15-820A 1 LTL to Büchi Automata Flavio Lerda

15-820A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f ≠ AFG p Contains a single universal quantifier –The path formula f holds for every path Commonly: – A is omitted –G is replaced by  (box or always) –F is replaced by  (diamond or eventually)

15-820A 3 LTL to Büchi Automata Examples of LTL formulas Always eventually p: –   p –AGF p or AG AF p Always after p eventually q –  ( p  q) –AG (p -> F q) or AG (p -> AF q) Fairness –(   p )   –A ((GF p)   ) Not a CTL formula

15-820A 4 LTL to Büchi Automata LTL Semantics Derived from the CTL* semantics Given an infinite execution trace  =s 0 s 1 …  ╞ p  p(s 0 )  ╞ ¬   ¬(  ╞  )  ╞  1   2   ╞  1   ╞  2  ╞  1   2   ╞  1   ╞  2  ╞   i  0  i ╞   ╞   i  0  i ╞   ╞  1 U  2  i  0  i ╞  2   0  j  < i  j ╞  1  i is the suffix of  starting at s i

15-820A 5 LTL to Büchi Automata Büchi Automata Automaton which accepts infinite traces A Büchi automaton is 4-tuple  S, I, , F  –S is a finite set of states –I  S is a set of initial states –   S  S is a transition relation –F  S is a set of accepting states An infinite sequence of states is accepted iff it contains accepting states infinitely often

15-820A 6 LTL to Büchi Automata Example S0S0 S1S1 S2S2  1 =S 0 S 1 S 2 S 2 S 2 S 2 …  2 =S 0 S 1 S 2 S 1 S 2 S 1 …  3 =S 0 S 1 S 2 S 1 S 1 S 1 … ACCEPTED REJECTED

15-820A 7 LTL to Büchi Automata LTL and Büchi Automata LTL formula –Represents a set of infinite traces which satisfy such formula Büchi Automaton –Accepts a set of infinite traces We can build an automaton which accepts all and only the infinite traces represented by an LTL formula

15-820A 8 LTL to Büchi Automata Labeled Büchi Automata Given a set of atomic proposition P –Define a labeling function : S  2 P –Each state is assigned a set of propositions that must be true Similar to the labeling for the model M

15-820A 9 LTL to Büchi Automata Generating Büchi Automata We need a procedure to generate a Büchi automaton given an LTL formula –Efficiently Formulas are usually small Büchi automaton exponential in the size of the formula The cost of model checking is proportional to the size of the automaton –Non-deterministic Büchi automata are not equivalent to deterministic Büchi automata Cannot use automata minimization algorithms –Finding the minimal automata is exponential

15-820A 10 LTL to Büchi Automata Approach Formula rewriting –Rewrite the formula in negated normal form –Apply rewriting rules Core translation –Turns an LTL formula into a generalized Büchi automaton Degeneralization –Turns a generalized Büchi automaton into a Büchi automaton

15-820A 11 LTL to Büchi Automata Rewriting Negated normal form –Negation appears only in front of literals –Use the following identities ¬¬  =  ¬G  = F ¬  ¬F  = G ¬  ¬(  U  ) = (¬  ) V (¬  ) ¬(  V  ) = (¬  ) U (¬  ) V (sometimes R) is the Release operator –Dual of Until

15-820A 12 LTL to Büchi Automata Rewriting Additional rewriting rules –They are not guaranteed to yield smaller automata –The size of the automaton is exponential in the size of the formula Examples –(X  ) U (X  )  X (  U  ) –(X  )  (X  )  X (    ) –GF   GF   GF (    )

15-820A 13 LTL to Büchi Automata Rewriting The core algorithm only handles – , , V, U Use the following: –F   T U  –G   ¬F ¬   ¬(T U ¬  ) = F V 

15-820A 14 LTL to Büchi Automata Core Translation Idea Make use of the following  U    (   X(  U  ))  V    (   X(  V  ))

15-820A 15 LTL to Büchi Automata Example F p (T U p) Old:{} New:{T U p} Next:{} Old:{T U p} New:{T} Next:{T U p} Old:{T U p} New:{p} Next:{} Old:{T U p} New:{} Next:{T U p} Old:{T U p} Next:{T U p} Old:{T U p, p} New:{} Next:{} Old:{T U p, p} Next:{} Tp p Old:{} New:{} Next:{} Old:{} Next:{}

15-820A 16 LTL to Büchi Automata Core Translation Node –Represent a sub-formula –Contain information about the past, the present and the future State –Represents a state in the final automaton –They are the nodes that have fully expanded

15-820A 17 LTL to Büchi Automata Core Translation Expansion –Select a formula from the New field –If it is a literal, add it to the Old field –Otherwise     (New{  },Next{}) and (New{  },Next{})  U   (New{  },New{  U  }) and (New{  },Next{})  V   (New{  },New{  V  }) and (New{ ,  },Next{})  U    (   X(  U  ))  V    (   X(  V  ))

15-820A 18 LTL to Büchi Automata Core Translation Nodes to states –If a node has no New formulas –Create a new node with all the Next formulas –Create an edge between the two nodes –Check if there is any equivalent state With the same Next field With the same Old field

15-820A 19 LTL to Büchi Automata Core Translation Accepting states –Generalized Büchi automaton Multiple accepting sets –One for each Until sub-formula (  U  ) –Such that The Old field doesn’t contain  U  or The Old field does contain 

15-820A 20 LTL to Büchi Automata Degeneralization Turn a generalized Büchi automaton into a Büchi automaton Consider as many copies of the automaton as the number of accepting sets Replace incoming edges from accepting states with edges to the next copy Each cycle must go through every copy Each cycle must contains accepting states from each accepting set

15-820A 21 LTL to Büchi Automata Example T ab T ab T 1 1,2 2 F a  F b

15-820A 22 LTL to Büchi Automata Example T ab T a T T ab T b T

15-820A 23 LTL to Büchi Automata Example T ab T a T T ab T b T

15-820A 24 LTL to Büchi Automata Example T ab T a T T ab T

15-820A 25 LTL to Büchi Automata Example T ab T a T T

15-820A 26 LTL to Büchi Automata Example T ab T a T T

15-820A 27 LTL to Büchi Automata Optimizations Can be done at each stage Try to minimize –The number of states and transitions –The number of accepting states Involve –Strongly connected components –Fair (bi)simulation Expensive but –The Büchi automaton is usually small –The saving during verification can be very high