Logic: Lecture 23, 17 November 2015 ----------------------------------- (Reference: Applied Automata Theory by Wolfgang Thomas, Chapter 1.4) View a finite word as encoding a sequence of states rather than a sequence of actions. Can we characterize the first order theory of this class of structures? Star-free expressions ---------------------- - emptyset, emptystring - a in Sigma - concatenation, union, intersection - complementation Star-free => FO ---------------- Star-free expression e defines a language L(e) For each expression e, inductively construct a formula phi_e(i,j) that says the string from position i to position j belongs to L(e) FO=>Star-free is more difficult. Go via automata theory (aperiodic automata). LTL => FO ---------- Recall semantics of LTL System : (S,sin,->,v) sigma = s0 s1 ... sn is a run of the sytem sigma,i |= phi, i is a position in {0,2,...,n} FO translation over the structure ({0,1,..,n}, succ, <, {Q_p}) - In FO, < is not definable in terms of succ, so need both - Q_p is predicate describing positions where p holds Q_p = {i | p in v(si)} - Assume min, max etc Define alpha_{phi}(x) in FO, by induction on phi - x is a position - alpha_phi(i) is true in FO iff sigma,i |= phi alpha_{p}(x) = Q_p(x) alpha_{~phi}(x) = ~alpha_{phi}(x) alpha_{phi or psi}(x) = alpha_{phi}(x) or alpha_{psi}(x) alpha_{X phi}(x) = Ey y = succ(x) and alpha_{phi}(y) alpha_{phi U pxi}(x) = Ey [ x <= y and alpha_{psi}(y) and (Az x <= z < y -> alpha_{phi}(z))] We can, of course, directly translate F and G also in FO. alpha_{F phi}(x) = Ey [x <= y and alpha_{phi}(y)] alpha_{G phi}(x) = Ay [x <= y -> alpha_{phi}(y)] Again, reverse translation (FO to LTL) is not easy. ---------------------------------------------------------------------- Theorem [Kamp, McNaughton] LTL = FO = star-free ---------------------------------------------------------------------- Model checking: Does a system satisfy a property? - System is (S,sin,->,v) - Property is written in LTL System is said to satisfy LTL property phi if *every* run satisfies phi at initial position Model checking: algorithmically decide if a system satisfies a property Using MSO->automata, we can construct an automaton for L(phi) = { sigma = s0 s1 ... sn | sigma,0 |= phi } (Need to modify the construction slightly because now we have atomic propositions labelling states rather than actions labelling edges). Model checking: - Automata theoretically: Is L(System) subset of L(phi)? - Equivalenty: Is L(System) intersect complement(L(phi)) empty? - Note that complement(L(phi)) = L(~phi), so we can check if L(System) intersect L(~phi) is empty? - In principle, this is effective using our MSO to automata translation - Recall that this translation involves a tower of exponentials blowup in general - [Vardi, Wolper 1986] A more effective direct translation is possible from LTL to automata with a single exponential blowup: formula of size n generates automaton of size 2^n ---------------------------------------------------------------------- From linear time to branching time - Language theoretic view of a system: behaviour is a collection of separate runs/words/... - Branching time view: consider the (unique) computation tree - root is the initial state - to each node, add as children extensions of the current run by one more transition - At a state, we can make assertions about runs originating from that state - Use LTL formula phi to specify a property of a given run - Use path quantifiers E phi, A phi to assert that phi holds for some run starting at this state, or phi holds for all runs starting at this state e.g. s |= E( X phi) - for some succcessor state s', s' |= phi s |= A( F phi) - along every run sigma from s, sigma,0 |= F phi - Restrict expressivity to make model checking more efficient - Pair up a path quantifier with a single temporal modality - EX phi, AX phi, E (phi U psi), A (phi U psi) - Hence also, EF phi, AF phi, AF phi, AG phi - Disallow A( FG phi), E (X phi or psi_1 until psi_2), ... - This restricted logic is called Computation Tree Logic (CTL) - Model checking CTL - Treat system as a directed graph and label each state s (vertex) by a formula phi if s |= phi - Build up the labelling inductively, by structure of phi - Subformulas of phi is the set of building blocks that make up phi - Label psi can be assigned if labels for all subformulas of psi are already available ======================================================================