Software Verification 2 Automated Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik

Recap: LTL and CTL Kripke models = LTS Expressively equivalent to FOL (<) on linear orders Arguably more intuitive to use Kripke models = LTS branching time – possibility properties linear time – fairness properties CTL* subsumes both CTL and LTL 24.5.2012

Safety and Liveness 24.5.2012

Some Theorems Every LTL formula can be written in one of these forms (where p is a pure past formula) Every LTL safety property is expressible as G*φ (where φ is pure past) Every LTL formula can be written as reactivity ⋀(G*F*φ  F*G*ψ) All the inclusions are strict All the non-inclusions are provable (dualities) e.g. F*G*p cannot be expressed as G*F*φ Conjunction and disjunction of a recurrence is a recurrence G*F*p  G*F*q = G*F*(p  -p U-q) G*F*p  G*F*q = G*F*(p  q) Obligations can be expressed as recurrences and persistences G*p = G*F*H*p, F*p = G*F*P*p , where H*p = ¬P*¬p 12.4.2012

Safety and Liveness Properties Proof of decomposition theorem: φs={w0w1... | for every i, w0w1... wi is a prefix of φ} φl= φ{w0w1... | for some i, w0w1... wi is not a prefix of φ} show: φs is safety, φl is liveness, φ = φs  φl 24.5.2012

Examples (p U+ q) = ((p W+ q)  F+ q) G*(p  F*q) = (G*p  G*F*q) G*p  G*q = G*(H*p  H*q) (gilt nur initial, im Anfangspunkt!) Total program correctness = invariance  termination other direction does not hold 24.5.2012