Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
Expressiveness CTL Model Checking
COMP
3
9
1 5
3Algorithmic Verification
<latexit sha1_base64="P4jUUJHo6g1yopyZBD74hiv3LdI=">AAAIZHicjVRbb9NIFD6kXEKWW6l4QEhooCBalIa4JYJqVcTSF14QRaIFqanQ2D5xRpnYZjxpG6L8Cn7d/oH9EfvEmWPnRgy7juw5/ubMd75zif1Uq8w2m39fqKxcvHT5SvVq7Y9r12/cvLV6+yhLBibAwyDRifnsywy1ivHQKqvxc2pQ9n2Nn/zevtv/dIomU0n80Q5TPOnLKFYdFUhL0JfVyve2j5GKR1b1vqUqsAOD41o7TkI8zqy0WO8orfd8PcAH2826ULGySuoTsfHV2xSjtsVz63fyNeuM9t+/OxiPx38uMxgMmUD6ySkKo6KuFUln76tHVHqnhGqnnOdUJRotU/mok7OfqXZLqHbLqSKDGJeJ0ruOqSw/r5xpiJqkMNWMhOW0Skha5STBUMZzeTmKVl0GAaZWxRGX6fzXdQqNPMubgmGEXIgydGeGuqoXqDeH7paiM4bWHNqa8Z5vFikJacWGV9/yGtNWkMq/dJQYZbt9FYgjNNMJZO0Yhwvz9+XWerPR5EssG15hrENxHSSrlTa0IYQEAhhAHxBisGRrkJDR7xg8aEJK2AmMCDNkKd5HGEONzg7IC8lDEtqjZ0RvxwUa07vjzPh0QFE03YZOCnhc+IRkdxjNVxdfzPn+KsaIuZ3GIa1+wdkn1EKX0P86N/H8v+dcTpYUvuRcFOlMGXFZBgsZdWjV9G5Jv3sOyRPJCumUISsgTBOaIy6GoTWvq8u8y3WW7Idk/S4Xd6oH3zj+xGeCaVp9ZjIUzeU9YE15rhLqdCal96yI7mrv8op4x50yhJ3Rvuu00zBhzqOMyGsLXrH3K9gj1OmVFNdV8gnjj+l28Xo8BYJ3cIFdMCKpFm7f5767majRvfyLaT+cVjPjPFz9keJ70IAW2f1p5IwrH5Bnh+5FBX3OVdHq5n6Zz2lxWZ7R0/VYsJ3MacgonoB97lfM/RAcyXkgc7jpzKvfWMoI4ZS7O2SdlnuC8Iw8M54ZzTmNWK/intf5H6JoR9NOxJ0dwgPKuUkdmuXsVM9nmnKlU45mp3WY/OeQJ6oLQtyd6SB7vtaLyvO6WZ7dfM4Rzum5B4/o7dFvlEw8c0SyJUlZyioM+yZFrfMTuSJTeM5mpgbuW+f9/GVbNo62G97zxvMP2+uv3xRfvSrcg4ewQfPyAl7DWziAQwgq/66Ilc2Vp1f+qV6rrlXv5K6VC8WZNVi4qvd/AB3w9Tw=</latexit>
Expressiveness, CTL Model Checking
Dr. Liam O’ConnorCSE, UNSW (for now)
Term 1 2020
1
Expressiveness CTL Model Checking
Comparing Logics
Formula Equivalence
Two formulae are equivalent iff they admit the same models.
∀A. (A |= P)⇔ (A |= Q)
P ≡ Q
Logic Expressiveness
A logic L1 is more expressive than a logic L2, written L2 ⊆ L1, iff:For all ϕ2 ∈ L2, there is a ϕ1 ∈ L1 such that ϕ1 ≡ ϕ2.
CTL ⊆ CTL∗? LTL ⊆ CTL∗? LTL ⊆ CTL? CTL ⊆ LTL?
2
Expressiveness CTL Model Checking
LTL ⊆ CTL∗
LTL formulae look like CTL∗ path formulae. How do we convertthem into equivalent state formulae?
Recall that A |= ϕ iff ∀ρ ∈ Traces(A). ρ |= ϕ
For all LTL formulae ϕ:
A |=LTL ϕ⇐⇒ A |=CTL∗ A ϕ
Proof follows trivially from the definition of A.
3
Expressiveness CTL Model Checking
LTL ⊆ CTL∗
LTL formulae look like CTL∗ path formulae. How do we convertthem into equivalent state formulae?
Recall that A |= ϕ iff ∀ρ ∈ Traces(A). ρ |= ϕ
For all LTL formulae ϕ:
A |=LTL ϕ⇐⇒ A |=CTL∗ A ϕ
Proof follows trivially from the definition of A.
4
Expressiveness CTL Model Checking
CTL ⊆ LTL?CTL Formula: AF AG •
LTL Formula: FG •? does this work?
p0 p1
p2
It’s not equivalent!
5
Expressiveness CTL Model Checking
CTL ⊆ LTL?CTL Formula: AF AG •
LTL Formula: FG •? does this work?
p0 p1
p2
It’s not equivalent!
6
Expressiveness CTL Model Checking
CTL ⊆ LTL?CTL Formula: AF AG •
LTL Formula: FG •? does this work?
p0 p1
p2
It’s not equivalent!
7
Expressiveness CTL Model Checking
CTL ⊆ LTL?CTL Formula: AF AG •
LTL Formula: FG •? does this work?
p0 p1
p2
It’s not equivalent!
8
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
9
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
10
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
11
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
12
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •
Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
13
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.
But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
14
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.
Contradiction!
15
Expressiveness CTL Model Checking
CTL 6⊆ LTLLet’s prove it.
Lemma (Trace Inclusion)
If Traces(A) ⊆ Traces(B) then for any LTL formula ϕ,B |= ϕ =⇒ A |= ϕ
Suppose ∃ an LTL formula ϕ that is equivalent to AG EF •.
q0 q1
A B
Proof
Observe that B |= AG EF • butA 6|= AG EF •Because ϕ is equivalent, we knowB |= ϕ and A 6|= ϕ.But, as Traces(A) ⊆ Traces(B), ourlemma says that A |= ϕ.Contradiction!
16
Expressiveness CTL Model Checking
LTL ⊆ CTL?
LTL Formula: F (• ∧ X •)
CTL Formula: AF (• ∧ AX •). Does this work?
q0 q3
q1q2 q4
Nope!
17
Expressiveness CTL Model Checking
LTL ⊆ CTL?
LTL Formula: F (• ∧ X •)CTL Formula: AF (• ∧ AX •). Does this work?
q0 q3
q1q2 q4
Nope!
18
Expressiveness CTL Model Checking
LTL ⊆ CTL?
LTL Formula: F (• ∧ X •)CTL Formula: AF (• ∧ AX •). Does this work?
q0 q3
q1q2 q4
Nope!
19
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
20
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
21
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.
Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
22
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|.
From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
23
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,
but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
24
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ,
so ϕ cannot be equivalent.Contradiction!
25
Expressiveness CTL Model Checking
LTL 6⊆ CTL
Lemma
It is possible to construct two families of automata Ai and Bi suchthat:
They are distinguished by the LTL formula F G •, that is:Ai |= F G • but Bi 6|= F G • for any i .
They cannot be distinguished by CTL formulae of length ≤ i .That is, ∀i . ∀ϕ. |ϕ| ≤ i ⇒ (Ai |= ϕ⇔ Bi |= ϕ)
See the textbook (Baier and Katoen) for details.
Proof
Let ϕ be a CTL formula equivalent to F G •.Let k be the lengthof ϕ, i.e. k = |ϕ|. From lemma, Ak |= F G • and Bk 6|= F G •,but also Ak |= ϕ⇔ Bk |= ϕ, so ϕ cannot be equivalent.Contradiction!
26
Expressiveness CTL Model Checking
CTL ⊂ CTL∗
Every CTL formula is also a CTL∗ formula. But is it a strictinclusion (i.e. CTL ⊂ CTL∗)?
Yes. We know already that LTL ⊆ CTL∗ and that LTL 6⊆ CTL. Sopick any LTL formula that cannot be expressed in CTL, and wehave a formula that cannot be expressed in CTL but can be inCTL∗.
27
Expressiveness CTL Model Checking
CTL ⊂ CTL∗
Every CTL formula is also a CTL∗ formula. But is it a strictinclusion (i.e. CTL ⊂ CTL∗)?Yes.
We know already that LTL ⊆ CTL∗ and that LTL 6⊆ CTL. Sopick any LTL formula that cannot be expressed in CTL, and wehave a formula that cannot be expressed in CTL but can be inCTL∗.
28
Expressiveness CTL Model Checking
CTL ⊂ CTL∗
Every CTL formula is also a CTL∗ formula. But is it a strictinclusion (i.e. CTL ⊂ CTL∗)?Yes. We know already that LTL ⊆ CTL∗ and that LTL 6⊆ CTL. Sopick any LTL formula that cannot be expressed in CTL, and wehave a formula that cannot be expressed in CTL but can be inCTL∗.
29
Expressiveness CTL Model Checking
LTL ⊂ CTL∗
We saw that LTL ⊆ CTL∗. But is it a strict inclusion?(i.e. LTL ⊂ CTL∗)?
Yes. We know already that CTL ⊆ CTL∗ and that CTL 6⊆ LTL.So pick any CTL formula that cannot be expressed in LTL, and wehave a formula that cannot be expressed in LTL but can be inCTL∗.
30
Expressiveness CTL Model Checking
LTL ⊂ CTL∗
We saw that LTL ⊆ CTL∗. But is it a strict inclusion?(i.e. LTL ⊂ CTL∗)?Yes.
We know already that CTL ⊆ CTL∗ and that CTL 6⊆ LTL.So pick any CTL formula that cannot be expressed in LTL, and wehave a formula that cannot be expressed in LTL but can be inCTL∗.
31
Expressiveness CTL Model Checking
LTL ⊂ CTL∗
We saw that LTL ⊆ CTL∗. But is it a strict inclusion?(i.e. LTL ⊂ CTL∗)?Yes. We know already that CTL ⊆ CTL∗ and that CTL 6⊆ LTL.So pick any CTL formula that cannot be expressed in LTL, and wehave a formula that cannot be expressed in LTL but can be inCTL∗.
32
Expressiveness CTL Model Checking
(LTL ∪ CTL) ⊂ CTL∗
Is there any formula that can be expressed in CTL∗ but not inCTL nor in LTL?
Strict Inclusion
Yes. The proof is very involved, but the formula E G F • cannotbe expressed in either LTL nor CTL.
LTL CTL
CTL∗
33
Expressiveness CTL Model Checking
(LTL ∪ CTL) ⊂ CTL∗
Is there any formula that can be expressed in CTL∗ but not inCTL nor in LTL?
Strict Inclusion
Yes. The proof is very involved, but the formula E G F • cannotbe expressed in either LTL nor CTL.
LTL CTL
CTL∗
34
Expressiveness CTL Model Checking
(LTL ∪ CTL) ⊂ CTL∗
Is there any formula that can be expressed in CTL∗ but not inCTL nor in LTL?
Strict Inclusion
Yes. The proof is very involved, but the formula E G F • cannotbe expressed in either LTL nor CTL.
LTL CTL
CTL∗
35
Expressiveness CTL Model Checking
The CTL Model Checking Problem
Given
A CTL formula ϕ, and
An automaton A,
Determine if A |= ϕ.
Our approach
We first break the formula up into a parse tree. Then, annotatestates in a bottom-up fashion with the (sub-)formulae they satisfy.
36
Expressiveness CTL Model Checking
Parse Trees
A(p UNTIL E(True UNTIL q ∧ r))
A(· UNTIL ·)
p E(· UNTIL ·)
True ∧
q r
37
Expressiveness CTL Model Checking
Formal Algorithm: Basic Propositionscase ϕ ∈ P do /* Atomic proposition */
foreach q ∈ Q doif ϕ ∈ L(q) then
q.ϕ := True;else
q.ϕ := False;
case ϕ = ¬ψ do /* Negation */
Mark(A, ψ) ;foreach q ∈ Q do
q.ϕ := ¬q.ψ ;
case ϕ = ψ1 ∧ ψ2 do /* Conjunction */
Mark(A, ψ1); Mark(A, ψ2) ;foreach q ∈ Q do
q.ϕ := q.ψ1 ∧ q.ψ2 ;
38
Expressiveness CTL Model Checking
Formal Algorithm: EX
case ϕ = EX ψ do /* Exists a Successor */
Mark(A, ψ) ;foreach q ∈ Q do
q.ϕ := False;
foreach (q, q′) ∈ δ doif q′.ψ then
q.ϕ := True ;
We can simplify AX ψ to ¬EX ¬ψ. Why?
39
Expressiveness CTL Model Checking
case ϕ = E ψ1 UNTIL ψ2 do /* Exist Until */
Mark(A, ψ1) ; Mark(A, ψ2) ;foreach q ∈ Q do
q.ϕ := False;q.visited := False;if q.ψ2 then
q.ϕ := True ;q.visited := True ;W := W ∪ {q};
while W 6= ∅ doq := pop(W ); /* q satisfies ϕ */
foreach (q′, q) ∈ δ doif ¬q′.visited then
q′.visited := True ;if q′.ψ1 then
q′.ϕ := True; W := W ∪ {q′};
40
Expressiveness CTL Model Checking
case ϕ = A ψ1 UNTIL ψ2 do /* For All Until */
Mark(A, ψ1) ; Mark(A, ψ2);foreach q ∈ Q do
q.ϕ := False;q.nbUnchecked := |δ(q)|;if q.ψ2 then
q.ϕ := True ;W := W ∪ {q};
while W 6= ∅ doq := pop(W );/* q satisfies ϕ */
foreach (q′, q) ∈ δ doq′.nbUnchecked := q′.nbUnchecked − 1 ;if (q′.nbUnchecked = 0 ∧ q′.ψ1 ∧ ¬q′.ϕ) then
q′.ϕ := True ;W := W ∪ {q′};
41
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
42
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬:
O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
43
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX:
O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
44
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·):
O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
45
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·):
O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
46
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
47
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is:
O( (|Q|+ |δ|)× |ϕ| )
48
Expressiveness CTL Model Checking
Complexity?
Assume a fixed size of formula |ϕ|, what is the run time complexityof this algorithm?
Complexity for atomic propositions, ∧ and ¬: O(|Q|)Complexity for EX: O(|Q|)Complexity for E(· UNTIL ·): O(|Q|+ |δ|)Complexity for A(· UNTIL ·): O(|Q|+ |δ|)
Therefore, overall complexity is: O( (|Q|+ |δ|)× |ϕ| )
49
Expressiveness CTL Model Checking
Example
• •
••
• •
• •
Procedure
Simplify to basicCTL operations.
Build parse tree fornew formula.
Mark statesbottom up asdescribed.
Example
EF (• ∧ •)
EF AG (• ∧ •)
50
Expressiveness CTL Model Checking
Example
• •
••
• •
• •
Procedure
Simplify to basicCTL operations.
Build parse tree fornew formula.
Mark statesbottom up asdescribed.
Example
EF (• ∧ •)EF AG (• ∧ •)
51
Expressiveness CTL Model Checking
Bibliography
Expressiveness:
Huth/Ryan: Logic in Computer Science, Section 3.5
Baier/Katoen: Principles of Model Checking, Section 6.3
CTL Model Checking
Berard et al: System and Software Verification, Section 3.1
Baier/Katoen: Principles of Model Checking, Section 6.4
Clarke et al: Model Checking, Section 4.1
Huth/Ryan: Logic in Computer Science, Section 3.6
52