Automata and Formal Lanugages

Büchi Automata and Model Checking

Ralf Möller

based on slidesby Chang-Beom Choi

Provable Software Lab, KAIST

Transition System to Mealy-Style Automaton Translation

2

1

3

Each state is labeled with the propositions that hold in that state

Example transition system Corresponding automaton

{p,q}

{p}

{q}

{p,q}

{q}

i

1

2 3

p,q

q p

But: No accept states

OverviewBüchi Automata

• Büchi Automata – Automata which accept infinite words– named after Julius Richard Büchi, Swiss Logician

• Usually used for modeling systems with infinite sequences of states, each of which satisfies certain atomic propositions

• Büchi Automaton M accepts sequences of labels for program states: L(M) describes all potential sequences of state labels of the system (andtherefore describes system behavior)

OverviewBüchi Automaton (deterministic version)

• Definition– M = (Σ, S, s0, , F)

Σ : alphabet (set of “labels for program states”)S : set of automaton statess0 : initial state : a transition function (S x Σ x S) F : a set of accepting states

– M = (Σ, S, s0, , F)– The input of M is infinite w : a0, a1, … (∈ Σω)

– A run is a sequence of states r: s0,s1, … (∈ Sω)• Initiation: s0 ∈ S0

• Consecution : si+1∈ (si, ai)

– Accepting run (r = s0,s1, … )• There exists an infinite number of integers

i ∈ N such that si ∈ F

OverviewBüchi Automaton

OverviewBüchi Automata

• P must eventually occur, and if it occurs P holds forever

• Σ = {P, true}

• S = {q0, q1}

• s0 = {q0}

• = {(q0,true, q0), (q0, P, q1), (q1,P, q1)

• F = {q1}

run : q0, q1, q1, q1, …

OverviewBüchi Automata

• P must eventually occur, and if it occurs P holds forever

• Σ = {P, true}

• S = {q0, q1}

• s0 = {q0}

• = {(q0,true, q0), (q0, P, q1), (q1,P, q1)

• F = {q1}

Relation to Linear Temporal Logic

LTL Properties Büchi automata

G p p ptrue

F p pptrue

G (F p) p

The size of the property automaton can be exponential in the size of the LTL formula

p

p

p

Overview

• Model checking– Specify requirement properties and build system model– Generate possible states from the model and then check

whether given requirement properties are satisfied within the state space OK

Error TraceFound

or

TargetProgram

RequirementProperties

Model Check

Overview

• A process of Model Checking– Modeling

• Build a model of program or system– Specification

• Describe requirement properties– Verification

• Checking that a model of the program or system satisfies a given specification

Overview

• How can we model check of a program or system?– Modeling

• Build a Büchi automaton for a given program or system

– Specification• Describe requirement properties using Temporal

Logic

– Verification• Automatically (semi-automatic)

Model Checker

OverviewProcess of Model Checking

Target Program Requirement

Properties