Download presentation
Presentation is loading. Please wait.
Published byAnneliese Hochberg Modified over 6 years ago
1
Software Verification 2 Automated Verification
Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität and Fraunhofer Institut für Rechnerarchitektur und Softwaretechnik
2
Recap: LTL and CTL Kripke models = LTS
Expressively equivalent to FOL (<) on linear orders Arguably more intuitive to use Kripke models = LTS branching time – possibility properties linear time – fairness properties CTL* subsumes both CTL and LTL
3
Safety and Liveness
4
Some Theorems Every LTL formula can be written in one of these forms (where p is a pure past formula) Every LTL safety property is expressible as G*φ (where φ is pure past) Every LTL formula can be written as reactivity ⋀(G*F*φ F*G*ψ) All the inclusions are strict All the non-inclusions are provable (dualities) e.g. F*G*p cannot be expressed as G*F*φ Conjunction and disjunction of a recurrence is a recurrence G*F*p G*F*q = G*F*(p -p U-q) G*F*p G*F*q = G*F*(p q) Obligations can be expressed as recurrences and persistences G*p = G*F*H*p, F*p = G*F*P*p , where H*p = ¬P*¬p
5
Safety and Liveness Properties
Proof of decomposition theorem: φs={w0w1... | for every i, w0w1... wi is a prefix of φ} φl= φ{w0w1... | for some i, w0w1... wi is not a prefix of φ} show: φs is safety, φl is liveness, φ = φs φl
6
Examples (p U+ q) = ((p W+ q) F+ q) G*(p F*q) = (G*p G*F*q)
G*p G*q = G*(H*p H*q) (gilt nur initial, im Anfangspunkt!) Total program correctness = invariance termination other direction does not hold
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.