cs6133 software specification and verification
DESCRIPTION
CS6133 Software Specification and Verification. Lecture 3 Temporal Logic. Temporal Logic: Overview . Temporal Logic was designed for expressing the temporal ordering of events and states within a logical framework - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/1.jpg)
Lecture 3 Temporal Logic
CS6133Software Specification and
Verification
![Page 2: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/2.jpg)
2
Temporal Logic: Overview Temporal Logic was designed for expressing the temporal ordering of events and states within a logical frameworkState is an assignment of values to the model’s variables. Intuitively, the system state is a snapshot of the system’s execution, in which every variable has some value Event is a trigger (e.g., signal) that can cause a system to change its state and won’t persist
CS6133
![Page 3: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/3.jpg)
3
Trace In temporal logic, the notion of exact time is abstracted away In temporal logic, we keep track of changes to variable values and the order in which they occurA trace σ is an infinite sequence of states that represents a particular execution of the system starts from an initial state s0, which is determined by the initials values of all the variables σ = s0, s1, s2, ……
CS6133
![Page 4: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/4.jpg)
4
Linear Temporal Logic Formula In linear temporal logic (LTL), a formula f is evaluated with respect to a trace σ and a particular state sj in that trace
CS6133
![Page 5: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/5.jpg)
5
LTL Characteristics Time is totally ordered
CS6133
![Page 6: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/6.jpg)
6
LTL Characteristics Time is bounded in the past and unbounded in the future
CS6133
![Page 7: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/7.jpg)
7
LTL Characteristics Time is discrete
CS6133
![Page 8: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/8.jpg)
8
Future Temporal Operators Future temporal operators are shorthand notations that quantify over states
CS6133
![Page 9: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/9.jpg)
9
Henceforth
CS6133
![Page 10: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/10.jpg)
10
Eventually
CS6133
![Page 11: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/11.jpg)
11
Next State
CS6133
![Page 12: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/12.jpg)
12
Until
CS6133
![Page 13: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/13.jpg)
13
Unless
CS6133
![Page 14: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/14.jpg)
14
Examples
CS6133
![Page 15: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/15.jpg)
15
LTL Properties Safety property can be expressed by a temporal formula of the form
Response property can be expressed by a temporal formula of the form
Precedence (a happens before b happens)
CS6133
![Page 16: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/16.jpg)
16
LTL Properties Precedence Chain (a before b before c)
CS6133
![Page 17: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/17.jpg)
17
LTL Properties P between Q and R
or
CS6133
![Page 18: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/18.jpg)
18
Example: A Telephone System Given the predicates
CS6133
![Page 19: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/19.jpg)
19
Examples Using Future Operators I
Formalize the following sentences in LTL A user always needs to pick up the phone before
dialing After picking up the phone, the user eventually either
goes back on hook or dials Whenever a user dialed a number and heard the ring
tone, a connection will only result after the other user picks up the phone
Immediately after the callee hangs up on a connection, the caller will hear an idle tone, then, the caller will hear a dial tone
CS6133
![Page 20: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/20.jpg)
20
Examples Using Future Operators II
Formalize the properties of the elevator in LTL The elevator will eventually terminate, with its doors
closed. The elevator shall not keep its doors open
indefinitely. Pressing the button at floor 2 guarantees that the
elevator will arrive at floor 2 and open its doors. Pressing the button at any floor guarantees that the
elevator will arrive at that floor and open its doors. The elevator will not arrive at a floor and open its
doors unless it is called.
CS6133
![Page 21: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/21.jpg)
21
Past Temporal Operators Past temporal operators are shorthand notations that quantify over statesPast temporal operators are a symmetric counterpart to each of the future temporal operators
Has-always-been Once Previous Since Back-to
CS6133
![Page 22: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/22.jpg)
22
Has-always-been f
T if f is true in the current and all past system states
F otherwise
f iff i. 0 i j f
S0 Sj
f
CS6133
![Page 23: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/23.jpg)
23
Once f
T if f is true in the current or some past system state
F otherwise
f iff i. 0 i j f
f
f
S0
S0
Sj
Sj
OR
CS6133
![Page 24: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/24.jpg)
24
Previous
f
f T if f is true in the previous system state
F otherwise
f iff i. i j -1 f
S0 Sj-1 Sj
CS6133
![Page 25: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/25.jpg)
25
Since
S0 Sk Sk+1 Sj
f g T if once g was true and f has been true since the last g to the
present F otherwise
f g iff k. 0 k j g
i. k i j f g f
CS6133
![Page 26: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/26.jpg)
26
Back-to f g
T if f has-always- been true or f since g
F otherwise
f g iff f g f
S0 Sk Sk+1 Sj
g fS0 Sj
f
OR
CS6133
![Page 27: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/27.jpg)
27
Examples Using Past Operators Formalize the following sentences in LTL
When a caller hears the dial tone, the caller must have picked up the phone
When the callee hears the ring, a caller must dial the callee’s number and hasn’t hanged up
Whenever a user dialed a number and heard the ring tone, a connection is established if the other user picks up the phone
CS6133
![Page 28: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/28.jpg)
28
Linear vs. Branching ViewsTwo ways to think about the computations of reactive system
Linear time: LTL Branching time: computation tree logic (CTL)
A CTL formula is true/false relative to a state where as an LTL formula is true/false relative to a path
CS6133
![Page 29: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/29.jpg)
29
CTLThere are future temporal operators of LTLThere are also path quantifiers to describe the branching structure of a computation tree: A and E
A means for all computation paths E means for some computation paths
CS6133
![Page 30: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/30.jpg)
30
CTL Syntax If p is an atomic proposition, and f1 and f2 are CTL formulae, then the set of CTL formulae consists of
1. p2. ¬ f1, f1 ∧ f2, f1 ∨ f2, f1 ⇒ f23. AX f1, EX f14. AG f1, EG f15. AF f1, EF f16. A [f1Uf2], E [f1Uf2]
Note that the path quantifiers and temporal operators are always paired together
CS6133
![Page 31: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/31.jpg)
31
CTL SemanticsAX f if on all paths starting at state s, f holds in the next stateEX f if there exists a path starting at state s on which f holds at the next state.
CS6133
![Page 32: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/32.jpg)
32
CTL Semantics EF f
if f is reachable (i.e., if there exists a path starting at state s, on which f holds in some future state).AF f if f is inevitable (i.e., if on all paths that start at state s, f holds in some future state).
CS6133
![Page 33: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/33.jpg)
33
CTL Semantics EG f if there exists a path starting at state s, on which f holds globally.AG f if f is invariant (i.e., if on all paths that start at state s, f holds globally).
CS6133
![Page 34: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/34.jpg)
34
CTL Semantics E[g U f] if there exists a path starting at state s, on which g holds until f eventually holds.A[g U f] if on all paths that start at state s, g holds until f eventually holds.
CS6133
![Page 35: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/35.jpg)
35
Example of CTL Formulas“It is possible to get to a state where started holds, but ready does not hold.”“For any state, if a request occurs, then it will eventually be acknowledged.”“It is always the case that a certain process is enabled infinitely often on every computation path.”
CS6133
![Page 36: CS6133 Software Specification and Verification](https://reader035.vdocument.in/reader035/viewer/2022070422/568164d9550346895dd7205b/html5/thumbnails/36.jpg)
36
LTL vs. CTLIn LTL, we could write: FG p
There is no equivalent of this formula in CTL.
In CTL, we could write: AG EF p
There is no equivalent of this formula in LTL.
CS6133