Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program correctness Linear Time Temporal Logic

Published byÁbel Mezei Modified over 5 years ago

Similar presentations

Presentation on theme: "Program correctness Linear Time Temporal Logic"— Presentation transcript:

1 Program correctness Linear Time Temporal Logic
Spring 2009 Program correctness Linear Time Temporal Logic Marcello Bonsangue

2 Formal Verification Verification techniques comprise
a modelling framework M to describe a system a specification language  to describe the properties to be verified a verification method M  f, G  f to establish whether a model satisfies a property PenC - Spring 2006 Slide 2

3 Motivations for the free-falling elevator
For an elevator system, consider the requirements: any request must ultimately be satisfied the elevator never traverses a floor for which a request is pending without satisfying it Both concern the dynamic behavior of the system. They can be formalized using a time-dependent notation, like z(t) = 1/2gt2 for the free-falling elevator PenC - Spring 2006 Slide 3

4 t n ( P(n,t)  t’ > t : S(n,t’) )
Example In first order logic, with E(t) = elevator position at time t P(n,t) = pending request at floor n at time t S(n,t) = servicing of floor n at time t Any request must ultimately be satisfied t n ( P(n,t)  t’ > t : S(n,t’) ) The elevator never traverse a floor for which a request is pending without satisfying it tt’>tn (P(n,t)  E(t’)n  t< t”< t’:E(t”)=n)  t< t”’< t’:S(n,t”’) PenC - Spring 2006 Slide 4

5 Temporal Logic First order logic is too cumbersome for these specifications Temporal logic is a logic tailored for describing properties involving time the time parameter t disappears temporal operators mimic linguistic constructs always, until, eventually the truth of a proposition depend on the state on which the system is PenC - Spring 2006 Slide 5

6 LTL: the language Atomic propositions p1,p2,…,q,...
to make statements about states of the system elementary descriptions which in a given state of the system have a well-defined truth value: the printer is busy nice weather open x+2=y Their choice depend on the system considered PenC - Spring 2006 Slide 6

7 LTL: the language Boolean combinators
true  false  negation  conjunction  disjunction  implication  Note: read p  q as “if p then q” rather than “p implies q”. Try (1 = 2)  Sint_Klas_exists PenC - Spring 2006 Slide 7

8 LTL: the language Temporal combinators allows to speak about the sequencing of states along a computation (rather than about states individually) neXt X X = in the next state  holds Examples: XXerror and XXXok warm, ok ok error error 1 2 2 warm, ok ok error warm,ok 1 2 PenC - Spring 2006 Slide 8

9 LTL: Temporal combinators
Future F F = in some future state  holds (at least once and without saying in which state) For example, warm  Fok holds if we are in a “warm” state then we will be in an “ok” state. warm, ok ok error error 1 2 2 warm, ok ok error warm,ok 1 2 PenC - Spring 2006 Slide 9

10 LTL: Temporal combinators
Globally G G = in all future states  always holds It is the dual of F: G = F For example G(warm  Fok) holds if at any time when we are in a “warm” state we will later be in an “ok” state. G(warm  Xwarm)? G(ok  Xwarm)? 1 ok 2 error warm, ok PenC - Spring 2006 Slide 10

11 LTL: Temporal combinators
Until U 1U2 = 2 will hold in some future state, and in all intermediate states 1 will hold. Weak until W 1W2 = 1 holds in all future states until 2 holds it may be the case 2 will never hold PenC - Spring 2006 Slide 11

12 LTL: Temporal combinators
Release R 1R2 = 2 holds in all future state up to (and including) a state when 1 holds (if ever). It is the dual of U: 1R2 = (1U2) PenC - Spring 2006 Slide 12

13 LTL - Priorities Unary connectives bind most tightly
, X,F,G Next come U, R and W Finally come ,  and  Fp  Gr  qUp F G U p r p q PenC - Spring 2006 Slide 13

14 LTL models: Transition Systems
Transition system: <S,,L> S set of states L:S  P(Atoms) labelling function   SxS transition relation Every state s has some successor state s’ with s  s’ A system evolves from one state to another under the action of a transition We label a state with propositions that hold in that state ok warm, ok 1 cold 2 PenC - Spring 2006 Slide 14

15 Computation paths Path: an infinite sequence  of states such that each consecutive pair is connected by a transition 0  1  2  0 … For i ≥ 1, we write i for the suffix of a path  starting at i. PenC - Spring 2006 Slide 15

16 Semantics (I) Let M = <S,,L> be a transition system, and =s1s2 … a path of M.    always   p iff p  l(s1)    iff      1  2 iff   1 and   2 PenC - Spring 2006 Slide 16

17 Semantics (II)  X iff 2  
  F iff there is 1  i such that i     G iff for all 1 i, i     1U2 iff there is 1  i such that i  2 and for all j<i, j  1   1W2 iff either  1U2 or for all 1 i, i 2   1R2 iff either there is 1  i such that i  1 and for all j  i, j  2 or for all 1 k, k 2 PenC - Spring 2006 Slide 17

18 System properties M,s   iff    for every path  of M starting from the state s M,0  okWerror M,0  okUerror (Why?) 1 ok 2 error warm, ok PenC - Spring 2006 Slide 18

Download ppt "Program correctness Linear Time Temporal Logic"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Part 3: Safety and liveness

Part 3: Safety and liveness
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.

LINEAR TEMPORAL LOGIC Fall 2013 Dr. Eric Rozier.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.

CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Propositional Logic. Negation Given a proposition p, negation of p is the ‘not’ of p.

Propositional Logic. Negation Given a proposition p, negation of p is the ‘not’ of p.
Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.

Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.
Witness and Counterexample Li Tan Oct. 15, 2002.

Witness and Counterexample Li Tan Oct. 15, 2002.

Similar presentations

Ads by Google