computation tree logiccse814/lectures/16_introctl.pdf · • ctl allows reasoning about possible...
TRANSCRIPT
![Page 1: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/1.jpg)
Computation Tree Logic
CSE 814 1 Introduction to CTL
![Page 2: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/2.jpg)
Outline
• Motivation • CTL structures • Syntax of CTL • Semantics of CTL • Some examples
CSE 814 Introduction to CTL 2
![Page 3: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/3.jpg)
View Time as Branching
• Processes make choices as they execute
• Outcomes of choices cause different futures
• Branching-time logics allow quantification over the possible futures
CSE 814 Introduction to CTL 3
x=0 y=0
x=1 y=0
x=1 y=1
s0: s1:
s2:
![Page 4: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/4.jpg)
View Time as Branching
Two types of operators • Path operators:
U (until), F (sometime), G (always) • State operators:
A (on all paths), E (on some path) CSE 814 Introduction to CTL 4
x=0 y=0
x=1 y=0
x=1 y=1
s0: s1:
s2:
s0
s1
s0
s1
s2
s0
s0
s1
s2
s0
…
…
…
![Page 5: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/5.jpg)
CTL Structures: FSM
• Assume a set of primitive propositions, P
• A finite state model M is a triple M = (S, R, L) where – S is a finite set of states – R ⊆ S × S is a (total) transition relation – L: S → 2P labels each state with a set of propositions
• A path, ρ, is an infinite sequence of states
ρ : s0, s1, s2, … such that (si, si+1) ∈ R, for i ≥ 0
CSE 814 Introduction to CTL 5
![Page 6: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/6.jpg)
CTL Structures: Computation Trees
• A finite state model M = (S, R, L) and a state s0 ∈ S define an infinite computation tree T where: – the root of T is labeled s0 and – T contains an edge from a node labeled s to a node
labeled t iff (s, t) ∈ R
• A CTL formula is evaluated on a computation tree, i.e, at a state in a FSM
CSE 814 Introduction to CTL 6
![Page 7: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/7.jpg)
Example: FSM
• P: {x=0, x=1, y=0, y=1} • S: {s0, s1, s2} • R:
{(s0, s1), (s1, s0), (s1, s2), (s2, s0)}
• L: L(s0) = {x=0, y=0} L(s1) = {x=1, y=0} L(s2) = {x=1, y=1}
CSE 814 Introduction to CTL 7
x=0 y=0
x=1 y=0
x=1 y=1
s0: s1:
s2:
![Page 8: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/8.jpg)
Example: Some paths
s0, s1, s0, s1, s0 , s1, s0 , s1, s0, …
s0, s1, s2, s0, s1, s2, s0, s1, s2, …
s0, s1, s0, s1, s2, s0, s1, s2, s0, …
s0, s1, s0, s1, s2 , s0, s1, s0, s1, …
…
CSE 814 Introduction to CTL 8
x=0 y=0
x=1 y=0
x=1 y=1
s0: s1:
s2:
![Page 9: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/9.jpg)
Example: Computation Trees
CSE 814 Introduction to CTL 9
s0
s1
s0
s1
s2
s0
s0
s1
s2
s0
…
…
…
s1
s0
s1
s2
s0
s0
s1
s2
s0
…
…
…
s0
s1
s0
s1
s2
s0
s0 s2 …
…
…
s2
![Page 10: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/10.jpg)
Syntax of CTL
The CTL formulas over P are defined inductively:
CSE 814 Introduction to CTL 10
If p ∈ P and f and g are CTL formulas, then the following are CTL formulas: (Propositions) p
(Boolean operators) ¬ f f ∧ g f ∨ g …
(Temporal operators) AXf On all paths, next f EXf On some path, next f A[f U g] On all paths, f until g E[f U g] On some path, f until g
![Page 11: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/11.jpg)
Semantics of CTL
• A CTL formula is evaluated at a state s0 ∈ S in a finite state model M = (S, R, L).
• The models relation is defined inductively:
Proposition p: (M, s0) ⊨ p if p ∈ L(s0)
Boolean operators, as usual: (M, s0) ⊨ ¬ f iff ¬ ( (M, s0) ⊨ f ) (M, s0) ⊨ f ∧ g iff ( (M, s0) ⊨ f ∧ (M, s0) ⊨ g ) (M, s0) ⊨ f ∨ g iff ( (M, s0) ⊨ f ∨ (M, s0) ⊨ g ) …
CSE 814 Introduction to CTL 11
![Page 12: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/12.jpg)
Semantics: CTL Temporal Operators
Always Next: (M, s0) ⊨ AXf iff ∀t ( (s0, t) ∈ R ⇒ (M, t) ⊨ f )
Sometime Next: (M, s0) ⊨ EXf iff ∃ t ( (s0, t) ∈ R ∧ (M, t) ⊨ f )
CSE 814 Introduction to CTL 12
…
…
…
…
AXf
f f
…
…
…
…
f
EXf
![Page 13: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/13.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ A[f U g] iff for all paths (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ g ∧ ∀j (0 ≤ j < i ⇒ (M, sj) ⊨ f ) ]
CSE 814 Introduction to CTL 13
Always Until:
…
…
…
…
f, A[f U g]
f
g g
g
![Page 14: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/14.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ E[f U g] iff for some path (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ g ∧ ∀j (0 ≤ j < i ⇒ (M, sj) ⊨ f ) ]
CSE 814 Introduction to CTL 14
Always Until:
…
…
…
…
f, E[f U g]
f
g
![Page 15: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/15.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ AF( f ) iff for all paths (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ f ]
CSE 814 Introduction to CTL 15
Inevitably: AF( f ) ≡ A[True U f ]
…
…
…
…
AF(f)
f
f f
![Page 16: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/16.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ EF( f ) iff for some path (s0, s1, s2, …), ∃ i ≥ 0 [(M, si) ⊨ f ]
CSE 814 Introduction to CTL 16
Potentially: EF( f ) ≡ E[True U f ]
…
…
…
…
AF(f)
f
![Page 17: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/17.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ EG( f ) iff for some path (s0, s1, s2, …), ∀ i ≥ 0 [(M, si) ⊨ f ]
CSE 814 Introduction to CTL 17
EG( f ) ≡ ¬ AF(¬f )
…
…
…
…
f, AF(f)
f
f
![Page 18: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/18.jpg)
Semantics: CTL Temporal Operators
(M, s0) ⊨ AG( f ) iff for all path (s0, s1, s2, …), ∀ i ≥ 0 [(M, si) ⊨ f ]
CSE 814 Introduction to CTL 18
Globally: AG( f ) ≡ ¬ EF(¬f )
…
…
…
…
f, AF(f)
f
f
![Page 19: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/19.jpg)
Example: Mutex Protocol
CSE 814 Introduction to CTL 19
N1, N2 turn=0
T1, N2 turn=1
C1, N2 turn=1
T1, T2 turn=1
C1, T2 turn=1
N1, T2 turn=2
T1, T2 turn=2
N1, C2 turn=2
T1, C2 turn=2
C – in critical section (CS); N – not ready to enter CS; T – trying to enter CS
![Page 20: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/20.jpg)
Example: Mutex Protocol
CSE 814 Introduction to CTL 20
N1, N2 turn=0
T1, N2 turn=1
C1, N2 turn=1
T1, T2 turn=1
C1, T2 turn=1
N1, T2 turn=2
T1, T2 turn=2
N1, C2 turn=2
T1, C2 turn=2
(M, sinit) ⊨ AG(¬ C1 ∨ ¬ C2) ??
![Page 21: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/21.jpg)
Example: Mutex Protocol
CSE 814 Introduction to CTL 21
N1, N2 turn=0
T1, N2 turn=1
C1, N2 turn=1
T1, T2 turn=1
C1, T2 turn=1
N1, T2 turn=2
T1, T2 turn=2
N1, C2 turn=2
T1, C2 turn=2
(M, sinit) ⊨ AF( C1 ) ??
![Page 22: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/22.jpg)
Example: Mutex Protocol
CSE 814 Introduction to CTL 22
N1, N2 turn=0
T1, N2 turn=1
C1, N2 turn=1
T1, T2 turn=1
C1, T2 turn=1
N1, T2 turn=2
T1, T2 turn=2
N1, C2 turn=2
T1, C2 turn=2
(M, sinit) ⊨ AG( T1 ⇒ AF( C1 ) ) ??
![Page 23: Computation Tree Logiccse814/Lectures/16_introCTL.pdf · • CTL allows reasoning about possible futures of a state • CTL formula is evaluated at a state in a FSM (or equivalently](https://reader030.vdocuments.net/reader030/viewer/2022040510/5e57c179a988034dd34edff1/html5/thumbnails/23.jpg)
Summary
• CTL allows reasoning about possible futures of a state
• CTL formula is evaluated at a state in a FSM (or equivalently on an infinite computation tree
• Combine a state op with a path op – State ops: A, E – quantify over possible futures – Path ops: X, F, G – quantify over states in a path
CSE 814 Introduction to CTL 23