This presentation is the property of its rightful owner.
1 / 27

# Translating from LTL to automata PowerPoint PPT Presentation

Translating from LTL to automata. Why translating?. Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure) satisfies this property.

Translating from LTL to automata

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

### Why translating?

• Want to write the specification in some logic.

• Want to check that an automaton (or a Kripke structure) satisfies this property.

• The check (“model-checking”) will be based on automata operations – hence we need to translate the property to automata.

T

p

T

p

p

q

p

T

T

### From formulas to Buchi automta

Fp

p U q

GFp

Gp

Now try yourself:

FGp, a U (b U c), X(p U (q Æ r))

### A translation algorithm

• So now we need to show an algorithmic translation from LTL to Buchi

• It will work in two stages:

• Translate to Generalized Buchi

• Degeneralization.

### Preprocessing

• Convert into normal form, where negation only applies to propositional variables.

• ¬G becomes F¬.

• ¬F becomes G¬.

• ¬( U )becomes(¬) R (¬),

• ¬(  R )becomes(¬) U (¬).

### Preprocessing

• Convert to Negation Normal Form

• Push negations over propositional conenctives, and eliminate operators other thanÆ,Ç

• Eliminate G

• Replace G by (False R).

• (in general we can stay withU, R, X)

### Example

• Translate (GFP ) ! ( GFQ )

• Eliminate implication ¬(GF P ) Ç (GF Q )

• Eliminate G, F:¬( False R ( True U P ) ) Ç ( False R ( True U Q ) )

• Push negation inwards:(True U (False R¬P ) ) Ç ( False R ( True U Q ) )

### And now...

• We need to build an automaton that accepts exactly those words that satisfy .

### Content

• The construction continues as follows:

• Build the Local Automaton

• This automaton guarantees that the word satisfies all conditions imposed by the formula

• Build the Eventuality Automaton

• Eventualities : formulas of the form Fφand φ1U φ2

• The problem is that nothing prevents us from postponing forever the time at which (eventuality) formula will be true

• Compose them

### The Local Automaton

• Closure of : all the subformulas ofand their negations.

• Formally: cl() is the smallest set of formulas satisfying the following conditions

• φ ∈ cl(φ)

• φ1∈ cl(φ) ⇒¬φ1 ∈ cl(φ)

• φ1∧ φ2∈ cl(φ) ⇒φ1 , φ2∈ cl(φ)

• φ1∨ φ2∈ cl(φ) ⇒ φ1 , φ2∈ cl(φ)

• Xφ1∈ cl(φ) ⇒φ1 ∈ cl(φ)

• Fφ1∈ cl(φ) ⇒ φ1 ∈ cl(φ)

• φ1U φ2∈ cl(φ) ⇒φ1 , φ2∈ cl(φ)

• φ1R φ2∈ cl(φ) ⇒φ1 , φ2∈ cl(φ)

### The Local Automaton / Alphabet, states

• The local automaton is L = (∑, SL, ρL, IL, FL)

• The alphabet ∑

• ∑ µ 2cl(φ)

• ∑ elements are consistent: for s2∑ and f ∈ cl(φ): f ∈ s ¬f ∉ s

• The states SL

• All propositionally consistent subsets s of cl(φ):

• φ1 ∈ s¬φ1 ∉ s

### The Local Automaton / Transition relation

The edges:

• ρL(s, a) must check the next state is compatible with the semantics of the temporal operators.

• Let t ∈ ρL(s, a). Then:

• Xφ1∈ sφ1∈ t

• Fφ1∈ sφ1 ∈ sor Fφ1∈ t

• φ1U φ2∈ s (φ2∈ s) or (φ1∈ sand φ1U φ2∈ t)

• φ1R φ2∈ s (φ1 ⋀φ2∈ s) or (φ2∈ sand φ1R φ2∈ t)

The labeling on the edges:

• For a state s;, s is the label on all the outgoing edges from s.

### The Local Automaton / Initial + final states

• The initial states IL

• ... is the set of states that include the formula

• The accepting states FL

• ... is the set of all states

### Example: Local Automaton for Fp

• Closure of Fp

• cl(Fp) = {Fp, p, ¬Fp, ¬p}

• SL= {{Fp, p}, {¬Fp, p}, {Fp, ¬p}, {¬Fp, ¬p}}

### Local Automaton forFp

{Fp, p}

{Fp, ¬p}

{¬Fp, p}

{¬Fp, ¬p}

• Recall the defnition: (Fp∈ s)  (p∈ s or Fp∈ t)(t is the target state)

Top-right: Since p s then t can only be such thatFp 2 t.

Top left: Since p 2 s then all states can be t.

Bottom left: contradictory, hence no point in this state (can be removed)

Bottom right: since the condition above is iff relation, then we need that

(:p 2 s) and (:Fp 2 t).

### Local Automaton forFp (labels)

{Fp, ¬p}

{Fp, p}

{Fp, p}

{Fp, p}

{Fp, ¬p}

{Fp, ¬p}

{Fp, p}

{¬Fp, ¬p}

{¬Fp, p}

{¬Fp, ¬p}

Recall: the edge labels are equivalent to the source state names.

### The Eventuality Automaton

• Eventuality automaton is supposed to check that the eventualities are realized

• Check formulas of the form

• φ1U φ2

• Fφ // special case of U

### The Eventuality Automaton/ Alphabet, states

• Ev = (∑, 2ev(φ), ρF, {{}}, F)

• The alphabet

• ∑ µ2cl(φ)

• ∑ elements are consistent: for s2∑ and f ∈ cl(φ): f ∈ s ¬f ∉ s

• The states 2ev(φ)

• The set of subsets of the eventualities of the formula φ

• A state {e1, …, ek} means that the eventualities e1, …, ekstill have to be realized

### The Eventuality Automaton/ Transition relation, initial state

• The transition ρF

• Lett ∈ ρF(s,a)

• ForFφ :Fφ ∈ t φ ∉ a

• For φ1U φ2: φ1U φ2∈ t φ2∉ a

• The initial state : {}

### The Eventuality Automaton/ accepting states

• The acceptance condition F is complicated... 

• When can we accept a state s?

• if s has an eventuality, it satisfies it.

• Examples:

• s is accepting: s ={pUq,:p, q} s = {:pUq,:p, :q}

• s is not accepting: s ={pUq, p, :q} s = {pUq, :p, :q}

### The Eventuality Automaton/ accepting states

• The acceptance condition, formaly:

• Let ei be an eventuality condition i’ Ui

• Suppose we have the eventuality conditions e1,...,em.

• Then F is a generalized Buchi condition:F = {Á1,...,Ám} whereÁi = {s 2 S | ei2 s !i2 s}

• In our example:

• We have two states: {} and {Fp}

• Thus,Fcontains the single state {}

### ExampleEventuality automaton

{Fp, p}

{¬Fp, ¬p}

{¬Fp, p}

{Fp, ¬p}

{Fp, ¬p}

{}

{Fp}

{¬Fp, ¬p}

{¬Fp, p}

{Fp, p}

We can begin with all edges and all labels and then remove those that are incompatible with the condition we saw in the previous slide:

The condition is: Fp∈ t p∉ a

• Q: When is this automaton satisfied?

• A: When all eventualities are satisfied.

### Composing the two automata

• M = (∑, SM, ρM ,NM0, FM)

• ∑ µ 2cl()

• SM = SL x 2ev(φ)(Cartesian Product)

• (p, q) ∈ ρM((s, t), a)  p ∈ ρL(s, a) and q ∈ ρF(t, a)

• NM0 = Nφ x {}

• FM = NL x {}

### Example Composing the two automata

The propositions are the ‘real’ labels.

({¬Fp, ¬p} ,Fp)

({Fp, ¬p} ,Fp)

p

:p

({Fp, p},Fp)

p

:p

({Fp, ¬p} ,{})

({Fp, p},{})

({¬Fp, ¬p} ,{})

:p

### Example Composing the two automata

Equivalently: labels move to outgoing edges.

p

({Fp, ¬p} ,Fp)

:p

({Fp, p},Fp)

p

p

:p

p

:p

p

({Fp, ¬p} ,{})

({Fp, p},{})

:p

p

({¬Fp, ¬p} ,{})

:p

### Optimizations...

p

:p

:p

p

p

:p

p Ç:p

true

:p

p

There are optimizations that make the automaton much smaller:

If we define the alphabet ∑ as formulas over AP we can do better:

### Conclusion

• The number of States

• Local Automaton : 2cl(φ) = O(22|φ|)

• Eventuality Automaton : 2ev(φ) = O(2|φ|)

• Composed Automata : 2cl(φ) X 2ev(φ) = O(23|φ|)

• |φ| is length of formula φ