ltl model checking
Download
Skip this Video
Download Presentation
LTL Model Checking

Loading in 2 Seconds...

play fullscreen
1 / 22

LTL Model Checking - PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on

LTL Model Checking. Radu Iosif ([email protected]). Linear Temporal Logic (LTL) Not exclusively for model checking Also meant for deduction ( Manna, Pnueli) So, there must be some equations involving LTL terms. Kripke Structures AP = {p, q, r, … } is a set of atomic propositions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' LTL Model Checking' - cate


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2
Linear Temporal Logic (LTL)
  • Not exclusively for model checking
  • Also meant for deduction(Manna, Pnueli)
  • So, there must be some equationsinvolving LTL terms
slide3
Kripke Structures
  • AP = {p, q, r, … } is a set of atomic propositions
  • K = <S, R, L> is a K-structure, where:
    • S is a finite set of states
    • R  S x S is a transition relation
    • L : S  P(AP)is a labeling function
  • w=x0, x1, …   = s0, s1, … such that xi L(si) for all i  0
slide4
LTL Syntax
  • p  AP is a formula
  • true is a formula
  • if f, g are formulae, then:
    •  f
    • f  g
    • X f
    • f U g

are formulae

slide5
LTL Semantics

Defined on Kripke structures K=(S, R, L):

  • K,  = true always
  • K,  = p iff = s0,s1,…and p  L(s0)
  • K,  = f iff not K,  = f
  • K,  = fg iff K,  = f or K,  = g
  • K,  = X f iff = s0,s1,s2, …and K, s1,s2, … = f
  • K,  = f U g iff k  0 . K,  = g and 0  i < k K,  = f
slide6
LTL Syntactic Sugar

We write:

  • false   true
  • fg  (f  g)
  • Fg true U g
  • Gf  F (f)
  • f W g  (Gf )  (f U g) (weak until)
  • f V g  (f U g) (release)
slide7
LTL equations

f U g = g  (f  X(f U g))

f V g = g  (f  X(f V g))

= (g  f)  (g  X(f V g))

  • hold for every K,  assuming that  is an infinite path
slide8
LTL model checking

The model checking problem:

  • find whether a path  generated by a Kripke structure K is a model for a LTL formula f (notation K,  = f)

To model check an LTL formula f:

  • first negate it then derive the negation normal form
  • Then build an automaton [A f] out of the negated formula
  • The problem is reduced to finding out whether

L(A f)  L(K) = 

slide9
Negation normal form: example

((A U (B U C))  D) = (A U (B U C))  D

= (A V (B U C))  D

= (A V (B V C))  D

slide10
TABLEAU

A tableau is a proof process represented by a graph, in which edges represents actually steps taken by the prover, and nodes intermediate states in the proof

A node in the tableau consists of:

  • name = unique name of the node
  • incoming = set of ancestors
  • new = current proof obligation
  • old = already met proof obligation
  • next = proof obligation in the next state
tableau for p u q
Tableau for p U q

name = Node1 incoming = {init}

new = {p U q} old = {} next = {}

Nodes = {}

tableau for p u q1
Tableau for p U q

name = Node1 incoming = {init}

new = {p U q} old = {} next = {}

Nodes = {}

name = Node2 incoming = {init}

new = {q} old = {p U q} next = {}

name = Node3 incoming = {init}

new = {p} old = {p U q} next = {p U q}

tableau for p u q2
Tableau for p U q

name = Node1 incoming = {init}

new = {p U q} old = {} next = {}

Nodes = {}

name = Node2 incoming = {init}

new = {q} old = {p U q} next = {}

name = Node3 incoming = {init}

new = {p} old = {p U q} next = {p U q}

name = Node2’ incoming = {init}

new = {} old = {q, p U q} next = {}

tableau for p u q3
Tableau for p U q

Nodes ={2’}

name = Node2’ incoming = {init}

new = {} old = {q, p U q} next = {}

name = Node2’’ incoming = {Node2’}

new = {} old = {} next = {}

tableau for p u q4
Tableau for p U q

Nodes ={2’, 2’’}

name = Node2’ incoming = {init}

new = {} old = {q, p U q} next = {}

name = Node2’’ incoming = {Node2’, Node2’’}

new = {} old = {} next = {}

name = Node2’’’ incoming = {Node2’’}

new = {} old = {} next = {}

tableau for p u q5
Tableau for p U q

name = Node1 incoming = {init}

new = {p U q} old = {} next = {}

Nodes = {2’, 2’’}

name = Node2 incoming = {init}

new = {q} old = {p U q} next = {}

name = Node3 incoming = {init}

new = {p} old = {p U q} next = {p U q}

name = Node3’ incoming = {init}

new = {} old = {p, p U q} next = {p U q}

tableau for p u q6
Tableau for p U q

name = Node3 incoming = {init}

new = {p} old = {p U q} next = {p U q}

Nodes ={2’, 2’’, 3’}

name = Node3’ incoming = {init}

new = {} old = {p, p U q} next = {p U q}

name = Node3’’ incoming = {Node3’}

new = {p U q} old = {} next = {}

tableau for p u q7

name = Node3’’ incoming = {Node3’}

new = {p U q} old = {} next = {}

name = Node4 incoming = {Node3’}

new = {q} old = {pUq} next = {}

name = Node5 incoming = {Node3’}

new = {p} old = {pUq} next = {pUq}

Tableau for p U q

Nodes ={2’, 2’’, 3’}

tableau for p u q8

incoming(2’) = {init, Node3’}

Tableau for p U q

name = Node3’’ incoming = {Node3’}

new = {p U q} old = {} next = {}

name = Node4 incoming = {Node3’}

new = {q} old = {pUq} next = {}

name = Node5 incoming = {Node3’}

new = {p} old = {pUq} next = {pUq}

name = Node4’ incoming = {Node3’}

new = {} old = {q, pUq} next = {}

tableau for p u q9

incoming(3’) = {init, Node3’}

Tableau for p U q

name = Node3’’ incoming = {Node3’}

new = {p U q} old = {} next = {}

name = Node4 incoming = {Node3’}

new = {q} old = {pUq} next = {}

name = Node5 incoming = {Node3’}

new = {p} old = {pUq} next = {pUq}

name = Node5 incoming = {Node3’}

new = {} old = {p, pUq} next = {pUq}

resulting automaton
Resulting automaton

init

{p}

{q}

Node2’

{q}

Node3’

{p}

{} = true

Node2’’

An LTL formula f is satisfied iff there exists an infinite path in Af containing an acceptance state infinitely often

{} = true

slide22
Automata-Theoretic model checking
  • Invented by Vardi and Wolper in the 80’s
  • Implemented in SPIN in the 90’s
  • Language intersection problem L(A f)  L(K) = is reduced to:
    • computing the synchronous product (A f ) x K
    • checking whether the synchronous product contains an acceptance cycle
    • if so, there exists a violation of f on some execution path of K
    • the model checker will show us the counterexample
ad