![Page 1: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/1.jpg)
1
Translating from LTL to automata
![Page 2: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/2.jpg)
2
Why translating?
Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)
satisfies this property. The check (“model-checking”) will be based on automata
operations – hence we need to translate the property to automata.
![Page 3: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/3.jpg)
3
From formulas to Buchi automta
Gp Fp p U q GFp
p p
T
T
q
p
T
p
T
Now try yourself: FGp, a U (b U c), X(p U (q Æ r))
![Page 4: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/4.jpg)
4
A translation algorithm
So now we need to show an algorithmic translation from LTL to Buchi
It will work in two stages: Translate to Generalized Buchi Degeneralization.
![Page 5: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/5.jpg)
5
Preprocessing
Convert into normal form, where negation only applies to propositional variables.
¬G becomes F¬. ¬F becomes G¬. ¬( U ) becomes (¬) R (¬), ¬( R ) becomes (¬) U (¬).
![Page 6: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/6.jpg)
6
Convert to Negation Normal Form Push negations over propositional conenctives, and
eliminate operators other than Æ, Ç
Eliminate G Replace G by (False R ).
(in general we can stay with U, R, X)
Preprocessing
![Page 7: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/7.jpg)
7
Example
Translate (GF P ) ! ( GF Q )
Eliminate implication ¬( GF P ) Ç ( GF Q )
Eliminate G, F :¬( False R ( True U P ) ) Ç ( False R ( True U Q ) )
Push negation inwards:(True U (False R ¬P ) ) Ç ( False R ( True U Q ) )
![Page 8: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/8.jpg)
8
And now...
We need to build an automaton that accepts exactly those words that satisfy .
![Page 9: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/9.jpg)
9
Content
The construction continues as follows:
1. Build the Local Automaton This automaton guarantees that the word satisfies
all conditions imposed by the formula
2. Build the Eventuality Automaton Eventualities : formulas of the form Fφ and φ1 U
φ2 The problem is that nothing prevents us from
postponing forever the time at which (eventuality) formula will be true
3. Compose them
![Page 10: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/10.jpg)
10
The Local Automaton
Closure of all the subformulas of and their negations.
Formally: cl() is the smallest set of formulas satisfying the following conditions
φ ∈ cl(φ) φ1 ∈ cl(φ) ⇒ ¬φ1 ∈ cl(φ) φ1 ∧ φ2∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ) φ1 ∨ φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
X φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ) F φ1 ∈ cl(φ) ⇒ φ1 ∈ cl(φ) φ1 U φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ) φ1 R φ2 ∈ cl(φ) ⇒ φ1 , φ2 ∈ cl(φ)
![Page 11: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/11.jpg)
11
The Local Automaton / Alphabet, states
The local automaton is L = (∑, SL, ρL, IL, FL)
The alphabet ∑ ∑ µ 2cl(φ)
∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s ¬f ∉ s
The states SL All propositionally consistent subsets s of cl(φ):
φ1 ∈ s ¬φ1 ∉ s
![Page 12: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/12.jpg)
12
The Local Automaton / Transition relation
The edges: ρL(s, a) must check the next state is compatible with the semantics of
the temporal operators.
Let t ∈ ρL(s, a). Then:
Xφ1 ∈ s φ1 ∈ t
Fφ1 ∈ s φ1 ∈ s or Fφ1 ∈ t
φ1 U φ2 ∈ s (φ2 ∈ s) or (φ1 ∈ s and φ1 U φ2 ∈ t)
φ1 R φ2 ∈ s (φ1 ⋀ φ2 ∈ s) or (φ2 ∈ s and φ1 R φ2
∈ t)
The labeling on the edges: For a state s ;, s is the label on all the outgoing edges from s.
![Page 13: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/13.jpg)
13
The initial states IL
... is the set of states that include the formula
The accepting states FL
... is the set of all states
The Local Automaton / Initial + final states
![Page 14: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/14.jpg)
14
Example: Local Automaton for Fp
Closure of Fp cl(Fp) = {Fp, p, ¬Fp, ¬p}
SL= {{Fp, p}, {¬Fp, p}, {Fp, ¬p}, {¬Fp, ¬p}}
![Page 15: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/15.jpg)
15
Local Automaton for Fp
{¬Fp, p}
{Fp, ¬p}
{¬Fp, ¬p}
Recall the defnition: (Fp ∈ s) (p ∈ s or Fp ∈ t) (t is the target state)
Top-right: Since p s then t can only be such that Fp 2 t.
Top left: Since p 2 s then all states can be t.
{Fp, p}
Bottom left: contradictory, hence no point in this state (can be removed)
Bottom right: since the condition above is iff relation, then we need that (:p 2 s) and (:Fp 2 t).
![Page 16: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/16.jpg)
16
Local Automaton for Fp (labels)
{¬Fp, p}
{Fp, ¬p}
{¬Fp, ¬p}
{Fp, p}
{Fp, p}
{Fp, p} {¬Fp, ¬p}
{Fp, ¬p}
{Fp, ¬p}
{Fp, p}
Recall: the edge labels are equivalent to the source state names.
![Page 17: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/17.jpg)
17
Eventuality automaton is supposed to check that the eventualities are realized
Check formulas of the form φ1 U φ2
Fφ // special case of U
The Eventuality Automaton
![Page 18: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/18.jpg)
18
The Eventuality Automaton/ Alphabet, states
Ev = (∑, 2ev(φ), ρF, {{}}, F)
The alphabet ∑ µ 2cl(φ)
∑ elements are consistent: for s 2 ∑ and f ∈ cl(φ): f ∈ s ¬f ∉ s
The states 2ev(φ)
The set of subsets of the eventualities of the formula φ
A state {e1, …, ek} means that the eventualities e1, …, ek still have to be realized
![Page 19: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/19.jpg)
19
The Eventuality Automaton/ Transition relation, initial state
The transition ρF
Let t ∈ ρF(s,a)
For Fφ : Fφ ∈ t φ ∉ a
For φ1 U φ2 : φ1 U φ2 ∈ t φ2 ∉ a
The initial state : {}
![Page 20: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/20.jpg)
20
The Eventuality Automaton/ accepting states
The acceptance condition F is complicated... When can we accept a state s?
if s has an eventuality, it satisfies it.
Examples: s is accepting: s = {pUq,:p, q}
s = {:pUq,:p, :q}
s is not accepting: s = {pUq, p, :q} s = {pUq, :p, :q}
![Page 21: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/21.jpg)
21
The Eventuality Automaton/ accepting states
The acceptance condition, formaly: Let ei be an eventuality condition i’ U i
Suppose we have the eventuality conditions e1,...,em. Then F is a generalized Buchi condition:
F = {Á1,...,Ám} where Ái = {s 2 S | ei 2 s ! i 2 s}
In our example: We have two states: {} and {Fp} Thus, F contains the single state {}
![Page 22: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/22.jpg)
22
ExampleEventuality automaton
{Fp}
{}
{Fp, p}
{¬Fp, p}
{¬Fp, ¬p}
{Fp, ¬p}
{Fp, p}{¬Fp, p}
{¬Fp, ¬p}
{Fp, ¬p}
We can begin with all edges and all labels and then remove those that are incompatible with the condition we saw in the previous slide:
The condition is: Fp ∈ t p ∉ a
Q: When is this automaton satisfied? A: When all eventualities are satisfied.
![Page 23: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/23.jpg)
23
M = (∑, SM, ρM ,NM0, FM)
∑ µ 2cl()
SM = SL x 2ev(φ) (Cartesian Product)
(p, q) ∈ ρM((s, t), a) p ∈ ρL(s, a) and q ∈ ρF(t, a)
NM0 = Nφ x {}
FM = NL x {}
Composing the two automata
![Page 24: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/24.jpg)
24
Example Composing the two automata
({Fp, p}, Fp)
({Fp, ¬p} , Fp)
({¬Fp, ¬p} , Fp)
({Fp, p}, {})({Fp, ¬p} , {})
({¬Fp, ¬p} , {})
The propositions are the ‘real’ labels.
p
p
:p
:p
:p
![Page 25: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/25.jpg)
25
Example Composing the two automata
({Fp, p}, Fp)
({Fp, ¬p} , Fp)
({Fp, p}, {})
({¬Fp, ¬p} , {})
p :p
:p
:p
Equivalently: labels move to outgoing edges.
p
p :pp
:p
p
p
({Fp, ¬p} , {})
![Page 26: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/26.jpg)
26
Optimizations...
There are optimizations that make the automaton much smaller:
p
:p
:p
:p pp
If we define the alphabet ∑ as formulas over AP we can do better:
p
:p truep Ç :p
![Page 27: 1 Translating from LTL to automata. 2 Why translating? Want to write the specification in some logic. Want to check that an automaton (or a Kripke structure)](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d795503460f94a5d518/html5/thumbnails/27.jpg)
27
Conclusion
The number of States Local Automaton : 2cl(φ) = O(22|φ|) Eventuality Automaton : 2ev(φ) = O(2|φ|) Composed Automata : 2cl(φ) X 2ev(φ) = O(23|φ|)
|φ| is length of formula φ