1 \documentclass[10pt, a4paper, onecolumn]{article}
2 %\usepackage[top=0cm, bottom=0cm, left=0cm, right=0cm]{geometry}
3 %\usepackage[ngerman]{babel}
5 %\usepackage[latin1]{inputenc}
6 \usepackage{amsmath, amsthm, amssymb}
9 \usepackage{algorithmic}
12 \renewcommand{\familydefault}{\sfdefault}
13 \title{\textbf{Verification of Reactive Systems}}
15 University of Freiburg, Germany\\\\
16 \texttt{sawine@informatik.uni-freiburg.de}}
22 %\renewcommand\abstractname{Abstract}
24 Over the past two decades, temporal logic has become a very basic tool for spec-
25 ifying properties of reactive systems. For finite-state systems, it is possible to use
26 techniques based on B\"uchi automata to verify if a system meets its specifications.
27 This is done by synthesizing an automaton which generates all possible models of
28 the given specification and then verifying if the given system refines this most gen-
29 eral automaton. In these notes, we present a self-contained introduction to the basic
30 techniques used for this automated verification. We also describe some recent space-
31 efficient techniques which work on-the-fly.
35 \section{Introduction}
36 Program verification is a fundamental area of study in computer science. The broad goal
37 is to verify whether a program is “correct”—i.e., whether the implementation of a program
38 meets its specification. This is, in general, too ambitious a goal and several assumptions
39 have to be made in order to render the problem tractable. In these lectures, we will focus
40 on the verification of finite-state reactive programs. For specifying properties of programs,
41 we use linear time temporal logic.
43 What is a reactive program? The general pattern along which a conventional program
44 executes is the following: it accepts an input, performs some computation, and yields an
45 output. Thus, such a program can be viewed as an abstract function from an input domain
46 to an output domain whose behaviour consists of a transformation from initial states to
49 In contrast, a reactive program is not expected to terminate. As the name suggests, such
50 systems “react” to their environment on a continuous basis, responding appropriately to
51 each input. Examples of such systems include operating systems, schedulers, discrete-event
52 controllers etc. (Often, reactive systems are complex distributed programs, so concurrency
53 also has to be taken into account. We will not stress on this aspect in these lectures—we
54 take the view that a run of a distributed system can be represented as a sequence, by
55 arbitrarily interleaving concurrent actions.)
57 To specify the behaviour of a reactive system, we need a mechanism for talking about
58 the way the system evolves along potentially infinite computations. Temporal logic
59 has become a well-established formalism for this purpose. Many varieties of temporal logic
60 have been defined in the past twenty years—we focus on propositional linear time temporal
63 There is an intimate connection between models of LTL formulas and languages of
64 infinite words—the models of an LTL formula constitute an ω-regular language over an
65 appropriate alphabet. As a result, the satisfiability problem for LTL reduces to checking
66 for emptiness of ω-regular languages. This connection was first explicitly pointed out in.
68 \section{$\omega$-regular Languages}
69 \section{Linear Temporal Logic}
70 \section{B\"uchi Automata}
72 \section{Model Checking}
73 \begin{thebibliography}{99}
74 \bibitem{ref:ltl&büchi} Madhavan Mukund. {\em Linear-Time Temporal Logic and B\"uchi Automata}.
75 Winter School on Logic and Computer Science, Indian Statistical Institute, Calcutta, 1997.
77 \bibitem{ref:handbook}
78 Patrick Blackburn, Frank Wolter and Johan Van Benthem.
79 {\em Handbook of Modal Logic (Studies in Logic and Practical Reasoning)}.
80 3rd Edition, Elsevier, Amsterdam, 2007.