Lecture 3 Temporal Logic CS6133 Software Specification and Verification
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Lecture 3 Temporal Logic
CS6133Software Specification and
Verification
2
Temporal Logic: Overview Temporal Logic was designed for expressing the temporal ordering of events and states within a logical framework
State is an assignment of values to the model’s variables. Intuitively, the system state is a snapshot of the system’s execution, in which every variable has some value
Event is a trigger (e.g., signal) that can cause a system to change its state and won’t persist
CS6133
3
Trace In temporal logic, the notion of exact time is abstracted away
In temporal logic, we keep track of changes to variable values and the order in which they occur
A trace σ is an infinite sequence of states that represents a particular execution of the system starts from an initial state s0, which is
determined by the initials values of all the variables
σ = s0, s1, s2, ……
CS6133
4
Linear Temporal Logic Formula In linear temporal logic (LTL), a formula f is evaluated with respect to a trace σ and a particular state sj in that trace
CS6133
5
LTL Characteristics Time is totally ordered
CS6133
6
LTL Characteristics Time is bounded in the past and unbounded in the future
CS6133
7
LTL Characteristics Time is discrete
CS6133
8
Future Temporal Operators Future temporal operators are shorthand notations that quantify over states
CS6133
9
Henceforth
CS6133
10
Eventually
CS6133
11
Next State
CS6133
12
Until
CS6133
13
Unless
CS6133
14
Examples
CS6133
15
LTL Properties Safety property can be expressed by a temporal formula of the form
Response property can be expressed by a temporal formula of the form
Precedence (a happens before b happens)
CS6133
16
LTL Properties Precedence Chain (a before b before c)
CS6133
17
LTL Properties P between Q and R
or
CS6133
18
Example: A Telephone System
Given the predicates
CS6133
19
Examples Using Future Operators I
Formalize the following sentences in LTL A user always needs to pick up the phone before
dialing After picking up the phone, the user eventually either
goes back on hook or dials Whenever a user dialed a number and heard the ring
tone, a connection will only result after the other user picks up the phone
Immediately after the callee hangs up on a connection, the caller will hear an idle tone, then, the caller will hear a dial tone
CS6133
20
Examples Using Future Operators II
Formalize the properties of the elevator in LTL The elevator will eventually terminate, with its doors
closed. The elevator shall not keep its doors open
indefinitely. Pressing the button at floor 2 guarantees that the
elevator will arrive at floor 2 and open its doors. Pressing the button at any floor guarantees that the
elevator will arrive at that floor and open its doors. The elevator will not arrive at a floor and open its
doors unless it is called.
CS6133
21
Past Temporal Operators Past temporal operators are shorthand notations that quantify over states
Past temporal operators are a symmetric counterpart to each of the future temporal operators
Has-always-been Once Previous Since Back-to
CS6133
22
Has-always-been f
T if f is true in the current and
all past system states
F otherwise
f iff i. 0 i j f
S0 Sj
f
CS6133
23
Once f
T if f is true in the current or
some past system state
F otherwise
f iff i. 0 i j f
f
f
S0
S0
Sj
Sj
OR
CS6133
24
Previous
f
f T if f is true in the previous system state
F otherwise
f iff i. i j -1 f
S0 Sj-1 Sj
CS6133
25
Since
S0 Sk Sk+1 Sj
f g T if once g was true and
f has been true since the last g to the present
F otherwise
f g iff k. 0 k j g
i. k i j f g f
CS6133
26
Back-to f g
T if f has-always- been true or
f since g
F otherwise
f g iff f g f
S0 Sk Sk+1 Sj
g fS0 Sj
f
OR
CS6133
27
Examples Using Past Operators
Formalize the following sentences in LTL When a caller hears the dial tone, the caller must
have picked up the phone When the callee hears the ring, a caller must dial the
callee’s number and hasn’t hanged up Whenever a user dialed a number and heard the ring
tone, a connection is established if the other user picks up the phone
CS6133
28
Linear vs. Branching Views
Two ways to think about the computations of reactive system
Linear time: LTL Branching time: computation tree logic (CTL)
A CTL formula is true/false relative to a state where as an LTL formula is true/false relative to a path
CS6133
29
CTL
There are future temporal operators of LTL
There are also path quantifiers to describe the branching structure of a computation tree:
A and E A means for all computation paths E means for some computation paths
CS6133
30
CTL Syntax
If p is an atomic proposition, and f1 and f2 are CTL formulae, then the set of CTL formulae consists of
1. p
2. ¬ f1, f1 ∧ f2, f1 ∨ f2, f1 ⇒ f2
3. AX f1, EX f1
4. AG f1, EG f1
5. AF f1, EF f1
6. A [f1Uf2], E [f1Uf2]
Note that the path quantifiers and temporal operators are always paired together
CS6133
31
CTL Semantics
AX f
if on all paths starting at state s, f holds in the next state
EX f
if there exists a path starting at state s on which f holds at the next state.
CS6133
32
CTL Semantics
EF f
if f is reachable (i.e., if there exists a path starting at state s, on which f holds in some future state).
AF f
if f is inevitable (i.e., if on all paths that start at state s, f holds in some future state).
CS6133
33
CTL Semantics
EG f
if there exists a path starting at state s, on which f holds globally.
AG f
if f is invariant (i.e., if on all paths that start at state s, f holds globally).
CS6133
34
CTL Semantics
E[g U f]
if there exists a path starting at state s, on which g holds until f eventually holds.
A[g U f]
if on all paths that start at state s, g holds until f eventually holds.
CS6133
35
Example of CTL Formulas
“It is possible to get to a state where started holds, but ready does not hold.”
“For any state, if a request occurs, then it will eventually be acknowledged.”
“It is always the case that a certain process is enabled infinitely often on every computation path.”
CS6133
36
LTL vs. CTL
In LTL, we could write: FG p
There is no equivalent of this formula in CTL.
In CTL, we could write: AG EF p
There is no equivalent of this formula in LTL.
CS6133
Related Documents
