Support for the Hanoi Omega-Automata Format - - PowerPoint PPT Presentation

support for the hanoi omega automata format
SMART_READER_LITE
LIVE PREVIEW

Support for the Hanoi Omega-Automata Format - - PowerPoint PPT Presentation

Feb 16, 2024 140 likes •505 views

Spot 2.0 A C++ library for model checking and -automata manipulation Alexandre D uret -L utz Alexandre L ewkowicz Amaury F auchille tienne R enault Laurent X u Thibaud M ichaud Monday, October 17th 1 / 19 A Generalized View of -Automata

slide-1
SLIDE 1

Spot 2.0 A C++ library for model checking and

ω-automata manipulation

Alexandre Duret-Lutz Alexandre Lewkowicz Amaury Fauchille Étienne Renault Laurent Xu Thibaud Michaud Monday, October 17th

1 / 19

slide-2
SLIDE 2

A Generalized View of ω-Automata

ω-Automata in Spot have: ◮ a single initial state, ◮ transitions labeled by Boolean formulas over atomic prop., ◮ acceptance marks ( 0 , 1 , 2 , . . . ) that can label either states

  • r transitions,

◮ an acceptance condition that tells which marks have to be

seen infinitely often or finitely often for a run to be accepted. Minimal Büchi automaton for G F a ∧ G F b: ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a Inf( 0 )

2 / 19

slide-3
SLIDE 3

A Generalized View of ω-Automata

ω-Automata in Spot have: ◮ a single initial state, ◮ transitions labeled by Boolean formulas over atomic prop., ◮ acceptance marks ( 0 , 1 , 2 , . . . ) that can label either states

  • r transitions,

◮ an acceptance condition that tells which marks have to be

seen infinitely often or finitely often for a run to be accepted. Minimal automata for G F a ∧ G F b: ab

¯

b

¯

ab

¯

b ab

¯

ab

¯

a a Inf( 0 )

¯

a a

¯

b b Inf( 0 ) ab

1

a¯ b

¯

ab

1

¯

a¯ b Inf( 0 ) ∧ Inf( 1 )

2 / 19

slide-4
SLIDE 4

A Rabin Automaton for G F a → G F b

1

1

2

0 3

3

1 3

a¯ b

¯

a¯ b ab

¯

ab

¯

a¯ b

¯

a¯ b

¯

ab ab ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

a¯ b ab

  • Fin(0)∧Inf(1)
  • Fin(2)∧Inf(3)
  • 3 / 19
slide-5
SLIDE 5

An ω-Automaton for G F a → G F b

1

1

2

0 2

3

1 2

a¯ b

¯

a¯ b ab

¯

ab

¯

a¯ b

¯

a¯ b

¯

ab ab ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

a¯ b ab

  • Fin(0)∧Inf(1)
  • ∨Inf(2)

3 / 19

slide-6
SLIDE 6

A Streett Automaton for G F a → G F b

1

4

2

0 1

3

1

a¯ b

¯

a¯ b ab

¯

ab

¯

a¯ b

¯

a¯ b

¯

ab ab ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

ab

¯

a¯ b

¯

a¯ b ab Fin(0)∨Inf(1)

3 / 19

slide-7
SLIDE 7

Support for the Hanoi Omega-Automata Format

http://adl.github.io/hoaf/support.html ltl2dstar 0.5.3 output DRA or DSA, can also input BA ltl3ba 1.1.2 output BA, TGBA, or VWAA ltl3dra 0.2.2 output DRA, TGDRA or MMAA Rabinizer 3.1 output DRA, TDRA, GDRA, or TGDRA PRISM 4.3

input deterministic automata for probabilistic model checking; (generalized) Rabin for MDP; any acceptance for CTMC/DTMC

Spot since 1.99.2

can input/output anything that is not alternating; can convert from other formats; has several transformations

jhoafparser and cpphoafparser

two parsers with pretty printers, and convenient transformations

  • T. Babiak, F. Blahoudek, A. Duret-Lutz, J. Klein, J. Kˇ

retínský, D. Müller,

  • D. Parker, and J. Strejˇ
  • cek. The Hanoi Omega-Automata format. CAV’15

4 / 19

slide-8
SLIDE 8

Spot’s Services for Temporal Logic Formulas

For LTL formulas (or the linear fragment of PSL):

◮ Parsers, printers ◮ Simplifications, rewritings ◮ Implication, equivalence checks ◮ Stutter-invariance checks ◮ Filtering by properties ◮ Random formula generation ◮ Translation to Transition-based Generalized Büchi automata

5 / 19

slide-9
SLIDE 9

Spot’s Services for ω-automata

For ω-automata:

◮ Parsers, printers ◮ Simplifications: acceptance prunning, SCC-based mark

simplifications, simulation-based reductions, minimization for

  • bligation properties, ...

◮ Acceptance conversions ◮ Boolean operations:

sum, product (on-the-fly if desired), complement

◮ Determinization (to Parity automata) ◮ Emptiness checks ◮ SAT-based minimization of deterministic automata

(with arbitrary input and output acceptance)

◮ Random automata generation

6 / 19

slide-10
SLIDE 10

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt randaut autfilt ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

7 / 19

slide-11
SLIDE 11

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt 1 randaut autfilt 2 ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

3 4

7 / 19

slide-12
SLIDE 12

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt 1 randaut autfilt 2 ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

3 4

7 / 19

slide-13
SLIDE 13

ltlfilt — Rewriting Formulas

Operator rewritings

$ ltlfilt --unabbreviate=iGF -f ’G(a -> Fb)’ 0 R (!a | (1 U b))

8 / 19

slide-14
SLIDE 14

ltlfilt — Rewriting Formulas

Operator rewritings

$ ltlfilt --unabbreviate=iGF -f ’G(a -> Fb)’ 0 R (!a | (1 U b)) $ ltlfilt --unabbreviate=iGFR -f ’G(a -> Fb)’ (!a | (1 U b)) W 0

8 / 19

slide-15
SLIDE 15

ltlfilt — Rewriting Formulas

Operator rewritings

$ ltlfilt --unabbreviate=iGF -f ’G(a -> Fb)’ 0 R (!a | (1 U b)) $ ltlfilt --unabbreviate=iGFR -f ’G(a -> Fb)’ (!a | (1 U b)) W 0 $ ltlfilt --unabbreviate=iGFRW -f ’G(a -> Fb)’ !(1 U !(!a | (1 U b)))

8 / 19

slide-16
SLIDE 16

ltlfilt — Rewriting Formulas

Operator rewritings

$ ltlfilt --unabbreviate=iGF -f ’G(a -> Fb)’ 0 R (!a | (1 U b)) $ ltlfilt --unabbreviate=iGFR -f ’G(a -> Fb)’ (!a | (1 U b)) W 0 $ ltlfilt --unabbreviate=iGFRW -f ’G(a -> Fb)’ !(1 U !(!a | (1 U b)))

Simplifications

$ ltlfilt --simplify -f ’!(1 U !(!a | (1 U b)))’ G(!a | Fb)

8 / 19

slide-17
SLIDE 17

ltlfilt — Answering Simple Questions

Is a U (b U a) equivalent to b U a?

$ ltlfilt -f ’a U (b U a)’ --equivalent-to ’b U a’ a U (b U a)

9 / 19

slide-18
SLIDE 18

ltlfilt — Answering Simple Questions

Is a U (b U a) equivalent to b U a?

$ ltlfilt -f ’a U (b U a)’ --equivalent-to ’b U a’ a U (b U a)

Which of these formulas are stutter-invariant?

$ ltlfilt -f ’G(a | X(a -> b))’ -f ’G(a | X(a <-> b))’ \

  • -stutter-invariant

G(a | X(a -> b))

  • T. Michaud and A. Duret-Lutz. Practical stutter-invariance checks for

ω-regular languages. SPIN’15

9 / 19

slide-19
SLIDE 19

ltlfilt — Answering Simple Questions

Is a U (b U a) equivalent to b U a?

$ ltlfilt -f ’a U (b U a)’ --equivalent-to ’b U a’ a U (b U a)

Which of these formulas are stutter-invariant?

$ ltlfilt -f ’G(a | X(a -> b))’ -f ’G(a | X(a <-> b))’ \

  • -stutter-invariant

G(a | X(a -> b))

Give an X-free formula for G(a ∨ X(a → b))

$ ltlfilt -f ’G(a | X(a -> b))’ --remove-x --simplify G(a | (!a & (!a U (a & (!a | b))) & ((!b U a) | (b U a))) | (b & (b U (!b & (!a | b))) & ((!a U !b) | (a U !b))) | ((!a | b) & (G!a | Ga) & (G!b | Gb)) | (!b & ((!a U b) | (a U b))))

  • K. Etessami. A note on a question of Peled and Wilke regarding

stutter-invariant LTL. Information Processing Letters, 75(6):261–263, 2000

9 / 19

slide-20
SLIDE 20

ltlfilt — Random Generation with

Constraints

Build 10 pathological safety formulas

$ randltl -n -1 --tree-size=10..13 a b | ltlfilt --simplify --safety --uniq | ltlfilt --invert-match --syntactic-safety -n 10 F(!a | Ga) (!b & X((b W Xb) R b)) | (b & X((!b M X!b) U !b)) G(b U XXb) (((!b & XGa) | (b & XF!a)) W b) R a ((b W a) M b) | (!a R X!a) F(b | X!b) G((b & XF!b) | (!b & XGb)) Xa U (Gb | Ga) Fa R X!a F(b | G!b)

10 / 19

slide-21
SLIDE 21

ltlfilt — Random Generation with

Constraints

Build 10 pathological safety formulas

$ randltl -n -1 --tree-size=10..13 a b | ltlfilt --simplify --safety --uniq | ltlfilt --invert-match --syntactic-safety -n 10 F(!a | Ga) (!b & X((b W Xb) R b)) | (b & X((!b M X!b) U !b)) G(b U XXb) (((!b & XGa) | (b & XF!a)) W b) R a ((b W a) M b) | (!a R X!a) F(b | X!b) G((b & XF!b) | (!b & XGb)) Xa U (Gb | Ga) Fa R X!a F(b | G!b)

10 / 19

slide-22
SLIDE 22

ltlfilt — Random Generation with

Constraints

Build 10 pathological safety formulas not equivalent to ⊤ or ⊥

$ randltl -n -1 --tree-size=10..13 a b | ltlfilt --simplify --safety --uniq | ltlfilt --invert-match --syntactic-safety | ltlfilt --invert-match --equivalent-to=1 | ltlfilt --invert-match --equivalent-to=0 (!b & X((b W Xb) R b)) | (b & X((!b M X!b) U !b)) G(b U XXb) (((!b & XGa) | (b & XF!a)) W b) R a ((b W a) M b) | (!a R X!a) Xa U (Gb | Ga) Fa R X!a (a & (!a U b)) | (!a & (a R !b)) G(((a & b) | (!a & !b)) & (a M b)) R a b & ((!b & F!a) | (b & Ga)) b & (!a | (b M Xb))

10 / 19

slide-23
SLIDE 23

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt 1 randaut autfilt 2 ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

3 4

11 / 19

slide-24
SLIDE 24

autfilt — Acceptance Transformations

(Fin(❶) & Fin(❸) & Inf(⓿)) | (Inf(❷)&Inf(❸)) | Inf(❶) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿ ⓿ ❶ ❸ ❸ ❶ ❷ ❸ ❶❸ ⓿❸ ❸ ⓿❸ ❷❸ ⓿ ⓿

12 / 19

slide-25
SLIDE 25

autfilt — Acceptance Transformations

(Fin(❶) & Fin(❸) & Inf(⓿)) | (Inf(❷)&Inf(❸)) | Inf(❶) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿

$ autfilt --cnf-acceptance example.hoa > output.hoa

(Inf(⓿) | Inf(❶) | Inf(❸)) & (Fin(❸) | Inf(❶) | Inf(❷)) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿

12 / 19

slide-26
SLIDE 26

autfilt — Acceptance Transformations

(Fin(❶) & Fin(❸) & Inf(⓿)) | (Inf(❷)&Inf(❸)) | Inf(❶) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿

$ autfilt --remove-fin example.hoa > output.hoa

Inf(⓿) | Inf(❶) | (Inf(❷)&Inf(❸)) 1 ❸ 1 a ❶❸ 2 !a ❸ b ❸ a & b ❸ !a & b ❷❸ !b a & !b !a & !b 3 !a & !b !a & !b ⓿

12 / 19

slide-27
SLIDE 27

autfilt — Acceptance Transformations

(Fin(❶) & Fin(❸) & Inf(⓿)) | (Inf(❷)&Inf(❸)) | Inf(❶) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿

$ autfilt --remove-fin --cnf-acc example.hoa > output.hoa

(Inf(⓿) | Inf(❶) | Inf(❷)) & (Inf(⓿) | Inf(❶) | Inf(❸)) 1 ❸ 1 a ❶❸ 2 !a ❸ b ❸ a & b ❸ !a & b ❷❸ !b a & !b !a & !b 3 !a & !b !a & !b ⓿

12 / 19

slide-28
SLIDE 28

autfilt — Acceptance Transformations

(Fin(❶) & Fin(❸) & Inf(⓿)) | (Inf(❷)&Inf(❸)) | Inf(❶) 1 ❸ 1 a ❶❸ 2 !a ⓿❸ b ❸ a & b ⓿❸ !a & b ❷❸ !b a & !b ⓿ !a & !b ⓿

$ autfilt --tgba example.hoa > output.hoa

Inf(⓿) 1 1 a ⓿ 2 !a b a & b !a & b ⓿ !b a & !b !a & !b 3 !a & !b !a & !b ⓿

12 / 19

slide-29
SLIDE 29

autfilt — Determinization

$ autfilt --deterministic example.hoa > output.hoa

Fin(⓿) & (Inf(❶) | (Fin(❷) & Inf(❸))) 1 !a 2 a !a & b a 3 !a & !b !a & !b ❷ a & !b ❷ 4 !a & b 5 a & b ❶ !a & b ❷ a ❷ !a & !b ❸ !a & b ❶ !a & !b ❶ a ❶ !a & !b a 6 !a & b !a & b ❷ a & b ❷ !a & !b a & !b ❶

13 / 19

slide-30
SLIDE 30

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt 1 randaut autfilt 2 ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

3 4

14 / 19

slide-31
SLIDE 31

Live demo.

15 / 19

slide-32
SLIDE 32

Spot’s Architecture

libspot libspot-ltsmin libbddx import spot.ltsmin import spot randltl genltl ltlfilt 1 randaut autfilt 2 ltl2tgba ltl2tgta dstar2tgba ltlcross ltlgrind ltldo divine SpinS

IPython / Jupyter

3 4

16 / 19

slide-33
SLIDE 33

Automata-theoretic LTL model checking

Custom Model Checker SPOT

High-level model M On-the-fly generation

  • f state-space automaton

AM LTL property ϕ LTL translation Negated property automaton A¬ϕ On-the-fly synchronized product

L (AM ⊗ A¬ϕ) = L (AM) ∩ L (A¬ϕ)

Emptiness check

L (AM ⊗ A¬ϕ) ? = ∅

M |= ϕ

  • r coun-

terexample

17 / 19

slide-34
SLIDE 34

Live demo.

18 / 19

slide-35
SLIDE 35

Conclusion & Availability

Summary:

◮ C++ library for model checking & ω-automata manipulation ◮ Support for generic acceptance conditions ◮ Shell commands & Python bindings ◮ Interface with several tools

Availability:

◮ https://spot.lrde.epita.fr/ (new site) ◮ License GNU GPL v3+ ◮ Source tarball or Debian packages ◮ Live Jupyter installation at http://spot-sandbox.lrde.epita.fr/

Future work:

◮ More uses of generic acceptance condition

19 / 19