Fundamentals of Software Engineering
Formal Modeling with Linear Temporal Logic
Ina Schaefer
Institute for Software Systems Engineering
TU Braunschweig, Germany
Slides by Wolfgang Ahrendt, Richard Bubel, Reiner Hähnle
(Chalmers University of Technology, Gothenburg, Sweden)
Ina Schaefer
FSE
1
Syntax of Propositional Logic
Signature
A set of Propositional Variables P
Ina Schaefer
(with typical elements p, q, r , . . .)
FSE
2
Syntax of Propositional Logic
Signature
A set of Propositional Variables P
(with typical elements p, q, r , . . .)
Propositional Connectives
true, false, ∧, ∨, ¬, →, ↔
Ina Schaefer
FSE
3
Syntax of Propositional Logic
Signature
A set of Propositional Variables P
(with typical elements p, q, r , . . .)
Propositional Connectives
true, false, ∧, ∨, ¬, →, ↔
Set of Propositional Formulas For0
• Truth constants true, false and variables P are formulas
• If φ and ψ are formulas then
¬φ,
(φ ∧ ψ),
(φ ∨ ψ),
(φ → ψ), (φ ↔ ψ)
are also formulas
• There are no other formulas (inductive definition)
Ina Schaefer
FSE
4
Remark on Concrete Syntax
Negation
Conjunction
Disjunction
Implication
Equivalence
Ina Schaefer
Text book
¬
∧
∨
→, ⊃
↔
FSE
Spin
!
&&
||
−>
<−>
5
Remark on Concrete Syntax
Negation
Conjunction
Disjunction
Implication
Equivalence
Text book
¬
∧
∨
→, ⊃
↔
Spin
!
&&
||
−>
<−>
We use mostly the textbook notation.
Except for tool specific slides.
Ina Schaefer
FSE
6
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
Ina Schaefer
FSE
7
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
Ina Schaefer
4
FSE
8
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
Ina Schaefer
FSE
9
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
Ina Schaefer
8
FSE
10
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
8
• (p → (q∧))
Ina Schaefer
FSE
11
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
• (p → (q∧))
Ina Schaefer
8
8
FSE
12
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
• (p → (q∧))
8
8
• (false ∧ (p → (q ∧ r )))
Ina Schaefer
FSE
13
Examples
Let P = {p, q, r } be the set of propositional variables.
Are the following character sequences also propositional formulas?
• (true → p)
4
• ((p(q ∧ r )) ∨ p)
• (p → (q∧))
8
8
• (false ∧ (p → (q ∧ r )))
Ina Schaefer
4
FSE
14
Semantics of Propositional Logic
Interpretation I
Assigns a truth value to each propositional variable
I : P → {T , F }
Ina Schaefer
FSE
15
Semantics of Propositional Logic
Interpretation I
Assigns a truth value to each propositional variable
I : P → {T , F }
Example
Let P = {p, q}
(p → (q → p))
I1
I2
Ina Schaefer
p q
F F
T F
...
FSE
16
Semantics of Propositional Logic
Interpretation I
Assigns a truth value to each propositional variable
I : P → {T , F }
Example
Let P = {p, q}
(p → (q → p))
I1
I2
Ina Schaefer
p q
F F
T F
...
FSE
17
Semantics of Propositional Logic
Interpretation I
Assigns a truth value to each propositional variable
I : P → {T , F }
Valuation function
valI : Continuation of I on For0
valI : For0 → {T , F }
valI (pi ) = I(pi )
valI (true) = T
valI (false) = F
(cont’d next page)
Ina Schaefer
FSE
18
Semantics of Propositional Logic (Cont’d)
Valuation function (Cont’d)
valI (¬φ) =
T
F
valI (φ ∧ ψ) =
valI (φ ∨ ψ) =
Ina Schaefer
T
F
if valI (φ) = T and valI (ψ) = T
otherwise
T
F
if valI (φ) = T or valI (ψ) = T
otherwise
T
F
if valI (φ) = F or valI (ψ) = T
otherwise
T
F
if valI (φ) = valI (ψ)
otherwise
valI (φ → ψ) =
valI (φ ↔ ψ) =
if valI (φ) = F
otherwise
FSE
19
Examples - Cont’d
Example
Let P = {p, q}
(p → (q → p))
I1
I2
p q
F F
T F
...
How to evaluate (p → (q → p)) in I2 ?
Ina Schaefer
FSE
20
Examples - Cont’d
Example
Let P = {p, q}
(p → (q → p))
I1
I2
p q
F F
T F
...
How to evaluate (p → (q → p)) in I2 ?
Valuation in I2
valI2 ( q → p )
Ina Schaefer
=
FSE
21
Examples - Cont’d
Example
Let P = {p, q}
(p → (q → p))
I1
I2
p q
F F
T F
...
How to evaluate (p → (q → p)) in I2 ?
Valuation in I2
valI2 ( q → p )
Ina Schaefer
=
T
FSE
22
Examples - Cont’d
Example
Let P = {p, q}
(p → (q → p))
I1
I2
p q
F F
T F
...
How to evaluate (p → (q → p)) in I2 ?
Valuation in I2
valI2 ( q → p ) = T
valI2 ( p → (q → p) ) =
Ina Schaefer
FSE
23
Examples - Cont’d
Example
Let P = {p, q}
(p → (q → p))
I1
I2
p q
F F
T F
...
How to evaluate (p → (q → p)) in I2 ?
Valuation in I2
valI2 ( q → p ) = T
valI2 ( p → (q → p) ) =
Ina Schaefer
T
FSE
24
Semantic Notions of Propositional Logic
Let φ ∈ For0 , Γ ⊂ For0
Definition (Satisfying Interpretation, Consequence Relation)
I satisfies φ (write: I |= φ) iff valI (φ) = T
φ follows from Γ (write: Γ |= φ) iff for all interpretations I:
If I |= ψ for all ψ ∈ Γ then also I |= φ
Ina Schaefer
FSE
25
Semantic Notions of Propositional Logic
Let φ ∈ For0 , Γ ⊂ For0
Definition (Satisfying Interpretation, Consequence Relation)
I satisfies φ (write: I |= φ) iff valI (φ) = T
φ follows from Γ (write: Γ |= φ) iff for all interpretations I:
If I |= ψ for all ψ ∈ Γ then also I |= φ
Definition (Satisfiability, Validity)
A formula is satisfiable if it is valid in some interpretation.
If every interpretation satisfies φ (write: |= φ) then φ is called valid.
Ina Schaefer
FSE
26
Examples
Formula (same as before)
p → (q → p)
Ina Schaefer
FSE
27
Examples
Formula (same as before)
p → (q → p)
Is this formula valid?
|= p → (q → p) ?
Ina Schaefer
FSE
28
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
Ina Schaefer
FSE
29
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
Ina Schaefer
4
FSE
30
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
Satisfying Interpretation?
Ina Schaefer
4
FSE
31
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
Satisfying Interpretation?
Ina Schaefer
4
I(p) = T , I(q) = T
FSE
32
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
4
Satisfying Interpretation?
I(p) = T , I(q) = T
Other Satisfying Interpretations?
Ina Schaefer
FSE
33
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
4
Satisfying Interpretation?
I(p) = T , I(q) = T
Other Satisfying Interpretations? 8
Ina Schaefer
FSE
34
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
4
Satisfying Interpretation?
I(p) = T , I(q) = T
Other Satisfying Interpretations? 8
Therefore, also not valid!
Ina Schaefer
FSE
35
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
4
Satisfying Interpretation?
I(p) = T , I(q) = T
Other Satisfying Interpretations? 8
Therefore, also not valid!
p ∧ ((¬p) ∨ q) |= q ∨ r
Does it hold?
Ina Schaefer
FSE
36
Examples
p ∧ ((¬p) ∨ q)
Satisfiable?
4
Satisfying Interpretation?
I(p) = T , I(q) = T
Other Satisfying Interpretations? 8
Therefore, also not valid!
p ∧ ((¬p) ∨ q) |= q ∨ r
Does it hold?
Ina Schaefer
Yes.
Why?
FSE
37
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
How can we model the above PROMELA program P?
Ina Schaefer
FSE
38
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
How can we model the above PROMELA program P?
A model of P is a propositional formula φP , which is true if and only if
(iff) it describes a possible state of P.
Ina Schaefer
FSE
39
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
P : N0, N1, N2, . . . , N255
PC 0 3, PC 0 4, PC 0 5, PC 1 3, PC 1 4, PC 1 5
Which interpretations do we need to ’exclude’ ?
φP :=
Ina Schaefer
FSE
40
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
P : N0, N1, N2, . . . , N255
PC 0 3, PC 0 4, PC 0 5, PC 1 3, PC 1 4, PC 1 5
Which interpretations do we need to ’exclude’ ?
• The variable n has exactly one value at one time.
φP :=
((N0 ∧ ¬N1 ∧ . . . ∧ ¬N255) ∨ . . . ∨ (¬N0 ∧ . . . ∧ ¬N254 ∧ N255))
Ina Schaefer
FSE
41
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
P : N0, N1, N2, . . . , N255
PC 0 3, PC 0 4, PC 0 5, PC 1 3, PC 1 4, PC 1 5
Which interpretations do we need to ’exclude’ ?
• The variable n has exactly one value at one time.
• A process cannot be at two positions at the same time.
φP :=
((N0 ∧ ¬N1 ∧ . . . ∧ ¬N255) ∨ . . . ∨ (¬N0 ∧ . . . ∧ ¬N254 ∧ N255))
∧ ((PC 0 3 ∧ ¬PC 0 4 ∧ ¬PC 0 5) ∨ . . .)
Ina Schaefer
FSE
42
Formalisation
byte n ;
a c t i v e proctype [2] p () {
n = 0;
n = n + 1
5 }
1
2
3
4
P : N0, N1, N2, . . . , N255
PC 0 3, PC 0 4, PC 0 5, PC 1 3, PC 1 4, PC 1 5
Which interpretations do we need to ’exclude’ ?
•
•
•
•
The variable n has exactly one value at one time.
A process cannot be at two positions at the same time.
If neither process 0 nor process 1 are at position 5, then n is zero.
...
φP :=
((N0 ∧ ¬N1 ∧ . . . ∧ ¬N255) ∨ . . . ∨ (¬N0 ∧ . . . ∧ ¬N254 ∧ N255))
∧ ((PC 0 3 ∧ ¬PC 0 4 ∧ ¬PC 0 5) ∨ . . .)
...
Ina Schaefer
FSE
43
Transition systems (aka. Kripke Structures)
p=
T
sa
x
p=T ;
sb
FF
TF
q=p;
F;
q=
sc
TT
p=F ;
;
sd
FT
Notation
name
interp.
Ina Schaefer
update
x
FSE
44
Transition systems (aka. Kripke Structures)
p=
T
sa
x
FF
p=T ;
sb
TF
q=p;
F;
q=
sc
p=F ;
TT
;
sd
FT
• Each state has its own propositional interpretation!
• Computations, or runs, are infinite paths through states
• Infinitely many different runs
• How to express (for example) that either p or q changes its value
infinitely often in each run?
Ina Schaefer
FSE
45
Temporal Logic
An extension of propositional logic that allows to
specify properties of sets of runs
Ina Schaefer
FSE
46
Temporal Logic— Syntax
An extension of propositional logic that allows to
specify properties of sets of runs
Syntax
Based on propositional signature and syntax.
Extension with three connectives:
Always If φ is a formula then so is φ
Sometimes If φ is a formula then so is ♦φ
Until If φ and ψ are formulas then so is φ Uψ
Ina Schaefer
FSE
47
Temporal Logic — Syntax
Concrete Syntax
Always
Sometimes
Until
Ina Schaefer
text book
♦
U
FSE
Spin
[]
<>
U
48
Semantics of Temporal Logic
A run σ is an infinite chain of states
s0
s1
s2
s3
s4
I0
I1
I2
I3
I4
···
Ij propositional interpretation of variables in j-th state
Write more compactly s0 s1 s2 s3 . . .
Ina Schaefer
FSE
49
Semantics of Temporal Logic
A run σ is an infinite chain of states
s0
s1
s2
s3
s4
I0
I1
I2
I3
I4
···
Ij propositional interpretation of variables in j-th state
Write more compactly s0 s1 s2 s3 . . .
If σ = s0 s1 . . ., then σ|i denotes the suffix si si+1 . . . of σ.
Ina Schaefer
FSE
50
Semantics of Temporal Logic (Cont’d)
Definition (Validity Relation)
Validity of temporal formula depends on runs σ = s0 s1 . . . for which the
formula may, or may not, hold:
σ |= p
iff I0 (p) = T , for p ∈ P.
Ina Schaefer
FSE
51
Semantics of Temporal Logic (Cont’d)
Definition (Validity Relation)
Validity of temporal formula depends on runs σ = s0 s1 . . . for which the
formula may, or may not, hold:
σ |= p
iff I0 (p) = T , for p ∈ P.
σ |= ¬φ
iff not σ |= φ (write σ 6|= φ)
Ina Schaefer
FSE
52
Semantics of Temporal Logic (Cont’d)
Definition (Validity Relation)
Validity of temporal formula depends on runs σ = s0 s1 . . . for which the
formula may, or may not, hold:
σ |= p
iff I0 (p) = T , for p ∈ P.
σ |= ¬φ
iff not σ |= φ (write σ 6|= φ)
σ |= φ ∧ ψ iff σ |= φ and σ |= ψ
Ina Schaefer
FSE
53
Semantics of Temporal Logic (Cont’d)
Definition (Validity Relation)
Validity of temporal formula depends on runs σ = s0 s1 . . . for which the
formula may, or may not, hold:
σ |= p
iff I0 (p) = T , for p ∈ P.
σ |= ¬φ
iff not σ |= φ (write σ 6|= φ)
σ |= φ ∧ ψ iff σ |= φ and σ |= ψ
σ |= φ ∨ ψ iff σ |= φ or σ |= ψ
σ |= φ → ψ iff σ 6|= φ or σ |= ψ
Ina Schaefer
FSE
54
Semantics of Temporal Logic Cont’d
s0
s1
···
sk−1
sk
···
Definition (Validity Relation for Temporal Connectives)
Given a run σ = s0 s1 . . .
Ina Schaefer
FSE
55
Semantics of Temporal Logic Cont’d
s0
φ
s1
φ
···
sk−1
···
φ
sk
φ
···
···
Definition (Validity Relation for Temporal Connectives)
Given a run σ = s0 s1 . . .
σ |= φ
iff σ|k |= φ for all k ≥ 0
Ina Schaefer
FSE
56
Semantics of Temporal Logic Cont’d
s0
s1
···
sk−1
sk
···
φ
Definition (Validity Relation for Temporal Connectives)
Given a run σ = s0 s1 . . .
σ |= φ
iff σ|k |= φ for all k ≥ 0
σ |= ♦φ
iff σ|k |= φ for some k ≥ 0
Ina Schaefer
FSE
57
Semantics of Temporal Logic Cont’d
s0
φ
s1
φ
···
sk−1
···
φ
sk
···
ψ
Definition (Validity Relation for Temporal Connectives)
Given a run
σ |= φ
σ |= ♦φ
σ |= φ Uψ
Ina Schaefer
σ = s0 s1 . . .
iff σ|k |= φ for all k ≥ 0
iff σ|k |= φ for some k ≥ 0
iff σ|k |= ψ for some k ≥ 0, and σ|j |= φ for all 0≤j<k
FSE
58
Safety and Liveness Properties
Safety Properties
Always-formulas called safety property: something bad never happens
Let mutex be variable that is true when two process do not access a
critical resource at the same time
mutex expresses that simultaneous access never happens
Ina Schaefer
FSE
59
Safety and Liveness Properties
Safety Properties
Always-formulas called safety property: something bad never happens
Let mutex be variable that is true when two process do not access a
critical resource at the same time
mutex expresses that simultaneous access never happens
Liveness Properties
Sometimes-formulas called liveness property: something good happens
eventually
Let s be variable that is true when a process delivers a service
♦ s expresses that service is eventually provided
Ina Schaefer
FSE
60
Complex Properties
What does this mean?
♦φ
Ina Schaefer
FSE
61
Complex Properties
Infinitely Often
♦φ
During a run the formulas φ will become true infinitely often.
Ina Schaefer
FSE
62
Validity Temporal Logic
Definition (Validity)
φ is valid, write |= φ, iff φ is valid in all runs σ = s0 s1 . . ..
Recall that each run s0 s1 . . . essentially is an infinite sequence of
interpretations I0 I1 . . ..
Ina Schaefer
FSE
63
Examples
♦φ
Valid?
Ina Schaefer
FSE
64
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
Ina Schaefer
FSE
65
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
(¬φ, ¬φ, ¬φ, . . .)
Ina Schaefer
FSE
66
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
(¬φ, ¬φ, ¬φ, . . .)
Valid in some run?
Ina Schaefer
FSE
67
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
(¬φ, ¬φ, ¬φ, . . .)
Valid in some run?
Yes: (φ, φ, φ, . . .)
Ina Schaefer
FSE
68
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
(¬φ, ¬φ, ¬φ, . . .)
Valid in some run?
Yes: (φ, φ, φ, . . .)
φ → φ
(¬φ) ↔ (♦¬φ)
Both are valid!
Ina Schaefer
FSE
69
Examples
♦φ
Valid?
No, there is a run in where it is not valid:
(¬φ, ¬φ, ¬φ, . . .)
Valid in some run?
Yes: (φ, φ, φ, . . .)
φ → φ
(¬φ) ↔ (♦¬φ)
Both are valid!
• is reflexive
• and ♦ are dual connectives
Ina Schaefer
FSE
70
Transition Systems Revisited
Definition (Transition System)
A Transition System T = (S, Ini, δ, I) is given by a set of states S, a
non-empty subset Ini ⊆ S of initial states, and a transition relation
δ ⊆ S × S, and I labeling each state s ∈ S with a propositional
interpretation Is .
Definition (Runs of Transition System)
A run of T is a is a run σ = s0 s1 . . ., with si ∈ S, such that s0 ∈ Ini and
(si , si+1 ) ∈ δ for all i.
Ina Schaefer
FSE
71
Semantics of Temporal Logic (Cont’d)
Validity of temporal formula is extended to transition systems in the
following way:
Definition (Validity Relation)
Given a transition systems T = (S, Ini, δ, I), a temporal formula φ is
valid in T (write T |= φ) iff σ |= φ for all runs σ of T .
Ina Schaefer
FSE
72
ω-Languages
Given a finite alphabet (vocabulary) Σ.
A word w ∈ Σ∗ is a finite sequence
w = ao · · · an
with ai ∈ Σ, i ∈ {0, . . . , n}.
L ⊆ Σ∗ is called a language.
Ina Schaefer
FSE
73
ω-Languages
Given a finite alphabet (vocabulary) Σ.
An ω word w ∈ Σω is an infinite sequence
w = ao · · · ak · · ·
with ai ∈ Σ, i ∈ N.
Lω ⊆ Σω is called an ω-language.
Ina Schaefer
FSE
74
Büchi Automaton
Definition (Büchi Automaton)
A (non-deterministic) Büchi automaton over an alphabet Σ consists of a
• finite, non-empty set of locations Q
• a non-empty set of initial/start locations I ⊆ Q
• a set of accepting locations F = {F1 , . . . , Fn } ⊆ Q
• a transition relation δ ⊆ Q × Σ × Q
Example
Σ = {a, b}, Q = {q1 , q2 , q3 }, I = {q1 }, F = {q2 }
a, b
b
start
q1
a
q2
q3
a
Ina Schaefer
FSE
75
Büchi Automaton – Acceptance
Definition (Run and Accepted Run)
An infinite word w = ao . . . ak . . . ∈ Σω is a run of a Büchi automaton if
qi+1 ∈ δ(qi , ai )
for some initial location q0 ∈ I .
A Büchi automaton accepts a run w ∈ Σω , if some accepting location
f ∈ F is infinitely often visited (i.e., ∃ infinite set R ⊆ N:
f ∈ δ(qi , ai ), ∀i ∈ R)
Ina Schaefer
FSE
76
Büchi Automaton – Acceptance
Definition (Run and Accepted Run)
An infinite word w = ao . . . ak . . . ∈ Σω is a run of a Büchi automaton if
qi+1 ∈ δ(qi , ai )
for some initial location q0 ∈ I .
A Büchi automaton accepts a run w ∈ Σω , if some accepting location
f ∈ F is infinitely often visited (i.e., ∃ infinite set R ⊆ N:
f ∈ δ(qi , ai ), ∀i ∈ R)
Let B be a Büchi automaton, then
Lω (B) = {w ∈ Σω |w ∈ Σω is an accepted run of B}
denotes the ω-language recognised by B.
Ina Schaefer
FSE
77
Büchi Automaton – Acceptance
Definition (Run and Accepted Run)
An infinite word w = ao . . . ak . . . ∈ Σω is a run of a Büchi automaton if
qi+1 ∈ δ(qi , ai )
for some initial location q0 ∈ I .
A Büchi automaton accepts a run w ∈ Σω , if some accepting location
f ∈ F is infinitely often visited (i.e., ∃ infinite set R ⊆ N:
f ∈ δ(qi , ai ), ∀i ∈ R)
Let B be a Büchi automaton, then
Lω (B) = {w ∈ Σω |w ∈ Σω is an accepted run of B}
denotes the ω-language recognised by B.
An ω-language for which an accepting Büchi automaton exists is called
ω-regular language.
Ina Schaefer
FSE
78
Examples
Which language is accepted by the following Büchi automaton?
a, b
b
start
q1
a
q2
q3
a
Ina Schaefer
FSE
79
Examples
Which language is accepted by the following Büchi automaton?
a, b
b
start
q1
a
q2
q3
a
Solution: (a + b)∗ (ab)ω
Ina Schaefer
FSE
80
Examples
Which language is accepted by the following Büchi automaton?
a, b
b
start
q1
a
q2
q3
a
Solution: (a + b)∗ (ab)ω
ω-regular expressions like standard regular expression
ab a then b
a + b a or b
a∗ arbitrarily, but finitely often a
new: aω infinitely often a
Ina Schaefer
FSE
81
Decidability, Closure Properties
Many properties for regular finite automata hold also for Büchi automata.
Theorem (Decidability)
It is decidable whether the accepted language Lω (B) of a Büchi
automaton B is empty or not.
Ina Schaefer
FSE
82
Decidability, Closure Properties
Many properties for regular finite automata hold also for Büchi automata.
Theorem (Decidability)
It is decidable whether the accepted language Lω (B) of a Büchi
automaton B is empty or not.
Theorem (Closure properties)
The set of ω-regular languages is closed with respect to intersection,
union and complement, i.e.,
• L1 , L2 are ω-reg. then L1 ∩ L2 and L1 ∪ L2 are ω-reg.
• L is ω-reg. then Σω \V ω is ω-reg.
Ina Schaefer
FSE
83
Decidability, Closure Properties
Many properties for regular finite automata hold also for Büchi automata.
Theorem (Decidability)
It is decidable whether the accepted language Lω (B) of a Büchi
automaton B is empty or not.
Theorem (Closure properties)
The set of ω-regular languages is closed with respect to intersection,
union and complement, i.e.,
• L1 , L2 are ω-reg. then L1 ∩ L2 and L1 ∪ L2 are ω-reg.
• L is ω-reg. then Σω \V ω is ω-reg.
But in contrast to regular finite automata:
Non-deterministic Büchi automata are strictly more expressive than
deterministic ones.
Ina Schaefer
FSE
84
Examples
Language:
a
0
1
a
b
Ina Schaefer
FSE
85
Examples
Language: a(a + ba)ω
a
0
1
a
b
Ina Schaefer
FSE
86
Examples
Language: a(a + ba)ω
a
0
a
1
b
Language:
b
a
0
1
a
Ina Schaefer
FSE
87
Examples
Language: a(a + ba)ω
a
0
a
1
b
Language: (a∗ ba)ω
b
a
0
1
a
Ina Schaefer
FSE
88
Linear Temporal Logic and Büchi Automata
LTL and Büchi Automata are connected.
Short reminder
Definition (Validity Relation)
Given a transition systems T = (S, Ini, δ, I), a temporal formula φ is
valid in T (write T |= φ) iff σ |= φ for all runs σ of T .
A run of the transition system is an infinite sequence of interpretations I .
Ina Schaefer
FSE
89
Linear Temporal Logic and Büchi Automata
LTL and Büchi Automata are connected.
Short reminder
Definition (Validity Relation)
Given a transition systems T = (S, Ini, δ, I), a temporal formula φ is
valid in T (write T |= φ) iff σ |= φ for all runs σ of T .
A run of the transition system is an infinite sequence of interpretations I .
Goal
Given an LTL formula φ.
Ina Schaefer
FSE
90
Linear Temporal Logic and Büchi Automata
LTL and Büchi Automata are connected.
Short reminder
Definition (Validity Relation)
Given a transition systems T = (S, Ini, δ, I), a temporal formula φ is
valid in T (write T |= φ) iff σ |= φ for all runs σ of T .
A run of the transition system is an infinite sequence of interpretations I .
Goal
Given an LTL formula φ.
Construct a Büchi automaton accepting exactly those runs (infinite
sequences of interpretations) that satisfy φ .
Ina Schaefer
FSE
91
Encoding an LTL Formula as Büchi Automaton
P set of propositional variables, e.g. P = {r , s}
Alphabet Σ
Ina Schaefer
FSE
92
Encoding an LTL Formula as Büchi Automaton
P set of propositional variables, e.g. P = {r , s}
Alphabet Σ
Define Σ as set of all interpretations over P (i.e. Σ := 2P )
Ina Schaefer
FSE
93
Encoding an LTL Formula as Büchi Automaton
P set of propositional variables, e.g. P = {r , s}
Alphabet Σ
Define Σ as set of all interpretations over P (i.e. Σ := 2P )
E.g. Σ = ∅, {r }, {s}, {r , s}
Each element of Σ corresponds exactly to one propositional
interpretation over P, e.g.,
I∅ (r ) = F , I∅ (s) = F , I{r } (r ) = T , I{r } (s) = F , . . .
Ina Schaefer
FSE
94
Encoding an LTL Formula as Büchi Automaton
P set of propositional variables, e.g. P = {r , s}
Alphabet Σ
Define Σ as set of all interpretations over P (i.e. Σ := 2P )
E.g. Σ = ∅, {r }, {s}, {r , s}
Each element of Σ corresponds exactly to one propositional
interpretation over P, e.g.,
I∅ (r ) = F , I∅ (s) = F , I{r } (r ) = T , I{r } (s) = F , . . .
Using this alphabet we can now construct a Büchi automaton for a
formula φ over P
Ina Schaefer
FSE
95
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula r )
Give a Büchi automaton B accepting exactly those runs σ satisfying r
Ina Schaefer
FSE
96
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula r )
Give a Büchi automaton B accepting exactly those runs σ satisfying r
start
Ina Schaefer
{r },{r , s}
Σ
FSE
97
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula r )
Give a Büchi automaton B accepting exactly those runs σ satisfying r
start
{r },{r , s}
Σ
Example (Büchi automaton for formula r )
Ina Schaefer
FSE
98
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula r )
Give a Büchi automaton B accepting exactly those runs σ satisfying r
{r },{r , s}
start
Σ
Example (Büchi automaton for formula r )
{r },{r , s}
start
Ina Schaefer
FSE
99
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula r )
Give a Büchi automaton B accepting exactly those runs σ satisfying r
{r },{r , s}
start
Σ
Example (Büchi automaton for formula r )
start
R
(R := {I |I ∈ Σ, r ∈ I })
Ina Schaefer
FSE
100
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula ♦r )
start
Ina Schaefer
FSE
101
Examples – Büchi Automaton for LTL Formulas
Example (Büchi automaton for formula ♦r )
{r },{r , s}
start
{r },{r , s}
Σ
Ina Schaefer
FSE
102
Model Checking
How can we now check if a formula is valid in all runs of a transition
system?
Given a transition system T (e.g., derived from a Promela program).
Verification task: Is the LTL formula φ satisfied in all runs of T , i.e.,
T |= φ
Ina Schaefer
FSE
?
103
Model Checking
How can we now check if a formula is valid in all runs of a transition
system?
Given a transition system T (e.g., derived from a Promela program).
Verification task: Is the LTL formula φ satisfied in all runs of T , i.e.,
T |= φ
?
Temporal model checking with SPIN: Topic of next lecture.
Ina Schaefer
FSE
104
Model Checking
How can we now check if a formula is valid in all runs of a transition
system?
Given a transition system T (e.g., derived from a Promela program).
Verification task: Is the LTL formula φ satisfied in all runs of T , i.e.,
T |= φ
?
Temporal model checking with SPIN: Topic of next lecture.
Today: Basic principle behind model checking only.
Ina Schaefer
FSE
105
Model Checking – Overview
T |= φ
?
1. Represent transition system T as Büchi automaton BT such that
BT accepts exactly those words corresponding to runs through T
Ina Schaefer
FSE
106
Model Checking – Overview
T |= φ
?
1. Represent transition system T as Büchi automaton BT such that
BT accepts exactly those words corresponding to runs through T
2. Construct Büchi automaton B¬φ for negation of formula φ
Ina Schaefer
FSE
107
Model Checking – Overview
T |= φ
?
1. Represent transition system T as Büchi automaton BT such that
BT accepts exactly those words corresponding to runs through T
2. Construct Büchi automaton B¬φ for negation of formula φ
3. If
Lω (BT ) ∩ Lω (B¬φ ) = ∅
then φ holds, otherwise we have a counterexample.
Ina Schaefer
FSE
108
Model Checking – Overview
T |= φ
?
1. Represent transition system T as Büchi automaton BT such that
BT accepts exactly those words corresponding to runs through T
2. Construct Büchi automaton B¬φ for negation of formula φ
3. If
Lω (BT ) ∩ Lω (B¬φ ) = ∅
then φ holds, otherwise we have a counterexample.
To check Lω (BT ) ∩ Lω (B¬φ ) construct intersection automaton and
search for cycle through accepting state.
Ina Schaefer
FSE
109
Representing a model as Büchi Automaton
First Step: Represent transition system T as Büchi automaton BT
accepting exactly those words representing a run of T .
Example
active proctype P () {
do
:: atomic {
!wantQ;
wantP = true
}
pcs = true;
atomic {
pcs = false;
wantP = false
}
od }
(the very first location skipped and second atomic only to keep the automaton small; similar for Q)
Ina Schaefer
FSE
110
Representing a model as Büchi Automaton
First Step: Represent transition system T as Büchi automaton BT
accepting exactly those words representing a run of T .
Example
active proctype P () {
do
:: atomic {
!wantQ;
wantP = true
}
pcs = true;
atomic {
pcs = false;
wantP = false
}
od }
start
0
{wp}
1
{wq}
∅
∅
2
{wp, pcs}
{wq, qcs}
3
4
(the very first location skipped and second atomic only to keep the automaton small; similar for Q)
Ina Schaefer
FSE
111
Representing a model as Büchi Automaton
First Step: Represent transition system T as Büchi automaton BT
accepting exactly those words representing a run of T .
Example
active proctype P () {
do
:: atomic {
!wantQ;
wantP = true
}
pcs = true;
atomic {
pcs = false;
wantP = false
}
od }
start
0
{wp}
1
{wq}
∅
∅
2
{wp, pcs}
{wq, qcs}
3
4
What are the accepting locations?
Ina Schaefer
FSE
112
Representing a model as Büchi Automaton
First Step: Represent transition system T as Büchi automaton BT
accepting exactly those words representing a run of T .
Example
active proctype P () {
do
:: atomic {
!wantQ;
wantP = true
}
pcs = true;
atomic {
pcs = false;
wantP = false
}
od }
start
0
{wp}
1
{wq}
∅
∅
2
{wp, pcs}
{wq, qcs}
3
4
What are the accepting locations? All
Ina Schaefer
FSE
113
Representing a model as Büchi Automaton
First Step: Represent transition system T as Büchi automaton BT
accepting exactly those words representing a run of T .
Example
active proctype P () {
do
:: atomic {
!wantQ;
wantP = true
}
pcs = true;
atomic {
pcs = false;
wantP = false
}
od }
start
0
{wp}
1
{wq}
∅
∅
2
{wp, pcs}
{wq, qcs}
3
4
The property we want to check is φ = ¬pcs
Ina Schaefer
FSE
114
Büchi Automaton B¬φ for ¬φ
T |= φ holds iff. there is no accepting run for ¬φ
¬φ = ¬¬pcs = ♦pcs
Ina Schaefer
FSE
115
Büchi Automaton B¬φ for ¬φ
T |= φ holds iff. there is no accepting run for ¬φ
¬φ = ¬¬pcs = ♦pcs
Büchi Automaton B¬φ
P = {wp, wq, pcs, qcs}, Σ = 2P
start
N
a
b
Σ
Nc
N = {I |I ∈ Σ, pcs ∈ I },
Ina Schaefer
Nc = Σ − N
FSE
116
Checking for the empty language
Lω (B¬φ ) ∩ Lω (BT ) = ∅
Ina Schaefer
FSE
?
117
Checking for the empty language
Lω (B¬φ ) ∩ Lω (BT ) = ∅
?
Intersection Automaton
start
{wp}
0a
{wp, pcs}
1a0
∅
3b
0b 0
{wp, pcs}
{wq}
2a0
Ina Schaefer
{wp}
0a0
{wq}
{wq, qcs}
1b 0
∅
{wp}
{wp}
4a0
0b
FSE
∅
3b 0
{wp, pcs}
1b
118
Checking for the empty language
Lω (B¬φ ) ∩ Lω (BT ) 6= ∅
Counterexample
Intersection Automaton
start
{wp}
0a
{wp, pcs}
1a0
∅
3b
0b 0
{wp, pcs}
{wq}
2a0
Ina Schaefer
{wp}
0a0
{wq}
{wq, qcs}
1b 0
∅
{wp}
{wp}
4a0
0b
FSE
∅
3b 0
{wp, pcs}
1b
119
Literature for this Lecture
Ben-Ari Section 5.2.1
(Promela examples on the surface only)
Baier and Katoen Principles of Model Checking, ISBN: 026202649X,
May, 2008, The MIT Press
Ina Schaefer
FSE
120
Intersection Automaton
–
Construction
Ina Schaefer
FSE
121
Insersection Automaton (I)
Given: Two Büchi automata Bi = (Qi , δi , Ii , Fi )
Ina Schaefer
FSE
122
Insersection Automaton (I)
Given: Two Büchi automata Bi = (Qi , δi , Ii , Fi )
Wanted: A Büchi automaton
B1∩2 = (Q1∩2 , δ1∩2 , I1∩2 , F1∩2 )
accepting a word w iff. w accepted by B1 and B2
Ina Schaefer
FSE
123
Insersection Automaton (I)
Given: Two Büchi automata Bi = (Qi , δi , Ii , Fi )
Wanted: A Büchi automaton
B1∩2 = (Q1∩2 , δ1∩2 , I1∩2 , F1∩2 )
accepting a word w iff. w accepted by B1 and B2
Maybe just the productautomaton as for regular automata?
Ina Schaefer
FSE
124
Productautomata as Intersection Automata
Σ = {a, b}
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
1
a
a
b
Ina Schaefer
0
1
a
FSE
125
Productautomata as Intersection Automata
Σ = {a, b}, a(a + ba)ω ∩ (a∗ ba)ω = ∅?
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
1
a
a
b
Ina Schaefer
0
1
a
FSE
126
Productautomata as Intersection Automata
Σ = {a, b}, a(a + ba)ω ∩ (a∗ ba)ω = ∅? No, e.g. a(ba)ω
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
1
a
a
b
Ina Schaefer
0
1
a
FSE
127
Productautomata as Intersection Automata
Σ = {a, b}, a(a + ba)ω ∩ (a∗ ba)ω = ∅? No, e.g. a(ba)ω
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
a
1
a
0
1
b
a
Productautomaton:
a
00
10
a
b
a
01
Ina Schaefer
11
FSE
128
First Try: Productautomata as Intersection Automata
Σ = {a, b}, a(a + ba)ω ∩ (a∗ ba)ω = ∅? No, e.g. a(ba)ω
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
a
1
a
0
1
b
a
Productautomaton: Oops, accepting location 11 never reached.
a
00
10
a
b
a
01
Ina Schaefer
11
FSE
129
Next Try: Constructing the Intersection Automata
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
a
1
a
0
1
b
a
Construction
a
00
10
a
b
a
01
11
Q∩ = Q1 × Q2
Ina Schaefer
FSE
130
Next Try: Constructing the Intersection Automata
(a∗ ba)ω :
a(a + ba)ω :
a
0
b
a
1
a
0
1
b
a
Construction
a
00
10
a
b
a
01
Q∩ = Q1 × Q2
Ina Schaefer
FSE
131
Next Try: Constructing the Intersection Automata
(a∗ ba)ω :
a(a + ba)ω :
a
b
0
a
1
a
0
1
b
a
Construction
a
a
00 1
10 1
a
00 2
b
10 2
a
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}
Ina Schaefer
FSE
132
Next Try: Constructing the Intersection Automata
(a∗ ba)ω :
a(a + ba)ω :
a
b
0
a
1
a
0
1
b
a
Construction
a
a
00 1
10 1
a
00 2
b
10 2
a
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}
Ina Schaefer
FSE
133
Next Try: Constructing the Intersection Automata
(a∗ ba)ω :
a(a + ba)ω :
a
b
0
a
1
a
0
1
b
a
Construction
a
a
00 1
10 1
a
00 2
10 2
a
b
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
Ina Schaefer
FSE
134
Next Try: Constructing the Intersection Automata
Construction
a
a
00 1
10 1
a
00 2
10 2
a
b
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
Ina Schaefer
FSE
135
Next Try: Constructing the Intersection Automata
Construction
a
a
00 1
10 1
a
00 2
10 2
a
b
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
136
Next Try: Constructing the Intersection Automata
Construction
a
a
a
00 1
10 1
00 2
10 2
a
b
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
137
Next Try: Constructing the Intersection Automata
Construction
a
a
a
00 1
10 1
00 2
10 2
a
b
b
a
a
01 1
01 2
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
138
Next Try: Constructing the Intersection Automata
Construction
a
a
a
00 1
10 1
00 2
10 2
a
b
a
a
01 1
01 2
b
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
139
Next Try: Constructing the Intersection Automata
Construction
a
a
a
00 1
10 1
00 2
10 2
a
b
a
a
01 1
01 2
b
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
if s2 ∈ F2 : δ∩ ((s1 , s2 , 2), α) = {(s10 , s20 , 1)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
140
Next Try: Constructing the Intersection Automata
Construction
a
a
00 1
a
10 1
a
00 2
10 2
a
b
a
01 1
01 2
b
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
if s2 ∈ F2 : δ∩ ((s1 , s2 , 2), α) = {(s10 , s20 , 1)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
141
Next Try: Constructing the Intersection Automata
Construction
a
a
00 1
a
10 1
a
00 2
10 2
a
b
a
01 1
01 2
b
Q∩ = Q1 × Q2 × {1, 2}, I∩ = I1 × I2 × {1}, F = F1 × Q2 × {1}
s1 ∈ Q1 , s2 ∈ Q2 , α ∈ Σ :
if s1 ∈ F1 : δ∩ ((s1 , s2 , 1), α) = {(s10 , s20 , 2)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
if s2 ∈ F2 : δ∩ ((s1 , s2 , 2), α) = {(s10 , s20 , 1)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
else:
δ∩ ((s1 , s2 , i), α) = {(s10 , s20 , i)|s10 ∈ δ1 (s1 , α), s20 ∈ δ2 (s2 , α)}
Ina Schaefer
FSE
142
Construction of a Büchi
Automaton Bφ
for an
LTL-Formula φ
Ina Schaefer
FSE
143
Generalised Büchi Automaton
A generalised Büchi automaton is defined as:
B g = (Q, δ, I , F)
Q, δ, I as for normal Büchi automata.
F = {F1 , . . . , Fn }, where Fi = {qi1 , . . . , qimi }, qik ∈ Q
Ina Schaefer
FSE
144
Generalised Büchi Automaton
A generalised Büchi automaton is defined as:
B g = (Q, δ, I , F)
Q, δ, I as for normal Büchi automata.
F = {F1 , . . . , Fn }, where Fi = {qi1 , . . . , qimi }, qik ∈ Q
Definition (Acceptance for generalised Büchi automata)
A generalised Büchi automata accepts an ω-word w ∈ Σω iff. for every
i ∈ {1, . . . , n} some qik ∈ Fi are visited infinitely often.
Ina Schaefer
FSE
145
Example – Generalised Büchi Automaton
a
start
1
b
b
Ina Schaefer
a
0
FSE
2
146
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
Ina Schaefer
FSE
F2
z}|{ z}|{
with F = { {1} , {2} }
147
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
Ina Schaefer
FSE
B general
148
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
Ina Schaefer
FSE
B general
149
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
4
Ina Schaefer
FSE
B general
150
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
4
Ina Schaefer
FSE
B general
8
151
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
4
ω
(aab)
Ina Schaefer
FSE
B general
8
152
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
4
ω
(aab)
4
Ina Schaefer
FSE
B general
8
153
Example – Generalised Büchi Automaton
a
start
1
b
a
0
b
2
F1
B normal with F = {1, 2}, B general
F2
z}|{ z}|{
with F = { {1} , {2} }
Which ω-word is accepted by which automata?
ω-word B normal
(ab)ω
4
ω
(aab)
4
Ina Schaefer
FSE
B general
8
4
154
Fischer-Ladner Closure
Fischer-Ladner closure of an LTL-formula φ
FL(φ) = {ϕ|ϕ is subformula or negated subformula of φ}
Example
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
Ina Schaefer
FSE
155
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Ina Schaefer
FSE
156
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
Ina Schaefer
FSE
157
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
Ina Schaefer
FSE
158
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
Ina Schaefer
FSE
159
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
Ina Schaefer
FSE
160
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
5. ψ1 Uψ2 ∈ (FL(φ)\q) then ψ2 6∈ q
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
∈Q
Ina Schaefer
FSE
161
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
5. ψ1 Uψ2 ∈ (FL(φ)\q) then ψ2 6∈ q
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
{r Us, ¬r , s}
Ina Schaefer
FSE
∈Q
4
162
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
5. ψ1 Uψ2 ∈ (FL(φ)\q) then ψ2 6∈ q
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
{r Us, ¬r , s}
{r Us, ¬r , ¬s}
Ina Schaefer
FSE
∈Q
4
8
163
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
5. ψ1 Uψ2 ∈ (FL(φ)\q) then ψ2 6∈ q
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
{r Us, ¬r , s}
{r Us, ¬r , ¬s}
{¬(r Us), r , s}
Ina Schaefer
FSE
∈Q
4
8
8
164
Bφ -Construction: Locations
Assumption: U the only temporal logic operator in LTL-formula φ (, ♦
expressable with U)
Locations Q ⊆ 2FL(φ) where each q ∈ Q satisfies:
1. ψ ∈ FL(φ): either ψ ∈ q or ¬ψ ∈ q, but not both
2. ψ1 ∧ ψ2 ∈ q: ψ1 ∈ q and ψ2 ∈ q
3. other propositional connectives similar
4. ψ1 Uψ2 ∈ q then ψ1 ∈ q or ψ2 ∈ q
5. ψ1 Uψ2 ∈ (FL(φ)\q) then ψ2 6∈ q
FL(r Us) = {r , ¬r , s, ¬s, r Us, ¬(r Us)}
∈Q
{r Us, ¬r , s}
4
{r Us, ¬r , ¬s}
8
{¬(r Us), r , s}
8
{¬(r Us), r , ¬s} 4
Ina Schaefer
FSE
165
Bφ -Construction: Transitions
{r Us, ¬r , s}, {r Us, r , ¬s}, {r Us, r , s}, {¬(r Us), r , ¬s}, {¬(r Us), ¬r , ¬s}
{z
} |
{z
} | {z } |
{z
} |
{z
}
|
q1
q2
q3
q4
q5
q4
q1
q2
q3
q5
Ina Schaefer
FSE
166
Bφ -Construction: Transitions
{r Us, ¬r , s}, {r Us, r , ¬s}, {r Us, r , s}, {¬(r Us), r , ¬s}, {¬(r Us), ¬r , ¬s}
{z
} |
{z
} | {z } |
{z
} |
{z
}
|
q1
q2
q3
q4
q5
Transitions (q, α, q 0 ) ∈ δφ :
q4
• α=q∩P
q1
q2
(P set of propositional
variables); e.g. outgoing
edges of q1 labeled {s}; of
q2 labeled {r } etc.
q3
• If ψ1 Uψ2 ∈ q and ψ2 6∈ q
then ψ1 Uψ2 ∈ q 0
• If ψ1 Uψ2 ∈ (FL(φ)\q) and
q5
Ina Schaefer
ψ2 6∈ q then ψ1 Uψ2 ∈ q 0
FSE
167
Bφ -Construction: Transitions
{r Us, ¬r , s}, {r Us, r , ¬s}, {r Us, r , s}, {¬(r Us), r , ¬s}, {¬(r Us), ¬r , ¬s}
{z
} |
{z
} | {z } |
{z
} |
{z
}
|
q1
q2
q3
q4
q5
Transitions (q, α, q 0 ) ∈ δφ :
q4
• α=q∩P
q1
q2
(P set of propositional
variables); e.g. outgoing
edges of q1 labeled {s}; of
q2 labeled {r } etc.
q3
• If ψ1 Uψ2 ∈ q and ψ2 6∈ q
then ψ1 Uψ2 ∈ q 0
• If ψ1 Uψ2 ∈ (FL(φ)\q) and
q5
Ina Schaefer
ψ2 6∈ q then ψ1 Uψ2 ∈ q 0
FSE
168
Bφ -Construction: Transitions
{r Us, ¬r , s}, {r Us, r , ¬s}, {r Us, r , s}, {¬(r Us), r , ¬s}, {¬(r Us), ¬r , ¬s}
{z
} |
{z
} | {z } |
{z
} |
{z
}
|
q1
q2
q3
q4
q5
Initial locations
q ∈ Iφ iff. φ ∈ q
q4
q1
q2
q3
q5
Ina Schaefer
FSE
169
Bφ -Construction: Transitions
{r Us, ¬r , s}, {r Us, r , ¬s}, {r Us, r , s}, {¬(r Us), r , ¬s}, {¬(r Us), ¬r , ¬s}
{z
} |
{z
} | {z } |
{z
} |
{z
}
|
q1
q2
q3
q4
q5
Initial locations
q ∈ Iφ iff. φ ∈ q
q4
Accepting locations
F = {F1 , . . . , Fn }
q1
q2
• for each subformula
q3
ψi1 Uψi2 ∈ FL(φ) exists an
Fi ; in example: F = {F1 }
• Fi set of locations not
containing ψi1 Uψi2 or that
contain ψi2
in ex. F1 = {q1 , q3 , q4 , q5 }
q5
Ina Schaefer
FSE
170
© Copyright 2026 Paperzz