮ G(in ∧ Xin∧ ⇓⇒ X ⇓)

(“we stay on descending chain”),

◮ G(in ∧ Xout∧ ⇑⇒ (X ⇓ ∧XX ⇓))

(“we pass from ascending to descending chain”),

◮ G(in ∧ Xout∧ ⇓⇒ (X ⇑ ∧XX ⇑))

(“we pass from descending to ascending chain”).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Only structure (built over in, out, ⇑ and ⇓) satisfying SNAKE ∧ DIRECTION: {in, ⇓}{out, ⇑} · {in, ⇑}2 · {out, ⇓} · {in, ⇓}3 · {out, ⇑} · {in, ⇑}4 . . .

• ut, ⇑
• ut, ⇑
• ut, ⇑
• ut, ⇓
• ut, ⇓

in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇓ in, ⇑ in, ⇓ in, ⇑ in, ⇓ in, ⇓

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

CONSTRAINTS formula

◮ The path allows to access to adjacent states as follows:

◮ in {in, ⇑}, we access to the right neighbour with L1, ◮ in {in, ⇑}, we access to the up neighbour with L0, ◮ in {in, ⇓}, we access to the right neighbour with L0, ◮ in {in, ⇓}, we access to the up neighbour with L1.

◮ CONSTRAINTS: conjunction of formulae

◮ G(in∧ ⇑⇒ (

1≤i≤n righti ⇒ L1(in, out, lefti))),

◮ G(in∧ ⇑⇒ (

1≤i≤n upi ⇒ L0(in, out, downi))),

◮ G(in∧ ⇓⇒ (

1≤i≤n righti ⇒ L0(in, out, lefti))),

◮ G(in∧ ⇓⇒ (

1≤i≤n upi ⇒ L1(in, out, downi))).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

High undecidability

◮ REC:GF(in ∧ side∈{left,right,up,down} side1). ◮ Dom can pave N2 by repeating infinitely often the colour 1 iff

PAVE ∧ SNAKE ∧ DIRECTION ∧ CONSTRAINTS ∧ REC is satisfiable in LTL + {L0, L1}.

◮ Since X, F and L0 can expressed with L1, satisfiability and

model-checking problems for propositional calculus with the temporal operator defined with L1 are highly undecidable.

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co

Exercise (bis)

• 1. φ[ψ]ρ be an LTL formula with subformula ψ at the occurrence

ρ. Show that φ[ψ]ρ is satisfiable iff φ[p]ρ ∧ G(p ⇔ ψ) is satisfiable where p is a new propositional variable no occurring in φ[ψ]ρ.

• 2. Conclude that there is a logarithmic space reduction from

SAT(LTL) to SAT(LTL2

ω).

• 3. Show that SAT(LTL1(X)) is NP-complete (independent of 1.

and 2.).

St´ ephane Demri Fondements pour la v´ erification des syst` emes temps-r´ eel et co