Modal logics and - calculus INF 5140-Specification and verification - PowerPoint PPT Presentation

Modal logics and µ - calculus INF 5140-Specification and verification of parallel system Ratan Thapa ratanbt@ifi.uio.no 18 May 2018 1

Table of Content � Review � Theory of fixpoints � µ calculus � Syntax of µ calculus � Semantics of µ calculus � Model checking 2

Review 1960’s, Floyd-Hoare Logic � allows assertions and proof system to verify these assertions • { precondition } program { postcondition } • e.g. { x = 1 } x := x + 1 { x = 2 } • partial correctness + termination = total correctness • rules/calculus : { P } s 1 { Q } { P } s 1 { Q } � composition rule: { P } s 1 ; s 2 { Q } { P ∧ E } s 1 { Q } { P ∧¬ E } s 2 { Q } � conditional rule: { P } If E then s 1 else s 2 { Q } { P ∧ E } s { P } � while rule: { P } while E do s { P ∧ E } P ⇒ P ′ { P ′ } s { Q ′ } ⇒ Q ′ � consequence rule: { P } s { Q } 3

Review 1970’s, Dynamic Logic � (Vaughan Pratt,1974) ”Exogenous”: a program is a part of a formula � Formula: def • [ a ] ϕ ⇐ ⇒ It is necessary that after executing a, ϕ holds def • � a � ϕ ⇐ ⇒ ¬ [ a ] ¬ ϕ � Example: • [ a ∪ b ] ϕ, � ( a ; b ) ∗ � ϕ def = ( ϕ ?; a ) ∗ ; ¬ ϕ • While ϕ do a 4

Review 1970’s, Temporal Logic � LTL: (Amir Pnueli,1977) ”Endogenous”: a program is a part of a model � Formula def • s | = � ϕ ⇐ ⇒ all states t such that ( s , t ) ∈ Next , t | = ϕ def • s | = � ϕ ⇐ ⇒ starting with s, all future states satisfy ϕ def • s | = ♦ ϕ ⇐ ⇒ s | = ¬ � ¬ ϕ � Example: • ϕ is true at each multiple of 3 but false elsewhere ϕ ∧ � ( ϕ → � ( ¬ ϕ ∧ � ( ¬ ϕ ∧ � ϕ )))) 5

Review 1980’s, HML � (Hennessy-Milner Logic,1980) primitive modal logic of action � Synatx: ϕ ∈ formula and a ∈ Action • ϕ ::= tt | ff | ¬ ϕ | ϕ 1 ∧ ϕ 2 | ϕ 1 ∨ ϕ 2 | � a � ϕ | [ a ] ϕ � Semantics: inductively over state transition system def a • E | = � a � ϕ ⇐ ⇒ iff ∃ s . E → s ∧ s | = ϕ ”it is possible to do an a-action to a state where ϕ holds” • With variables: v , w ′ .. → sets of states def • E , v | = [ a ] ¬ ϕ ⇐ ⇒ iff for all w ′ with v → w ′ ,where E , w ′ | a = [ a ] ¬ ϕ 6

Review 1980’s,Computation Tree Logic � (E.M. Clarke and E.A. Emerson, 1981) { extention of LTL } includes further modalitie. � Semantics over ”runs” of a process a 1 a 2 • A run S 0 → S 1 → .. has the property ( ϕ ∪ ψ ) , if there is an i ≥ 0 such that S i | = ϕ and for all j : 0 ≤ j < i , S j | = ϕ � Quantified: ∀ and ∃ version of U and path operators: def • F ϕ = ( tt ∪ ϕ ) ⇐ ⇒ ϕ eventually holds def • G ϕ = ¬ ( tt ∪ ¬ ϕ ) ⇐ ⇒ ϕ always holds � Examples, def • S | = ∀ [ ϕ ∪ ψ ] ⇐ ⇒ Every run of S has the property ( ϕ ∪ ψ ) = ∃ [ ϕ ∪ ∃ F ψ ] → CTL ∗ ( mixing path and quantifiers ) • S | 7

Review � Computation Tree Logic: X: Next, φ ∈ formula 8

Theory of fixpoints � If ( S , ≤ ) is a set and F : s → s is a monotonic function, then s ∈ S is called a fixpoint of F if F ( s ) = s • fixpoint s ∈ S of F ( s ) is least pre-fixpoint of F iff all other semantic pre-fixpoint ∀ u ∈ S of F , u ≮ s ⇐ ⇒ F ( s ) ≤ s • fixpoint s ∈ S of F ( s ) is greatest post-fixpoint of F iff all semantic other post-fixpoint ∀ u ∈ S of F , u ≯ s ⇐ ⇒ s ≤ F ( s ) � Knaster-Tarski fixed point theorem : Let ( S , ≤ ) be a complete lattice and F be a monotonic function on ( S , ≤ ) , then � F has a least fixed point ( µ X . F ). � , Meet of all pre-fixed points � F has a greatest fixed point ( vX . F ). � , Join of all post-fixed points 9

Theory of fixpoints 10

Fixpoints � Given a labelled transition systems M = ( S , R , V ) , • S- state space of system • R, transition relation →⊆ S × L × S , L a ∈ A set of actions • V prop : P → 2 S , maps AP to sets of states where P holds • V var : Var → 2 S , Var= { X , Y .., Z } set of variables, • varibles always occurs in positive normal form to maintain monotonicity property F : 2 s → 2 s � Semantics of ϕ ( Z ) ⇒ is a function � By Knaster-Tarski Theorem, ” F ” is monotonic function on 2 s lattice structure, then • µ Z .ϕ ( Z ) → least fixpoint of F • vZ .ϕ ( Z ) → greatest fixpoint of F � Recursion semantic • ∀ G ϕ → ”always ϕ ” ⇒ { X = ϕ ∧ [ − ] X } = ⇒ { � X � ⊆ � ϕ ∧ [ − ] X � } ⇒ { vX .ϕ ∧ [ − ] Z } semantic • ∃ F ϕ → ”Exist a path F ϕ ” ⇒ { X = ϕ ∨ �−� X } = ⇒ { � X � ⊇ � ϕ ∨ �−� X � } ⇒ { µ X .ϕ ∨ �−� X } � Fixpoint slogan: v → ”infinte” and µ → ”finite” ,looping 11

µ -Calculus � A powerful logic, add fixpoint operators � It extends HML with recursion (others CTL, CTL*..as well) � Use of fixpoint operators in program logic • (Emerson and clarke,1980): Capture fairness and correctness • (Pratt,1982): Minimization operator of recursive theory • (D. Kozen,1983): Modal µ -calculus 12

Syntax (D. Kozen,1983) µ -calculus is a logic describing properties of labeled transition systems states labeled with set of propositions � Syntax: • ϕ :: tt | ff | p |¬ p |¬ ϕ | ϕ 1 ∧ ϕ 2 | ϕ 1 ∨ ϕ 2 |� a � ϕ | [ a ] ϕ | Z | vZ .ϕ | µ Z .ϕ � ϕ ∈ formula, a ∈ Action and Z ∈ variable � Model: M = ( S , R , V ) , • S-nonempty set of states • R, maps each actions on binary relation →⊆ S × L × S , L a ∈ A set of actions { T t ∈ ( s × a × s ) , set of transitions } • V prop : P i ∈ N → 2 S ,maps P i to sets of states where P i holds • V : Var → 2 S , Var= { X , Y .. Z } (non-negative)set of variables 13

Semantics � Given the Model: M=(S,R,V), semantics of set � ϕ � M V of states satisfying a formula ϕ is defined as follows • � Z � M V = V ( Z ) • � p i � M V = P i and � ¬ p i � M V = S − P i , for every p i ∈ prop • � ϕ ∨ ψ � M V = � ϕ � M V ∪ � ψ � M V and � ϕ ∧ ψ � M V = � ϕ � M V ∩ � ψ � M V a • � [ a ] ϕ � M → t ⇒ t ∈ � ϕ � M V = { s |∀ t . s V } a • � � a � ϕ � M → t ⇒ t ∈ � ϕ � M V = { s |∃ t . s V } • � µ Z .ϕ � M V = � { S ⊆ S | S ⊇ � ϕ � M V [ Z := S ] • � vZ .ϕ � M V = � { S ⊆ S | S ⊆ � ϕ � M V [ Z := S ] � Notes t ∈ � ϕ � M V ⇒ t | = ϕ • valuation V [ Z := S ] ⇐ ⇒ V : Z → S • 14

Syntactic properties � De Morgan duality def • ( ϕ ∨ ψ ) ⇐ ⇒ ¬ ( ¬ ϕ ∧ ¬ ψ ) def • � a � ϕ ⇐ ⇒ ¬ [ a ] ¬ ϕ def • µ Z .ϕ ( Z ) ⇐ ⇒ ¬ vZ . ¬ ϕ ( ¬ Z ) � Syntactic extension : allowing modalities to sets of action • S | = [ A ] ϕ iff ∀ a ∈ A . S | = [ a ] ϕ def • [ − A ] ϕ ⇐ ⇒ [ L − A ] ϕ def • [ − ] ϕ ⇐ ⇒ [ L ] ϕ � Positive normal form (negation) negation • vX .ϕ ∧ [ a ] X ⇐ ⇒ ¬ vX .ϕ ∧ [ a ] X ⇒ µ X . ¬ ( ϕ ∧ [ a ] ¬ X ) ⇒ µ X . ( ¬ ϕ ∧ ¬ ([ a ] ¬ X )) ⇒ µ X . ¬ ϕ ∧ � a � X negation • vY .µ X ( ϕ ∧ � a � Y ) ∨ � a � X ⇐ ⇒ µ Y . vX ( ¬ ϕ ∨ [ a ] Y ) ∧ [ a ] X 15

Expressivity � µ calculus expressivity • Safety : vX .ϕ ∧ [ a ] X ⇒ ” ϕ is true along every a-path ” • Liveness : µ X .ϕ ∨ [ a ] X ⇒ ”along every a-path ϕ must eventually come true” • Fairness: �♦ ϕ | µ calculus: vY ( µ X (( ϕ ∧ � a � Y ) ∨ � a � X )) ⇒ ”on some a-path there are infinitely many states where ϕ holds” • PDL: � a ∗ � ϕ µ ⇐ ⇒ µ X .ϕ ∨ � a � X • CTL: ∀ G ( ∃ F ϕ ) ⇒ ”Always (exists + ϕ eventually holds”) ⇒ ”It is always possible that ϕ will hold” µ ⇐ ⇒ vZ .µ X . ( ϕ ∨ �−� X ) ∧ [ − ] Z � more example: • µ Z . vX ( ϕ ∧ [ a ] Z ) ∨ ( ¬ ϕ ∧ [ a ] X ) µ • ( ϕ ∪ ψ ) ⇐ ⇒ µ Z .ψ ( ϕ ∪ O ψ ) 16

Expressivity � Alternation • depth: number of alternation between µ and v in the prefix • proportional w.r.t. expressive power and exponential w.r.t. complexity of model-checking algorithm • a formula has same alternating depth as its unfolding i.e. µ X .ϕ ( X ) ↔ ϕ ( µ X .ϕ ( X )) • µ X . ( vY . ( p ∧ � a � Y )) ∨ � a � X ⇒ nested formula (not alternation) ⇒ µ X . Z ∨ � a � X ,(( vY . ( p ∧ � a � Y )) ,substituted for Z ) • vY ( µ X (( ϕ ∧ � a � Y ) ∨ � a � X )) ⇒ alternation depth ”2” 17

Expressivity � Alternation • vY ( µ X (( p ∧ � a � Y ) ∨ � a � X )) 18

Expressivity � Bisimulation � notion of similarity between models (i.e, is two system behave in the same way?) � bisimulation between M 1 = ( S 1 , R 1 , V 1 ) , and M 2 = ( S 2 , R 2 , V 2 ) is a S 1 ≈ S 2 such that if s 1 ≈ s 2 then, • s 1 | =? and s 2 | =? , ? ∈ same proposition • R 1 1 ) and R 2 a ( s 1 , s , a ( s 2 , s , 2 ) , a ∈ act such that s , 1 ≈ s , 2 • and transition is symmetrical � Logical equivalence : Bisimilarity 19