cannot be expressed in LTL Consider the two models pq and pq 2 but and satisfy the same LTL formulae We need quanti64257cations on runs AG EF E for some in64257nite run A for all in64257nite runs 91113 CTL Emerson Halpern 86 De64257nition Syntax of ID: 86419
Download Pdf The PPT/PDF document "Possibility is not expressible in LTL Ex..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
2!|=!M1and )!E:forsomeinÞniterun!A:forallinÞniteruns91/113CTL#(Emerson&Halpern86)DeÞnition:SyntaxoftheComputationTreeLogicCTL!!::=$|p(p%AP)|Â!|!&!|X!|!U!|E!|A!DeÞnition:Semantics:LetM=(S,T,I,AP,")beaKripkestructureand#aninÞnterunofM.M, !suchthat#!(0)=#(i)M, !suchthat#!(0)=#(i)Example:SomespeciÞcations!EF!:!is!AG!:!isaninvariant!AF!:!is!EG!:!holdsgloballyalongsomepathRemark:A!'ÂEÂ!92/113StateformulaeandpathformulaeDeÞnition:Stateformulae!%CTL"isastateformulaif(M,#,#!,i,jsuchthat#(i)=#!(j)wehaveM,#,i|=!)*M,#!,j|=!If!isastateformulaandM=(AP ]]={s%S|p%"(s)}[[Â!]]=S\[[!]][[!1&!2]]=[[!1]]+[[!2]]DeÞnition:AlternativesyntaxStateformulaeAP)|Â!|!&!|E$|A$Pathformulae$::=!|Â$|$&$|X$|$U$93/113Modelcheckingof .Remark:M|=#!i!I,[[E!]]!=-M|=$!i!I.[[A!]]M|=$!i!M!|=#Â!DeÞnition:ModelcheckingproblemsMC"CTL ")andaformula!%CTL DeÞnition:SyntaxoftheComputationTreeLogicCTL!!::=$|p(p%AP)|Â!|!&!|X!|!U!|E!|A!TheoremThemodelcheckingproblemfor Q%{/,(}and !(t),AP="(t)andpQ!%"!(t)i!MCQLTL(M,t,$)LetM!=(AP!,"!)Let!!=![pQ!/Q$]beobtainedfrom!byreplacingeachQ$bypQ!ReturnMC$CTL Question:ExistenceofamodelMandarun#suchthatM,#,0|=!?TheoremThesatisÞabilityproblemforCTL"is2-EXPTIME-complete !U!|A!U!ThesemanticsisinheritedfromCTL".Remark:AllCTLformulaearestateformulae[[!]]M={s%S|M,s|=!}Examples:Macros!EF!=E1U!andAF!=A1U!!EG!=ÂAFÂ!andAG!=ÂEFÂ!!AG CTL-formulaearestateformulae.Hence,wehaveasimplersemantics.LetM=(S,T,I,AP,")beaKripkestructurewithoutdeadlocksandlets%S.s|=pifp%"(s)s|=EX!if/s"s!withs!|=!s|=AX!if(s"s!wehaves!|=!s|=E!U$if/s=s0"s1"s2"ááá j|=$and k|=!forall02kj99/113CTL(Clarke&Emerson81)Example:12345678qp,qqrp,rp,rp,q[[EXp]]={1,2,3,5,6}[[AXp]]={3,6}[[ !,!Â(!U$)=GÂ$&(Â$U(Â!4Â$))!A!U$=ÂEGÂ$4ÂEÂ$U(Â!4Â$)!AG"Fgrant)=AG"AF M=(S,T,I,AP,")beaKripkestructureand!%CTLM|=#!if %I.Remark:M|=#!i!I,[[ |=$!i!M!|=#Â!DeÞnition:ModelcheckingproblemsMC"CTLMC#CTL ")andaformula!%CTL =(S,T,I,AP,")beaKripkestructureand!%CTLM|=#!isdecidableintimeO(|M|á|!|)Proof:Compute[[!]]={s%S|M,s|=!}byinductionontheformula.Theset[[ %[[!]].Thelabelling"isencodedinL:forp%APL[s][p]= 1);semantics(!2)[[!]]:=[[!1]]+[[!2]]O(|S|)case!=EX 1)[[!]]:=-O(|S|)forall(s,t)%Tdoift%[[!1]]then[[!]]:=[[!]]+{s}O(|T|)case!=AX 1)[[!]]:=SO(|S|)forall(s,t)%Tdoift/%[[!1]][[!]]:=[[!]] );semantics(!2)L:=[[!2]]//thesetListheÒtodoÓlistO(|S|)Z:=-//thesetZistheÒdoneÓlist S|timesInvariant:[[!2]] !1U!2]]t%L;L:=L\{t};Z:=Z+{t}O(1)foralls%T%1(t)do|T|timesifs%[[!1]]\(Z+L)thenL:=L+{s}[[!]]:=ZZisonlyusedtomaketheinvariantclear.Z+Lcanbereplacedby[[ 1);semantics(!2)L:=[[!2]]//thesetLisimlementedwithalistO(|S|)[[!]]:=[[!2]]O(|S|)whileL!=-do|S|timestaket%L;L:=L\{t}O(1)foralls%T%1(t)do %[[!1]]\[[ );semantics(!2)L:=[[!2]]//thesetListheÒtodoÓlistO(|S|)Z:=-//thesetZistheÒdoneÓlist S|timesInvariant:(s%S,c[s]=|T(s)\Z|and[[!2]]+([[!1]],{s%S|T(s).Z}).Z+L.[[ %L;L:=L\{t};Z:=Z+{t}O(1)foralls%T%1(t)do|T|timesc[s]:=c[s]51O(1)ifc[s]=04s%[[!1]]\(Z+L)thenL:=L+{s}[[!]]:=ZZisonlyusedtomaketheinvariantclear.Z+Lcanbereplacedby[[ !)ReplacingZ+Lby[[!]] 1);semantics(!2)L:=[[!2]]O(|S|)[[!]]:=[[!2]]O(|S|)foralls%Sdoc[s]:=|T(s)|O(|S|)whileL!=-do|S|timestaket%L;L:=L\{t}O(1)foralls%T%1(t)do|T|timesc[s]:=c[s]51O(1)ifc[s]=04s%[[!1]]\[[ %CTLMandastatessuchthatM,s|=!?Theorem:Complexity!ThemodelcheckingproblemforCTL!ThesatisÞabilityproblemforCTL !EachprocessisenabledinÞnitelyoften:!iGFruni!Noprocessstaysultimatelyinthecriticalsection:!iÂFGCSi=!iGFÂCSiDeÞnition:FairKripkestructureM=(S,T,I,AP,",F DeÞnition:Syntaxoffair-CTL!::=$|p(p%AP)|Â!|!&!|EfX!|AfX!|Ef!U!|Af!U!DeÞnition:SemanticsasafragmentofCTL!Let MkdeÞnedby:2k2k512k522k53ááá4321ppppÂpÂpÂpÂp!Mk,2k|=EGFpbutMk,2k52!|=EGFp!If!%CTL |á|!|)Proof:ComputationofFair={s%S|M,s|=Ef1}ComputetheSCCofMwithTarjanÕsalgorithm(intimeO(|M|)).LetS!betheunionofthe(nontrivial)SCCswhichintersecteachFi.Then,FairisthesetofstatesthatcanreachS!.Notethatreachability (Fair4!)andEf!U$=E!U(Fair4$)ItremainstodealwithAf!U$.RecallthatA!U$=ÂEGÂ$4ÂEÂ$U(Â!4Â$)ThisformulaalsoholdsforfairquantiÞcationsAfandEf.Hence,weonlyneedtocomputethesemanticsofEfG!.Proof:ComputationofEfG!LetM"betherestrictionofMto[[!]]f.ComputetheSCCofM"withTarjanÕsalgorithm(inlineartime).LetS!betheunionofthe(nontrivial)SCCsofM"whichintersecteachFi.Then,M,s|=EfG!i!M,s|=E!US!i!M",s|=EFS!.Thisisagainareachability