Dr. Vered Gafni 1 LTL Decidability Enables consistency check, but also base for verification
Dr. Vered Gafni 2 Decidability A set is decidable if there is an effective procedure to decide whether an arbitrary element is a member of the set, or not. Effective Decision Procedure Termination. Soundness: if member returns yes. Completeness: if returns yes then it is member. In logic, decidability refers to the set of valid/satisfiable formulae of a given logic. f is satisfiable if I f for some interpratation I f is valid if I f for all I ( f). Recall, in logic Satisfiability Validity since f is valid iff f is not satisfiable.
Dr. Vered Gafni 3 Unsatisfiable Specification i. During takeoff the system shall maintain the engine at 9000 RPM. ii. Whenever the engine temperature exceeds 800° C the system shall limit the engine to 5000 RPM. The environment can produce input that makes it impossible to satisfy both requirements.
Dr. Vered Gafni 4 Example: Propositional Calculus Syntax (wff) · atoms: p, q, r,… and constant : tt, ff. · P, P Q, P Q, P Q, P Q Semantics: an interpretation I: {p 1,…,p k } {true, false}. · I tt, ff · I p iff I(p)=true · I P iff I P · I P Q iff I P or I Q Model equivalencies: P Q ( P Q), P Q P Q Decidability: Check all possible interpretations (2 n ).
Dr. Vered Gafni 5 Tableau Method: Satisfiability check for Prop. Calculus type A1A1 A2A2 pqpq pq p p- (p q) pp qq (p q) p qq type B1B1 B2B2 pqpq p q,pq,p pqpq pp p,q pqpq p, q (p q) ppp, q (p q)p, q p,q Satisfied iff A 1 and A 2 are satisfied, both. Satisfied iff just B1 or B2 is satisfied
Dr. Vered Gafni 6 Tableau Algorithm for a formula f Construct a tree s.t. each node is labeled by a set F sub(f) sub ( f) : 1. Start with the root node that contains f. 2. Repeat until nodes are closed or do not contain unchecked components that can be further decomposed (open node). - For every node that contains an unchecked -type g construct a single subnode: F-{g} {g', A 1 (g), A 2 (g)} - For every node that contains an unchecked -type g construct two sub-nodes: F-{g} {g', B 1 (g)}, F-{g} {g', B 2 (g)} - If any of the constructed nodes contains wffs g and g, mark it closed, and do not continue expanding this node. f is satisfiable iff there is an open leaf in the tree
Dr. Vered Gafni 7 Examples (A B) C ((A B) C)’, (A B)’, A, B ((A B) C)’, (A B)((A B) C)’, C A (B A) (A (B A))’, A, (B A) (A (B A))’, A, ((B A))’, A (A (B A))’, A, (B A)’,B
Dr. Vered Gafni 8 Decision Procedure for LTL Satisfiability Recall, given LTL formula , Satisfiability: . ? Validity: . ? Satisfiability Validity . . ( ) . ( ) Outline of satisfiability algorithm Construct directed -graph A , X Search A , X to find out whether it is -fulfilling We prove that is satisfiable iff A , X is -fulfilling
Dr. Vered Gafni 9 A ,X Construction Construct CL( ): sub- formulae closure of . Define A nodes as the consistent sub-sets of CL( ). Use ‘next’ relation to define the transitions X over A .
Dr. Vered Gafni 10 Examples of closures: p p p p p p p p p p p p p p p p p p p p Closure of a Temporal Formula CL( ) = { , ¬ | sub( ) } CL( )| 2 | | Assume any ¬¬ is replaced by (by ¬¬ equivalence rule)
Dr. Vered Gafni 11 (p q) (p q) (p q) p qq Example: CL( (p q)) (p q) pp qq q q
Dr. Vered Gafni 12 Atom A set D CL( ) such that: 1. CL( ) D iff D 2. 1 2 CL( ) 1 2 D iff 1 D or 2 D 3. 1 U 2 CL( ) – 1 U 2 D 1 D or 2 D – 2 D 1 U 2 D Completing for temporal derivatives yields: 4. CL( ) if D then D 5. = hence CL( ) if D then D 6. CL( ) if D then D 7. = hence CL( ) if D then D hence, |D|=n, |A| 2 n where |CL( )|=2n a maximal consistent set (w.r.t. satisfiability) of sub-formulae
Dr. Vered Gafni 13 Cl(p)={p, p}: p pp O(p), p Op, p O( p), pO( p), p Cl(Op)={Op, p, O( p), p}: Atom Examples (I) CL( p)={ p, p, p, p }: p, p p, p p, p CL( p)= { p, p, p, p}: p, p p, p p, p
Dr. Vered Gafni 14 p, p, p p, p, p p, p, p p, p, p p, p, p CL( p)={ p, p, p, p, p, p } Atoms Examples (II) Cl(p q}={ p q, p, q, q, (p q), p, q, q} p q, p, q, q p q, p, q, q p q, p, q, q p q, p, q, q p q, p, q, q p q, p, q, q
Dr. Vered Gafni 15 LTL Graph of -graph is a directed A , X where A is the set of Atoms of X is a “next” relation defined as follows: (D 1,D 2 ) X O CL( ), O D 1 iff D 2 1 U 2 CL( ), if 1 U 2, 2 D 1 then 1 U 2 D 2 if 1 U 2 D 2, 1 D 1 then 1 U 2 D 1 OO 1 U 2, 2 1U21U2 1 U 2, 1 1U21U2
Dr. Vered Gafni 16 LTL Graph of (D 1,D 2 ) X 1 U 2 CL( ), if 1 U 2, 2 D 1 then 1 U 2 D 2 if 1 U 2 D 2, 1 D 1 then 1 U 2 D 1 CL( ): if , D 1 then D 2 if D 2 then D 1 CL( ): if , D 1 then D 2 if D 2 then D 1 CL( ): if D 1 then D 2 CL( ): if D 1 then D 2 Derived constraints
Dr. Vered Gafni 17 Cl(p)={p, p} p pp O(p), p Op, p, O( p), p O( p), p Cl(Op)={Op, p, O( p), p} Graph Examples (I)
Dr. Vered Gafni 18 CL( p)={ p, p, p, p } p, p p, p p, p CL( p)= { p, p, p, p} p, p p, p p, p Graph Examples (II) p2p2 p1p1 p1p1 p2p2 p2p2 p2p2 CL( ), , D 1 D 2 D 2 D 1 CL( ), D 1 D 2 , D 1 D 2
Dr. Vered Gafni 19 p, p, p p, p, p p, p, p p, p, p p, p, p CL( p)={ p, p, p, p, p, p } Graph Example p CL( ), , D 1 D 2 D 2 D 1 CL( ), D 1 D 2 CL( ): if D 1 D 2
Dr. Vered Gafni 20 Graph Example: p p, p, p p, p, p p, p, p p, p, p p, p, p CL( p)={ p, p, p, p, p, p } CL( ), , D 1 D 2 D 2 D 1 CL( ), , D 1 D 2 D 2 D 1
Dr. Vered Gafni 21 Fulfilling Path An infinite path D 0, D 1, … in A , X is -fulfilling path iff D 0 i 0, if U D i then j i s. t. D j Claim 1: U ( O( U )) -- exercise Claim 2: Let D 0, D 1, … be a -fulfilling path in A , X then U D i iff k i s. t. D k and D j, j=i..k-1
Dr. Vered Gafni 22 Theorem 1: A formula is satisfiable iff there is a -fulfilling path in A , X Proof (principle): Let be a model of , define a sequence D 0,D 1,… s.t. D i ={ CL( ) | i |= }. Show that: (i)D i are atoms, and (D i,D i+1 ) X (ii)the sequence forms a -fulfilling path in A , X Conversely, given D 0,D 1,…, a -fulfilling path in A , X , define a trace 0, 1,… s.t. p i iff p D i. Show that |= (induction on the structure of ). Satisfiability in A , X
Dr. Vered Gafni 23 Proof : Let be a model of . Define a sequence D 0,D 1,… s.t. D i ={ CL( ) | i |= }. We show that: D i are atoms: 1) i |= iff i | ¬ (sem.), 2) i |= iff i |= or i |= (sem.). 3.1) U D i def i |= U +(2) i |= O( U ) or i |= sem i |= or i |= def D i or D i 3.2) D i def i |= sem i |= U def U D i Atom definition: - if U D then D or D, - If D then U D Part A: satisfiable there is a -fulfilling path in A , X U ( O( U ))
Dr. Vered Gafni 24 (D i,D i+1 ) X : O D i def i |=O( ) sem i+1 |= def D i+1. U , D i def i |= U +log i |= O( U ) or i |= sem i |= O( U ) sem i |=O( U ) sem i+1 |= U def U D i+1. U D i+1, D i def i+1 |= U and i |= sem i |=O( U ) and i |= sem i |= O( U ) sem i |= ( O( U )) sem i |= U def U D i. Fulfillness: - U D i def i |= U sem j i s.t. j |= def D j. - by definition if be a model of then 0 |= hence D 0 O D 1 iff D 2 U , D 1 U D 2 ; U D 2, D 1 U D 1. U ( O( U )) Proof part A : (cont.)
Dr. Vered Gafni 25 Proof : Let D 0,D 1,… be -fulfilling path in A ,X . Define a trace where i ={ p D i | p proposition }. Show by Ind. on the structure of that CL( ), D i i |= . - p D i def. p i sem. i |=p. - D i atom D i ind. i | sem. i |= . - D i atom D i or D i ind. i |= , or i |= sem. i |= - O D i X D i+1 ind. i+1 |= sem. i |=O - U D i k i s. t. D k and D j, j=i..k-1 { fulfilling+claim 2 } k i s. t. k |= & i j k, j |= { induction } i |= U {semantics} Finally, |= since D 0 therefore is satisfiable. Part B: There is a -fulfilling path in A , X is satisfiable
Dr. Vered Gafni 26 Decision Algorithm Following Theorem 1, we propose the following algorithm: 1.Given LTL formula, , construct the graph A ,X , where: - A is the set of atoms of , - X is the next relation 2.Find whether or not, A , X spans a -fulfilling path.
Dr. Vered Gafni 27 Strongly Connected Graph From Graph Theory: Every graph is decomposable into maximal s.c. components (s.c.c) s.t. the connection between the components is acyclic. A graph is strongly connected (s.c.) if from every node there is a path to every other node.
Dr. Vered Gafni 28 Identifying -fulfilling path in G[ ] = A ,X Theorem 2 : G[ ] spans a -fulfilling path iff G[ ] contains a sub-graph that is: self-fulfilling reachable from an atom that contains . A sub-graph C G[ ] is self-fulfilling if it is s.c. and for every formula U that belongs to an atom D C there is an atom E C such that E. p, q pp q p, p
Dr. Vered Gafni 29 Let =A 0,A 1,… be an -path in G[ ] s.t. A 0. Define inf( ) = { the set of Atoms that appear i.m. times in } Claim : If inf( ) is self-fulfilling then is -fulfilling path. inf( ) vs. -fulfilling path
Dr. Vered Gafni 30 Let =A 0,A 1,… be an -path in G[ ] s.t. A 0. Define inf( ) = { the set of Atoms that appear i.m. times in } Claim : If inf( ) is self-fulfilling then is -fulfilling path. Proof : Let A m s.t. U A m. Then, 1.A m inf( ) s.f. B inf( ) s.t. B inf j m. B=A j 2.A m inf( ). k>m s.t. n k A n inf( ). –If m i k s.t. A i we are finished. –o.w. m i k, U , A i (X relation). So, U A k and then by (1). Proof: inf( ) vs. -fulfilling path
Dr. Vered Gafni 31 Part 1 : If C G[ ] is self-fulfilling and reachable from atom I s.t. I then G[ ] spans a -fulfilling path. Theorem 2:
Dr. Vered Gafni 32 Part 1 : If C G[ ] is self-fulfilling and reachable from atom I s.t. I then G[ ] spans a -fulfilling path. Proof : C G[ ] is reachable from I hence there exists in G[ ] a finite path D 0,…,D k s.t. k≥0, D 0 =I (hence D 0 ), and D k C (1 st ). Let U= D 0,…,D k-1 if k≥1, o.w. the empty sequence. C is s.c. (def, of s.f.) hence there exists in C a path W=A 1,A 2,…,A n s.t. A 1 =A n =D k, (A i, A i+1 ) X , and W traverses all the Atoms in C. Let =(U,W ), then (by construction): inf( )={A | A appears in W} = {A | A C } Hence, inf( ) is self-fulfilling (as C is given to be self-fulfilling). Therefore, by previous claim is a -fulfilling path. Theorem 2: Proof
Dr. Vered Gafni 33 Part B : if G[ ] spans a -fulfilling path =D 0,D 1,… then G[ ] contains a sub-graph C that is self-fulfilling and reachable from D 0 (an Atom that contains ). Proof : Define C=inf( ). 1. Let m be the minimal index s.t. for every n m D n inf( ). Hence, inf( ) is reachable from D 0 (an Atom that contains ) by D 0 …D m. 2, inf( ) is self-fulfilling (proof follows). Theorem 2: Proof
Dr. Vered Gafni 34 Proof : inf( ) is s.c.: –A,B inf( ) ∞ j i. D j i =A, and ∞ k i. D k i =B. –Let m be minimal s.t. n m D n inf( ). Thus, j l m k h s.t. m j l k h. Namely: D j l D k h is a path in inf( ) s.t. D j l =A, D k h =B. Let A inf( ) s.t. U A, consider the first index of A in s.t. in the sequel all elements are in inf( ) (1) then since is - fulfilling path it has a future atom B s.t. B. But B inf( ) by (1) Claim: If a path is -fulfilling then inf( ) is self-fulfilling.
Dr. Vered Gafni 35 LTL Decidability Theorem : LTL satisfiability (hence validity) is decidable. Proof : is satisfiable iff there is a -fulfilling path in G[ ] (Theorem 1) G[ ] spans a -fulfilling path iff G[ ] contains a sub graph that is self-fulfilling and reachable from an atom that contains . (Theorem 2). Self-fulfillness in G[ ] is decidable –Decomposition into s.c.c. (Graph Theory) –Temporal commitment of U (finite check) –Reachability in G[ ] is decidable (trivial).
Dr. Vered Gafni 36 Decision Procedure Algorithm 1.Decompose A ,X into maximal* s.c. components. Call a maximal s.c.c. C A ,X useless if: C is not reachable from an Atom that contains (could be C itself), or C is not self fulfilling 2.Check every terminal component. If it is useless remove it. 3.If all components have been removed then there is no model. 4.Otherwise, a terminal s.c.c C that is not useless has been reached, then every path that starts in an atom that contains , and enters C and travels infinitly often through every state C, defines a model. * Claim : Let C C’ s.c. components. If C is self-fulfilling so is C’. A ,X may consist of a number of disconnected subgraphs
Dr. Vered Gafni 37 p, p p, p p, p p, p p, p p, p Satisfiability Graphs Examples (I) pp pp useless
Dr. Vered Gafni 38 p, p, p p, p, p p, p, p p, p, p p, p, p Graph Example p useless – no access from initial node useless – not self-fulfilling
Dr. Vered Gafni 39 Graph Example: p p, p, p p, p, p p, p, p p, p, p p, p, p useless
Dr. Vered Gafni 40 Graph Example: (p q) (p q) (p q) p, q, q (p q) (p q) p, q, q (p q) (p q) p, q, q (p q) (p q) p, q, q (p q) (p q) p, q, q (p q) (p q) q, p, q (p q) (p q) q, p, q (p q) (p q) p, q, q
Dr. Vered Gafni 41 Graph Example: pUq q pUq q, q, pUq, p, q pUq q, (pUq q) pUq, (pUq), q, q, p, p, q, q (pUq q) (pUq) q, p, q (pUq q) (pUq) q, p, q (pUq q) (pUq) q, p, q (pUq q) (pUq) q, p, q (pUq q) (pUq) q, p, q useless
Dr. Vered Gafni 42 Algorithm Complexity Time bound: 2 O(| |). –|A |≤2 | |, hence |G[ ]|≤2 2| |. –Decomposition of G[ ] into s.c.c. : O|G[ ]|. –All required checking: time linear in |A | | |. PSPACE-complete
Dr. Vered Gafni 43 On the Fly Graph Construction Reminder: LTL Formula Each node is a set of consistent sub- formulae of contains Search for fulfilling path
Dr. Vered Gafni 44 On the Fly Graph Construction Idea: save node development by: Avoid development of sub-graphs that are not reachable from a root Atom. Let nodes represent equivalence classes of Atoms.
Dr. Vered Gafni 45 On the Fly Graph Construction Examples of possible sub-graphs elimination. p, p, p p, p, p p, p, p p, p, p p, p, p p, p p, p p, p pp pp
Dr. Vered Gafni 46 On the Fly Graph Construction Examples of Atoms’ equivalence classes. Op O(p), p Op, p, O( p), p O( p), p Opptt,O(tt) All atoms that contain the specified formulae
Dr. Vered Gafni 47 On the Fly Construction Idea Start with constructing Atoms that contain the original formula. For each Atom construct only Atoms that fulfill the next conditions for this Atom, and connect them. While construction identify Atoms that completely agree on their successors.
Dr. Vered Gafni 48 On the Fly Graph Construction Algorithm Step 1: Raw graph construction 1. Start with a root node that consists of: . 2. Use , rules as long as possible. 3. Close nodes that contain formulae of the form: p, p. 4. Close all nodes which all of their off-springs are closed. 5. For every open leaf that contains “next” conditions: (and may be other formulae) define a sub-node that consists of the promised formulae. If such node already exists in the graph connect the worked out node to that node, otherwise construct a new node. 6. Return to 2.
Dr. Vered Gafni 49 Extended -type classification type A1 pqpq p, q p p (p q) p, q (p q)p, q ppp p pp
Dr. Vered Gafni 50 Extended type classification type B1B2 pqpq p p, q pqpq pp p,q pqpq p, q (p q) ppp, q (p q)p, q p,q pUqq p, q (pUq) q, p q, p pp p pp pp pp p
Dr. Vered Gafni 51 Use , rules as long as possible …, of -type,…. …, , 1, 2,…. …, of -type,…. …, , 1,,….…, , 2,…. Close if contains , and
Dr. Vered Gafni 52 p Op p (p Op p) p, Op, p (p Op p) p, Op, p, p (p Op p) p, Op, p, p Examples pp p, p pp p, p p, p, p p, p, p
Dr. Vered Gafni 53 “Next” Construction currentNext Opp pUq, q pUq (pUq), p (pUq) p, p pp pp pp p
Dr. Vered Gafni 54 On the fly Graph Construction …, of -type,…. …, , 1, 2,…. …, of -type,…. …, , 1,,….…, , 2,…. …, 1, 2 … n,…. Next(…, 1, 2 … n,…) Close if contains , and
Dr. Vered Gafni 55 p Op p (p Op p) p, Op, p (p Op p) p, Op, p, p (p Op p) p, Op, p, p, pp, p, p p, p p p, p p,p Example
Dr. Vered Gafni 56 pp p, p Examples (p q) (p q), p q (p q), p q, p (p q), p q, q, p
Dr. Vered Gafni 57 Op O pOp O p, Op, O p p, p (Op O p) q (Op O p) q, Op, O p, q p, p (Op O p) q, q, p
Dr. Vered Gafni 58 p p p p, p, p p p, p, p, p p p, p, p, p, p p p, p, p, p p, p p, p, p p, p, p, p p, p, p
Dr. Vered Gafni 59 pp p, p p, p, p p, p, p
Dr. Vered Gafni 60 Example (pUq q): decomposition , pUq, q, q , pUq, q, q, p , pUq, q, q, q pUq, q, q pUq, q, q, p pUq, q, q, q
Dr. Vered Gafni 61 Step 2: States Graph Construction Let: - Boolean node - one that is generated by or rules. - Pre-state node - one that is developed by the O-rule. - Terminal node - one that is fully developed. Reduction of a tableau to a states graph: define every pre-state and terminal nodes as states. connect state A to state B iff there is a path of Boolean nodes leading from A to B. connect every terminal-state to a new node {tt, Ott } thus connected to itself.
Dr. Vered Gafni 62 OpOp p prestate Compare with: OpOp p tt O(p), p Op, p, O( p), p O( p), p
Dr. Vered Gafni 63 pp p, p prestate p, p p, p p, p Compare with:
Dr. Vered Gafni 64 p Op p (p Op p) p, Op, p (p Op p) p, Op, p, p (p Op p) p, Op, p p, pp, p, pp, p p p,, p (p Op p), p, Op, p p, p p, p Example
Dr. Vered Gafni 65 p p p p, p, p p p, p, p, p p p, p, p, p, p p p, p, p, p p, p p, p, p p, p, p, p p, p, p p p, p, p, p p, p, p
Dr. Vered Gafni 66 Example (pUq q): States graph , pUq, q, q, p pUq, q, q, p