Formal Methods: Module I: Automated Reasoning Ch. 05: Automata-Theoretic LTL Reasoning

(1)

Formal Methods:

Module I: Automated Reasoning

Ch. 05: Automata-Theoretic LTL Reasoning

Roberto Sebastiani and Stefano Tonetta

DISI, Università di Trento, Italy – roberto.sebastiani@unitn.it URL: http://disi.unitn.it/rseba/DIDATTICA/fm2021/

Teaching assistant:Giuseppe Spallitta– giuseppe.spallitta@unitn.it

M.S. in Computer Science, Mathematics, & Artificial Intelligence Systems Academic year 2020-2021

last update: Tuesday 20^thApril, 2021, 12:48

Copyright notice: some material (text, figures) displayed in these slides is courtesy of R. Alur, M. Benerecetti, A. Cimatti, M. Di Natale, P. Pandya, M. Pistore, M. Roveri, C. Tinelli, and S.Tonetta, who detain its copyright. Some exampes displayed in these slides are taken from [Clarke, Grunberg & Peled, “Model Checking”, MIT Press], and their copyright is

detained by the authors. All the other material is copyrighted by Roberto Sebastiani. Every commercial use of this material is strictly forbidden by the copyright laws without the authorization of the authors. No copy of these slides can be

displayed in public without containing this copyright notice.

(2)

Outline

1

Büchi Automata

2

The Automata-Theoretic Approach to LTL Reasoning General Ideas

Language-Emptiness Checking of Büchi Automata From Kripke Models to Büchi Automata

From LTL Formulas to Büchi Automata Complexity

3

Exercises

(3)

Outline

1

Büchi Automata

2

The Automata-Theoretic Approach to LTL Reasoning General Ideas

Language-Emptiness Checking of Büchi Automata From Kripke Models to Büchi Automata

From LTL Formulas to Büchi Automata Complexity

3

Exercises

(4)

Infinite Word Languages

Modeling infinite computations of reactive systems Given an Alphabet Σ (e.g. Σ

^def

= {a, b})

An ω-word α over Σ is an infinite sequence a

₀

, a

₁

, a

₂

. . ..

Formally, α : N → Σ.

The set of all infinite words is denoted by Σ

^ω

.

A ω-language L is collection of ω-words, i.e. L ⊆ Σ

^ω

. Example: All words over {a, b} with infinitely many a’s.

Notation:

omega words α, β, γ ∈ Σ

^ω

.

omega-languages L, L

₁

⊆ Σ

^ω

For u ∈ Σ

⁺

, let u

^ω

= u.u.u . . .

(5)

Infinite Word Languages

Modeling infinite computations of reactive systems Given an Alphabet Σ (e.g. Σ

^def

= {a, b})

An ω-word α over Σ is an infinite sequence a

₀

, a

₁

, a

₂

. . ..

Formally, α : N → Σ.

The set of all infinite words is denoted by Σ

^ω

.

A ω-language L is collection of ω-words, i.e. L ⊆ Σ

^ω

. Example: All words over {a, b} with infinitely many a’s.

Notation:

omega words α, β, γ ∈ Σ

^ω

.

omega-languages L, L

₁

⊆ Σ

^ω

For u ∈ Σ

⁺

, let u

^ω

= u.u.u . . .

(6)

Infinite Word Languages

Modeling infinite computations of reactive systems Given an Alphabet Σ (e.g. Σ

^def

= {a, b})

An ω-word α over Σ is an infinite sequence a

₀

, a

₁

, a

₂

. . ..

Formally, α : N → Σ.

The set of all infinite words is denoted by Σ

^ω

.

A ω-language L is collection of ω-words, i.e. L ⊆ Σ

^ω

. Example: All words over {a, b} with infinitely many a’s.

Notation:

omega words α, β, γ ∈ Σ

^ω

.

omega-languages L, L

₁

⊆ Σ

^ω

For u ∈ Σ

⁺

, let u

^ω

= u.u.u . . .

(7)

Infinite Word Languages

Modeling infinite computations of reactive systems Given an Alphabet Σ (e.g. Σ

^def

= {a, b})

An ω-word α over Σ is an infinite sequence a

₀

, a

₁

, a

₂

. . ..

Formally, α : N → Σ.

The set of all infinite words is denoted by Σ

^ω

.

A ω-language L is collection of ω-words, i.e. L ⊆ Σ

^ω

. Example: All words over {a, b} with infinitely many a’s.

Notation:

omega words α, β, γ ∈ Σ

^ω

.

omega-languages L, L

₁

⊆ Σ

^ω

For u ∈ Σ

⁺

, let u

^ω

= u.u.u . . .

(8)

Infinite Word Languages

Modeling infinite computations of reactive systems Given an Alphabet Σ (e.g. Σ

^def

= {a, b})

An ω-word α over Σ is an infinite sequence a

₀

, a

₁

, a

₂

. . ..

Formally, α : N → Σ.

The set of all infinite words is denoted by Σ

^ω

.

A ω-language L is collection of ω-words, i.e. L ⊆ Σ

^ω

. Example: All words over {a, b} with infinitely many a’s.

Notation:

omega words α, β, γ ∈ Σ

^ω

.

omega-languages L, L

₁

⊆ Σ

^ω

For u ∈ Σ

⁺

, let u

^ω

= u.u.u . . .

(9)

Omega-Automata

We consider automaton running over infinite words.

Let α = aabbbb . . ..

There are several (infinite) possible runs.

Run ρ

₁

= s

₁

, s

₁

, s

₁

, s

₁

, s

₂

, s

₂

. . . Run ρ

₂

= s

₁

, s

₁

, s

₁

, s

₁

, s

₁

, s

₁

. . .

Acceptance Conditions: Büchi (Muller, Rabin, Street):

Acceptance is based on states occurring infinitely often Notation Let ρ ∈ Q

^ω

. Then,

Inf (ρ) = {s ∈ Q | ∃

^∞

i ∈ N. ρ(i) = s}.

(The set of states occurring infinitely many times in ρ.)

(10)

Omega-Automata

We consider automaton running over infinite words.

Let α = aabbbb . . ..

There are several (infinite) possible runs.

Run ρ

₁

= s

₁

, s

₁

, s

₁

, s

₁

, s

₂

, s

₂

. . . Run ρ

₂

= s

₁

, s

₁

, s

₁

, s

₁

, s

₁

, s

₁

. . .

Acceptance Conditions: Büchi (Muller, Rabin, Street):

Acceptance is based on states occurring infinitely often Notation Let ρ ∈ Q

^ω

. Then,

Inf (ρ) = {s ∈ Q | ∃

^∞

i ∈ N. ρ(i) = s}.

(The set of states occurring infinitely many times in ρ.)

(11)

Omega-Automata

We consider automaton running over infinite words.

Let α = aabbbb . . ..

There are several (infinite) possible runs.

Run ρ

₁

= s

₁

, s

₁

, s

₁

, s

₁

, s

₂

, s

₂

. . . Run ρ

₂

= s

₁

, s

₁

, s

₁

, s

₁

, s

₁

, s

₁

. . .

Acceptance Conditions: Büchi (Muller, Rabin, Street):

Acceptance is based on states occurring infinitely often Notation Let ρ ∈ Q

^ω

. Then,

Inf (ρ) = {s ∈ Q | ∃

^∞

i ∈ N. ρ(i) = s}.

(The set of states occurring infinitely many times in ρ.)

(12)

Omega-Automata

We consider automaton running over infinite words.

Let α = aabbbb . . ..

There are several (infinite) possible runs.

Run ρ

₁

= s

₁

, s

₁

, s

₁

, s

₁

, s

₂

, s

₂

. . . Run ρ

₂

= s

₁

, s

₁

, s

₁

, s

₁

, s

₁

, s

₁

. . .

Acceptance Conditions: Büchi (Muller, Rabin, Street):

Acceptance is based on states occurring infinitely often Notation Let ρ ∈ Q

^ω

. Then,

Inf (ρ) = {s ∈ Q | ∃

^∞

i ∈ N. ρ(i) = s}.

(The set of states occurring infinitely many times in ρ.)

(13)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

Q Finite set of states.

Σis a finite alphabet I ⊆ Q set of initial states.

F ⊆ Q set of accepting states.

δ ⊆Q × Σ × Q transition relation (edges).

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(14)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(15)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(16)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(17)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(18)

Büchi Automata

Nondeterministic Büchi Automaton

A Nondeterministic Büchi Automaton (NBA) is (Q, Σ, δ, I, F ) s.t.

A Deterministic Büchi Automaton (DBA) is an NBA s.t. the transition relation is functional: δ : Q × Σ 7−→ Q

Runs and Language of NBAs

A run ρ of A on ω-word α = a

₀

, a

₁

, a

₂

, ... is an infinite sequence ρ = q

o

, q

₁

, q

₂

, . . . s.t. q

₀

∈ I and q

_i

−→ q

^aⁱ _i+1

for 0 ≤ i.

The run ρ is accepting if Inf (ρ) ∩ F 6= ∅.

The language accepted by A

L(A) = {α ∈ Σ

^ω

| A has an accepting run on α}

(19)

Büchi Automaton: Example

Let Σ = {a, b}.

Let a Deterministic Büchi Automaton (DBA) A

₁

be

With F = {s

₁

} the automaton recognizes words with infinitely many a’s.

With F = {s

₂

} the automaton recognizes words with infinitely

many b’s.

(20)

Büchi Automaton: Example

Let Σ = {a, b}.

Let a Deterministic Büchi Automaton (DBA) A

₁

be

With F = {s

₁

} the automaton recognizes words with infinitely many a’s.

With F = {s

₂

} the automaton recognizes words with infinitely

many b’s.

(21)

Büchi Automaton: Example

Let Σ = {a, b}.

Let a Deterministic Büchi Automaton (DBA) A

₁

be

With F = {s

₁

} the automaton recognizes words with infinitely many a’s.

With F = {s

₂

} the automaton recognizes words with infinitely

many b’s.

(22)

Büchi Automaton: Example (2)

Let a Nondeterministic Büchi Automaton (NBA) A

₂

be

With F = {s

₂

}, the automaton A

₂

recognizes words with finitely

many a. Thus, L(A

₂

) = L(A

₁

).

(23)

Deterministic vs. Nondeterministic Büchi Automata

Theorem

DBAs are strictly less powerful than NBAs.

The subset construction does not work!

Let DA

₂

be

DA

₂

is not equivalent to A

₂

(e.g., it recognizes (b.a)

^ω

)

There is no DBA equivalent to A

₂

(24)

Deterministic vs. Nondeterministic Büchi Automata

Theorem

DBAs are strictly less powerful than NBAs.

The subset construction does not work!

Let DA

₂

be

DA

₂

is not equivalent to A

₂

(e.g., it recognizes (b.a)

^ω

)

There is no DBA equivalent to A

₂

(25)

Deterministic vs. Nondeterministic Büchi Automata

Theorem

DBAs are strictly less powerful than NBAs.

The subset construction does not work!

Let DA

₂

be

DA

₂

is not equivalent to A

₂

(e.g., it recognizes (b.a)

^ω

)

There is no DBA equivalent to A

₂

(26)

Deterministic vs. Nondeterministic Büchi Automata

Theorem

DBAs are strictly less powerful than NBAs.

The subset construction does not work!

Let DA

₂

be

DA

₂

is not equivalent to A

₂

(e.g., it recognizes (b.a)

^ω

)

There is no DBA equivalent to A

₂

(27)

Closure Properties

Theorem (union, intersection)

For the NBAs A

₁

, A

₂

we can construct

the NBA A s.t. L(A) = L(A

₁

) ∪ L(A

₂

). |A| = |A

1

| + |A

2

|

the NBA A s.t. L(A) = L(A

₁

) ∩ L(A

₂

). |A| ≤ |A

1

| · |A

2

| · 2.

(28)

Closure Properties

Theorem (union, intersection)

For the NBAs A

₁

, A

₂

we can construct

the NBA A s.t. L(A) = L(A

₁

) ∪ L(A

₂

). |A| = |A

1

| + |A

2

|

the NBA A s.t. L(A) = L(A

₁

) ∩ L(A

₂

). |A| ≤ |A

1

| · |A

2

| · 2.

(29)

Closure Properties

Theorem (union, intersection)

For the NBAs A

₁

, A

₂

we can construct

the NBA A s.t. L(A) = L(A

₁

) ∪ L(A

₂

). |A| = |A

1

| + |A

2

|

the NBA A s.t. L(A) = L(A

₁

) ∩ L(A

₂

). |A| ≤ |A

1

| · |A

2

| · 2.

(30)

Union of two NBAs

Definition: union of NBAs

Let A

₁

= (Q

₁

, Σ

₁

, δ

₁

, I

₁

, F

₁

), A

₂

= (Q

₂

, Σ

₂

, δ

₂

, I

₂

, F

₂

).

Then A = A

₁

∪ A

₂

= (Q, Σ, δ, I, F ) is defined as follows Q := Q

₁

∪ Q

2

, I := I

₁

∪ I

2

, F := F

₁

∪ F

2

R(s, s

⁰

) :=

R

₁

(s, s

⁰

) if s ∈ Q

₁

R

₂

(s, s

⁰

) if s ∈ Q

₂

Theorem

L(A) = L(A

1

) ∪ L(A

₂

)

|A |= |A

1

| + |A

2

|

Note

A is an automaton which just runs nondeterministically either A

₁

or A

₂

(same construction as with ordinary automata)

(31)

Union of two NBAs

Definition: union of NBAs

Let A

₁

= (Q

₁

, Σ

₁

, δ

₁

, I

₁

, F

₁

), A

₂

= (Q

₂

, Σ

₂

, δ

₂

, I

₂

, F

₂

).

Then A = A

₁

∪ A

₂

= (Q, Σ, δ, I, F ) is defined as follows Q := Q

₁

∪ Q

2

, I := I

₁

∪ I

2

, F := F

₁

∪ F

2

R(s, s

⁰

) :=

R

₁

(s, s

⁰

) if s ∈ Q

₁

R

₂

(s, s

⁰

) if s ∈ Q

₂

Theorem

L(A) = L(A

1

) ∪ L(A

₂

)

|A |= |A

1

| + |A

2

|

Note

A is an automaton which just runs nondeterministically either A

₁

or A

₂

(same construction as with ordinary automata)

(32)

Union of two NBAs

Definition: union of NBAs

Let A

₁

= (Q

₁

, Σ

₁

, δ

₁

, I

₁

, F

₁

), A

₂

= (Q

₂

, Σ

₂

, δ

₂

, I

₂

, F

₂

).

Then A = A

₁

∪ A

₂

= (Q, Σ, δ, I, F ) is defined as follows Q := Q

₁

∪ Q

2

, I := I

₁

∪ I

2

, F := F

₁

∪ F

2

R(s, s

⁰

) :=

R

₁

(s, s

⁰

) if s ∈ Q

₁

R

₂

(s, s

⁰

) if s ∈ Q

₂

Theorem

L(A) = L(A

1

) ∪ L(A

₂

)

|A |= |A

1

| + |A

2

|

Note

A is an automaton which just runs nondeterministically either A

₁

or A

₂

(same construction as with ordinary automata)

(33)

Union of two NBAs

Definition: union of NBAs

Let A

₁

= (Q

₁

, Σ

₁

, δ

₁

, I

₁

, F

₁

), A

₂

= (Q

₂

, Σ

₂

, δ

₂

, I

₂

, F

₂

).

Then A = A

₁

∪ A

₂

= (Q, Σ, δ, I, F ) is defined as follows Q := Q

₁

∪ Q

2

, I := I

₁

∪ I

2

, F := F

₁

∪ F

2

R(s, s

⁰

) :=

R

₁

(s, s

⁰

) if s ∈ Q

₁

R

₂

(s, s

⁰

) if s ∈ Q

₂

Theorem

L(A) = L(A

1

) ∪ L(A

₂

)

|A |= |A

1

| + |A

2

|

Note

A is an automaton which just runs nondeterministically either A

₁

or A

₂

(same construction as with ordinary automata)

(34)

Union of two NBAs

Definition: union of NBAs

Let A

₁

= (Q

₁

, Σ

₁

, δ

₁

, I

₁

, F

₁

), A

₂

= (Q

₂

, Σ

₂

, δ

₂

, I

₂

, F

₂

).

Then A = A

₁

∪ A

₂

= (Q, Σ, δ, I, F ) is defined as follows Q := Q

₁

∪ Q

2

, I := I

₁

∪ I

2

, F := F

₁

∪ F

2

R(s, s

⁰

) :=

R

₁

(s, s

⁰

) if s ∈ Q

₁

R

₂

(s, s

⁰

) if s ∈ Q

₂

Theorem

L(A) = L(A

1

) ∪ L(A

₂

)

|A |= |A

1

| + |A

2

|

Note

A is an automaton which just runs nondeterministically either A

₁

or A

₂

(same construction as with ordinary automata)

(35)

Synchronous Product of NBAs

Definition: synchronous product of NBAs

Let A

₁

= (Q

₁

, Σ, δ

₁

, I

₁

, F

₁

) and A

₂

= (Q

₂

, Σ, δ

₂

, I

₂

, F

₂

).

Then, A

₁

× A

2

= (Q, Σ, δ, I, F ), where Q = Q

₁

× Q

₂

× {1, 2}.

I = I

₁

× I

₂

× {1}.

F = F

₁

× Q

2

× {1}.

hp, q, 1i −→ hp

^a ⁰

, q

⁰

, 1i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and p 6∈ F

₁

. hp, q, 1i −→ hp

^a ⁰

, q

⁰

, 2i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and p ∈ F

₁

. hp, q, 2i −→ hp

^a ⁰

, q

⁰

, 2i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and q 6∈ F

₂

. hp, q, 2i −→ hp

^a ⁰

, q

⁰

, 1i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and q ∈ F

₂

.

Theorem

L(A

₁

× A

₂

) = L(A

₁

) ∩ L(A

₂

).

|A

1

× A

2

| ≤ 2 · |A

1

| · |A

2

|.

(36)

Synchronous Product of NBAs

Definition: synchronous product of NBAs

Let A

₁

= (Q

₁

, Σ, δ

₁

, I

₁

, F

₁

) and A

₂

= (Q

₂

, Σ, δ

₂

, I

₂

, F

₂

).

Then, A

₁

× A

2

= (Q, Σ, δ, I, F ), where Q = Q

₁

× Q

₂

× {1, 2}.

I = I

₁

× I

₂

× {1}.

F = F

₁

× Q

2

× {1}.

hp, q, 1i −→ hp

^a ⁰

, q

⁰

, 1i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and p 6∈ F

₁

. hp, q, 1i −→ hp

^a ⁰

, q

⁰

, 2i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and p ∈ F

₁

. hp, q, 2i −→ hp

^a ⁰

, q

⁰

, 2i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and q 6∈ F

₂

. hp, q, 2i −→ hp

^a ⁰

, q

⁰

, 1i iff p −→ p

^a ⁰

and q −→ q

^a ⁰

and q ∈ F

₂

.

Theorem

L(A

₁

× A

₂

) = L(A

₁

) ∩ L(A

₂

).

|A

1

× A

2

| ≤ 2 · |A

1

| · |A

2

|.

(37)

Synchronous Product of NBAs: Intuition

The automaton remembers two tracks, one for each source NBA, and it points to one of the two tracks

As soon as it goes through an accepting state of the current track, it switches to the other track

=⇒ in order to visit infinitely often a state in F (i.e., F

₁

), it must visit infinitely often some state also in F

₂

Important subcase: If F

₂

= Q

₂

, then Q = Q

₁

× Q

₂

.

I = I

₁

× I

₂

.

F = F

₁

× Q

2

.

(38)

Synchronous Product of NBAs: Intuition

The automaton remembers two tracks, one for each source NBA, and it points to one of the two tracks

As soon as it goes through an accepting state of the current track, it switches to the other track

=⇒ in order to visit infinitely often a state in F (i.e., F

₁

), it must visit infinitely often some state also in F

₂

Important subcase: If F

₂

= Q

₂

, then Q = Q

₁

× Q

₂

.

I = I

₁

× I

₂

.

F = F

₁

× Q

2

.

(39)

Synchronous Product of NBAs: Intuition

The automaton remembers two tracks, one for each source NBA, and it points to one of the two tracks

As soon as it goes through an accepting state of the current track, it switches to the other track

=⇒ in order to visit infinitely often a state in F (i.e., F

₁

), it must visit infinitely often some state also in F

₂

Important subcase: If F

₂

= Q

₂

, then Q = Q

₁

× Q

₂

.

I = I

₁

× I

₂

.

F = F

₁

× Q

2

.

(40)

Synchronous Product of NBAs: Example

(41)

Synchronous Product of NBAs: Example

(42)

Closure Properties (2)

Theorem (complementation) [Safra, MacNaughten]

For the NBA A

₁

we can construct an NBA A

₂

such that L(A

2

) = L(A

₁

).

|A

₂

| = O(2

^|A¹^|·log(|A¹^|)

).

Method: (hint)

(i) convert a Büchi automaton into a Non-Deterministic Rabin automaton

(ii) determinize and Complement the Rabin automaton

(iii) convert the Rabin automaton into a Büchi automaton.

(43)

Closure Properties (2)

Theorem (complementation) [Safra, MacNaughten]

For the NBA A

₁

we can construct an NBA A

₂

such that L(A

2

) = L(A

₁

).

|A

₂

| = O(2

^|A¹^|·log(|A¹^|)

).

Method: (hint)

(i) convert a Büchi automaton into a Non-Deterministic Rabin automaton

(ii) determinize and Complement the Rabin automaton

(iii) convert the Rabin automaton into a Büchi automaton.

(44)

Closure Properties (2)

Theorem (complementation) [Safra, MacNaughten]

For the NBA A

₁

we can construct an NBA A

₂

such that L(A

2

) = L(A

₁

).

|A

₂

| = O(2

^|A¹^|·log(|A¹^|)

).

Method: (hint)

(i) convert a Büchi automaton into a Non-Deterministic Rabin automaton

(ii) determinize and Complement the Rabin automaton

(iii) convert the Rabin automaton into a Büchi automaton.

(45)

Closure Properties (2)

Theorem (complementation) [Safra, MacNaughten]

For the NBA A

₁

we can construct an NBA A

₂

such that L(A

2

) = L(A

₁

).

|A

₂

| = O(2

^|A¹^|·log(|A¹^|)

).

Method: (hint)

(i) convert a Büchi automaton into a Non-Deterministic Rabin automaton

(ii) determinize and Complement the Rabin automaton

(iii) convert the Rabin automaton into a Büchi automaton.

(46)

Closure Properties (2)

Theorem (complementation) [Safra, MacNaughten]

For the NBA A

₁

we can construct an NBA A

₂

such that L(A

2

) = L(A

₁

).

|A

₂

| = O(2

^|A¹^|·log(|A¹^|)

).

Method: (hint)

(i) convert a Büchi automaton into a Non-Deterministic Rabin automaton

(ii) determinize and Complement the Rabin automaton

(iii) convert the Rabin automaton into a Büchi automaton.

(47)

Generalized Büchi Automaton

Definition

A Generalized Büchi Automaton is a tuple A := (Q, Σ, δ, I, FT ) where FT = hF

₁

, F

₂

, . . . , F

_k

i with F

_i

⊆ Q.

A run ρ of A is accepting if Inf (ρ) ∩ F

_i

6= ∅ for each 1 ≤ i ≤ k .

Theorem

For every Generalized Büchi Automaton we can construct a language equivalent plain Büchi Automaton.

Intuition

Let Q

⁰

= Q × {1, . . . , K }.

The automaton remains in phase i till it visits a state in F

_i

. Then, it

moves to (i mod K ) + 1 mode.

(48)

Generalized Büchi Automaton

Definition

A Generalized Büchi Automaton is a tuple A := (Q, Σ, δ, I, FT ) where FT = hF

₁

, F

₂

, . . . , F

_k

i with F

_i

⊆ Q.

A run ρ of A is accepting if Inf (ρ) ∩ F

_i

6= ∅ for each 1 ≤ i ≤ k .

Theorem

For every Generalized Büchi Automaton we can construct a language equivalent plain Büchi Automaton.

Intuition

Let Q

⁰

= Q × {1, . . . , K }.

The automaton remains in phase i till it visits a state in F

_i

. Then, it

moves to (i mod K ) + 1 mode.

(49)

Generalized Büchi Automaton

Definition

A Generalized Büchi Automaton is a tuple A := (Q, Σ, δ, I, FT ) where FT = hF

₁

, F

₂

, . . . , F

_k

i with F

_i

⊆ Q.

A run ρ of A is accepting if Inf (ρ) ∩ F

_i

6= ∅ for each 1 ≤ i ≤ k .

Theorem

For every Generalized Büchi Automaton we can construct a language equivalent plain Büchi Automaton.

Intuition

Let Q

⁰

= Q × {1, . . . , K }.

The automaton remains in phase i till it visits a state in F

_i

. Then, it

moves to (i mod K ) + 1 mode.

(50)

De-generalization of a generalized NBA

Definition: De-generalization of a generalized NBA

Let A

^def

= (Q, Σ, δ, I, FT ) a generalized BA s.f. FT

^def

= {F

₁

, ..., F

_K

}.

Then a language-equivalent BA A

⁰^def

= (Q

⁰

, Σ, δ

⁰

, I

⁰

, F

⁰

) is built as follows

Q

⁰

= Q

₁

× {1, ..., K }.

I

⁰

= I × {1}.

F

⁰

= F

₁

× {1}.

δ

⁰

is s.t., for every i ∈ [1, ..., K ]:

hp, ii −→ hq, ii

^a

iff p −→ q ∈ δ and p 6∈ F

^a _i

. hp, ii −→ hq, (i mod K ) + 1i iff p

^a

−→ q ∈ δ and p ∈ F

^a _i

.

Theorem

L(A

⁰

) = L(A).

|A

⁰

| ≤ K · |A|.

(51)

De-generalization of a generalized NBA

Definition: De-generalization of a generalized NBA

Let A

^def

= (Q, Σ, δ, I, FT ) a generalized BA s.f. FT

^def

= {F

₁

, ..., F

_K

}.

Then a language-equivalent BA A

⁰^def

= (Q

⁰

, Σ, δ

⁰

, I

⁰

, F

⁰

) is built as follows

Q

⁰

= Q

₁

× {1, ..., K }.

I

⁰

= I × {1}.

F

⁰

= F

₁

× {1}.

δ

⁰

is s.t., for every i ∈ [1, ..., K ]:

hp, ii −→ hq, ii

^a

iff p −→ q ∈ δ and p 6∈ F

^a _i

. hp, ii −→ hq, (i mod K ) + 1i iff p

^a

−→ q ∈ δ and p ∈ F

^a _i

.

Theorem

L(A

⁰

) = L(A).

|A

⁰

| ≤ K · |A|.

(52)

Degeneralizing a Büchi automaton: Example

(53)

Degeneralizing a Büchi automaton: Example

(54)

Omega-regular Expressions

Definition

A language is called ω-regular if it has the form ∪

ⁿ_i=1

U

_i

.(V

_i

)

^ω

where U

_i

, V

_i

are regular languages.

Theorem

A language L is ω-regular iff it is NBA-recognizable.

(55)

Omega-regular Expressions

Definition

A language is called ω-regular if it has the form ∪

ⁿ_i=1

U

_i

.(V

_i

)

^ω

where U

_i

, V

_i

are regular languages.

Theorem

A language L is ω-regular iff it is NBA-recognizable.

(56)

Outline

1

Büchi Automata

2

The Automata-Theoretic Approach to LTL Reasoning General Ideas

Language-Emptiness Checking of Büchi Automata From Kripke Models to Büchi Automata

From LTL Formulas to Büchi Automata Complexity

3

Exercises

(57)

Outline

1

Büchi Automata

2

The Automata-Theoretic Approach to LTL Reasoning General Ideas

Language-Emptiness Checking of Büchi Automata From Kripke Models to Büchi Automata

From LTL Formulas to Büchi Automata Complexity

3

Exercises

(58)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ ϕ ∧ ¬ψ unsat

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(59)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(60)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(61)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ ϕ ∧ ¬ψunsat

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(62)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(63)

Automata-Theoretic LTL Satisfiability and Entailment

LTL Validity/Satisfiability Let ψ be an LTL formula

|= ψ (LTL)

⇐⇒ ¬ψ unsat

⇐⇒ L(A_¬ψ) = ∅

A

¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

LTL Entailment

Let ϕ, ψ be an LTL formula

ϕ |= ψ (LTL)

|= ϕ → ψ (LTL)

⇐⇒ L(Aϕ∧¬ψ) = ∅

A

_ϕ∧¬ψ

is a Büchi Automaton which represents all and only the

paths that satisfy ϕ ∧ ¬ψ (satisfy ϕ and do not satisfy ψ)

(64)

Automata-Theoretic LTL Model Checking

LTL Model Checking

Let M be a Kripke model and ψ be an LTL formula

M |= ψ (LTL)

⇐⇒ L(M) ⊆ L(ψ)

⇐⇒ L(M) ∩ L(ψ) = ∅

⇐⇒ L(M) ∩ L(¬ψ) = ∅

⇐⇒ L(A_M) ∩ L(A¬ψ) = ∅

⇐⇒ L(A_M× A¬ψ) = ∅

A

_M

is a Büchi Automaton equivalent to M (which represents all and only the executions of M)

A

_¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

=⇒ A

_M

× A

¬ψ

represents all and only the paths appearing in M and

not in ψ.

(65)

Automata-Theoretic LTL Model Checking

LTL Model Checking

Let M be a Kripke model and ψ be an LTL formula

M |= ψ (LTL)

⇐⇒ L(M) ⊆ L(ψ)

⇐⇒ L(M) ∩ L(ψ) = ∅

⇐⇒ L(M) ∩ L(¬ψ) = ∅

⇐⇒ L(A_M) ∩ L(A¬ψ) = ∅

⇐⇒ L(A_M× A¬ψ) = ∅

A

_M

is a Büchi Automaton equivalent to M (which represents all and only the executions of M)

A

_¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

=⇒ A

_M

× A

¬ψ

represents all and only the paths appearing in M and

not in ψ.

(66)

Automata-Theoretic LTL Model Checking

LTL Model Checking

Let M be a Kripke model and ψ be an LTL formula

M |= ψ (LTL)

⇐⇒ L(M) ⊆ L(ψ)

⇐⇒ L(M) ∩ L(ψ) = ∅

⇐⇒ L(M) ∩ L(¬ψ) = ∅

⇐⇒ L(A_M) ∩ L(A¬ψ) = ∅

⇐⇒ L(A_M× A¬ψ) = ∅

A

_M

is a Büchi Automaton equivalent to M (which represents all and only the executions of M)

A

_¬ψ

is a Büchi Automaton which represents all and only the paths that satisfy ¬ψ (do not satisfy ψ)

=⇒ A

_M

× A

¬ψ

represents all and only the paths appearing in M and

not in ψ.

(67)

Automata-Theoretic LTL Model Checking

Four steps Let ϕ

^def

= ¬ψ:

(i) Compute A

_M

(ii) Compute A

ϕ

(iii) Compute the product A

_M

× A

ϕ

(iv) Check the emptiness of L(A

_M

× A

_ϕ

)

(68)

Automata-Theoretic LTL Model Checking

Four steps Let ϕ

^def

= ¬ψ:

(i) Compute A

_M

(ii) Compute A

ϕ

(iii) Compute the product A

_M

× A

ϕ

(iv) Check the emptiness of L(A

_M

× A

_ϕ

)

(69)

Automata-Theoretic LTL Model Checking

Four steps Let ϕ

^def

= ¬ψ:

(i) Compute A

_M

(ii) Compute A

ϕ

(iii) Compute the product A

_M

× A

ϕ

(iv) Check the emptiness of L(A

_M

× A

_ϕ

)

(70)

Automata-Theoretic LTL Model Checking

Four steps Let ϕ

^def

= ¬ψ:

(i) Compute A

_M

(ii) Compute A

ϕ

(iii) Compute the product A

_M

× A

ϕ

(iv) Check the emptiness of L(A

_M

× A

_ϕ

)

(71)

Automata-Theoretic LTL Model Checking

Four steps Let ϕ

^def

= ¬ψ:

(i) Compute A

_M

(ii) Compute A

ϕ

(iii) Compute the product A

_M

× A

ϕ

(iv) Check the emptiness of L(A

_M

× A

_ϕ

)

(72)

Outline

1

Büchi Automata

2

The Automata-Theoretic Approach to LTL Reasoning General Ideas

Language-Emptiness Checking of Büchi Automata From Kripke Models to Büchi Automata

From LTL Formulas to Büchi Automata Complexity

3

Exercises

(73)

NBA emptiness checking

Find an accepting cycle reachable from an initial state.

A naive algorithm:

(i) a DFS finds the final states f reachable from an initial state;

(ii) for each f , a second DFS finds if it can reach f (i.e., if there exists a loop)

Complexity: O(n

²

) SCC-based algorithm:

(i) Tarjan’s algorithm uses a DFS to find the SCCs in linear time;

(ii) drop all SCCs which do not have at least one arc, and which do not contain at least one accepting state f

(iii) another DFS finds if the union of non-trivial SCCs is reachable from an initial state.