Translating Linear Temporal
Logic into Büchi Automata
Content
• Overview
– Linear Temporal Logic
– Büchi Automata
• Translating LTL formula into Büchi Automata
– Local Automaton
– Eventuality Automaton
– Model Automata
• Further Study
• Reference
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
2/42
Overview
• Model checking
– Specify requirement properties and build system model
– Generate possible states from the model and then check
whether given requirement properties are satisfied within the
state space
OK
Target
Program
Model Check
Requirement
Properties
(F
W)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
or
Error Trace
Found
3/42
Overview
• How can we model check of a program or system?
– Modeling
• Build a Büchi automaton for a given program or system
– Specification
• Describe requirement properties using Temporal Logic
– Verification
• Automatically (semi-automatic)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
4/42
Overview
Process of Model Checking
Requirement
Properties
Target Program
(F
W)
Model Checker
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
5/42
Overview
Linear Temporal Logic
• LTL is an extension of propositional logic geared to
reasoning about infinite sequences of states
– Time is viewed as linear
• Each time instant has a unique successor
– The sequences considered are isomorphic to the natural
numbers and each state is a propositional interpretation
The living being always, eventually breathe.
0
5
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
Time
10 …
6/42
Overview
Syntax of Linear Temporal Logic
• The formulas of linear temporal logic built from a set
of atomic propositions P are following
– true, false, p, and ¬p, ∀ p ∈P;
– φ1 ∧ φ2, and φ1∨ φ2 are LTL formulas;
– ○ φ1, φ1 U φ2, and φ1 Ũ φ2 are LTL formulas
• Sequence σ = σ[0…] = σ0σ[1…]
– σ[i] = si
– σ[…i] = s0s1…si
– σ[i…] = sisi+1…
– The definition of sequence is from “Recognizing Safety and Livness, B. Alpern, F.
Schneider”
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
7/42
Overview
Temporal Operators
• Operator ○
– Reads : “next”
– Means : at next state
• Operator U
– Reads : “strong until”
– Means : second argument holds at the current or a future
position, and first argument has to hold until that position
• Operator Ũ
– Reads : “weak until”
– Means : first argument be true until its second argument is true
(does not require that the second argument ever become true)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
8/42
Overview
Semantic of Linear Temporal Logic
• Definition
A transition system M = (S,→,L) is a set of states S endowed with
a transition relation → (a binary relation on S), such that
every s ∈ S has some s’ ∈ S with s → s’, and a labeling
function L :S → P(Atoms)
• Atoms : Atomic Propositions (Atomic description)
e.g. : Atoms = {p, q}, P(Atoms)={{}, {p}, {q}, {p, q}}
• L(s) : contains all atoms which are true in state s
e.g. : L(s0) = {p, q}, L(s1) = {q, r}, L(s2) = {r}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
p, q
q, r s1
s0
s2
r
9/42
Overview
Semantic of Linear Temporal Logic
• Definition
– A path in a model M = (S,→,L) is an infinite
sequence of state s1, s2, s3, … in S such that,
for each i > 1, si → si+1. We write the path π
as s1 → s2 → …
• π ≡ σ = σ[0…]
= σ[0]σ[1…]
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
10/42
Overview
Semantic of Linear Temporal Logic
• Operator U
– Reads : “strong until”
– Means : second argument holds at the current or a future
position, and first argument has to hold until that position
σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U q
σ[2…] ⊨ p, σ[2...] ⊭ q, σ[2…] ⊨ p U q
σ[3…] ⊭ p, σ[3…] ⊨ q, σ[3…] ⊨ p U q
σ[4…] ⊭ p, σ[4…] ⊨ q, σ[4...] ⊨ p U q
σ[5...] ⊭ p, σ[5...] ⊭ q, σ[5...] ⊭ p U q
…
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
11/42
Overview
Semantic of Linear Temporal Logic
• Operator Ũ
– Reads : “weak until”
– Means : first argument be true until its second argument is
true (does not require that the second argument ever become
true)
p
σ[1…] ⊨ p, σ[1…] ⊭ q, σ[1…] ⊨ p U q
σ[2…] ⊨ p, σ[2…] ⊭ q, σ[2…] ⊨ p U q
σ[3…] ⊨ p, σ[3…] ⊭ q, σ[3…] ⊨ p U q
σ[4…] ⊨ p, σ[4…] ⊭ q, σ[4…] ⊨ p U q
σ[5…] ⊨ p, σ[5…] ⊭ q, σ[5…] ⊨ p U q
q
pŨq
0
1
2
3
4
5
6
7…
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
12/42
Overview
Semantic of Linear Temporal Logic
• ㅁφ
–
–
–
–
always
φ Ũ false
Requires that its argument be true always
At all future points
• ⋄φ
–
–
–
–
eventually
true U φ
Requires that its argument be true eventually
At some point in the future
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
13/42
Overview
Semantic of Linear Temporal Logic
•
•
•
•
•
For all, we have σ ⊨ true and σ ⊭ false
For σ ⊨ p for p ∈ P iff p ∈ L(σ[0]) = L(s0)
For σ ⊨ ¬p for p ∈ P iff p ∉ L(σ[0])
σ ⊨ φ1 ∧ φ2, iff σ ⊨ φ1 and σ ⊨ φ2
σ ⊨ φ1∨ φ2 , iff σ ⊨ φ1 or σ ⊨ φ2
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
14/42
Overview
Semantic of Linear Temporal Logic: Temporal logic
• σ ⊨ ○ φ1, iff σ[1] ⊨ φ1
– σ[0…] ⊨ ○ φ1, iff σ[1] ⊨ φ1
• σ[i…]⊨ φ1 Ũ φ2 iff σ[i]⊨ φ2 ∨ (σ[i]⊨ φ1 ∧ σ[i+1…] ⊨ φ1 Ũ φ2)
• σ[i…]⊨ φ1 U φ2 iff σ[i…]⊨ φ1 Ũ φ2 ∧ ∃j, j≥ i, σ[j]⊨ φ2
• ㅁφ = ¬⋄¬ φ
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
15/42
Overview
Büchi Automata
• Büchi Automata
– Automata which accepts infinite word
• Büchi Automata m accepts the sequences of
program states that are in L(m)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
16/42
Overview
Büchi Automata
• Definition
– A = (Σ, S, S0, ρ, F)
Σ: alphabet (set of program states)
S : set of automaton states
S0 : set of initial state
ρ : a transition function (S xΣx S)
F : a set of accepting states
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
17/42
Overview
Büchi Automata
– A = (Σ, S, S0, ρ, F)
– The input of A is infinite w : a0, a1, … (∈ Σω)
– A run is a sequence of states r: s0,s1, … (∈ Sω)
• Initiation: s0 ∈ S0
• Consecution : si+1∈ρ(si, ai)
– Accepting run (r = s0,s1, … )
• There is some state s ∈ F
• An infinite number of integers i ∈ N such that si = s
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
18/42
Overview
Büchi Automata
•
•
•
•
run : q0, q1, q1, q1, …
S = {q0, q1}
S0 = {q0}
ρ = {(q0,true, q0), (q0, P, q1), (q1,true, q1)
F = {q1}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
19/42
Content
• Overview
– Linear Temporal Logic
– Büchi Automata
• Translating LTL formula into Büchi Automata
– Local Automaton
– Eventuality Automaton
– Model Automata
• Conclusion and Further Study
• Reference
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
20/42
Translating LTL formula into Büchi Automata
Process of translating LTL into Büchi Automata
• Given an LTL formula φ over a set of propositions P,
construct a Buchi automaton on infinite words over
the alphabet 2P that accepts exactly the infinite
sequences satisfying φ
• Example. Consider the formula ⋄ p, which describes
the sequences over { {}, {p}}. These sequences are
accepted by the following automaton
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
21/42
Translating LTL formula into Büchi Automata
Process of translating LTL into Büchi Automata
• Create Local Automaton
– Checks that the sequence satisfies all conditions imposed by the
formula
– It checks conditions a step by step check on the sequence
• Create Eventuality Automaton
– Checks that the eventualities are realized
• The problem is that nothing prevents us from postponing forever
the time at which (eventuality) formula will be true
• Eventualities : formulas of the form ⋄φ and φ1 U φ2
– ㅁ φ ≡ (φ ∧ ○ㅁ φ)
– ⋄φ ≡ (φ ∨ ○ ⋄ φ)
– ¬(φ1 Ũ φ2 )≡ (¬φ1 ∧¬φ2 ∨ (¬φ1 ∧○¬(φ1 Ũ φ2)))
– Determine which eventualities have to be realized
• Compose two automaton
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
22/42
Translating LTL formula into Büchi Automata
Local Automaton
• Closure cl()
– Smallest set of formulas satisfying the following
conditions
•
•
•
•
•
•
•
•
•
•
φ ∈ cl(φ)
φ1 ∧ φ2∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
φ1 ∨ φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
φ1 → φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
¬ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)
φ1 ∈ cl(φ) ⇒ ¬ φ1 ∈ cl(φ)
○ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)
ㅁ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)
⋄ φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ)
φ1 Ũ φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
23/42
Translating LTL formula into Büchi Automata
Local Automaton
• L = (∑, NL, ρL, Nφ, NL)
– ∑ : ∑ ⊂ 2cl(φ)
– s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s
– NL includes all subsets s of cl(φ) that are
propositionally consistent.
• For every φ1 ∈ cl(φ), we have φ1 ∈ s iff ¬φ1 ∉ s
• For every φ1 ∧ φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff
φ1 ∈ s and φ2 ∈ s
• For every φ1 ∨ φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff
φ1 ∈ s or φ2 ∈ s
• For every φ1 → φ2 ∈ cl(φ), we have φ1 ∧ φ2 ∈ s iff
¬ φ1 ∈ s or φ2 ∈ s
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
24/42
Translating LTL formula into Büchi Automata
Local Automaton
• L = (∑, NL, ρL, Nφ, NL)
– ρL(s, a) must check the next state is compatible with the
semantics of the temporal operators. Thus t ∈ ρL(s, a)) iff
• For all p ∈ P, if p∈ s, then p∈a
• For all p ∈ P, if ¬p∈ s, then p∉ a
•
•
•
•
•
If ○φ1 ∈ s then φ1 ∈ t
If ㅁφ1 ∈ s then φ1 ∈ s and ㅁφ1 ∈ t
If ⋄φ1 ∈ s then φ1 ∈ s, or ⋄φ1 ∈ t
If φ1 U φ2 ∈ s then either φ2 ∈ s, or φ1 ∈ s and φ1 U φ2 ∈ t
If φ1 Ũ φ2 ∈ s then either φ1 ⋀ φ2 ∈ s, or φ2 ∈ s or φ1 U φ2 ∈ t
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
25/42
Translating LTL formula into Büchi Automata
Local Automaton
• L = (∑, NL, ρL, Nφ, NL)
– The set Nφ of initial states is the set of states
that include the formula
– The set NL of accpeting states is , the set of
all states
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
26/42
Example
Local Automaton for ⋄p
{⋄p, p}
{⋄p, p}
{⋄p, ¬p}
{¬⋄p, p}
{¬⋄p, ¬p}
cl(⋄p) = {⋄p, p, ¬⋄p, ¬p}
NL= {{⋄p, p}, {¬⋄p, p},
{⋄p, ¬p}, {¬⋄p, ¬p}}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
27/42
Example
Local Automaton for ⋄p (after some optimization)
F = {1,3,4}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
28/42
Translating LTL formula into Büchi Automata
Eventuality Automaton
• Eventuality automaton is supposed to check
that the eventualities are realized
– Check each time a formula of the form (or φ1 U φ2)
• ⋄φ ≡ (φ ∨ ○ ⋄ φ)
• ¬(φ1 Ũ φ2) ≡ (¬φ1∧¬φ2)∨ (¬φ2 ∧ ○¬(φ1 Ũ φ2))
– Eventuality automaton starts by finding out
which eventualities have to be realized at
the initial time instant, then it checks that
these are realized
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
29/42
Translating LTL formula into Büchi Automata
Eventuality Automaton
• F = (∑, 2ev(φ), ρF, {{}}, {{}})
– ∑ : ∑ ⊂ 2cl(φ)
– s ∈ ∑, for every f ∈ cl(φ), f ∈ s iff ¬f ∉ s
– The set 2ev(φ) of states is the set of subsets
of the eventualities of the formula φ
(a state {e1, …, ek} means that the
eventualities e1, …, ek still have to be realized)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
30/42
Translating LTL formula into Büchi Automata
Eventuality Automaton
• F = (∑, 2ev(φ), ρF, {{}}, {{}})
– ρF(s,a), t ∈ ρF(s,a)
• s = {}
– ∀ ⋄φ ∈ a, one has ⋄φ ∈ t iff φ ∉ a
– ∀ ¬(φ1 Ũ φ2 ) ∈ a, one has ¬(φ1 Ũ φ2 ) ∈ t iff ¬φ1∧¬φ2∉ a
• s ≠ {}
– ∀ ⋄φ ∈ s, one has ⋄φ ∈ t iff φ ∉ a
– ∀ ¬(φ1 Ũ φ2 )∈ s, one has ¬(φ1 Ũ φ2 ) ∈ t iff ¬φ1∧¬φ2 ∉ a
• Initial state : {}
• Finial state : {}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
31/42
Example
Eventuality automaton
{⋄p, p}
{¬⋄p, ¬p}
{¬⋄p, p}
{⋄p, ¬p}
{}
{⋄p, ¬p}
⋄p
{¬⋄p, ¬p}
{¬⋄p, p} {⋄p, p}
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
32/42
Translating LTL formula into Büchi Automata
Composing the two automata
• M = (∑, NM, ρM ,NM0, FM)
– NM = NL X 2ev(φ) (Cartesian Product)
– (p, q) ∈ ρM((s, t), a) iff
p ∈ ρL(s, a) and q ∈ ρF(t, a)
– NM0 = Nφ X {}
– FM = NL X {}
• Given two Büchi automata A1 = (∑, S1, ρ1, S01, F1) and
A2 = (∑, S2, ρ2, S02, F2), it is possible to build a Büchi
automaton accepting the language L(A1) ∩ L(A2)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
33/42
Example
Composing the two automata
({¬⋄p, p}, ⋄p)
({¬⋄p, ¬p} , ⋄p)
({⋄p, ¬p} , ⋄p)
({⋄p, p}, ⋄p)
({¬⋄p, ¬p} , {})
({¬⋄p, p}, {})
({⋄p, ¬p} , {})
({⋄p, p}, {})
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
34/42
Translating LTL formula into Büchi Automata
The automaton on the 2P
• M = (∑, NM, ρM ,NM0, FM)
⇓
P
• M’ = (2 , NM, ρM’ ,NM0, FM)
– t ∈ ρM’(s, a) iff some b ∈ ∑ such that a =
b∩P and t ∈ ρM(s, b)
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
35/42
Final automaton for ⋄p
p
¬p
p
¬p
true
¬p
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
36/42
Conclusion
• # of States
– Local Automaton : 2cl(φ) = O(22|φ|)
– Eventuality Automaton : 2ev(φ) = O(2|φ|)
– Composed Automata : 2cl(φ) X 2ev(φ) = O(23|φ|)
– |φ| is length of formula φ
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
37/42
Reference
• On the Relation of Programs and Computations to Models of
Temporal Logic
by Pierre Wolper, In Proc. Temporal Logic in Specification, vol. 398
of LNCS, pages 75-123. Springer-Verlag, 1989.
• Constructing Automata from Temporal Logic Formulas: A
Tutorial
by Pierre Wolper In Lectures on Formal Methods in Performance
Analysis, vol. 2090 of LNCS, pages 261-277. Springer-Verlag, July 2
001.
• From Modal Logic to Deductive Databases
by A. Thayse et al., Wiley, 1989
• Logic in Computer Science, second edition
by M. Huth and M. Ryan, Cambridge press
Translating LTL into Büchi Automata, Chang-Beom Choi, Provable Software Lab, KAIST
38/42