Unit-7: Linear Temporal Logic B. Srivathsan Chennai Mathematical - - PowerPoint PPT Presentation

Unit-7: Linear Temporal Logic

• B. Srivathsan

Chennai Mathematical Institute

NPTEL-course July - November 2015

1/13

Module 1: Introduction to LTL

2/13

Transition Systems + G, F, X, GF + NuSMV

Automata

Unit: 4

Büchi Automata

Unit: 5,6

LTL

Unit: 7,8

CTL

Unit: 9

State-space explosion

Unit: 10

3/13

{ p1 } { p1,p2 } { p2 } {}

request=1 ready request=1 busy request=0 ready request=0 busy

Transition System AP = { p1, p2 } Property P Transition system TS satisfies property P if Traces(TS) ⊆ P

4/13

Specifying properties G, F, X, GF Finite Automata ω-regular expressions

5/13

Specifying properties G, F, X, GF Finite Automata ω-regular expressions Here: Another formalism - Linear Temporal Logic

5/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2}

φ :=

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2}

φ := true |

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2

φ := true | pi | pi ∈ AP

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

φ := true | pi | φ1 ∧ φ2 | pi ∈ AP φ1,φ2 : LTL formulas

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | pi ∈ AP φ1,φ2 : LTL formulas

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

...

{p2} { p1} {p2} {p2} {p2} ¬p1

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | pi ∈ AP φ1,φ2 : LTL formulas

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

...

{p2} { p1} {p2} {p2} {p2} X p1 ¬p1

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | pi ∈ AP φ1,φ2 : LTL formulas

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

...

{p2} { p1} {p2} {p2} {p2} X p1 ¬p1 X (p1 ∧ ¬p2)

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | pi ∈ AP φ1,φ2 : LTL formulas

6/13

...

{p1,p2} {p1,p2} {p2} {p1,p2} {p2} p1 p2 p1 ∧ p2

...

{p2} { p1} {p2} {p2} {p2} X p1 ¬p1 X (p1 ∧ ¬p2)

...

{p1} {p1} {p1} {p2} {p1} p1 U p2

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 pi ∈ AP φ1,φ2 : LTL formulas

6/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

...

{p1} { } { } {p2} {p1} X(¬p1 U p2)

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

...

{p1} { } { } {p2} {p1} X(¬p1 U p2)

...

{p2} {p3} {p2} { } {p1} true U p1

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

...

{p1} { } { } {p2} {p1} X(¬p1 U p2)

...

{p2} {p3} {p2} { } {p1} true U p1

...

{p1} {p1,p2} {p1} {p1,p2} {p1} ¬(true U ¬p1)

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

...

{p1} { } { } {p2} {p1} X(¬p1 U p2)

...

{p2} {p3} {p2} { } {p1} true U p1

F p1

...

{p1} {p1,p2} {p1} {p1,p2} {p1} ¬(true U ¬p1)

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

...

{p1} {p1} {} {p2} {p1} ¬(p1 U p2)

...

{p1,p3} {p1} {p1} {p2} {p1,p3} p1 U (p2 ∧ X p3)

...

{p1} { } { } {p2} {p1} X(¬p1 U p2)

...

{p2} {p3} {p2} { } {p1} true U p1

F p1

...

{p1} {p1,p2} {p1} {p1,p2} {p1} ¬(true U ¬p1)

G p1

7/13

Derived operators

… φ1 ∨ φ2: ¬(¬φ1 ∧ ¬φ2)

(Or)

… φ1 → φ2: ¬φ1 ∨ φ2

(Implies)

… F φ: true U φ

(Eventually)

… G φ: ¬ F ¬φ

(Always)

8/13

... ... ... ...

φ φ φ

G F φ (Infinitely often)

9/13

... ... ... ...

φ φ φ

G F φ (Infinitely often) ... ...

φ φ φ φ

F G φ (Eventually forever)

9/13

Coming next: More examples

10/13

non-crit wait crit exiting y>0:y:=y-1 y:=y+1 non-crit wait crit exiting y>0:y:=y-1 y:=y+1

|||

Atomic propositions AP = { crit1,wait1,crit2,wait2 } crit1: pr1.location=crit wait1: pr1.location=wait crit2: pr2.location=crit wait2: pr2.location=wait

11/13

… Safety: both processes cannot be in critical section simultaneously

G (¬crit1 ∨ ¬crit2)

… Liveness: each process visits critical section infinitely often

G F crit1 ∧ G F crit2

12/13

Summary

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

… F φ: true U φ

(Eventually)

… G φ: ¬ F ¬φ

(Always)

13/13

Unit-7: Linear Temporal Logic

• B. Srivathsan

Chennai Mathematical Institute

NPTEL-course July - November 2015

1/13

Module 2: Semantics of LTL

2/13

AP-INF = set of infinite words over PowerSet(AP)

3/13

AP-INF = set of infinite words over PowerSet(AP) Property 1: p1 is always true

3/13

AP-INF = set of infinite words over PowerSet(AP) Property 1: p1 is always true { A0A1A2 ··· ∈ AP-INF | each Ai contains p1 }

{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } ... { p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } ... . . .

3/13

AP-INF = set of infinite words over PowerSet(AP) Property 1: p1 is always true { A0A1A2 ··· ∈ AP-INF | each Ai contains p1 }

{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } ... { p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } ... . . .

Property 2: p1 is true at least once and p2 is always true

3/13

AP-INF = set of infinite words over PowerSet(AP) Property 1: p1 is always true { A0A1A2 ··· ∈ AP-INF | each Ai contains p1 }

{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } ... { p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } ... . . .

Property 2: p1 is true at least once and p2 is always true { A0A1A2 ··· ∈ AP-INF | exists Ai containing p1 and every Aj contains p2 }

{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } ... { p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } ... . . .

3/13

AP-INF = set of infinite words over PowerSet(AP) A property over AP is a subset of AP-INF

4/13

AP-INF = set of infinite words over PowerSet(AP) A property over AP is a subset of AP-INF LTL can be used to specify properties

4/13

AP-INF = set of infinite words over PowerSet(AP) A property over AP is a subset of AP-INF LTL can be used to specify properties LTL can be used to describe subsets of AP-INF

4/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

LTL formula φ − → Words(φ)

5/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

LTL formula φ − → Words(φ) ⊆ AP-INF

5/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2

LTL formula φ − → Words(φ) ⊆ AP-INF Words(φ): set of words in AP-INF that satisfy φ

5/13

When does a word satisfy LTL formula φ?

6/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true σ satisfies pi if pi ∈ A0

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ

7/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Word σ : A0A1A2 ... ∈ AP-INF Every word satisfies true σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 0 ≤ i < j AiAi+1 ... satisfies φ1

7/13

Words(φ) = { σ ∈ AP-INF | σ satisfies φ }

8/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0 σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0

Words(pi) = { A0A1A2 ... | pi ∈ A0}

σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2 σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0

Words(pi) = { A0A1A2 ... | pi ∈ A0}

σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2

Words(φ1 ∧ φ2) = Words(φ1) ∩ Words(φ2)

σ satisfies ¬φ if σ does not satisfy φ σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0

Words(pi) = { A0A1A2 ... | pi ∈ A0}

σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2

Words(φ1 ∧ φ2) = Words(φ1) ∩ Words(φ2)

σ satisfies ¬φ if σ does not satisfy φ

Words(¬φ) = (Words(φ))c

σ satisfies X φ if A1A2A3 ... satisfies φ σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0

Words(pi) = { A0A1A2 ... | pi ∈ A0}

σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2

Words(φ1 ∧ φ2) = Words(φ1) ∩ Words(φ2)

σ satisfies ¬φ if σ does not satisfy φ

Words(¬φ) = (Words(φ))c

σ satisfies X φ if A1A2A3 ... satisfies φ

Words(X φ) = { A0A1A2 ... | A1A2 ··· ∈ Words(φ) }

σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

9/13

φ := true | pi | φ1 ∧ φ2 | ¬φ1 | X φ | φ1 U φ2 Every word satisfies true

Words(true) = AP-INF

σ satisfies pi if pi ∈ A0

Words(pi) = { A0A1A2 ... | pi ∈ A0}

σ satisfies φ1 ∧ φ2 if σ satisfies φ1 and σ satisfies φ2

Words(φ1 ∧ φ2) = Words(φ1) ∩ Words(φ2)

σ satisfies ¬φ if σ does not satisfy φ

Words(¬φ) = (Words(φ))c

σ satisfies X φ if A1A2A3 ... satisfies φ

Words(X φ) = { A0A1A2 ... | A1A2 ··· ∈ Words(φ) }

σ satisfies φ1 U φ2 if there exists j s.t. AjAj+1 ... satisfies φ2 and for all 1 ≤ i < j AiAi+1 ... satisfies φ1

Words(φ1Uφ2) = { A0A1A2 ... | ∃ j.AjAj+1 ··· ∈ Words(φ2) and ∀ 0 ≤ i < j. AiAi+1 ··· ∈ Words(φ1) }

9/13

F φ: true U φ

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ and for all 0 ≤ i < j AiAi+1 ... satisfies true

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ G φ: ¬ F ¬ φ

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ G φ: ¬ F ¬ φ σ satisfies F ¬ φ if there exists j s.t. AjAj+1 ... satisfies ¬ φ

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ G φ: ¬ F ¬ φ σ satisfies F ¬ φ if there exists j s.t. AjAj+1 ... satisfies ¬ φ σ satisfies ¬ F ¬ φ if σ does not satisfy F ¬ φ

10/13

F φ: true U φ σ satisfies true U φ if there exists j s.t. AjAj+1 ... satisfies φ G φ: ¬ F ¬ φ σ satisfies F ¬ φ if there exists j s.t. AjAj+1 ... satisfies ¬ φ σ satisfies ¬ F ¬ φ if σ does not satisfy F ¬ φ σ satisfies ¬ F ¬ φ if for all j AjAj+1 ... satisfies φ

10/13

{ p1 } { p1,p2 } { p2 } {}

request=1 ready request=1 busy request=0 ready request=0 busy

Transition System AP = { p1, p2 } Property LTL formula φ

11/13

{ p1 } { p1,p2 } { p2 } {}

request=1 ready request=1 busy request=0 ready request=0 busy

Transition System AP = { p1, p2 } Property LTL formula φ Transition system TS satisfies formula φ if Traces(TS) ⊆ Words(φ)

11/13

Words(φ) (Words(φ))c

12/13

Words(φ) Traces(TS) (Words(φ))c

12/13

Words(φ) Traces(TS) (Words(φ))c TS does not satisfy φ TS does not satisfy ¬φ

12/13

Words(φ) Traces(TS) (Words(φ))c TS does not satisfy φ TS does not satisfy ¬φ { p1 } { p2 } { p2 }

12/13

Words(φ) Traces(TS) (Words(φ))c TS does not satisfy φ TS does not satisfy ¬φ { p1 } { p2 } { p2 } Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1

12/13

Semantics of LTL

13/13

Unit-7: Linear Temporal Logic

• B. Srivathsan

Chennai Mathematical Institute

NPTEL-course July - November 2015

1/7

Module 3: A Puzzle

2/7

RIVER MAN GOAT WOLF CABBAGE

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

… Wolf and goat cannot be left in the same bank if man is not there

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

… Wolf and goat cannot be left in the same bank if man is not there

How can the man shift everyone to the right bank?

3/7

Coming next: Solution using LTL model-checking

4/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

man can carry a passenger which has same value as him

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

man can carry a passenger which has same value as him NuSMV demo

5/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf)

6/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf) NuSMV checks property on all paths

6/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf) NuSMV checks property on all paths Check !φ and look at the counter-example!

6/7

Summary

LTL model-checking

Use in planning problem

7/7

Reference

Section 3.3.2

• M. Huth and M. Ryan. Logic in Computer Science

(Second Edition, Cambridge University Press)

7/7

Unit-7: Linear Temporal Logic

• B. Srivathsan

Chennai Mathematical Institute

NPTEL-course July - November 2015

1/7

Module 3: A Puzzle

2/7

RIVER MAN GOAT WOLF CABBAGE

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

… Wolf and goat cannot be left in the same bank if man is not there

3/7

RIVER MAN GOAT WOLF CABBAGE … There is a boat that can be driven by the man … Man can take only one passenger in the boat with him at a time … Goat and cabbage cannot be left in the same bank if man is not

there

… Wolf and goat cannot be left in the same bank if man is not there

How can the man shift everyone to the right bank?

3/7

Coming next: Solution using LTL model-checking

4/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

man can carry a passenger which has same value as him

5/7

RIVER man = 0 goat = 0 wolf = 0 cabbage = 0 man = 1 goat = 1 wolf = 1 cabbage = 1 carry = {g,w,c,0}

man can carry a passenger which has same value as him NuSMV demo

5/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf)

6/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf) NuSMV checks property on all paths

6/7

Need a path in this transition system which satisfies: φ: ((goat = cabbage | wolf = goat) -> man = goat) U (man & cabbage & goat & wolf) NuSMV checks property on all paths Check !φ and look at the counter-example!

6/7

Summary

LTL model-checking

Use in planning problem

7/7

Reference

Section 3.3.2

• M. Huth and M. Ryan. Logic in Computer Science

(Second Edition, Cambridge University Press)

7/7