Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions.

Published byCarmel Elliott Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions."— Presentation transcript:

1 1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions change over time u Two main ways to represent temporal logic:  Linear time: describes single possible time line o LTL (Linear Temporal Logic): Spin  Branching time: describes all possible time lines o CTL (Computation Tree Logic): SMV

2 2 What can you do with TL? u Use Automaton to describe system behavior  Describes actions of system  In terms of state sequences u Use temporal logic to describe property of state sequences u Use model checker to verify TL property  Checks TL property against automaton  Exhaustively checks the automaton  Automatic checking

3 3 Basic Idea of Temporal Logic u Truth changes over time u Must say when things are true,  Not just what is true u Most model checking tools do not allow quantification  Use propositional TLs (PTLs)

4 4 Semantics of Temporal Logic u 4 basic operators: : always : sometime or eventually : next time or next step : until u Conceptual representation: Let S be a sequence of states  S[ 0 ]: first state; S[ j ]: jth state  S[ j.. ] sequence starting from jth state  S[ j..k ] sequence from j to k U

5 5 More Formal Semantics u Classical Logic: S f: sequence S satisfies formula f S true: for any S S (f and g): S f and S g u Temporal Logic: S f : if for any j, S[j..] f S f : if for some j, S[j..] f Sf : if S[1..] f S f g : if for some k, S[k..] g,  and for any j < k, S[ j.. ] f U

6 6 Example u Automaton/machine produces state sequence: abcabcabcabc… u Sequence satisfies property:  (a  b) and It’s always the case that a implies that the next step will be b  (a  a)) It’s always the case that a implies that the next step will eventually be an a. ab c

7 7 More Semantics of PTL u Next f: S[j] f iff S[j+1] f u Always f: S[j] f iff (  k: k  j  S[k] f ) u Sometime f: S[j] f iff (  k: k  j  S[k] f ) u f U g: S[j] f U g iff (  k: k  j  S[k] g )  (   l: j  l  k  S[l] f )

8 8 Sample Specifications u Mutual Exclusion: (  inCsA  inCsB) u Response: (wantsInA  inCsA)

9 9 Computation Tree Logic u Most distributed, reactive systems are nondeterministic Cannot be represented by sequence of possible states or transitions Has a tree of possible computations u Can use CTL to represent these cases Computation Tree Logic

10 10 Kripke Structure ab bc ac s0 s2

11 11 CTL operator combinations

12 12 CTL Syntax u Basic logic, then add in… u Temporal expressions:  Temporal operators are defined in pairs  Path part: A: means “all paths” (inevitably) E: means “on some path” (possibly)  Property part: F : same as % For some G : same as % Globally holds X : same as % neXt U : same as U

13 13 CTL Syntax Sample expression forms: AGp : On all paths, property p always holds EGp : On some paths, property p always holds AFp : On all paths, property p eventually holds EFp : On some path, property p eventually holds

14 14 Specification Patterns u Safety: bad thing never happens: AG (  bad-thing ) u Liveness: good thing eventually happens AF ( good-thing ) u Bad thing could happen: EF ( bad-thing )

15 15 System satisfying EFp

16 16 System satisfying EGp

17 17 System satisfying AGp

18 18 System satisfying AFp

19 19 Sample Specification Patterns u Possible to get to started state, but ready does not hold EF(started)  (  ready)) u If a request occurs, then it will eventually be acknowledged AG (requested  AF acknowledged)  Process is enabled  infinitely often on every path AG (AF enabled) u Whatever happens, a certain process will eventually be permanently deadlocked: AF (AG deadlocked) u From any state, it is possible to get to a restart state AG (AF restart)

20 20 Example Elevator u An elevator at the 2 nd floor traveling upward towards 5 th floor destination does not change its direction AG (floor = 2  direction = up  ButtonPressed5   A [direction = up  U floor 

21 21 Tool Support u Model checkers: check that system satisfies property u Reachability analysis: describe paths of behavior of system u Each tool uses different algorithms for optimization purposes  SPIN (Holzmann et al)  SMV (Clarket et al)  Nitpick (D. Jackson)  COSPAN (Kurshan, mostly for HW)  Verisoft  FDR  Etc.

Download ppt "1 Temporal Logic u Classical logic:  Good for describing static conditions u Temporal logic:  Adds temporal operators  Describe how static conditions."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.

Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.

François Fages MPRI Bio-info 2006 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraints Group, INRIA.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.

卜磊 Transition System. Part I: Introduction  Chapter 0: Preliminaries  Chapter 1: Language and Computation Part II: Models  Chapter.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar D D.

Similar presentations

Ads by Google