Finished automata construction.
1.1 --- a/paper/src/paper.tex Thu Jun 30 02:06:23 2011 +0200
1.2 +++ b/paper/src/paper.tex Thu Jun 30 17:35:02 2011 +0200
1.3 @@ -14,10 +14,12 @@
1.4 %\pagestyle{headings}
1.5
1.6 \renewcommand{\familydefault}{\sfdefault}
1.7 +\renewenvironment{proof}{{\bfseries Proof.}}{}
1.8 \newcommand{\M}{\mathcal{M}}
1.9 \newcommand{\N}{\mathbb{N}_0}
1.10 \newcommand{\F}{\mathcal{F}}
1.11 \newcommand{\Prop}{\mathcal{P}}
1.12 +\newcommand{\A}{\mathcal{A}}
1.13
1.14 \title{\uppercase{\textbf{\Large{A}\large{lgorithmic} \Large{V}\large{erification of} \Large{R}\large{eactive} \Large{S}\large{ystems}}\\
1.15 \tiny{Draft}
1.16 @@ -31,7 +33,7 @@
1.17 }
1.18 \date{\textsc{\hfill}}
1.19
1.20 -\theoremstyle{definition} %plain, definition, remark, proposition, proof, corrolary
1.21 +\theoremstyle{definition} %plain, definition, remark, proof, corrolary
1.22 \newtheorem*{def:finite words}{Finite words}
1.23 \newtheorem*{def:infinite words}{Infinite words}
1.24 \newtheorem*{def:regular languages}{Regular languages}
1.25 @@ -47,11 +49,16 @@
1.26 \newtheorem*{def:frames}{Frames}
1.27 \newtheorem*{def:models}{Models}
1.28 \newtheorem*{def:satisfiability}{Satisfiability}
1.29 +\newtheorem*{def:fs closure}{Fischer-Ladner closure}
1.30 +\newtheorem*{def:atoms}{Atoms}
1.31
1.32 -\theoremstyle{proposition}
1.33 +\theoremstyle{plain}
1.34 \newtheorem{prop:vocabulary sat}{Proposition}[section]
1.35 \newtheorem{prop:general equiv}{Proposition}[section]
1.36
1.37 +\theoremstyle{plain}
1.38 +\newtheorem{thm:model language}{Theorem}[section]
1.39 +
1.40 \begin{document}
1.41 \maketitle
1.42 \thispagestyle{empty}
1.43 @@ -149,37 +156,37 @@
1.44
1.45 \section{B\"uchi automata}
1.46 \begin{def:buechi automata}
1.47 -A non-deterministic B\"uchi automaton is a tuple $A = (\Sigma, S, S_0, \Delta, F)$, where $\Sigma$ is a finite non-empty \emph{alphabet}, $S$ is a finite non-empty set of \emph{states}, $S_0 \subseteq S$ is the set of \emph{initial states}, $F \subseteq S$ is the set of \emph{accepting states} and $\Delta: S \times \Sigma \times S$ is a \emph{transition relation}. When suitable we will use the arrow notation for the transitions, where $s \xrightarrow{a} s'$ iff $(s, a, s') \in \Delta$.
1.48 +A non-deterministic B\"uchi automaton is a tuple $\A = (\Sigma, S, S_0, \Delta, F)$, where $\Sigma$ is a finite non-empty \emph{alphabet}, $S$ is a finite non-empty set of \emph{states}, $S_0 \subseteq S$ is the set of \emph{initial states}, $F \subseteq S$ is the set of \emph{accepting states} and $\Delta: S \times \Sigma \times S$ is a \emph{transition relation}. When suitable we will use the arrow notation for the transitions, where $s \xrightarrow{a} s'$ iff $(s, a, s') \in \Delta$.
1.49
1.50 -A \emph{deterministic B\"uchi automaton} is a specialisation where the \emph{transition relation} $\Delta$ is a \emph{transition function} $\delta: S \times \Sigma \to S$ and the set $S_0$ of \emph{initial states} contains only a single state $s_0$.
1.51 +A \emph{deterministic B\"uchi automaton} is a specialisation, where the \emph{transition relation} $\Delta$ is a \emph{transition function} $\delta: S \times \Sigma \to S$ and the set $S_0$ of \emph{initial states} contains only a single state $s_0$.
1.52
1.53 Within this text \emph{automaton} will refer to the non-deterministic B\"uchi automaton, unless otherwise noted.
1.54 \end{def:buechi automata}
1.55
1.56 \begin{def:automata runs}
1.57 -Let $A = (\Sigma, S, S_0, \Delta, F)$ be an automaton, a run $\rho$ of $A$ on an infinite word $w = a_0,a_1,...$ over alphabet $\Sigma$ is a sequence $\rho = s_0,s_1,...$, where $s_0 \in S_0$ and $(s_i, a_i, s_{i+1}) \in \Delta$, for all $i \geq 0$. Again we may view the run sequence as a function $\rho : \N \to S$, where $\rho(i) = s_i$ denotes the state at the $i^{th}$ sequence position.
1.58 +Let $\A = (\Sigma, S, S_0, \Delta, F)$ be an automaton, a run $\rho$ of $\A$ on an infinite word $w = a_0,a_1,...$ over alphabet $\Sigma$ is a sequence $\rho = s_0,s_1,...$, where $s_0 \in S_0$ and $(s_i, a_i, s_{i+1}) \in \Delta$, for all $i \geq 0$. Again we may view the run sequence as a function $\rho : \N \to S$, where $\rho(i) = s_i$ denotes the state at the $i^{th}$ sequence position.
1.59 \end{def:automata runs}
1.60
1.61 \begin{def:automata acceptance}
1.62 -Let $A = (\Sigma, S, S_0, \Delta, F)$ be an automaton and let $\rho$ be a run of $A$, we define $inf(\rho) = \{s \in S \mid \exists^\omega{n \in \N}: \rho(n) = s\}$, where $\exists^\omega$ denotes the existential quantifier for infinitely many occurances, i.e., $s$ occurs infinitely often in $\rho$.
1.63 +Let $\A = (\Sigma, S, S_0, \Delta, F)$ be an automaton and let $\rho$ be a run of $\A$, we define $inf(\rho) = \{s \in S \mid \exists^\omega{n \in \N}: \rho(n) = s\}$, where $\exists^\omega$ denotes the existential quantifier for infinitely many occurances, i.e., $s$ occurs infinitely often in $\rho$.
1.64
1.65 -The run $\rho$ is \emph{accepting} iff $inf(\rho) \cap F \neq \emptyset$, i.e., there exists an \emph{accepting state} which occurs infinitely often in the run $\rho$. The automaton $A$ \emph{accepts} an input word $w$, iff there exists a run $\rho$ of $A$ on $w$, such that $\rho$ is \emph{accepting}.
1.66 +The run $\rho$ is \emph{accepting} iff $inf(\rho) \cap F \neq \emptyset$, i.e., there exists an \emph{accepting state} which occurs infinitely often in the run $\rho$. The automaton $\A$ \emph{accepts} an input word $w$, iff there exists a run $\rho$ of $\A$ on $w$, such that $\rho$ is \emph{accepting}.
1.67
1.68 -The language $L_\omega(A)$ recognised by automaton $A$ is the set of all infinite words accepted by $A$. A language $L$ is \emph{B\"uchi-recognisable} iff there is an automaton $A$ with $L = L_\omega(A)$.
1.69 +The language $L_\omega(\A)$ recognised by automaton $\A$ is the set of all infinite words accepted by $\A$. A language $L$ is \emph{B\"uchi-recognisable} iff there is an automaton $\A$ with $L = L_\omega(\A)$.
1.70 \end{def:automata acceptance}
1.71
1.72 \subsection{Generalised B\"uchi automata}
1.73 \begin{def:general automata}
1.74 -A \emph{generalised B\"uchi automaton} $A$ is a tuple $(\Sigma, S, S_0, \Delta, \{F_i\}_{i < k})$ for $i, k \in \N$, where the \emph{acceppting states} $F_i$ are composed within a finite set with $F_i \subseteq S$.
1.75 +A \emph{generalised B\"uchi automaton} is a tuple $\A = (\Sigma, S, S_0, \Delta, \{F_i\}_{i < k})$ for $i, k \in \N$, where the \emph{acceppting states} $F_i$ are composed within a finite set with $F_i \subseteq S$.
1.76 \end{def:general automata}
1.77
1.78 \begin{def:general acceptance}
1.79 -The acceptance condition is adjusted accordingly. A run $\rho$ of $A$ is \emph{accepting} iff $\forall{i < k}: inf(\rho) \cap F_i \neq \emptyset$.
1.80 +The acceptance condition is adjusted accordingly. A run $\rho$ of $\A$ is \emph{accepting} iff $\forall{i < k}: inf(\rho) \cap F_i \neq \emptyset$.
1.81 \end{def:general acceptance}
1.82
1.83 \begin{prop:general equiv}
1.84 -Let $A = (\Sigma, S, S_0, \Delta, \{F_i\}_{i < k})$ be a \emph{generalised automaton} and let $A_i = (\Sigma, S, S_0, \Delta, F_i)$ be \emph{non-deterministic automata}, then following equivalance condition holds:
1.85 -\[L(A) = \bigcap_{i < k} L(A_i)\]
1.86 +Let $\A = (\Sigma, S, S_0, \Delta, \{F_i\}_{i < k})$ be a \emph{generalised automaton} and let $\A_i = (\Sigma, S, S_0, \Delta, F_i)$ be \emph{non-deterministic automata}, then following equivalance condition holds:
1.87 +\[L(\A) = \bigcap_{i < k} L(\A_i)\]
1.88 \end{prop:general equiv}
1.89 \noindent Intuitively follows the equivalance of the language recognition abilities of general and non-deterministic B\"uchi automata.
1.90
1.91 @@ -195,27 +202,28 @@
1.92
1.93 \subsection{Semantics}
1.94 \begin{def:frames}
1.95 -A LTL-\emph{frame} is a tuple $\F = (S, R)$, where $S = \{s_i \mid i \in \N\}$ is the set of states and $R = \{(s_i, s_{i+1}) \mid i \in \N\}$ the set of accessibility relations. Hence $S$ is an isomorphism of $\N$ and $R$ an isomorphism of the strict linear order $(\N, <)$, which corresponds to the linear progression of discrete time.
1.96 +An LTL-\emph{frame} is a tuple $\F = (S, R)$, where $S = \{s_i \mid i \in \N\}$ is the set of states and $R = \{(s_i, s_{i+1}) \mid i \in \N\}$ the set of accessibility relations. Hence $S$ is an isomorphism of $\N$ and $R$ an isomorphism of the strict linear order $(\N, <)$, which corresponds to the linear progression of discrete time.
1.97 \end{def:frames}
1.98
1.99 \begin{def:models}
1.100 -A LTL-\emph{model} is a tuple $\M = (\F, V)$, where $\F$ is a \emph{frame} and $V: S \to 2^\Prop$ a \emph{valuation function}. Intuitively we say $p \in \Prop$ is \emph{true} at time instant $i$ iff $p \in V(i)$.
1.101 +An LTL-\emph{model} is a tuple $\M = (\F, V)$, where $\F$ is a \emph{frame} and $V: S \to 2^\Prop$ a \emph{valuation function}. Intuitively we say $p \in \Prop$ is \emph{true} at time instant $i$ iff $p \in V(i)$.
1.102 %A \emph{model} is a function $\M: \N \to 2^\Prop$ over \emph{frame} $\F$. The frame constitutes a linear order over $\N$, which corresponds to the linear progression of time from the \emph{present/past} into the \emph{future}. Therefore $\M(i)$ assigns a set of \emph{positive atomic propositions} to each state of time instant $i$. Intuitively we say $p \in \Prop$ is \emph{true} at time instant $i$ iff $p \in \M(i)$.
1.103 \end{def:models}
1.104
1.105 \begin{def:satisfiability}
1.106 A model $\M = (\F, V)$ \emph{satisfies} a formula $\varphi$ at time instant $i$ is denoted by $\M,i \models \varphi$. Satisfiability of a formula $\varphi$ is defined inductively over the structure of $\varphi$:
1.107 \begin{itemize}
1.108 -\item $\M,i \models p$ for $p \in \Prop$ iff $p \in V(i)$
1.109 -\item $\M,i \models \neg \varphi$ iff not $\M,i \models \varphi$
1.110 -\item $\M,i \models \varphi \lor \psi$ iff $\M,i \models \varphi$ or $\M,i \models \psi$
1.111 -\item $\M,i \models X \varphi$ iff $\M,i+1 \models \varphi$
1.112 -\item $\M,i \models \varphi U \psi$ iff $\exists{k \geq i}: \M,k \models \psi$ and $\forall{i \leq j < k}: \M,j \models\varphi$
1.113 +\item $\M,i \models p$ for $p \in \Prop \iff p \in V(i)$
1.114 +\item $\M,i \models \neg \varphi \iff$ not $\M,i \models \varphi$
1.115 +\item $\M,i \models \varphi \lor \psi \iff \M,i \models \varphi$ or $\M,i \models \psi$
1.116 +\item $\M,i \models X \varphi \iff \M,i+1 \models \varphi$
1.117 +\item $\M,i \models \varphi U \psi \iff \exists{k \geq i}: \M,k \models \psi$ and $\forall{i \leq j < k}: \M,j \models\varphi$
1.118 \end{itemize}
1.119 +
1.120 \end{def:satisfiability}
1.121
1.122 \begin{def:vocabulary}
1.123 -Let $\varphi$ be a LTL-formula over atomic propositions $\Prop$, we define the \emph{vocabulary} $Voc(\varphi)$ of $\varphi$ inductively:
1.124 +Let $\varphi$ be an LTL-formula over atomic propositions $\Prop$, we define the \emph{vocabulary} $Voc(\varphi)$ of $\varphi$ inductively:
1.125 \begin{multicols}{2}
1.126 \begin{itemize}
1.127 \item $Voc(p) = \{p\}$ for $p \in \Prop$
1.128 @@ -226,15 +234,15 @@
1.129 \end{itemize}
1.130 \end{multicols}
1.131 %
1.132 -\noindent Let $\M = (\F, V)$ be a model and $\varphi$ a LTL-formula, we define model $\M_{Voc(\varphi)} = (\F, V_{Voc(\varphi)})$ with:
1.133 +\noindent Let $\M = (\F, V)$ be a model and $\varphi$ an LTL-formula, we define model $\M_{Voc(\varphi)} = (\F, V_{Voc(\varphi)})$ with:
1.134 \[\forall{i \in \N}: V_{Voc(\varphi)}(i) = V(i) \cap Voc(\varphi)\]
1.135 Henceforth, we will abbreviate $\M_{Voc(\varphi)}$ and $V_{Voc(\varphi)}$ with $\M_\varphi$ and $V_\varphi$ accordingly.
1.136 -%\noindent Let $\M$ be a model and $\varphi$ a LTL-formula, we define model $\M_{Voc(\varphi)}$:
1.137 +%\noindent Let $\M$ be a model and $\varphi$ an LTL-formula, we define model $\M_{Voc(\varphi)}$:
1.138 %\[\forall{i \in \N}: \M_{Voc(\varphi)} = \M(i) \cap Voc(\varphi)\]
1.139 \end{def:vocabulary}
1.140 %
1.141 \begin{prop:vocabulary sat}
1.142 -Let $\M$ be a model and $\varphi$ a LTL-formula, then following holds:
1.143 +Let $\M$ be a model and $\varphi$ an LTL-formula, then following holds:
1.144 \[\forall{i \in \N}: \M,i \models \varphi \iff \M_\varphi,i \models \varphi\]
1.145 \end{prop:vocabulary sat}
1.146 %
1.147 @@ -265,10 +273,59 @@
1.148 \[\varphi ::= p \in \Prop \,|\, \neg \varphi \,|\, \varphi \lor \varphi \,|\, \varphi \land \varphi \,|\, X \varphi \,|\, \varphi U \varphi \,|\, \varphi \rightarrow \varphi \,|\, \varphi \leftrightarrow \varphi \,|\, \Diamond \varphi \,|\, \Box \varphi\]
1.149
1.150 \section{Automata construction}
1.151 -Before applying the automata-theoretic verification methods, we need to construct an automaton for a given specification formula $\varphi$. For that, we treat the model $\M = (\F, V)$ for an LTL-formula $\varphi$ as an infinite word over the finite alphabet $2^{Voc(\varphi)}$. We define the infinite word representing the model $\M_\varphi = (\F, V_\varphi)$ by the image of its validation function $V_\varphi^\rightarrow(\N)$.
1.152 -\[Mod(\varphi) = \{V_\varphi^\rightarrow(\N) \mid \M_\varphi = (\F, V_\varphi) \land \M_\varphi,0 \models \varphi\}\]
1.153 +Before applying the automata-theoretic verification methods, we need to construct an automaton for a given specification formula $\varphi$. For that, we treat the model $\M = (\F, V)$ for an LTL-formula $\varphi$ as an infinite word over the finite alphabet $2^{Voc(\varphi)}$. We define the \emph{representation function} $rep: \M \to 2^\Prop$, which returns an infinite word representing the model $\M_\varphi = (\F, V_\varphi)$ over the ordered image $V_\varphi^\rightarrow(\N)$ of its validation function, i.e., $rep(\M_\varphi) = V_\varphi(0), V_\varphi(1), ...$.
1.154 +\[Mod(\varphi) = \{rep(\M_\varphi) \mid \M_\varphi = (\F, V_\varphi) \land \M_\varphi,0 \models \varphi\}\]
1.155 $Mod(\varphi)$ is the set of all infinite words, which represent models for $\varphi$.
1.156
1.157 +\begin{def:fs closure}
1.158 +Let $\varphi$ be an LTL-formula, then the \emph{Fischer-Ladner closure} $FL(\varphi)$ of $\varphi$ is the smallest set of formulae such that following holds:
1.159 +%\begin{multicols}{2}
1.160 +\begin{itemize}
1.161 +\item $\varphi \in FL(\varphi)$
1.162 +\item $\neg \psi \in FL(\varphi) \implies \psi \in FL(\varphi)$
1.163 +\item $\psi \in FL(\varphi) \implies \neg \psi \in FL(\varphi)$
1.164 +\item $\psi \lor \chi \in FL(\varphi) \implies \psi, \chi \in FL(\varphi)$
1.165 +\item $X \psi \in FL(\varphi) \implies \psi \in FL(\varphi)$
1.166 +\item $\psi U \chi \in FL(\varphi) \implies \psi, \chi, X(\psi U \chi) \in FL(\varphi)$
1.167 +\end{itemize}
1.168 +%\end{multicols}
1.169 +\end{def:fs closure}
1.170 +
1.171 +\noindent Let $FL(\varphi)$ be the closure of formula $\varphi$, we define a subset with the \emph{until}-formulae of the closure $\mathbb{U}_\varphi \subseteq FL(\varphi)$ where:
1.172 +\[\mathbb{U}_\varphi = \{\psi U \chi \in FL(\varphi)\} \text{ and } \mathbb{U}_{\varphi_i} \text{ denotes the $i^{th}$ element of } \mathbb{U_\varphi}\]
1.173 +
1.174 +\begin{def:atoms}
1.175 +Let $\varphi$ be a formula and $FL(\varphi)$ its closure. $\mathbb{A}_\varphi \subseteq FL(\varphi)$ is an \emph{atom} if following holds:
1.176 +\begin{itemize}
1.177 +\item $\forall{\psi \in FL(\varphi)}: \psi \in \mathbb{A}_\varphi \iff \neg \psi \notin \mathbb{A_\varphi}$
1.178 +\item $\forall{\psi \lor \chi \in FL(\varphi)}: \psi \lor \chi \in \mathbb{A}_\varphi \iff \psi \in \mathbb{A}_\varphi$ or $\chi \in \mathbb{A}_\varphi$
1.179 +\item $\forall{\psi U \chi \in FL(\varphi)}: \psi U \chi \in \mathbb{A}_\varphi \iff \chi \in \mathbb{A}_\varphi$ or $\psi, X(\psi U \chi) \in \mathbb{A_\varphi}$
1.180 +\end{itemize}
1.181 +We define the set of all atoms of formula $\varphi$ with $\mathbb{AT}_\varphi = \{\mathbb{A_\varphi} \subseteq FL({\varphi}) \mid \mathbb{A_\varphi} \text{ is an atom}\}$.
1.182 +\end{def:atoms}
1.183 +
1.184 +\noindent Now that we have the required ingredients, we begin with the construction of automaton $\A_\varphi$ for formula $\varphi$. Let $\A_\varphi = (\Sigma, S, S_0, \Delta, \{F_i\}_{i < k})$ with:
1.185 +\begin{itemize}
1.186 +\item $\Sigma = 2^{Voc(\varphi)}$
1.187 +\item $S = \mathbb{AT_\varphi}$
1.188 +\item $S_0 = \{\mathbb{A} \in \mathbb{AT_\varphi} \mid \varphi \in \mathbb{A}\}$
1.189 +%\item $(A, P, B) \in \Delta$ for $A, B \in \mathbb{AT_\varphi}$ and $P = A \cap Voc(\varphi) \iff (X \psi \in A \iff \psi \in B)$
1.190 +\item $\Delta = \{(\mathbb{A}, P, \mathbb{B}) \mid \mathbb{A}, \mathbb{B} \in \mathbb{AT_\varphi}, P = \mathbb{A} \cap Voc(\varphi), X \psi \in \mathbb{A} \iff \psi \in \mathbb{B}\}$
1.191 +\item $\forall{i \in \N, i < k = |\mathbb{U}_{FL(\varphi)}|}: F_i = \{\mathbb{A} \in \mathbb{AT}_\varphi \mid \psi U \chi \notin \mathbb{A}$ or $\chi \in \mathbb{A}\}$
1.192 +\item $F_i = \{\mathbb{A} \in \mathbb{AT}_\varphi \mid \psi U \chi = \mathbb{U}_{\varphi_i}, \psi U \chi \notin \mathbb{A}$ or $\chi \in \mathbb{A}\}$ and therefore $k = |\mathbb{U}_{\varphi}|$
1.193 +%Let $A, B \in \mathbb{AT}$ and $P \subseteq Voc(\varphi)$. Then $(A, P, B) \in \Delta$ iff the following holds:
1.194 +%$P = A \cap Voc(\varphi)$ and For all $X \psi \in CL(\varphi): X \psi \in A$ iff $\psi \in B$.
1.195 +\end{itemize}
1.196 +
1.197 +\begin{thm:model language}
1.198 +Let $\M_\varphi = (\F, V_\varphi)$ be a model and $rep(\M_\varphi)$ its infinite representation word, then following holds:
1.199 +\[\M_\varphi \in L(A_\varphi) \iff \M_\varphi,0 \models \varphi\]
1.200 +\end{thm:model language}
1.201 +\noindent
1.202 +\begin{proof}
1.203 +For the eloberate proof, consult \cite{ref:ltl&büchi}.
1.204 +\end{proof}
1.205 +
1.206
1.207 \section{Model checking}
1.208