3. linear temporal logic - fanghuixing · linear temporal logic 17 / 48. outline 1 syntax 2...
TRANSCRIPT
3. Linear Temporal Logic
Huixing Fang
School of Information EngineeringYangzhou University
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 2 / 48
1 Syntax
Definition 1 (Syntax of LTL)
ϕ ::= true | a | ϕ1 ∧ ϕ2 | ¬ϕ | #ϕ | ϕ1 Uϕ2
where a ∈ AP. Precedence order: ¬ = # > U > ∧.
atomic prop.a s0
as1 s2 s3 ...
next operator#a s0 s1
as2 s3 ...
until operatoraUb s0
as1a
s2b
s3 ...
eventually ♦b s0 s1 s2 s3b
...
always �a s0a
s1a
s2a
s3a
...
The until operator allows toderive modalities:
1 ♦(“eventually”)♦ϕ = trueUϕ
2 � (“always”)�ϕ = ¬♦¬ϕ
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 3 / 48
1 Syntax
Example 2mutual exclusion: �(¬crit1 ∨ ¬crit2) (1)railroad-crossing: �(train is near → gate is closed) (2)progress property: �(request → ♦response) (3)traffic light: �(yellow ∨#¬red) (4)infinitely often: �♦ϕ (5)eventually forever: ♦�ϕ (6)unconditional fairness: �♦criti (7)strong fairness: �♦waiti → �♦criti (8)weak fairness: ♦�waiti → �♦criti (9)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 4 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 5 / 48
2 Semantics
Definition 3 (Semantics of LTL over Infinite Words)The satisfaction relation between interpretation σ = A0A1A2... ∈ (2AP)ωand LTL formula is defined as follows:
1. σ |= true
2. σ |= a iff A0 |= a, i.e., a ∈ A0
3. σ |= ϕ1 ∧ ϕ2 iff σ |= ϕ1 and σ |= ϕ2
4. σ |= ¬ϕ iff σ 6|= ϕ
5. σ |= #ϕ iff suffix(σ, 1) = A1A2A3... |= ϕ
6. σ |= ϕ1 Uϕ2 iff there exists j ≥ 0 such thatsuffix(σ, j) = AjAj+1Aj+2... |= ϕ2 andsuffix(σ, i) = Ai Ai+1Ai+2... |= ϕ1, for 0 ≤ i < j
LT property of LTL formula ϕ: Words(ϕ) = {σ ∈ (2AP)ω | σ |= ϕ}.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 6 / 48
2 Semantics
Review of execution, paths and tracesFor transition system TS with labeling function L : S → 2AP ,
1 execution: states + actions, s0α1−→ s1
α2−→ s2α3−→ ...
2 paths: sequences of states, π = s0 s1 s2 ...
3 traces: sequences of sets of atomic propositionstrace(π) = L(s0)L(s1)L(s2)... ∈ (2AP)ω
Semantics of ♦ and � over Infinite WordsFor σ = A0A1A2... ∈ (2AP)ω, and LTL formula ϕ
1. σ |= ♦ϕ iff there exists j ≥ 0 such that AjAj+1Aj+2... |= ϕ
2. σ |= �ϕ iff for all j ≥ 0 we have AjAj+1Aj+2... |= ϕ
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 7 / 48
2 Semantics
Definition 4 (Semantics of LTL over Paths and States)Let TS = (S,Act,→, S0,AP, L) without terminal states, and let ϕ be anLTL formula over AP.
1 For infinite path fragment π of TS, the |= relation is defined byπ = s0s1s2... |= ϕ iff trace(π) |= ϕ
iff trace(π) ∈Words(ϕ) = {σ ∈ (2AP)ω | σ |= ϕ}
2 For state s ∈ S, the |= relation is defined bys |= ϕ iff ∀π ∈ Paths(s). π |= ϕ
iff s |= Words(ϕ)iff Traces(s) ⊆Words(ϕ)
Paths(s) = set of all maximal path fragments starting in state sTraces(s) = {trace(π) | π ∈ Paths(s)}
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 8 / 48
2 Semantics
Example 5 (LTL-semantics over paths)
s0
{a}
s1
∅
s2
{a, b}
AP = {a, b}π = s0s1s2s2...
trace(π)= L(s0)L(s1)L(s2)...= {a}∅{a, b}ω
π |= a, π 6|= bπ |= #(¬a ∧ ¬b)π |= ##(a ∧ b)π |= (¬b)U(a ∧ b)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 9 / 48
2 Semantics
Example 6 (LTL-semantics over paths)
s0
{a}
s1
∅
s2
{a, b}
AP = {a, b}π = s0s1s0s1...
trace(π)= L(s0)L(s1)L(s0)L(s1)...= {a}∅{a}∅
π |= aUb, (?)π |= ♦b → (aUb), (?)π |= ##¬b, (?)π |= �a, (?)π |= �♦a, (?)π |= ♦�a, (?)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 10 / 48
2 Semantics
Definition 7 (Interpretation of LTL formulas over TS)Let TS = (S,Act,→, S0,AP, L) without terminal states, and let ϕ be anLTL formula over AP.
TS |= ϕ iff s0 |= ϕ for all s0 ∈ S0
iff trace(π) |= ϕ for all π ∈ Paths(TS)iff Traces(TS) ⊆Words(ϕ)iff TS |= Words(ϕ)
Review-1: An LT property over AP is a language E of infinite words overthe alphabet Σ = 2AP , i.e., E ⊆ (2AP)ω.Review-2: Satisfaction relation |= for TS and LT property E , TS |= E iffTraces(TS) ⊆ E .
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 11 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 12 / 48
3 Specifying Properties
LTL-formulas for MUTEX protocols, AP = {wait1, crit1,wait2, crit2}1 the mutual exclusion property
ϕm = �(¬crit1 ∨ ¬crit2)
2 every process enters the critical section infinitely often
ϕ` = �♦crit1 ∧�♦crit2
3 every waiting process finally enters its critical section
ϕf = �(wait1 → ♦crit1) ∧�(wait2 → ♦crit2)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 13 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 14 / 48
4 Equivalence of LTL Formulae
Definition 8 (Equivalence of LTL formulas)LTL formulae ϕ1, ϕ2. ϕ1 ≡ ϕ2 iff Words(ϕ1) = Words(ϕ2) iff for alltransition systems T , T |= ϕ1 ⇔ T |= ϕ2.
Duality Rule: ¬#ϕ ≡ #¬ϕProof:
A0A1... |= ¬#ϕ
iff A0A1... 6|= #ϕ
iff A1A2... 6|= ϕ
iff A1A2... |= ¬ϕiff A0A1A2... |= #¬ϕ
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 15 / 48
4 Equivalence of LTL Formulae
The expansion laws describe the temporal modalities U, ♦, and � bymeans of a recursive equivalence.
1 until: ϕUψ ≡ ψ ∨ (ϕ ∧# ϕUψ ) least fixed point2 eventually: ♦ψ ≡ ψ ∨# ♦ψ least fixed point3 always: �ψ ≡ ψ ∧# �ψ greatest fixed point
Expansion laws are fixed point equations
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 16 / 48
4 Equivalence of LTL Formulae
Until is the Least Solution of the Expansion Law (Lemma 5.18)For LTL formuae ϕ and ψ, Words(ϕUψ) is the least LT propertyP ⊆ (2AP)ω such that:
Words(ψ) ∪ {A0A1A2... ∈Words(ϕ) | A1A2... ∈ P} ⊆ P (∗)
Moreover, Words(ϕUψ) agrees with the set
Words(ψ) ∪ {A0A1A2... ∈Words(ϕ) | A1A2... ∈Words(ϕUψ)}
The formulation “least LT property satisfying condition (*)” means thatthe following conditions hold:
1 P = Words(ϕUψ) satisfies (∗)2 Words(ϕUψ) ⊆ P for all LT properties P satisfying (∗)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 17 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 18 / 48
5 Weak Until, Release, and Positive Normal Form
The weak until operator W:
ϕWψ = (ϕUψ) ∨�ϕ
Deriving “always” and “until” from “weak until”:�ϕ ≡ ϕWfalse
ϕUψ ≡ (ϕWψ) ∧ ♦ψ
Duality of U and W:
¬(ϕUψ) ≡ (¬ψ)W(¬ϕ ∧ ¬ψ)¬(ϕWψ) ≡ (¬ψ)U(¬ϕ ∧ ¬ψ)
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 19 / 48
5 Weak Until, Release, and Positive Normal Form
Expansion laws for U and W:
ϕUψ ≡ ψ ∨ (ϕ ∧#(ϕUψ))ϕWψ ≡ ψ ∨ (ϕ ∧#(ϕWψ))
Weak-Until is the Greatest Solution of the Expansion Law (Lemma 5.19)
Words(ϕUψ) is the smallest LT-property P such that
Words(ψ) ∪ {A0A1A2... ∈Words(ϕ) | A1A2... ∈ P} ⊆ P
Words(ϕWψ) is the largest LT-property P such that
P ⊆Words(ψ) ∪ {A0A1A2... ∈Words(ϕ) | A1A2... ∈ P}
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 20 / 48
5 Weak Until, Release, and Positive Normal Form
Positive Normal Form for LTL (Weak-until PNF)For a ∈ AP, the set of LTL formulae in weak-until positive normal form(weak-until PNF) is given by:
ϕ ::= true | false | a | ¬a|ϕ1 ∧ ϕ2 | ϕ1 ∨ ϕ2 | #ϕ | ϕ1 Uϕ2 | ϕ1 Wϕ2
PNF also sometimes called negation normal form (NNF)
♦ and � can be derived:
♦ϕ = trueUϕ�ϕ = ϕWfalse
Each LTL formula can be transformed into an equivalent LTL formula inPNF
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 21 / 48
5 Weak Until, Release, and Positive Normal Form
Each LTL formula can be transformed into an equivalent LTL formula inPNF by using the following transformations:
¬true false
¬false true
¬¬ϕ ϕ
¬(ϕ ∧ ψ) ¬ϕ ∨ ¬ψ¬#ϕ #¬ϕ
¬(ϕUψ) (ϕ ∧ ¬ψ)W(¬ϕ ∧ ¬ψ)...
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 22 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 23 / 48
6 Fairness in LTL
Fairness Constraints1 Unconditional fairness: e.g.,“Every process gets its turn infinitely
often.”2 Strong fairness: e.g., “Every process that is enabled infinitely often
gets its turn infinitely often.”3 Weak fairness: e.g., “Every process that is continuously enabled from
a certain time instant on gets its turn infinitely often.”
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 24 / 48
6 Fairness in LTL
Definition 9 (Unconditional, Strong, and Weak Fairness)For transition system TS = (S,Act,→, I,AP, L) without terminal states,A ⊆ Act, and infinite execution fragment ρ = s0
α0−→ s1α1−→ ... of TS:
1 ρ is unconditionally A-fair whenever∞∃ j . αj ∈ A.
2 ρ is strongly A-fair whenever (∞∃ j . Act(sj) ∩ A 6= ∅)⇒ (
∞∃ j . αj ∈ A).
3 ρ is weakly A-fair whenever (∞∀ j . Act(sj) ∩ A 6= ∅)⇒ (
∞∃ j . αj ∈ A).
∞∃ j : there are infinitely many j .∞∀ j : for nearly all j , for all, except for finitely many j .The variable j ranges over the natural numbers.
For state s, let Act(s) denote the set of actions that are executable instate s,
Act(s) = {α ∈ Act | ∃s ′ ∈ S. s α−→ s ′}
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 25 / 48
6 Fairness in LTL
Definition 10 (Fairness Assumption)A fairness assumption for Act is a triple
F = (Fucond ,Fstrong ,Fweak)
with Fucond ,Fstrong ,Fweak ⊆ 2Act . Execution ρ is F-fair if1 it is unconditionally A-fair for all A ∈ Fucond ,2 it is strongly A-fair for all A ∈ Fstrong , and3 it is weakly A-fair for all A ∈ Fweak .
Remark: A is a set of actions.
1 FairPathsF (s) : the set of F-paths of s (i.e., infinite F-fair pathfragments that start in state s).
2 FairPathsF (TS) : set of F-fair paths that start in some initial stateof TS.
3 FairTracesF (s) = trace(FairPathsF (s))Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 26 / 48
6 Fairness in LTL
Definition 11 (Fair Satisfaction Relation for LT Properties)Let P be an LT property over AP and F a fairness assumption over Act.Transition system TS = (S,Act,→, I,AP, L) fairly satisfies P, notationTS |=F P, iff FairTracesF (TS) ⊆ P.
In case a transition system has traces that are not F-fair, then in generalwe are confronted with a situation
TS |=F P whereas TS 6|= P
By restricting the validity of a property to the set of fair paths, theverification can be restricted to “realistic” executions.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 27 / 48
6 Fairness in LTL
Definition 12 (LTL Fairness Constraints and Assumptions)Let Φ and Ψ be propositional logic formulae over AP.
1 An unconditional LTL fairness constraint is an LTL formula of theform
ufair = �♦Ψ.2 A strong LTL fairness condition is an LTL formula of the form
sfair = �♦Φ→ �♦Ψ.
3 A weak LTL fairness constraint is an LTL formula of the form
wfair = ♦�Φ→ �♦Ψ.
An LTL fairness assumption is a conjunction of LTL fairness constraints(of any arbitrary type).
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 28 / 48
6 Fairness in LTLNotations:
1 LTL fairness assumptions are a conjunction of unconditional, strong,and weak fairness assumptions: fair = ufair ∧ sfair ∧ wfair .
2 Set of all fair paths starting in s,FairPaths(s) = {π ∈ Paths(s) | π |= fair}
3 Set of all traces induced by fair paths starting in s,FairTraces(s) = {trace(π) | π ∈ FairPaths(s)}
Definition 13 (Satisfaction Relation for LTL with Fairness)For state s in transition system TS (over AP) without terminal states,LTL formula ϕ, and LTL fairness assumption fair let
s |=fair ϕ iff ∀π ∈ FairPaths(s). π |= ϕ andTS |=fair ϕ iff ∀s0 ∈ I.s0 |=fair ϕ.
TS satisfies ϕ under fair if ϕ holds for all fair paths that originate fromsome initial state.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 29 / 48
6 Fairness in LTL
Theorem 14 (Reduction of |=fair to |=)For transition system TS without terminal states, LTL formula ϕ, and LTLfairness assumption fair :
TS |=fair ϕ iff TS |= fair → Φ.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 30 / 48
Outline
1 Syntax
2 Semantics
3 Specifying Properties
4 Equivalence of LTL Formulae
5 Weak Until, Release, and Positive Normal Form
6 Fairness in LTL
7 Automata-Based LTL Model Checking
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 31 / 48
7 Automata-Based LTL Model Checking
For transition system TS and LTL formula ϕ, let A be an NBA(Nondeterministic Buchi Automaton) with Lω(A) = Words(¬ϕ) :
TS |= ϕ iff Traces(TS) ⊆Words(ϕ)iff Traces(TS) ∩ ((2AP)ω \Words(ϕ)) = ∅iff Traces(TS) ∩Words(¬ϕ) = ∅iff Traces(TS) ∩ Lω(A) = ∅
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 32 / 48
7 Automata-Based LTL Model Checking
Algorithm 1: Automaton-based LTL model checkingInput: finite transition system TS and LTL formula ϕ (both over AP)Output: “yes” if TS |= ϕ; otherwise, “no” plus a counterexample
1 Construct an NBA A¬ϕ such that Lω(A¬ϕ) = Words(¬ϕ)2 Construct the product transition system TS ⊗ A¬ϕ3 if ∃π ∈ Pahts(TS ⊗ A¬ϕ) satisfying the accepting condition of A then4 return “no” and an expressive prefix of π5 else6 return “yes”7 end
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 33 / 48
7 Automata-Based LTL Model Checking
TS |= LTL-formula ϕiff Traces(TS) ∩ Lω(A¬ϕ) = ∅iff there is NO path 〈s0, q0〉〈s1, q1〉〈s2, q2〉...
in TS ⊗ A¬ϕ s.t. qi ∈ F for infinitely many i ∈ Niff TS ⊗ A¬ϕ |= ♦�¬F
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 34 / 48
7 Automata-Based LTL Model Checking
Definition 15 (Nondeterministic Buchi Automaton (NBA))A Buchi automaton (NBA) A is a tuple A = (Q,Σ, δ,Q0,F ) where
Q is a finite set of states,Σ is an alphabet,δ : Q × Σ→ 2Q is a transition function,Q0 ⊆ Q is a set of initial states, andF ⊆ Q is a set of accept states, called the acceptance set.
A run for σ = A0A1A2... ∈ Σω denotes an infinite sequence q0q1q2...
of states in A such that q0 ∈ Q0 and qiAi−→ qi+1 for i ≥ 0.
Run q0q1q2... is accepting if qi ∈ F for infinitely many indices i ∈ N.The accepted language of A isLω(A) = {σ ∈ Σω | there exists an accepting run for σ in A}
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 35 / 48
7 Automata-Based LTL Model Checking
Definition 16 (Nonblocking NBA)Let A = (Q,Σ, δ,Q0,F ) be an NBA. A is called nonblocking ifδ(q, a) 6= ∅ for all states q and all symbols a ∈ Σ.
Remark: For each NBA A there exists a nonblocking NBA trap(A) with|trap(A)| = O(|A|) and A ≡ trap(A).In nonblocking NBA trap(A),
δ′(q,A) =
δ(q,A) if q ∈ Q and δ(q,A) 6= ∅{qtrap} otherwise
trap(A) is obtained from A by inserting a nonaccept trapping state qtrapequipped with a self-loop for each symbol of Σ.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 36 / 48
7 Automata-Based LTL Model Checking
Definition 17 (Product of Transition System and NBA)Let TS = (S,Act,→, I,AP, L) be a transition system without terminalstates and A = (Q, 2AP , δ,Q0,F ) a nonblocking NBA. Then, TS ⊗A isthe following transition system:
TS ⊗A = (S × Q,Act,→′, I ′,AP ′, L′)
where →′ is the smallest relation defined by the rule
s α−−→ t ∧ p L(t)−−→ q〈s, p〉 α−−→′ 〈t, q〉
andI ′ = {〈s0, q〉 | so ∈ I ∧ ∃q0 ∈ Q0. q0
L(s0)−−−→ q},AP ′ = Q and L′ : S × Q → 2Q is given by L′(〈s, q〉) = {q}.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 37 / 48
7.1 From LTL to NBA
Construction of an NBA Aϕ satisfying Lω(Aϕ) = Words(ϕ) for the LTLformula ϕ
LTL formula ϕ↓
Generalized Nondeterministic Buchi automaton Gϕ↓
Nondeterministic Buchi Automaton Aϕ
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 38 / 48
7.1 From LTL to NBA
Definition 18 (Generalized NBA (GNBA))A generalized NBA is a tuple G = (Q,Σ, δ,Q0,F) where Q,Σ, δ,Q0 aredefined as for an NBA, and F is a (possibly empty) subset of 2Q.
The elements F ∈ F are called acceptance sets. The infinite runq0q1q2... ∈ Qω is called accepting if
∀F ∈ F . (∞∃ j ∈ N. qj ∈ F ) .
The accepted language of G is:
Lω(G) = {σ ∈ Σω | there exists an accepting run for σ in G}
Review: infinite words can be defined as functions σ : N→ Σ and thenotation σ = A1A2A3... means that σ(i) = Ai for all i ∈ N.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 39 / 48
7.1 From LTL to NBA
Let infinite word σ = A0A1A2... ∈Words(ϕ), an infinite words−σ= B0B1B2... satisfies
ψ ∈ Bi iff Ai Ai+1Ai+2... |= ψ (ψ ∈ closure(ϕ))
Example 19If ϕ = aU(¬a ∧ b), σ = {a}{a, b}{b}... then
closure(ϕ) = {a, b,¬a,¬b,¬a ∧ b,¬(¬a ∧ b), ϕ,¬ϕ}B0 = {a,¬b,¬(¬a ∧ b), ϕ}B1 = {a, b,¬(¬a ∧ b), ϕ}B2 = {¬a, b,¬a ∧ b, ϕ}...
The GNBA Gϕ is constructed such that the sets Bi constitute its statesHuixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 40 / 48
7.1 From LTL to NBA
Definition 20 (Closure of ϕ)The closure of LTL formula ϕ is the set closure(ϕ) consisting of allsubformulae ψ of ϕ and their negation ¬ψ (where ψ and ¬¬ψ areidentified).
Definition 21 (Elementary Sets of Formulae)B ⊆ closure(ϕ) is elementary if it is consistent with respect topropositional logic, maximal, and locally consistent with respect to theuntil operator.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 41 / 48
7.1 From LTL to NBA
Properties of elementary sets of formulae1 B is consistent with respect to propositional logic, for allϕ1 ∧ ϕ2, ψ ∈ closure(ϕ):
ϕ1 ∧ ϕ2 ∈ B ⇔ ϕ1 ∈ B and ϕ2 ∈ Bψ ∈ B ⇒ ¬ψ 6∈ Btrue ∈ closure(ϕ)⇒ true ∈ B.
2 B is locally consistent with respect to the until operator, for allϕ1 Uϕ2 ∈ closure(ϕ):
ϕ2 ∈ B ⇒ ϕ1 Uϕ2 ∈ Bϕ1 Uϕ2 ∈ B and ϕ2 6∈ B ⇒ ϕ1 ∈ B.
3 B is maximal, for all ψ ∈ closure(ϕ):ψ 6∈ B ⇒ ¬ψ ∈ B.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 42 / 48
7.1 From LTL to NBA
Theorem 22 (GNBA for LTL Formula)For any LTL formula ϕ (over AP) there exists a GNBA Gϕ over thealphabet 2AP such that
1 Words(ϕ) = Lω(Gϕ).2 Gϕ can be constructed in time and space 2O(|ϕ|).3 The number of accepting sets of Gϕ is bounded above by O(|ϕ|).
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 43 / 48
7.1 From LTL to NBA
Let ϕ be an LTL formula over AP. Let Gϕ = (Q, 2AP , δ,Q0,F) :Q : set of all elementary sets of formulae B ⊆ closure(ϕ),Q0 = {B ∈ Q | ϕ ∈ B},F = {Fϕ1 Uϕ2 | ϕ1 Uϕ2 ∈ closure(ϕ)}, whereFϕ1 Uϕ2 = {B ∈ Q | ϕ1 Uϕ2 6∈ B or ϕ2 ∈ B}.
The transition relation δ : Q × 2AP → 2Q is given by:If A 6= B ∩ AP, then δ(B,A) = ∅If A = B ∩ AP, then δ(B,A) is the set of all elementary sets offormulae B′ satisfying
1 for every #ψ ∈ closure(ϕ): #ψ ∈ B ⇔ ψ ∈ B′, and2 for every ϕ1 Uϕ2 ∈ closure(ϕ):ϕ1 Uϕ2 ∈ B ⇔ (ϕ2 ∈ B ∨ (ϕ1 ∈ B ∧ ϕ1 Uϕ2 ∈ B′)).
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 44 / 48
7.1 From LTL to NBA
Theorem 23From each GNBA G there exists an NBA A with Lω(G) = Lω(A).
Proof. Let G = (Q,Σ, δ,Q0,F), with F = {F1, ...,Fk} and1 If k = 1 then G is an NBA2 If k ≥ 2 then NBA A results from k copies of G :A = (Q′,Σ, δ′,Q′0,F ′) where:
Q′ = Q × {1, ..., k},Q′
0 = Q0 × {1} = {〈q0, 1〉 | q0 ∈ Q0}, andF ′ = F1 × {1} = {〈qF , 1〉 | qF ∈ F1}.
The transition function δ′ :
δ′(〈q, i〉,A) =
{〈q′, i〉 | q′ ∈ δ(q,A)} if q 6∈ Fi
{〈q′, i + 1〉 | q′ ∈ δ(q,A)} otherwise (i = k back)
size(A) = O(Size(G) · |F|)Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 45 / 48
7.2 Complexity of LTL to NBA
For each LTL formula ϕ, there is an NBA A s.t. Lω(A) = Words(ϕ) andsize(A) ≤ 2cl(ϕ) · |ϕ| = 2O|ϕ|
1 From LTL formula ϕ to GNBA G of size 2cl(ϕ)
2 From GNBA G to NBA A of size size(G) · |F|3 |F|: number of acceptance sets in G , |F| ≤ |ϕ|
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 46 / 48
7.3 Complexity of LTL Model Checking
Theorem 24The LTL model-checking problem is PSPACE-complete (PSPACE andPSPACE-hard).
1 PTIME (or briefly P) denotes the class of all decision problems thatcan be solved by a deterministic polytime algorithm
2 NP denotes the class of all decision problems that can be solved by anondeterministic polytime algorithm.
3 PSPACE denotes the class of all decision problems that can besolved by a deterministic polyspace algorithm.
4 Decision problem P is PSPACE-hard if all problems in PSPACE arepolynomially reducible to P.
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 47 / 48
Summary
1 LTL is a logic for formalizing path-based properties2 LTL formulae can be transformed algorithmically into
nondeterministic Buchi automata (NBA). This transformation cancause an exponential blowup.
3 The LTL model-checking problem can be solved by a nesteddepth-first search in the product of the given transition system and anNBA for the negated formula.
4 The time complexity of the automata-based model-checkingalgorithm for LTL is linear in the size of the transition system andexponential in the length of the formula
Huixing Fang (SIE, Yangzhou University) 3. Linear Temporal Logic 48 / 48