An improved on-the-fly tableau construction for a real-time temporal logic Marc Geilen 12 July 2003 /e.

aan improved on-the-fly n improved on-the-fly

tableau construction for a tableau construction for a

real-time temporal logicreal-time temporal logicMarc GeilenMarc Geilen

12 July 200312 July 2003

Overview

• Introduction

• RT Temporal Logic Model-Checking

• Ingredients of the tableau procedure

• Example

• Conclusions

Temporal Logic Model Checking

Timed AutomatonA

:'

Timed AutomatonAS

SystemS

Logical Property'

Product AutomatonAS£A : '

L(AS) \ L(A : ' )=

S satisfies '

L(AS£A ')=

iff

iff

Real-time temporal logic

Linear Temporal Logic, extended with quantitative

dense time (e.g., pos real numbers)

Timed state sequence is a sequence of states

(valuations of propositions) and intervals

p | :' | '1_ '2|'1U 6d'2

or in positive normal form:

p | :p | '1_ '2| '1^ '2|'1U6d'2|'1V6d'2

( {p,q}, [0,1) ) ( {p},[1,4] ) ( {q},

(4, 7) ) …

Goal

To have an efficient algorithm for

translating real-time temporal logic

formulas into timed automata to enable

temporal logic model-checking for

timed systems.

Previous work

Alur, Feder and Henzinger, ’96

• Tableau construction for dense time Metric

Interval Temporal Logic.

Linear Temporal Logic with '1UI'2

• Establishing the connection between MITL

and Timed Automata, not meant for

implementation

Previous work

Geilen, Dams, ’00

• Attempt at an on-the-fly tableau

construction

• For fragment of MITL: '1UI'2 where I=[0,d]

• Relied on restriction to timed state

sequences with special type of intervals

[a, b)

This work…

introduces an

• on-the-fly tableau construction

• for a fragment of MITL

('1UI'2 where I=[0,d] )

• without the restriction on intervals

Untimed OTF tableau revisited

• Label states with formulas

• Separation of constraints on

current state and remainder of

the state sequence

• Normal form:

_i

¼i ̂° ' i

¼1

¼k

'

¼2

' 2

°'

Untimed OTF tableau revisited

pUq = q _ p^°pUq

ppUq

q°

ppUq

q°

ppUq

q°

Real-time tableaux

•Timed automata

•Intervals and locations

' 1 ' 2

[t1, t2) [t2, t3]

' 3

(t3, ...

Real-time tableaux

ppU6dq

q

[t1, t2) [t2...

t2-t16d

Real-time tableaux

ppU6dq

q

(t1, t2] (t2...

t2-t16d

Real-time tableaux

ppU6dq

q

[t1, t2] (t2...

t2-t1=d

Timers

Timers measure/constrain distance between

transitions

p, x>0pU6dq q

x:=d

[t1, ...

p, x>0pU6dq q

x:=d

(t1, ...

p, x>0pU6xqpU6dq

pU6xqq

x:=d

[t1, ...

p, x>0pU6x+"qpU6dq

pU6x+"qq

x:=d

(t1, ...

Release Formulas

qpV<xq

p, qpV<xq

x:=d

...t1, t2)

x60pV<xq

pV6dq

qpV6xq

p, qpV6xq

x:=d

...t1, t2]

x<0pV6xq

pV6dq

qpV6xq

p, qpV6xq

x:=d

...t1, t2]

x<0pV6xq

pV6dq

Parts of the tableau automaton• Locations: sets of formulas

• Propositional and timer constraints in locations

are derived from the formulas

• Timers: for every bounded Until or Release

formula

(counting down)

• Edges: determined by a normal form procedure

from singular to open and from open to singular

intervals.

Disjunctive Temporal Normal formsExtended logic

x<0, x60, x>0, x>0

TS.' (e.g., {x:=5}. '')

'1U6x'2, '1U6x+"'2

'1V6x'2, '1V<x'2

°'

Disjunctive Temporal Normal formsExtended logic and interpretation

with timers

(¾,I) |=À' º : Timers --> IR

(¾,I) |=À x>0if º(x)>0

(¾,I) |=ÀTS.'‘ if (¾,I) |=TS.À'‘

Disjunctive Temporal Normal Forms• Normal form

_i

TSi.(¼i ̂»i ̂° ' i)

¼1»1

¼k»k

Ã

TS1

TS2

TSk

¼2»2

Ã2

°Ã

Normal form rewrite rules

Depend on interval type (s/o)

´ : equivalent for first singular interval {0}

´ : equivalent in initial open interval (0,…

s

o

Equivalences / rewrite rules

Some examples:

'1U6d '2 ´ {x:=5}.('1U6x '2)

'1U6d '2 ´ {x:=5}.('1U6x+" '2)

'1U6d '2 ^ '1U6x '2 ´ '1U6x '2 (if x6d)

'1U6x '2 ´ '2 _ ( x>0 ^ '1 ^ ° '1U6x '2 )

(`the Next operator refers to the next interval)

s

o

Example

pU65q pU65q

opensingular

Example

fx:=5g

pU6xq pU6x+"q

pU65q pU65q

opensingular

fx:=5g

Example

q x>0, p,° pU6xq

fx:=5g fx:=5g fx:=5gfx:=5g

fx:=5g

pU6xq pU6x+"q

pU65q

x>0, p,° pU6x+"q

q

pU65q

opensingular

fx:=5g

Dealing with interval types

• timed automata cannot directly enforce

interval types

• But alternation of singular and open intervals

can be enforced by a well-known trick

x=0x:=0 x:=0

x=0

Outline of the algorithm

• Get initial locations from NF of initial

formula

• As long as there are locations that have not

been expanded

– Expand one of these locations from its

Next formulas according to its type s/o

Application of the algorithm

§ 65p = trueU65p

trueU65p

Application of the algorithm

trueU6xpx:=5

trueU65p ´ [x:=5]. trueU6xps

Application of the algorithm

x>0° trueU6xp

x:=5p

(° true)

x:=5

[x:=5]. trueU6xp

´ [x:=5].p _ [x:=5].x>0^° trueU6xps

Application of the algorithm

x>0x:=5

p(° true)

x:=5

trueU6xp

Application of the algorithm

x>0x:=5

p(° true)

x:=5

x>0° trueU6xp

p(° true)

trueU6xp ´ p _ x>0^° trueU6xpo

Application of the algorithm

x>0x:=5

p(° true)

x:=5

x>0 p(° true)

trueU6xp ´ p _ x>0^° trueU6xps

Application of the algorithm

x>0x:=5

px:=5

x>0 p

true

true

true ´ true ^ ° true

y:=100, x:=5

y:=100,x:=

5x:=

5 y<0

ox¸ 0

x:=

5

y<0,x>0

ox>0

p

x>0

sx¸ 0

x¸ 0

y<0x¸ 0

op

sx>0

x:=5

x:=5

y<0p

sp

¤6100§ 65p = falseV6100(trueU65p)

Conclusions and Future work

• OTF tableau construction algorithm

• Lifts the constraints imposed in an earlier paper

• Optimizations possible

• Weakly monotonic time for interleaving semantics

• Simple extensions of the logic

• Implementation

Thanks!