1 / 19

Implementing an LTL-to-Büchi Translator in Erlang

Implementing an LTL-to-Büchi Translator in Erlang. A ProTest Experience Report Hans Svensson Chalmers University of Technology Edinburgh – 2009-09-05. Background. McErlang was going public Encoding properties using hand-written Erlang monitors not very user friendly

benson
Download Presentation

Implementing an LTL-to-Büchi Translator in Erlang

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Implementing an LTL-to-Büchi Translator in Erlang A ProTest Experience Report Hans Svensson Chalmers University of Technology Edinburgh – 2009-09-05

  2. Background McErlang was going public Encoding properties using hand-written Erlang monitors not very user friendly Wanted to provide support for properties in LTL No existing LTL-to-Büchi implementation in Erlang Licensing issues Aesthetics

  3. LTL formulas If AP is a non-empty and finite set of atomic propositions, the LTL formulas are: All p ∍ AP are LTL formulas If ϕ and Ψ are LTL formulas, then ¬ ϕ, ϕ ∧ Ψ, X ϕ, ϕ U Ψ are LTL formulas

  4. LTL formulas p p p p q Linear Time Logic, i.e. discrete steps in a linear fashion. NeXt - X p is true if p is true in the ‘next step’ Until – p Uq is true if p is true in all steps until a step where q is true

  5. LTL formulas For convenience additional operators are often defined, such as: Always - ⎕ ϕ ≣ ¬ (true U ¬ ϕ) Eventually - ◇ ϕ ≣ true Uϕ

  6. LTL Model Checking Specification (LTL formula) (Finite) model of the system (state-transition graph) Not directly checkable Close correspondence between LTL formulas and Büchi automata [Wolper et. al. 83] McErlang can check against Büchi automaton

  7. Büchi automata • A Büchi automaton is a tuple <Σ,Q,Δ,Q0,F> • Σ is the alphabet • Q is the finite set of states • Δ ⊆ Q x Σ x Q is the transition relation • Q0 is the set of initial states • F ⊆ Q is the set of accepting states • A Büchi automaton accepts infinite sequences iff there exists a path that visits an accepting state infinitely often

  8. Büchi automata a s1 s2 b a b • Σ = {a,b} • Q = {s1,s2} • Q0= {s1} • Δ = {(s1,a, s2), (s2,a, s2), (s2,b, s1), (s1,b, s1)} • F = {s2}

  9. Translating LTL to Büchi Intuition: Express everything in terms of Until Repeatedly expand: p U q = q ∨ (p ∧ X (p U q)) Keep track of equivalent steps

  10. Translation – Three steps Rewrite – Use heuristics to simplify LTL formula [Somenzi & Bloem 00] Core translation- construct basic Büchi automaton using repeated expansion. (Tableau-based algorithm) [Gerth et.al. 96] Reduce and Optimize –apply simplification and reduction algorithms [Etessami & Holzmann 00]

  11. Implementation Quite straightforward from the literature!? NO! Don’t start implementing just yet! First think about properties for the system In this case the properties are known in literature! [Tauriainen & Heljanko 02]

  12. Testing the translation Generate ϕ ϕ ¬ ϕ LTL-to-Büchi translator A LTL-to-Büchi translator A BA BA BA BA ¬ ϕ ϕ Intersection ¬ ϕ ϕ ⊗ Check emptiness OK Fail

  13. Testing the translation prop_test_ltl2buchi(LTL2B_1,LTL2B_2) -> ?FORALL(Phi, ltl_formula(), begin BA1 = LTL2B_1(Phi), BA2 = LTL2B_2(ltl:negate(Phi)), BA1xBA2 = buchi:intersection(BA1,BA2), buchi:is_empty(BA1xBA2) end). Testing using QuickCheck Straightforward translation into property

  14. Generating LTL formulas ltl_formula() -> ?SIZED(Size, ltl_formula(Size)). ltl_formula(0) -> lprop(); ltl_formula(S) -> Smaller = ltl_formula(S div 2), oneof([ {land,Smaller,Smaller}, {lor,Smaller,Smaller}, {next,ltl_formula(S – 1)}, {eventually,ltl_formula(S - 1)}, {always, ltl_formula(S - 1)}, {lnot, ltl_formula(S – 1)}]).

  15. Implementation Almost trivial!! Implement algorithms and check with QuickCheck Errors are found early, and counter examples show where the errors are. More tests were used, described in the paper.

  16. Results Passes an extensive amount of QuickCheck tests Performs on par (or better) than the reference implementations* (JavaPathExplorer LTL2Büchi and Wring) * Disclaimer: Only measured for random LTL formulas

  17. Distribution • Included in McErlang distribution (only translator) • Full version can be retrieved from GitHub: http://github.com/hanssv/Erlang-LTL2Buchi/ • Test code and example parser is included.

  18. Conclusions Property Driven Development works!* (But we already knew that) Implementation gets simpler More confidence in correctness * Although this project fits exceptionally well into the PDD idea…

  19. ProTest This project was sponsored by: EU FP7 Collaborative project ProTest(grant number 215868) http://www.protest-project.eu

More Related