Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible...

Computation Tree Logic

CSE 814 1 Introduction to CTL

Outline

•  Motivation •  CTL structures •  Syntax of CTL •  Semantics of CTL •  Some examples

CSE 814 Introduction to CTL 2

View Time as Branching

•  Processes make choices as they execute

•  Outcomes of choices cause different futures

•  Branching-time logics allow quantification over the possible futures


x=0 y=0

x=1 y=0

x=1 y=1

s0: s1:

s2:

View Time as Branching

Two types of operators •  Path operators:

U (until), F (sometime), G (always) •  State operators:

A (on all paths), E (on some path) CSE 814 Introduction to CTL 4

x=0 y=0

x=1 y=0

x=1 y=1

s0: s1:

s2:

s0

s1

s0

s1

s2

s0

s0

s1

s2

s0

…

…

…

CTL Structures: FSM

•  Assume a set of primitive propositions, P

•  A finite state model M is a triple M = (S, R, L) where –  S is a finite set of states –  R ⊆ S × S is a (total) transition relation –  L: S → 2P labels each state with a set of propositions

•  A path, ρ, is an infinite sequence of states

ρ : s0, s1, s2, … such that (si, si+1) ∈ R, for i ≥ 0


CTL Structures: Computation Trees

•  A finite state model M = (S, R, L) and a state s0 ∈ S define an infinite computation tree T where: –  the root of T is labeled s0 and –  T contains an edge from a node labeled s to a node

labeled t iff (s, t) ∈ R

•  A CTL formula is evaluated on a computation tree, i.e, at a state in a FSM


Example: FSM

• P: {x=0, x=1, y=0, y=1} •  S: {s0, s1, s2} •  R:

{(s0, s1), (s1, s0), (s1, s2), (s2, s0)}

•  L: L(s0) = {x=0, y=0} L(s1) = {x=1, y=0} L(s2) = {x=1, y=1}


x=0 y=0

x=1 y=0

x=1 y=1

s0: s1:

s2:

Example: Some paths

s0, s1, s0, s1, s0 , s1, s0 , s1, s0, …

s0, s1, s2, s0, s1, s2, s0, s1, s2, …

s0, s1, s0, s1, s2, s0, s1, s2, s0, …

s0, s1, s0, s1, s2 , s0, s1, s0, s1, …

…


x=0 y=0

x=1 y=0

x=1 y=1

s0: s1:

s2:

Example: Computation Trees


s0

s1

s0

s1

s2

s0

s0

s1

s2

s0

…

…

…

s1

s0

s1

s2

s0

s0

s1

s2

s0

…

…

…

s0

s1

s0

s1

s2

s0

s0 s2 …

…

…

s2

Syntax of CTL

The CTL formulas over P are defined inductively:


If p ∈ P and f and g are CTL formulas, then the following are CTL formulas: (Propositions) p

(Boolean operators) ¬ f f ∧ g f ∨ g …

(Temporal operators) AXf On all paths, next f EXf On some path, next f A[f U g] On all paths, f until g E[f U g] On some path, f until g

Semantics of CTL

•  A CTL formula is evaluated at a state s0 ∈ S in a finite state model M = (S, R, L).

•  The models relation is defined inductively:

Proposition p: (M, s0) ⊨ p if p ∈ L(s0)

Boolean operators, as usual: (M, s0) ⊨ ¬ f iff ¬ ( (M, s0) ⊨ f ) (M, s0) ⊨ f ∧ g iff ( (M, s0) ⊨ f ∧ (M, s0) ⊨ g ) (M, s0) ⊨ f ∨ g iff ( (M, s0) ⊨ f ∨ (M, s0) ⊨ g ) …


Semantics: CTL Temporal Operators

Always Next: (M, s0) ⊨ AXf iff ∀t ( (s0, t) ∈ R ⇒ (M, t) ⊨ f )

Sometime Next: (M, s0) ⊨ EXf iff ∃ t ( (s0, t) ∈ R ∧ (M, t) ⊨ f )


…

…

…

…

AXf

f f

…

…

…

…

f

EXf


(M, s0) ⊨ A[f U g] iff for all paths (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ g ∧ ∀j (0 ≤ j < i ⇒ (M, sj) ⊨ f ) ]


Always Until:

…

…

…

…

f, A[f U g]

f

g g

g


(M, s0) ⊨ E[f U g] iff for some path (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ g ∧ ∀j (0 ≤ j < i ⇒ (M, sj) ⊨ f ) ]


Always Until:

…

…

…

…

f, E[f U g]

f

g


(M, s0) ⊨ AF( f ) iff for all paths (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ f ]


Inevitably: AF( f ) ≡ A[True U f ]

…

…

…

…

AF(f)

f

f f


(M, s0) ⊨ EF( f ) iff for some path (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ f ]


Potentially: EF( f ) ≡ E[True U f ]

…

…

…

…

AF(f)

f


(M, s0) ⊨ EG( f ) iff for some path (s0, s1, s2, …), ∀ i ≥ 0 [(M, si) ⊨ f ]


EG( f ) ≡ ¬ AF(¬f )

…

…

…

…

f, AF(f)

f

f


(M, s0) ⊨ AG( f ) iff for all path (s0, s1, s2, …), ∀ i ≥ 0 [(M, si) ⊨ f ]


Globally: AG( f ) ≡ ¬ EF(¬f )

…

…

…

…

f, AF(f)

f

f

Example: Mutex Protocol


N1, N2 turn=0

T1, N2 turn=1

C1, N2 turn=1

T1, T2 turn=1

C1, T2 turn=1

N1, T2 turn=2

T1, T2 turn=2

N1, C2 turn=2

T1, C2 turn=2

C – in critical section (CS); N – not ready to enter CS; T – trying to enter CS



N1, N2 turn=0

T1, N2 turn=1

C1, N2 turn=1

T1, T2 turn=1

C1, T2 turn=1

N1, T2 turn=2

T1, T2 turn=2

N1, C2 turn=2

T1, C2 turn=2

(M, sinit) ⊨ AG(¬ C1 ∨ ¬ C2) ??



N1, N2 turn=0

T1, N2 turn=1

C1, N2 turn=1

T1, T2 turn=1

C1, T2 turn=1

N1, T2 turn=2

T1, T2 turn=2

N1, C2 turn=2

T1, C2 turn=2

(M, sinit) ⊨ AF( C1 ) ??



N1, N2 turn=0

T1, N2 turn=1

C1, N2 turn=1

T1, T2 turn=1

C1, T2 turn=1

N1, T2 turn=2

T1, T2 turn=2

N1, C2 turn=2

T1, C2 turn=2

(M, sinit) ⊨ AG( T1 ⇒ AF( C1 ) ) ??

Summary

•  CTL allows reasoning about possible futures of a state

•  CTL formula is evaluated at a state in a FSM (or equivalently on an infinite computation tree

•  Combine a state op with a path op – State ops: A, E – quantify over possible futures – Path ops: X, F, G – quantify over states in a path


Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible...

Documents

Transcript of Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible...