Tableau-based decision method for testing satisfiability of the - PowerPoint PPT Presentation

Tableau-based decision method for testing satisfiability of the linear temporal logic LTL Valentin Goranko DTU Informatics November 2010 V Goranko

Tableau for LTL: introduction The tableau method for LTL searches systematically for a linear model satisfying the input formula. We will consider LTL over a minimal language with one transition relation, containing ⊤ , ¬ , and ∧ as Boolean connectives, and X, G, and U as temporal operators. The other Boolean constants and connectives ⊤ , ⊥ , ∨ , → , as well as the operators F and R will be assumed definable. We will present an optimized version of the first construction of tableau for LTL developed by Wolper in 1983-85. It takes exponential time and space in the length of the formula, but can be optimized to work in PSpace . V Goranko

Types of formulae We distinguish 4 types of formulae: 1. α -formulae, of conjunctive type. Every α -formula θ is associated with its α -components, and is equivalent to their conjunction. E.g., the α -components of ϕ ∧ ψ are θ 1 = ϕ and θ 2 = ψ , and the only α -component of ¬¬ ϕ is θ 1 = ϕ . 2. β -formulae, of disjunctive type. Every β -formula θ is associated with its β -components, and is equivalent to their disjunction. E.g., the β -components of ϕ ∨ ψ are θ 1 = ϕ and θ 2 = ψ . 3. Nexttime formulae in LTL are those of the type X ϕ . The nexttime component of X ϕ is ϕ . 4. literals: ⊤ , ¬⊤ , atomic propositions and their negations. The literals and the nexttime formulae are primitive formulae. V Goranko

α - and β -formulae in LTL The α - and β -formulae in LTL and their components: α α 1 α 2 β β 1 β 2 ¬¬ ϕ ϕ ϕ ¬ ( ϕ ∧ ψ ) ¬ ϕ ¬ ψ ¬ X ϕ X ¬ ϕ X ¬ ϕ ¬ G ϕ ¬ ϕ X ¬ G ϕ ϕ ∧ ψ ϕ ψ ϕ U ψ ϕ ∧ X( ϕ U ψ ) ψ G ϕ ϕ XG ϕ ¬ ( ϕ U ψ ) ¬ ψ ¬ ϕ ∨ ¬ X( ϕ U ψ ) Lemma I. For every α -formula ϕ : ϕ ≡ α 1 ( ϕ ) ∧ α 2 ( ϕ ) . II. For every β -formula ϕ : ϕ ≡ β 1 ( ϕ ) ∨ β 2 ( ϕ ) . V Goranko

Closure of an LTL - formula The closure cl ( η ) of an LTL -formula η is the least set of formulae such that: 1. ⊤ , ϕ ∈ cl ( η ); 2. cl ( η ) is closed under taking all components of α -formulae, β -formulae, and nexttime-formulae. NB: closure under subformulae and negation is not required . For any set of formulae Φ we define cl (Φ) := � { cl ( ϕ ) | ϕ ∈ Φ } . A set of formulae Φ is closed if Φ = cl (Φ). The closure of a formula (and, of any finite set of formulae) is always a finite set, of cardinality linear in the length of the formula. V Goranko

Closure of LTL formulae: example Running example 1: η = ( p U q ) ∧ G r cl ( η ) = { η, p U q , G r , p ∧ X( p U q ) , q , r , XG r , p , X( p U q ) } Running example 2: η = ( p U q ) ∧ ( p → ¬ X q ) cl ( η ) = { η, p U q , p → ¬ X q , p ∧ X( p U q ) , q , p , X( p U q ) , ¬ p , ¬ X q , X ¬ q } Exercise: Define explicitly closure of LTL-formulae. Exercise: Show that cl ( ϕ ) is finite for every ϕ ∈ LTL . V Goranko

Consistent and fully expanded subsets of a closure A set of formulae is patently inconsistent if it contains ⊥ , or ¬⊤ , or a contradictory pair of formulae ¬ ϕ and ϕ . Definition (Fully expanded set) A set of formulae Φ is fully expanded iff: 1. it is not patently inconsistent; 2. for every α -formula in Φ, all of its α -components are in Φ; 3. for every β -formula in Φ, at least one of its β -components is in Φ. Exercise: Give explicitly the closure conditions for fully expanded sets of LTL-formulae. V Goranko

Full expansions of a set of LTL formulae Just like in ML , a fully expanded set ∆ of LTL formulae is a full expansion of a set of LTL formulae Γ, if ∆ can be obtained from Γ by repeated application of the following rules: 1. for every α -formula in the current set, add all of its α -components. 2. for every β -formula in the current set, at one of its β -components. Computing the full expansions of Γ corresponds to saturating a local tableau for LTL with input set Γ and collecting the sets of formulae on every open branch. Thus, a set Γ may have several, possibly none, full expansions. Like in ML , not every fully expanded set is satisfiable. The purpose of the tableau for LTL is to determine whether at least one full expansion of the input formula set is satisfiable. V Goranko

Local tableau for LTL The local tableau for LTL is defined by extending the the unlabeled tableau for classical propositional logic with the following rules: Non-branching rules ( α -rules) Branching rules ( β -rules) ¬ X ϕ ( ¬ X) ↓ X ¬ ϕ G ϕ ¬ G ϕ (G) ↓ ( ¬ G) ւ ց ϕ, XG ϕ ¬ ϕ X ¬ G ϕ ¬ ( ϕ U ψ ) ϕ U ψ ( ¬ U) ↓ ւ ց (U) ¬ ψ, ¬ ϕ ∨ ¬ X( ϕ U ψ ) ϕ ∧ X( ϕ U ψ ) ψ The rest is just like the local tableau for ML. V Goranko

Computing full expansions of sets of LTL-formulae by encapsulating the local tableau The procedure FullExpansion for computing the family FE (Γ) of full expansions of a given set of formulae Γ uses the following set replacement operations applied to a set of formulae Φ in a family of sets of formulae F : ( α ): If ϕ ∈ Φ for some α -formula ϕ with α -components ϕ 1 and ϕ 2 , replace Φ by Φ ∪ { ϕ 1 , ϕ 2 } . ( β ): If ϕ ∈ Φ for some β -formula ϕ with β -components ϕ 1 and ϕ 2 , replace Φ by Φ ∪ { ϕ 1 } and Φ ∪ { ϕ 2 } . An expansion step: 1. choose a set Φ from the current family of sets F ; 2. choose an α - or β - formula ϕ ∈ Φ; 3. apply the respective set replacement operation for ϕ to Φ. Proviso: if a patently inconsistent set is added to F as a result of such application, it is removed immediately after the replacement. V Goranko

Exercise: Give explicitly the set-replacement operations of the procedure FullExpansion for the LTL -formulae ¬ X ϕ , ϕ U ψ , ¬ ( ϕ U ψ ), and G ϕ . Given a finite set of formulae Γ, the procedure FullExpansion starts with the singleton family { Γ } and checks if it is patently inconsistent. If so, it returns FE (Γ) = ∅ . Otherwise, it applies repeatedly expansion steps to the current family F until saturation, i.e. until no application of a set replacement operation can change F . The stage of saturation is guaranteed to occur. At that stage, the family FE (Γ) of sets of formulae is produced and returned. V Goranko

Full expansions: Example 1 Let η := ( p U q ) ∧ G r . The full expansions of { η } : Φ 1 = { η, p U q , G r , q , r , XG r } Φ 2 = { η, p U q , G r , p ∧ X( p U q ) , p , X( p U q ) , r , XG r } V Goranko

Full expansions: Example 2 Let η := ( p U q ) ∧ ( p → ¬ X q ). The full expansions of { ( p U q ) ∧ ( p → ¬ X q ) } : Φ 1 = { η, p U q , q , p → ¬ X q , ¬ p } Φ 2 = { η, p U q , q , p → ¬ X q , ¬ X q , X ¬ q } Φ 3 = { η, p U q , p ∧ X ( pUq ) , p , X( p U q ) , ( p → ¬ X q ) , ¬ p } This set is patently inconsistent and is eliminated immediately. Φ 4 = { η, p U q , p ∧ X ( pUq ) , p , X( p U q ) , ( p → ¬ X q ) , ¬ X q , X ¬ q } V Goranko

Eventualities in LTL Eventualities are formulae stating that something will happen eventually in the future, but without specifying exactly when. In particular, the eventualities in LTL are the formulae of the type ϕ U ψ and ¬ G ϕ . V Goranko

Hintikka structures for LTL: Hintikka traces Hintikka trace is the linear version of Hintikka structure. Definition (Hintikka trace) Given a set of formulae Φ, a Hintikka trace (HT) for Φ is a mapping H : N → P (Φ) satisfying the following conditions for every n ∈ N : H1 H ( n ) is fully expanded; H2 If X ϕ ∈ H ( n ), then ϕ ∈ H ( n + 1) H3 If ϕ U ψ ∈ H ( n ), then there exists i ≥ 0 such that ψ ∈ H ( n + i ) and ϕ ∈ H ( n + j ) for every j such that 0 ≤ j < i . Definition A formula θ ∈ LTL is satisfiable in a Hintikka trace H if θ ∈ H ( n ) for some n ∈ N . V Goranko

Proposition In every Hintikka trace H : 1. If ¬ ( ϕ U ψ ) ∈ H ( n ) , then for every i ∈ N if ¬ ψ ∈ H ( n + i ) then ϕ ∈ H ( n + j ) for some j such that 0 ≤ j < i. 2. If G ϕ ∈ H ( n ) , then ϕ ∈ H ( n + i ) for every i ∈ N . Lemma For any set of formulae Φ , every linear ITS M = ( N , L ) generates a Hintikka trace H : N → P (Φ) for Φ , where H ( n ) = { ϕ ∈ LTL | M , n | = ϕ } for every n ∈ N . Proof: Straightforward verification of H1-H3. Exercise. Usually, we will be interested in Hintikka traces for sets cl ( η ), where η is a formula for which we want to find a model. V Goranko

Satisfiability and Hintikka traces Theorem A formula η ∈ LTL is satisfiable iff it is satisfiable in a Hintikka trace for cl ( η ) . Proof: One direction follows by the Lemma above for Φ = cl ( η ). For the converse, suppose η ∈ H ( m ) for some Hintikka trace H : N → P ( cl ( η )) and m ∈ N . We can assume that m = 0. We define the following state description L in N : L ( n ) := PROP ∩ H ( n ). Let M = ( N , succ , L ), where succ is the successor relation in N . We show by induction on θ ∈ LTL that for every n ∈ N : (i) if θ ∈ H ( n ) then M , n | = θ ; (ii) if ¬ θ ∈ H ( n ) then M , n | = ¬ θ . Exercise: Complete the details of the proof above. V Goranko