LTL to B chi automata

Download Report

Transcript LTL to B chi automata 

LTL to Büchi Automata
15-820A
LTL to Büchi Automata
Flavio Lerda
1
LTL to Büchi Automata
15-820A
LTL Formulas
• Subset of CTL*
– Distinct from CTL
• AFG p  LTL
•  f  CTL . f ≠ AFG p
• Contains a single universal quantifier
– The path formula f holds for every path
• Commonly:
– A is omitted
– G is replaced by  (box or always)
– F is replaced by  (diamond or eventually)
2
LTL to Büchi Automata
15-820A
Examples of LTL formulas
• Always eventually p:
–p
– AGF p or AG AF p
• Always after p eventually q
–  ( p  q)
– AG (p -> F q) or AG (p -> AF q)
• Fairness
–(p)
– A ((GF p)  )
Not a CTL formula
3
LTL to Büchi Automata
15-820A
LTL Semantics
• Derived from the CTL* semantics
• Given an infinite execution trace =s0s1…
╞ p  p(s0)
╞ ¬   ¬( ╞  )
╞ 1  2 ╞ 1  ╞ 2
╞ 1  2 ╞ 1  ╞ 2
i is the suffix of 
╞  i 0 i╞ 
starting at si
i
╞  i 0  ╞ 
╞ 1 U 2i 0 i╞ 2  0  j < i j╞ 1
4
LTL to Büchi Automata
15-820A
Büchi Automata
• Automaton which accepts infinite traces
• A Büchi automaton is 4-tupleS, I,, F
– S is a finite set of states
– I S is a set of initial states
–   S S is a transition relation
– F S is a set of accepting states
• An infinite sequence of states is accepted
iff it contains accepting states infinitely
often
5
LTL to Büchi Automata
15-820A
Example
S0
S1
S2
1=S0S1S2S2S2S2…
ACCEPTED
2=S0S1S2S1S2S1…
ACCEPTED
3=S0S1S2S1S1S1…
REJECTED
6
LTL to Büchi Automata
15-820A
LTL and Büchi Automata
• LTL formula
– Represents a set of infinite traces which
satisfy such formula
• Büchi Automaton
– Accepts a set of infinite traces
• We can build an automaton which accepts
all and only the infinite traces represented
by an LTL formula
7
LTL to Büchi Automata
15-820A
Labeled Büchi Automata
• Given a set of atomic proposition P
– Define a labeling function
: S  2P
– Each state is assigned a set of propositions
that must be true
• Similar to the labeling for the model M
8
LTL to Büchi Automata
15-820A
Generating Büchi Automata
• We need a procedure to generate a Büchi
automaton given an LTL formula
– Efficiently
• Formulas are usually small
• Büchi automaton exponential in the size of the formula
• The cost of model checking is proportional to the size of the
automaton
– Non-deterministic Büchi automata are not equivalent
to deterministic Büchi automata
• Cannot use automata minimization algorithms
– Finding the minimal automata is exponential
9
LTL to Büchi Automata
15-820A
Approach
• Formula rewriting
– Rewrite the formula in negated normal form
– Apply rewriting rules
• Core translation
– Turns an LTL formula into a generalized Büchi
automaton
• Degeneralization
– Turns a generalized Büchi automaton into a
Büchi automaton
10
LTL to Büchi Automata
15-820A
Rewriting
• Negated normal form
– Negation appears only in front of literals
– Use the following identities
•
•
•
•
•
¬¬ = 
¬G  = F ¬
¬F  = G ¬
¬( U ) = (¬) V (¬)
¬( V ) = (¬) U (¬)
• V (sometimes R) is the Release operator
– Dual of Until
11
LTL to Büchi Automata
15-820A
Rewriting
• Additional rewriting rules
– They are not guaranteed to yield smaller
automata
– The size of the automaton is exponential in
the size of the formula
• Examples
– (X ) U (X ) X ( U )
– (X )  (X ) X (  )
– GF   GF   GF (  )
12
LTL to Büchi Automata
15-820A
Rewriting
• The core algorithm only handles
– , , V, U
• Use the following:
–FTU
– G   ¬F ¬  ¬(T U ¬) = F V 
13
LTL to Büchi Automata
15-820A
Core Translation
Idea
• Make use of the following
 U    (  X( U ))
 V    (  X( V ))
14
LTL to Büchi Automata
15-820A
Example
Fp
(T U p)
Old:{}
New:{T U p}
Next:{}
T
p
Old:{T U p}
New:{T}
New:{}
Next:{T U p}
Old:{T U p,
p}p}
New:{p}
New:{}
Next:{}
Old:{}
New:{}
Next:{}
Old:{T U p}
Next:{T U p}
Old:{T U p, p}
Next:{}
Old:{}
Next:{}
15
LTL to Büchi Automata
15-820A
Core Translation
• Node
– Represent a sub-formula
– Contain information about the past, the
present and the future
• State
– Represents a state in the final automaton
– They are the nodes that have fully expanded
16
LTL to Büchi Automata
15-820A
Core Translation
• Expansion
– Select a formula from the New field
– If it is a literal, add it toUthe
Old
 field
(  X( U ))
 V    (  X( V ))
– Otherwise
• 
(New{},Next{}) and (New{},Next{})
• U
(New{},New{ U }) and (New{},Next{})
• V
(New{},New{ V }) and (New{,},Next{})
17
LTL to Büchi Automata
15-820A
Core Translation
• Nodes to states
– If a node has no New formulas
– Create a new node with all the Next formulas
– Create an edge between the two nodes
– Check if there is any equivalent state
• With the same Next field
• With the same Old field
18
LTL to Büchi Automata
15-820A
Core Translation
• Accepting states
– Generalized Büchi automaton
• Multiple accepting sets
– One for each Until sub-formula ( U )
– Such that
• The Old field doesn’t contain  U 
or
• The Old field does contain 
19
LTL to Büchi Automata
15-820A
Degeneralization
• Turn a generalized Büchi automaton into a
Büchi automaton
• Consider as many copies of the automaton as
the number of accepting sets
• Replace incoming edges from accepting states
with edges to the next copy
• Each cycle must go through every copy
• Each cycle must contains accepting states from
each accepting set
20
LTL to Büchi Automata
15-820A
Example
FaFb
T
a
b
2
1
T
1,2
21
LTL to Büchi Automata
15-820A
Example
T
a
T
b
a
T
b
T
22
LTL to Büchi Automata
15-820A
Example
T
a
T
b
a
T
b
T
23
LTL to Büchi Automata
15-820A
Example
T
a
T
b
a
T
b
T
24
LTL to Büchi Automata
15-820A
Example
T
a
b
T
T
25
LTL to Büchi Automata
15-820A
Example
T
a
b
T
T
26
LTL to Büchi Automata
15-820A
Optimizations
• Can be done at each stage
• Try to minimize
– The number of states and transitions
– The number of accepting states
• Involve
– Strongly connected components
– Fair (bi)simulation
• Expensive but
– The Büchi automaton is usually small
– The saving during verification can be very high
27