Robust Linear Temporal Logic - csl16.lif.univ-mrs.frcsl16.lif.univ-mrs.fr/static/media/talk15/CSL 2016-neider.pdf · Motivation ϕ ⇒ ψ Environmentassumption Systemguarantee Paulo

Robust Linear Temporal Logic

Paulo Tabuada 1 Daniel Neider 1,2

1University of California, Los Angeles

2RWTH Aachen University

25th EACSL Annual Conference on Computer Science Logic

Marseille, France29 September 2016

Motivation

ϕ ⇒ ψ

Environment assumption System guarantee

Paulo Tabuada and Daniel Neider: Robust LTL 1

Motivation

ϕ ⇒ ψ


Desired Notion of Robustness (from Wikipedia on fault tolerance)

“[...] If its operating quality decreases at all, the decrease isproportional to the severity of the failure, as compared to a naivelydesigned system in which even a small failure can cause totalbreakdown. [...]”


Motivation

ϕ ⇒ ψ


GoalDevelop a semantics for LTL capturing “robustness”

I Here: only the fragment LTL( , ); full LTL on arXiv

Design Goals

1. Robustness should be internal to the logic2. Familiarity with LTL should be the only prerequisite


http://arxiv.org/abs/1510.08970

Motivation

ϕ ⇒ ψ


GoalDevelop a semantics for LTL capturing “robustness”

I Here: only the fragment LTL( , ); full LTL on arXiv

Design Goals

1. Robustness should be internal to the logic2. Familiarity with LTL should be the only prerequisite



Linear Temporal LogicSyntax of LTL( , )Let P be a (finite, nonempty) set of atomic propositions

I Each p ∈ P is an LTL( , ) formula; andI if ϕ,ψ are LTL( , ) formulas, so are ¬ϕ, ϕ ∨ ψ, ϕ, and ϕ

Semantics of LTL( , ) . . .. . . is a function W : ΦLTL( , ) × (2P)ω → B inductively defined by

W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)

W (¬ϕ, σ) = 1−W (ϕ, σ)W (ϕ ∨ ψ, σ) = max {W (ϕ, σ),W (ψ, σ)}W ( ϕ, σ) = inf i≥0 {W (ϕ, σi ..)}W ( ϕ, σ) = supi≥0 {W (ϕ, σi ..)}

a b a ∨ b max {a, b} a ∧ b min {a, b}

0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)



0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)



0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)

W (¬ϕ, σ) = 1−W (ϕ, σ)

W (ϕ ∨ ψ, σ) = max {W (ϕ, σ),W (ψ, σ)}W ( ϕ, σ) = inf i≥0 {W (ϕ, σi ..)}W ( ϕ, σ) = supi≥0 {W (ϕ, σi ..)}


0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)

W (¬ϕ, σ) = 1−W (ϕ, σ)W (ϕ ∨ ψ, σ) = max {W (ϕ, σ),W (ψ, σ)}

W ( ϕ, σ) = inf i≥0 {W (ϕ, σi ..)}W ( ϕ, σ) = supi≥0 {W (ϕ, σi ..)}


0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)

W (¬ϕ, σ) = 1−W (ϕ, σ)W (ϕ ∨ ψ, σ) = max {W (ϕ, σ),W (ψ, σ)}

W ( ϕ, σ) = inf i≥0 {W (ϕ, σi ..)}W ( ϕ, σ) = supi≥0 {W (ϕ, σi ..)}


0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)

W (¬ϕ, σ) = 1−W (ϕ, σ)W (ϕ ∨ ψ, σ) = max {W (ϕ, σ),W (ψ, σ)}W ( ϕ, σ) = inf i≥0 {W (ϕ, σi ..)}

W ( ϕ, σ) = supi≥0 {W (ϕ, σi ..)}


0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1





W (p, σ) ={1 if p ∈ σ(0)0 if p /∈ σ(0)



0 0 0 0 0 00 1 1 1 0 01 0 1 1 0 01 1 1 1 1 1


Different Shades of False

Consider the specification p ⇒ q. How can p be violated?

Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p

(1, 1, 1, 1)

p¬p p

(0, 1, 1, 1)

p¬p p

(0, 0, 1, 1)

p¬p p

(0, 0, 0, 1)

p¬p ¬p

(0, 0, 0, 0)




Weakening

p¬p p (1, 1, 1, 1)

p¬p p (0, 1, 1, 1)

p¬p p (0, 0, 1, 1)

p¬p p (0, 0, 0, 1)

p¬p ¬p (0, 0, 0, 0)

shades

offalse

true

falsePaulo Tabuada and Daniel Neider: Robust LTL 3



Weakening

p¬p p (1, 1, 1, 1)

p¬p p (0, 1, 1, 1)

p¬p p (0, 0, 1, 1)

p¬p p (0, 0, 0, 1)

p¬p ¬p (0, 0, 0, 0)

B4


A Da Costa Algebra over B4

Elements of B4 are ordered:

(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)

We introduce the following four operations:

I a u b = min {a, b}I a t b = max {a, b}

I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={

(1, 1, 1, 1) if a ≤ bb otherwise

Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)

The structure (B4, <,u,t, · ,→) is a so-called da Costa algebra




(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)

We introduce the following four operations:I a u b = min {a, b}I a t b = max {a, b}

I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={


Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)





(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)


I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={


Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)





(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)


I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={


Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)





(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)


I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={


Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)





(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)


I a ={

(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise

I a→ b ={


Negation

(1, 1, 1, 1) (0, 0, 0, 0)

(0, 1, 1, 1) (1, 1, 1, 1)

(0, 0, 1, 1) (1, 1, 1, 1)

(0, 0, 0, 1) (1, 1, 1, 1)

(0, 0, 0, 0) (1, 1, 1, 1)



Robust Semantics

We use new symbols , and call this “logic” rLTL

The semantics of rLTL( , ) is a functionV : ΦrLTL( , ) × (2P)ω → B4 inductively defined by

I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)I V ( p, σ) = ( p, p, p, p)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)I V ( p, σ) = ( p, p, p, p)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)

I V ( p, σ) = ( p, p, p, p)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)I V ( p, σ) = ( p, p, p, p)

I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise


I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise


I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise


I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Robust Semantics



I V (p, σ) ={

(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise

I V (ϕ ∧ ψ, σ) = V (ϕ, σ) u V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) t V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)I V ( ϕ, σ) = ( ϕ1, ϕ2, ϕ3, ϕ4)

σ σ(0) σ(1) σ(2)

V (ϕ, σi ..) (0, 1, 1, 1) (0, 0, 1, 1) (0, 0, 1, 1) · · ·

ϕ1: 000 . . .

ϕ2: 100 . . .

ϕ3: 111 . . .

ϕ4: 111 . . .


Example

Consider p ⇒ q, and assume V ( p ⇒ q, σ) = (1, 1, 1, 1)

Recall: a→ b ={



Example


I If p holds, then p evaluates to (1, 1, 1, 1). Hence, q has toevaluate to (1, 1, 1, 1), which means that q holds

I If p holds (and p does not), then p evaluates to(0, 1, 1, 1). Hence, q has to evaluate to (0, 1, 1, 1) or higher,which implies that q holds

I Similarly, p implies q and p implies q

Recall: a→ b ={



Example





Recall: a→ b ={



Example





Recall: a→ b ={



Example

Consider p ⇒ q, and assume V ( p ⇒ q, σ) < (1, 1, 1, 1)

I If V ( p ⇒ q, σ) = b < (1, 1, 1, 1), then

V ( q, σ) = b and V ( p, σ) > b

I Thus, value V ( p ⇒ q, σ) describes which weakenedguarantee follows from the environment assumption whenever theintended system guarantee does not follow

Recall: a→ b ={



Example


I If V ( p ⇒ q, σ) = b < (1, 1, 1, 1), then

V ( q, σ) = b and V ( p, σ) > b


Recall: a→ b ={



Example


I If V ( p ⇒ q, σ) = b < (1, 1, 1, 1), then

V ( q, σ) = b and V ( p, σ) > b


Recall: a→ b ={



Expressiveness

TheoremLTL( , ) and rLTL( , ) are equally expressive:

I Given an LTL( , ) formula ψ, one can construct an rLTL( , )formula ϕ such that for σ ∈ (2P)ω

V (ϕ, σ) = (1, 1, 1, 1) if and only if W (ψ, σ) = 1

I Given an rLTL( , ) formula ϕ and b ∈ B4, one can construct anLTL( , ) formula ψ such that for σ ∈ (2P)ω

V (ϕ, σ) = b if and only if W (ψ, σ) = 1

However, |ψ| ∈ O(c |ϕ|) for a suitable c ≥ 4


Expressiveness








Expressiveness








Expressiveness








Complexity ResultsTheoremGiven an rLTL( , ) formula ϕ and a set B ⊆ B4, one can constructa generalized Büchi Automaton AB

ϕ such that for all σ ∈ (2P)ω

V (ϕ, σ) ∈ B if and only if σ ∈ L(ABϕ).

ABϕ comprises O(5|ϕ|) states and at most 4 · |ϕ| acceptance sets.

Time complexity

rLTL( , ) LTL

Model checking 5|ϕ| 2|ϕ|

Synthesis 25|ϕ| 22|ϕ|


Complexity ResultsTheoremGiven an rLTL( , ) formula ϕ and a set B ⊆ B4, one can constructa generalized Büchi Automaton AB

ϕ such that for all σ ∈ (2P)ω

V (ϕ, σ) ∈ B if and only if σ ∈ L(ABϕ).

ABϕ comprises O(5|ϕ|) states and at most 4 · |ϕ| acceptance sets.

Time complexity

rLTL( , ) LTL

Model checking 5|ϕ| 2|ϕ|

Synthesis 25|ϕ| 22|ϕ|


Quality

Consider the formula p ⇒ q

We prefer

¬q ≺ q ≺ q ≺ q ≺ q

(0, 0, 0, 0)︸︷︷︸False

< (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)︸︷︷︸Shades of true

a ={

(1, 1, 1, 1) if a = (0, 0, 0, 0)(0, 0, 0, 0) otherwise

An algebra with this negation is called Heyting algebra


Quality


We prefer

¬q ≺ q ≺ q ≺ q ≺ q

(0, 0, 0, 0)︸︷︷︸False

< (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)︸︷︷︸Shades of true

a ={

(1, 1, 1, 1) if a = (0, 0, 0, 0)(0, 0, 0, 0) otherwise



Quality


We prefer

¬q ≺ q ≺ q ≺ q ≺ q

(0, 0, 0, 0)︸︷︷︸False

< (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)︸︷︷︸Shades of true

a ={

(1, 1, 1, 1) if a = (0, 0, 0, 0)(0, 0, 0, 0) otherwise



ConclusionSummary

I We introduced a semanticsfor LTL capturing robustness

I We demonstrated how toleverage the existing wealthof techniques for LTL

Future Work

I Address the “problem” of operators that work differently fromclassical logics (e.g., “¬¬ϕ 6= ϕ”)

I Can we improve on the size of ABϕ?

I Do (complexity) results for LTL fragments carry over (e.g.,GR(1))?

Get the full paper from arXiv!



From rLTL to LTL

Construct for an rLTL( , ) (sub-)formula ϕ four LTL( , ) formulasψ1

ϕ, ψ2ϕ, ψ

3ϕ, ψ

4ϕ such that for σ ∈ (2P)ω and j ∈ {1, . . . , 4}

Vj(ϕ, σ) = 1 if and only if σ |= ψjϕ

1. If ϕ = p, then ψjϕ := p

2. If ϕ = ϕ1 ∧ ϕ2, then ψjϕ := ψj

ϕ1 ∧ ψjϕ2

3. If ϕ = ϕ1 ∨ ϕ2, then ψjϕ := ψj

ϕ1 ∨ ψjϕ2

4. If ϕ = ϕ′, then ψjϕ := ψj

ϕ′

5. If ϕ = ϕ′, then ψ1ϕ := ψ1

ϕ′ , ψ2ϕ := ψ2

ϕ′ , . . .6. If ϕ = ¬ϕ′, then ψj

ϕ := ¬(ψ1ϕ′ ∧ ψ2

ϕ′ ∧ ψ3ϕ′ ∧ ψ4

ϕ′)7. If ϕ = ϕ1 ⇒ ϕ2, then ψj

ϕ :=(∨

k=1,...,4 ψkϕ1 ∧ ¬ψ

kϕ1

)⇒ ψj

ϕ2

Note: |ψjϕ| ∈ O(c |ϕ|) for a suitable c ≥ 4


From rLTL( , ) to Generalized Büchi Automata

σ {p} {q} ∅ {q} ∅ . . .LT

L pq

p ∨ q(p ∨ q)

1010

0

110

0

000

0

110

0

000

. . .

rLT

L pq

p ∨ q(p ∨ q)

1111000011110011

0000

111111110011

0000

000000000011

0000

111111110011

0000

000000000011

. . .

I States: valuations of subformulasI Transitions: defined according to expansion rulesI Acceptance conditions: assert that an infinite run respects the

temporal operators



σ {p} {q} ∅ {q} ∅ . . .LT

L pq

p ∨ q(p ∨ q)

1010

0

110

0

000

0

110

0

000

. . .

rLT

L pq

p ∨ q(p ∨ q)

1111000011110011

0000

111111110011

0000

000000000011

0000

111111110011

0000

000000000011

. . .


temporal operators



σ {p} {q} ∅ {q} ∅ . . .LT

L pq

p ∨ q(p ∨ q)

1010

0

110

0

000

0

110

0

000

. . .

rLT

L pq

p ∨ q(p ∨ q)

1111000011110011

0000

111111110011

0000

000000000011

0000

111111110011

0000

000000000011

. . .


temporal operators


Expansion Rule for

Recall: ϕ = ( ϕ1, ϕ2, ϕ3, ϕ4)

ϕ1 = ϕ1 ∧ ϕ1

ϕ2 = ϕ2 ∨ ϕ2

ϕ3 = ϕ3 ∧ ϕ3

ϕ4 = ϕ4 ∨ ϕ4


Expansion Rule for

Recall: ϕ = ( ϕ1, ϕ2, ϕ3, ϕ4)

ϕ1 = ϕ1 ∧ ϕ1

ϕ2 = ϕ1 ∨ ϕ2

ϕ3 = ϕ4 ∧ ϕ3

ϕ4 = ϕ4 ∨ ϕ4


The automaton ABϕ

[1111000011110011

]

[0000111111110011

]

q0000

q0001

...

q1111

q0

ε

ε

Note: ABϕ has 5|ϕ| + 6 states


The automaton ABϕ

[1111000011110011

]

[0000111111110011

]

q0000

q0001

...

q1111

q0

ε

ε

Note: ABϕ has 5|ϕ| + 6 states


Robust Linear Temporal Logic - csl16.lif.univ-mrs.frcsl16.lif.univ-mrs.fr/static/media/talk15/CSL 2016-neider.pdf · Motivation ϕ ⇒ ψ Environmentassumption Systemguarantee Paulo

Documents