1 Translating from LTL to automata

2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure) satisfies this property. The check (“model-checking”) will be based on automata operations – hence we need to translate the property to automata.

3 From formulas to Buchi automta Gp Fpp U q GFp p p T T q p T p T Now try yourself: FGp, a U (b U c), X(p U (q Æ r))

4 A translation algorithm So now we need to show an algorithmic translation from LTL to Buchi It will work in two stages: Translate to Generalized Buchi Degeneralization.

5 Preprocessing Convert into normal form, where negation only applies to propositional variables. ¬G  becomes F¬ . ¬F  becomes G¬ . ¬(  U  ) becomes (¬  ) R (¬  ), ¬(  R  ) becomes (¬  ) U (¬  ).

6 Convert to Negation Normal Form Push negations over propositional conenctives, and eliminate operators other than Æ, Ç Eliminate G Replace G  by (False R  ). (in general we can stay with U, R, X) Preprocessing

7 Example Translate (GF P ) ! ( GF Q ) Eliminate implication ¬ ( GF P ) Ç ( GF Q ) Eliminate G, F : ¬ ( False R ( True U P ) ) Ç ( False R ( True U Q ) ) Push negation inwards: (True U (False R ¬ P ) ) Ç ( False R ( True U Q ) )

8 And now... We need to build an automaton that accepts exactly those words that satisfy .

9 Content The construction continues as follows: 1. Build the Local Automaton This automaton guarantees that the word satisfies all conditions imposed by the formula 2. Build the Eventuality Automaton Eventualities : formulas of the form F φ and φ 1 U φ 2 The problem is that nothing prevents us from postponing forever the time at which (eventuality) formula will be true 3. Compose them

10 The Local Automaton Closure of  all the subformulas of  and their negations. Formally: cl(  ) is the smallest set of formulas satisfying the following conditions φ ∈ cl( φ ) φ 1 ∈ cl( φ ) ⇒ ¬ φ 1 ∈ cl( φ ) φ 1 ∧ φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) φ 1 ∨ φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) X φ 1 ∈ cl( φ ) ⇒ φ 1 ∈ cl( φ ) F φ 1 ∈ cl( φ ) ⇒ φ 1 ∈ cl( φ ) φ 1 U φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ ) φ 1 R φ 2 ∈ cl( φ ) ⇒ φ 1, φ 2 ∈ cl( φ )

11 The Local Automaton / Alphabet, states The local automaton is L = (∑, S L, ρ L, I L, F L ) The alphabet ∑ ∑ µ 2 cl(φ) ∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s  ¬f ∉ s The states S L All propositionally consistent subsets s of cl(φ): φ1 ∈ s  ¬φ1 ∉ s

12 The Local Automaton / Transition relation The edges: ρ L (s, a) must check the next state is compatible with the semantics of the temporal operators. Let t ∈ ρ L (s, a). Then: X φ 1 ∈ s  φ 1 ∈ t F φ 1 ∈ s  φ 1 ∈ s or F φ 1 ∈ t φ 1 U φ 2 ∈ s  ( φ 2 ∈ s) or ( φ 1 ∈ s and φ 1 U φ 2 ∈ t) φ 1 R φ 2 ∈ s  ( φ 1 ⋀ φ 2 ∈ s) or ( φ 2 ∈ s and φ 1 R φ 2 ∈ t) The labeling on the edges: For a state s  ;, s is the label on all the outgoing edges from s.

13 The initial states I L... is the set of states that include the formula The accepting states F L... is the set of all states The Local Automaton / Initial + final states

14 Example: Local Automaton for Fp Closure of F p cl( F p) = { F p, p, ¬F p, ¬ p} S L = {{ F p, p}, { ¬F p, p}, { F p, ¬ p}, { ¬F p, ¬ p}}

15 Local Automaton for F p { ¬ Fp, p} {Fp, ¬ p} { ¬ Fp, ¬ p} Recall the defnition: (Fp ∈ s)  (p ∈ s or Fp ∈ t)(t is the target state) Top-right: Since p  s then t can only be such that Fp 2 t. Top left: Since p 2 s then all states can be t. {Fp, p} Bottom left: contradictory, hence no point in this state (can be removed) Bottom right: since the condition above is iff relation, then we need that ( : p 2 s) and ( : Fp 2 t).

16 Local Automaton for F p (labels) { ¬ Fp, p} {Fp, ¬ p} { ¬ Fp, ¬ p} {Fp, p} { ¬ Fp, ¬ p} {Fp, ¬ p} {Fp, p} Recall: the edge labels are equivalent to the source state names.

17 Eventuality automaton is supposed to check that the eventualities are realized Check formulas of the form φ 1 U φ 2 F φ // special case of U The Eventuality Automaton

18 The Eventuality Automaton/ Alphabet, states Ev = ( ∑, 2 ev( φ ), ρ F, {{}}, F ) The alphabet ∑ µ 2 cl( φ ) ∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s  ¬f ∉ s The states 2 ev( φ ) The set of subsets of the eventualities of the formula φ A state {e 1, …, e k } means that the eventualities e 1, …, e k still have to be realized

19 The Eventuality Automaton/ Transition relation, initial state The transition ρ F Let t ∈ ρ F (s,a) For F φ : F φ ∈ t  φ ∉ a For φ 1 U φ 2 : φ 1 U φ 2 ∈ t  φ 2 ∉ a The initial state : {}

20 The Eventuality Automaton/ accepting states The acceptance condition F is complicated...  When can we accept a state s? if s has an eventuality, it satisfies it. Examples: s is accepting: s = {pUq, : p, q} s = { : pUq, : p, : q} s is not accepting: s = {pUq, p, : q} s = {pUq, : p, : q}

21 The Eventuality Automaton/ accepting states The acceptance condition, formaly: Let e i be an eventuality condition  i ’ U  i Suppose we have the eventuality conditions e 1,...,e m. Then F is a generalized Buchi condition: F = { Á 1,..., Á m } where Á i = {s 2 S | e i 2 s !  i 2 s} In our example: We have two states: {} and {Fp} Thus, F contains the single state {}

22 Example Eventuality automaton {Fp} {} { Fp, p} { ¬Fp, p} { ¬Fp, ¬ p} { Fp, ¬ p} { Fp, p}{ ¬Fp, p} { ¬Fp, ¬ p} { Fp, ¬ p} We can begin with all edges and all labels and then remove those that are incompatible with the condition we saw in the previous slide: The condition is: Fp ∈ t  p ∉ a Q: When is this automaton satisfied? A: When all eventualities are satisfied.

23 M = ( ∑, S M, ρ M,N M0, F M ) ∑ µ 2 cl(  ) S M = S L x 2 ev( φ ) (Cartesian Product) (p, q) ∈ ρ M ((s, t), a)  p ∈ ρ L (s, a) and q ∈ ρ F (t, a) N M0 = N φ x {} F M = N L x {} Composing the two automata

24 Example Composing the two automata ({Fp, p}, Fp) ({Fp, ¬ p}, Fp) ({ ¬ Fp, ¬ p}, Fp) ({Fp, p}, {}) ({Fp, ¬ p}, {}) ({ ¬ Fp, ¬ p}, {}) The propositions are the ‘real’ labels. p p :p:p :p:p :p:p

25 Example Composing the two automata ({Fp, p}, Fp) ({Fp, ¬ p}, Fp) ({Fp, p}, {}) ({ ¬ Fp, ¬ p}, {}) p :p:p :p:p :p:p Equivalently: labels move to outgoing edges. p p :p:p p :p:p p p ({Fp, ¬ p}, {})

26 Optimizations... There are optimizations that make the automaton much smaller: p :p:p :p:p :p:p p p If we define the alphabet ∑ as formulas over AP we can do better: p :p:p true p Ç : p

27 Conclusion The number of States Local Automaton : 2 cl( φ ) = O(2 2| φ | ) Eventuality Automaton : 2 ev( φ ) = O(2 | φ | ) Composed Automata : 2 cl( φ ) X 2 ev( φ ) = O(2 3| φ | ) | φ | is length of formula φ