Presentation is loading. Please wait.

Presentation is loading. Please wait.

LTL Model Checking 张文辉

Published byBeatrice Little Modified over 9 years ago

Similar presentations

Presentation on theme: "LTL Model Checking 张文辉"— Presentation transcript:

1 LTL Model Checking 张文辉 http://lcs.ios.ac.cn/~zwh

2 LTL Model Checking 迁移系统 Kripke 结构  - 自动机 LTL PLTL  - 自动机 M |=  L(A M )  L(A  )

3 LTL Model Checking L(A M )  L(A  ) L(A M )  (   \ L(A  )) =  L(A M )  L(A  ) =  L(A M  A  ) =  Double DFS

4 Kripke Structure

5 Kripke Structures Definition A Kripke structure is a triple – S : A finite set of states – R  S x S : A total transition relation – I  S : A set of initial states The set of successors of s is denoted R(S) Then R is total iff R(s)  for all s  S

6 Example: s2 s0 s3 s1

7 Computation Given a Kripke structure K=. s  s’: sRs’ or (s,s’)  R Definition A computation of K is an infinite sequence of S: s 0 s 1 s 2 …. such that s 0  I, and s i  s i+1 for all i  0

8 Path Definition An infinite path is an infinite sequence of S: s 0 s 1 s 2 …. such that s i  s i+1 for all i  0 Definition A finite path is a finite prefix of an infinite path: s 0 …s n

9 Labeled Kripke Structures AP: A set of propositions. Definition A (Labeled) Kripke structure is a quadruple – S : A finite set of states – R  S x S : A total transition relation – I  S : A set of initial states – L: S  2 AP is a labeling function

10 Example: s2 s0 s3 s1 {} {q} {p,q} {p}

11 x==0||t==0 11 Example t0 x=1,t=0 t1 t2 y==0||t==1 t3 x=0 s0 y=1,t=1 s1 s2 s3 y=0 Initial States s0 t0 x=0 y=0 t=0

12 s0,t0,0,0,0 s0,t1,1,0,0s1,t0,0,1,1 s2,t0,0,1,1 s3,t0,0,0,1 s1,t1,1,1,0s0,t2,1,0,0 s0,t3,0,0,0 s1,t1,1,1,1 s2,t1,1,1,0s1,t2,1,1,1 s3,t1,1,0,0 s1,t3,0,1,1 s3,t2,1,0,0 s3,t3,0,0,0 1096 s2,t3,0,1,1 s3,t3,0,0,1 513121312 56 910 12 13

13 Proposition Symbols Let AP be the set of proposition symbols {p0,p1,…,p13} with the following meaning:

14 Labeling Function L(s0,t0,0,0,0)={p6,p10,p0,p2,p4} L(s0,t0,0,0,1)={p6,p10,p0,p2,p5} …

15  -Automata

16 Buchi-Automata Definition A Buchi automaton (BA) is a quintuple –  : A finite set of symbols – S : A finite set of states –   S x  x S : A transition relation – I  S : A set of initial states – F  S : A set of acceptance states

17 Example: s2 s0 s3 s1 a b a b cc

18 Runs Given a BA A= Notation: s  a s’: (s,a,s’)  Definition Let w  . A run of A on w is an infinite sequence s 0 s 1 s 2 …. of S such that s 0  I, and (s i,w[i],s i+1 )  for all i  0.

19 Words over a Run Definition A word over a run r of A is an infinite sequence of  : a 1 a 2 …. such that r is a run on a 1 a 2 ….

20 Accepting Runs Let inf(  ) be the set of states that appear infinitely many times on . Definition An accepting run of A is a run  of A such that inf(  )  F .

21 Accepting Words Definition An accepting word of A is a word over some accepting run of A.

22 Language Definition The language of A is the set of accepting words of A. The language of A is denoted L(A).

23 Union Given two BAs A 1 =, A 2 =. Suppose that S 1 and S 2 are disjoint. Define A 1  A 2 = where S = S 1  S 2  =  1   2 I = I 1  I 2 F = F 1  F 2

24 Union Theorem L(A 1  A 2 ) = L(A 1 )  L(A 2 )

25 Intersection Given BAs A 1 =, A 2 =. Define A 1  A 2 = where S = S 1 x S 2 x {0,1,2}  = ? I = I 1 x I 2 x {0} F = S 1 x S 2 x {2}

26 Intersection  = { ((s 1,s 2,i),a,((s 1 ’,s 2 ’,i)) | i  {0,1}, (s 1,a,s 1 ’)  1, (s 2,a,s 2 ’)  2 }  { ((s 1,s 2,0),a,((s 1 ’,s 2 ’,1)) | (s 1,a,s 1 ’)  1, (s 2,a,s 2 ’)  2, s 1  F 1 }  { ((s 1,s 2,1),a,((s 1 ’,s 2 ’,2)) | (s 1,a,s 1 ’)  1, (s 2,a,s 2 ’)  2, s 2  F 2 }  { ((s 1,s 2,2),a,((s 1 ’,s 2 ’,0)) | (s 1,a,s 1 ’)  1, (s 2,a,s 2 ’)  2 }

27 Intersection Theorem L(A 1  A 2 ) = L(A 1 )  L(A 2 )

28 Complementation The set of BAs is closed under complementation. Given A=. There exists a BA B such that L(B) =   \L(A)

29 Generalized Buchi Automaton Definition A GBA is a quintuple –  : A finite set of symbols – S : A finite set of states –   S x  x S : A transition relation – I  S : A set of initial states – F  2 S : A set of sets of acceptance states

30 Accepting Run Definition An accepting run of A is a run  of A such that for each f  F, inf(  )  f .

31 Union Given two automaton A 1 =, A 2 =. Suppose that S 1 and S 2 are disjoint. Define A 1  A 2 = where S = S 1  S 2  =  1   2 I = I 1  I 2 F = { f  S 2 | f  F 1 }  { f  S 1 | f  F 2 }

32 Union Theorem L(A 1  A 2 ) = L(A 1 )  L(A 2 )

33 Intersection Given two automaton A 1 =, A 2 =. Define A 1  A 2 = where S = S 1 x S 2  = { ((s 1,s 2 ),a,((s 1 ’,s 2 ’))| (s 1,a,s 1 ’)  1, (s 2,a,s 2 ’)  2 } I = I 1 x I 2 F = { f x S 2 | f  F 1 }  { S 1 x f| f  F 2 }

34 Intersection Theorem L(A 1  A 2 ) = L(A 1 )  L(A 2 )

35 Complementation The set of GBAs is closed under complementation.

36 Expressiveness of GBAs

37 Theorem Every language expressible by a BA is also expressible by a GBA. Proof Given a BA A=. We can construct a GBA B= such that L(B)=L(A).

38 Expressiveness of GBAs Theorem Every language expressible by a GBA is also expressible by a BA. Proof Given a GBA A=. We can construct a BA B= such that L(B)=L(A).

39 GBA  BA BA B= S’ = S x {0,1,2,…,n}  ’ = ? I’ = I x {0} F’ = S x {n}

40 GBA  BA  ’ = { ((s,i),a,(s’,i)) | i  {0,1,…,n-1}, (s,a,s’)  }  { ((s,i),a,(s’,i+1)) | i  {0,1,…,n-1}, (s,a,s’) ,s  F i+1 }  { ((s,n),a,(s’,0)) | (s,a,s’)  }

41 Kripke Structure   -Automata

42 Computations  Accepting runs Labels on Computations  Accepting Words

43 Kripke Structure   -Automata AP: A set of propositions. K= A=  =2 AP  ={ (s,a,s’) | (s,s’)  R, a=L(s) } F=S

44 Kripke Structure   -Automata Theorem r is a computation of K  L(r) is an accepting word of A w is an accepting word of A  there is a computation r of K such that L(r)=w

45 Example: s2 s0 s3 s1 {} {q} {p,q} {p} s2 s0 s3 s1 {} {q} {p,q} {p} {} {p}

46 PLTL   -Automata

47 Example G p p U q p U (q U r)

48 PLTL   -Automata Only consider NNF formulas with literals, disjunction, conjunction, X, U, R  == p |  p |  |  |X  |  R  |  U 

49 PLTL   -Automata Let  be a PLTL formula over AP. Construct a GBA A= such that  |=  iff  L(A) (1)  =2 AP (2)S,I, ,F = ?

50 PLTL   -Automata  s=[  ;  ;  ;  ] s=[a;  ; c; d] New node s’=[s; d;  ;  ]

51 PLTL   -Automata s=[a; p,  ; c; d] where p is a literal Replace s‘=[a;  ; p,c; d]

52 PLTL   -Automata s=[a;  0  1,  ; c; d] replace s‘=[a;  0,  ;  0  1,c; d] s’’=[a;  0,  ;  0  1,c; d]

53 PLTL   -Automata s=[a;  0  1,  ; c; d] Replace s’=[a;  0,  1,  ;  0  1,c; d]

54 PLTL   -Automata s=[a; O  1,  ; c; d] Replace s‘=[a;  ; O  1,c;  1,d]

55 PLTL   -Automata s=[a;  0 U  1,  ; c; d] Replace s’=[a;  1  (  0  X(  0 U  1 )),  ;  0 U  1,c; d]

56 PLTL   -Automata s=[a;  0 R  1,  ; c; d] Replace s’=[a;  1  (  0  X(  0 R  1 )),  ;  0 R  1,c; d]

57 PLTL   -Automata s=[a;  ; c; d] s’=[a’;  ; c; d] Replace s’’=[a,a’;  ; c; d]

58 PLTL   -Automata s=[a;  ; c; d] s  I iff   a

59 PLTL   -Automata  =2 AP s=[a;  ; c; d] s’=[a’;  ; c’; d’] Define  as follow: (s, ,s’)   iff s  a’ and  |=s

60 PLTL   -Automata Let f(  0 U  1 ) = { s |  0 U  1  s.c   1  s.c } F = { f(  0 U  1 ) |  0 U  1 is a sub-formula of  }

61 PLTL   -Automata Theorem Let A= be a GBA as constructed. Then  |=  iff  L(A).

62 Example G p p U q p U (q U r)

63 LTL Model Checking L(A M )  L(A  ) L(A M )  (   \ L(A  )) =  L(A M )  L(A  ) =  L(A M  A  ) =  Double DFS

64 Emptiness of  -Automata

65 On the Fly

66 Partial Order Reduction

67 Questions?

Download ppt "LTL Model Checking 张文辉"

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Regular operations Sipser 1.1 (pages 44 – 47). CS 311 Fall 2008 2 Building languages If L is a language, then its complement is L’ = {w | w ∉ L} Let A.

Regular operations Sipser 1.1 (pages 44 – 47). CS 311 Fall Building languages If L is a language, then its complement is L’ = {w | w ∉ L} Let A.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.

Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
Lecture 16 Deterministic Turing Machine (DTM) Finite Control tape head.

Lecture 16 Deterministic Turing Machine (DTM) Finite Control tape head.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Deterministic Finite Automata (DFA)

Deterministic Finite Automata (DFA)
Determinization of Büchi Automata

Determinization of Büchi Automata
Discrete Mathematics Lecture 5 Alexander Bukharovich New York University.

Discrete Mathematics Lecture 5 Alexander Bukharovich New York University.
Finite Automata Section 1.1 CSC 4170 Theory of Computation.

Finite Automata Section 1.1 CSC 4170 Theory of Computation.
Regular operations Sipser 1.1 (pages 44 – 47). CS 311 Mount Holyoke College 2 Building languages If L is a language, then its complement is L’ = {w |

Regular operations Sipser 1.1 (pages 44 – 47). CS 311 Mount Holyoke College 2 Building languages If L is a language, then its complement is L’ = {w |
Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS 15-251 Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.

Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.
1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture3: Regular Expressions Prof. Amos Israeli.
CFG => PDA Sipser 2 (pages 99-118).

CFG => PDA Sipser 2 (pages ).
CFG => PDA Sipser 2 (pages 99-118). CS 311 Fall 2008 2 Formally… A pushdown automaton is a sextuple M = (Q, Σ, Γ, δ, q 0, F), where – Q is a finite set.

CFG => PDA Sipser 2 (pages ). CS 311 Fall Formally… A pushdown automaton is a sextuple M = (Q, Σ, Γ, δ, q 0, F), where – Q is a finite set.
Büchi Tree Automata Based on “Weakly definable relations and special automata” By Michael Rabin.

Büchi Tree Automata Based on “Weakly definable relations and special automata” By Michael Rabin.
CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Regular.

CSC 3130: Automata theory and formal languages Andrej Bogdanov The Chinese University of Hong Kong Regular.

Similar presentations

Ads by Google