lecture iv: computation tree logic (ctl)artale/fm/slide4.pdf · summary of lecture iv computation...

41
F ORMAL M ETHODS L ECTURE IV: C OMPUTATION T REE L OGIC (CTL) Alessandro Artale Faculty of Computer Science – Free University of Bolzano Room 2.03 [email protected] http://www.inf.unibz.it/artale/ Some material (text, figures) displayed in these slides is courtesy of: M. Benerecetti, A. Cimatti, M. Fisher, F. Giunchiglia, M. Pistore, M. Roveri, R.Sebastiani. Alessandro Artale (FM – First Semester – 2010/2011) – p. 1/37

Upload: others

Post on 21-May-2020

7 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

FORMAL METHODS

LECTURE IV: COMPUTATION TREE LOGIC (CTL)

Alessandro Artale

Faculty of Computer Science – Free University of Bolzano

Room 2.03

[email protected] http://www.inf.unibz.it/∼artale/

Some material (text, figures) displayed in these slides is courtesy of:

M. Benerecetti, A. Cimatti, M. Fisher, F. Giunchiglia, M. Pistore, M. Roveri, R.Sebastiani.Alessandro Artale (FM – First Semester – 2010/2011) – p. 1/37

Page 2: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary of Lecture IV

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 2/37

Page 3: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Computation Tree logic Vs. LTL

LTL implicitly quantifies universally over paths.

〈K M ,s〉 |= φ iff for every path π starting at s 〈K M ,π〉 |= φ

Properties that assert the existence of a path cannot beexpressed. In particular, properties which mix existential

and universal path quantifiers cannot be expressed.

The Computation Tree Logic—CTL solves theseproblems!

• CTL explicitly introduces path quantifiers!

• CTL is the natural temporal logic interpreted overBranching Time Structures.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 3/37

Page 4: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL at a glance

CTL is evaluated over branching-time structures(Trees).

CTL explicitly introduces path quantifiers:

All Paths: �P

Exists a Path: ♦P .

Every temporal operator ( ,♦, k, U ) preceded by a

path quantifier (�P or ♦P ).

Universal modalities: �P ♦, �P , �P k, �P UThe temporal formula is true in all the paths starting inthe current state.

Existential modalities: ♦P ♦,♦P ,♦Pk,♦P U

The temporal formula is true in some path starting inthe current state.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 4/37

Page 5: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 5/37

Page 6: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL: Syntax

Countable set Σ of atomic propositions: p,q, . . . the set FORM

of formulas is:

ϕ,ψ → p | ⊤ | ⊥ | ¬ϕ | ϕ∧ψ | ϕ∨ψ |

�Pkϕ | �P ϕ | �P ♦ϕ | �P (ϕU ψ)

♦Pkϕ |♦P ϕ |♦P ♦ϕ |♦P (ϕU ψ)

Alessandro Artale (FM – First Semester – 2010/2011) – p. 6/37

Page 7: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Alternative Notation

Alternative notations are used for temporal operators.

♦P E there Exists a path

�P A in All paths

♦ F sometime in the Future

G Globally in the futurek X neXtime

Alessandro Artale (FM – First Semester – 2010/2011) – p. 7/37

Page 8: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL: Semantics

We interpret our CTL temporal formulas over KripkeModels linearized as trees.

done!done

done

done

done done done

done

!done

!done

!done

!done

Universal modalities (�P ♦, �P , �P k, �P U ): thetemporal formula is true in all the paths starting in thecurrent state.

Existential modalities (♦P ♦,♦P ,♦Pk,♦P U ): the

temporal formula is true in some path starting in thecurrent state.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 8/37

Page 9: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL: Semantics (Cont.)

Let Σ be a set of atomic propositions. We interpret our CTLtemporal formulas over Kripke Models:

K M = 〈S, I,R,Σ,L〉

The semantics of a temporal formula is provided by thesatisfaction relation:

|= : (K M ×S×FORM) →{true, false}

Alessandro Artale (FM – First Semester – 2010/2011) – p. 9/37

Page 10: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Semantics: The Propositional Aspect

We start by defining when an atomic proposition is true at astate/time “si”

K M , si |= p iff p ∈ L(si) (for p ∈ Σ)

The semantics for the classical operators is as expected:

K M , si |= ¬ϕ iff K M , si 6|= ϕ

K M , si |= ϕ∧ψ iff K M , si |= ϕ and K M , si |= ψ

K M , si |= ϕ∨ψ iff K M , si |= ϕ or K M , si |= ψ

K M , si |= ϕ ⇒ ψ iff if K M , si |= ϕ then K M , si |= ψ

K M , si |= ⊤

K M , si 6|= ⊥Alessandro Artale (FM – First Semester – 2010/2011) – p. 10/37

Page 11: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Semantics: The Temporal Aspect

Temporal operators have the following semantics where

π=(si,si+1, . . .) is a generic path outgoing from state siinK M .

K M ,si |= �Pjϕ iff ∀π = (si,si+1, . . .) K M ,si+1 |= ϕ

K M ,si |=♦P jϕ iff ∃π = (si,si+1, . . .) K M ,si+1 |= ϕ

K M ,si |= �P ϕ iff ∀π = (si,si+1, . . .) ∀ j ≥ i.K M ,s j |= ϕ

K M ,si |=♦P ϕ iff ∃π = (si,si+1, . . .) ∀ j ≥ i.K M ,s j |= ϕ

K M ,si |= �P ♦ϕ iff ∀π = (si,si+1, . . .) ∃ j ≥ i.K M ,s j |= ϕ

K M ,si |=♦P ♦ϕ iff ∃π = (si,si+1, . . .) ∃ j ≥ i.K M ,s j |= ϕ

K M ,si |= �P (ϕU ψ) iff ∀π = (si,si+1, . . .) ∃ j ≥ i.K M ,s j |= ψ and

∀i ≤ k < j : M,sk |= ϕ

K M ,si |=♦P (ϕU ψ) iff ∃π = (si,si+1, . . .) ∃ j ≥ i.K M ,s j |= ψ and

∀i ≤ k < j : K M ,sk |= ϕ

Alessandro Artale (FM – First Semester – 2010/2011) – p. 11/37

Page 12: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Semantics: Intuitions

CTL is given by the standard boolean logic enhanced withtemporal operators.

⊲ “Necessarily Next”. �P kϕ is true in st iff ϕ is true in everysuccessor state st+1

⊲ “Possibly Next”. ♦Pkϕ is true in st iff ϕ is true in one

successor state st+1

⊲ “Necessarily in the future” (or “Inevitably”). �P ♦ϕ is true in st

iff ϕ is inevitably true in some st ′ with t ′ ≥ t

⊲ “Possibly in the future” (or “Possibly”). ♦P ♦ϕ is true in st iff ϕmay be true in some st ′ with t ′ ≥ t

Alessandro Artale (FM – First Semester – 2010/2011) – p. 12/37

Page 13: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Semantics: Intuitions (Cont.)

⊲ “Globally” (or “always”). �P ϕ is true in st iff ϕ is true in all

st ′ with t ′ ≥ t

⊲ “Possibly henceforth”. ♦P ϕ is true in st iff ϕ is possibly truehenceforth

⊲ “Necessarily Until”. �P (ϕU ψ) is true in st iff necessarily ϕholds until ψ holds.

⊲ “Possibly Until”. ♦P (ϕU ψ) is true in st iff possibly ϕ holdsuntil ψ holds.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 13/37

Page 14: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL Semantics: Intuitions (Cont.)

Pfinally Pglobally Pnext P until q

PEF PEX P U q]E[PEG

AFP AXP P U qA[ ]AGP

Alessandro Artale (FM – First Semester – 2010/2011) – p. 14/37

Page 15: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

A Complete Set of CTL Operators

All CTL operators can be expressed via: ♦Pk,♦P ,♦P U

�Pkϕ ≡ ¬♦P

k¬ϕ

�P ♦ϕ ≡ ¬♦P ¬ϕ

♦P ♦ϕ ≡♦P (⊤U ϕ)

�P ϕ ≡ ¬♦P ♦¬ϕ ≡ ¬♦P (⊤U ¬ϕ)

�P (ϕU ψ) ≡ ¬♦P ¬ψ∧¬♦P (¬ψU (¬ϕ∧¬ψ))

Alessandro Artale (FM – First Semester – 2010/2011) – p. 15/37

Page 16: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 16/37

Page 17: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Safety Properties

Safety:

“something bad will not happen”

Typical examples:

�P ¬(reactor_temp > 1000)

�P ¬(one_way∧ �P kother_way)

�P ¬((x = 0)∧ �P k�P

k�P

k(y = z/x))

and so on.....

Usually: �P ¬....

Alessandro Artale (FM – First Semester – 2010/2011) – p. 17/37

Page 18: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Liveness Properties

Liveness:

“something good will happen”

Typical examples:

�P ♦rich

�P ♦(x > 5)

�P (start ⇒ �P ♦terminate)

and so on.....

Usually: �P ♦ . . .

Alessandro Artale (FM – First Semester – 2010/2011) – p. 18/37

Page 19: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Fairness Properties

Often only really useful when scheduling processes,responding to messages, etc.

Fairness:

“something is successful/allocated infinitely often”

Typical example:

�P (�P ♦enabled)

Usually: �P �P ♦ . . .

Alessandro Artale (FM – First Semester – 2010/2011) – p. 19/37

Page 20: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 20/37

Page 21: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

The CTL Model Checking Problem

The CTL Model Checking Problem is formulated as:

K M |= φ

Check if K M ,s0 |= φ, for every initial state, s0, of the Kripke

structure K M .

Alessandro Artale (FM – First Semester – 2010/2011) – p. 21/37

Page 22: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 1: Mutual Exclusion (Safety)

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P ¬(C1 ∧C2) ?

Alessandro Artale (FM – First Semester – 2010/2011) – p. 22/37

Page 23: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 1: Mutual Exclusion (Safety)

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P ¬(C1 ∧C2) ?

YES: There is no reachable state in which (C1 ∧C2) holds!

(Same as the ¬(C1 ∧C2) in LTL.)

Alessandro Artale (FM – First Semester – 2010/2011) – p. 22/37

Page 24: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 2: Liveness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P (T1 ⇒ �P ♦C1) ?

Alessandro Artale (FM – First Semester – 2010/2011) – p. 23/37

Page 25: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 2: Liveness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P (T1 ⇒ �P ♦C1) ?

YES: every path starting from each state where T1 holdspasses through a state where C1 holds.

(Same as (T1 ⇒♦C1) in LTL)Alessandro Artale (FM – First Semester – 2010/2011) – p. 23/37

Page 26: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 3: Fairness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P �P ♦C1 ?

Alessandro Artale (FM – First Semester – 2010/2011) – p. 24/37

Page 27: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 3: Fairness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P �P ♦C1 ?

NO: e.g., in the initial state, there is the blue cyclic path in

which C1 never holds! (Same as ♦C1 in LTL)

Alessandro Artale (FM – First Semester – 2010/2011) – p. 24/37

Page 28: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 4: Non-Blocking

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P (N1 ⇒♦P ♦T1) ?

Alessandro Artale (FM – First Semester – 2010/2011) – p. 25/37

Page 29: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Example 4: Non-Blocking

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= �P (N1 ⇒♦P ♦T1) ?

YES: from each state where N1 holds there is a path leadingto a state where T1 holds. (No corresponding LTL formulas)

Alessandro Artale (FM – First Semester – 2010/2011) – p. 25/37

Page 30: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 26/37

Page 31: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

LTL Vs. CTL: Expressiveness

⊲ Many CTL formulas cannot be expressed in LTL(e.g., those containing paths quantified existentially)

E.g., �P (N1 ⇒♦P ♦T1)

⊲ Many LTL formulas cannot be expressed in CTL

E.g., ♦T1 ⇒ ♦C1 (Strong Fairness in LTL)i.e, formulas that select a range of paths with a property

(♦p ⇒♦q Vs. �P (p ⇒ �P ♦q))

⊲ Some formluas can be expressed both in LTL and in CTL(typically LTL formulas with operators of nesting depth 1)

E.g., ¬(C1 ∧C2), ♦C1, (T1 ⇒♦C1), ♦C1

Alessandro Artale (FM – First Semester – 2010/2011) – p. 27/37

Page 32: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

LTL Vs. CTL: Expressiveness (Cont.)

CTL and LTL have incomparable expressive power.

The choice between LTL and CTL depends on theapplication and the personal preferences.

CTLLTL

Alessandro Artale (FM – First Semester – 2010/2011) – p. 28/37

Page 33: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 29/37

Page 34: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

The Computation Tree Logic CTL*

CTL* is a logic that combines the expressive power ofLTL and CTL.

Temporal operators can be applied without anyconstraints.

• �P ( kϕ∨ k kϕ).Along all paths, ϕ is true in the next state or the next twosteps.

• ♦P ( ♦ϕ).There is a path along which ϕ is infinitely often true.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 30/37

Page 35: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL*: Syntax

Countable set Σ of atomic propositions: p,q, . . . wedistinguish between States Formulas (evaluated on states):

ϕ,ψ → p | ⊤ | ⊥ | ¬ϕ | ϕ∧ψ | ϕ∨ψ |

�P α |♦P α

and Path Formulas (evaluated on paths):

α,β → ϕ |

¬α | α∧β | α∨β |kα | α |♦α | (αU β)

The set of CTL* formulas FORM is the set of state formulas.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 31/37

Page 36: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL* Semantics: State Formulas

We start by defining when an atomic proposition is true at astate “s0”

K M , s0 |= p iff p ∈ L(s0) (for p ∈ Σ)

The semantics for State Formulas is the following whereπ = (s0,s1, . . .) is a generic path outgoing from state s0:

K M , s0 |= ¬ϕ iff K M , s0 6|= ϕ

K M , s0 |= ϕ∧ψ iff K M , s0 |= ϕ and K M , s0 |= ψ

K M , s0 |= ϕ∨ψ iff K M , s0 |= ϕ or K M , s0 |= ψ

K M , s0 |=♦P α iff ∃π = (s0,s1, . . .)such that K M ,π |= α

K M , s0 |= �P α iff ∀π = (s0,s1, . . .) then K M ,π |= α

Alessandro Artale (FM – First Semester – 2010/2011) – p. 32/37

Page 37: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL* Semantics: Path Formulas

The semantics for Path Formulas is the following where

π = (s0,s1, . . .) is a generic path outgoing from state s0 and πi

denotes the suffix path (si,si+1, . . .):

K M , π |= ϕ iff K M , s0 |= ϕ

K M , π |= ¬α iff K M , π 6|= α

K M , π |= α∧β iff K M , π |= α and K M , π |= β

K M , π |= α∨β iff K M , π |= α or K M , π |= β

K M , π |=♦α iff ∃i ≥ 0such that K M ,πi |= α

K M , π |= α iff ∀i ≥ 0 then K M ,πi |= α

K M , π |= kα iff K M ,π1 |= α

K M , π |= αU β iff ∃i ≥ 0such that K M ,πi |= β and∀ j.(0 ≤ j ≤ i) then K M ,π j |= α

Alessandro Artale (FM – First Semester – 2010/2011) – p. 33/37

Page 38: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTLs Vs LTL Vs CTL: Expressiveness

CTL* subsumes both CTL and LTL

⊲ ϕ in CTL =⇒ ϕ in CTL* (e.g., �P (N1 ⇒♦P ♦T1))

⊲ ϕ in LTL =⇒ �P ϕ in CTL* (e.g., �P ( ♦T1 ⇒ ♦C1))

⊲ LTL ∪ CTL ⊂ CTL* (e.g., ♦P ( ♦p ⇒ ♦q))

CTLLTL

CTL*

Alessandro Artale (FM – First Semester – 2010/2011) – p. 34/37

Page 39: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL* Vs LTL Vs CTL: Complexity

The following Table shows the Computational Complexity ofchecking Satisbiability

Logic Complexity

LTL PSpace-Complete

CTL ExpTime-Complete

CTL* 2ExpTime-Complete

Alessandro Artale (FM – First Semester – 2010/2011) – p. 35/37

Page 40: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

CTL* Vs LTL Vs CTL: Complexity (Cont.)

The following Table shows the Computational Complexity ofModel Checking (M.C.)

• Since M.C. has 2 inputs – the model, M , and theformula, ϕ – we give two complexity measures.

Logic Complexity w.r.t. | ϕ | Complexity w.r.t. |M |

LTL PSpace-Complete P (linear)

CTL P-Complete P (linear)

CTL* PSpace-Complete P (linear)

Alessandro Artale (FM – First Semester – 2010/2011) – p. 36/37

Page 41: LECTURE IV: COMPUTATION TREE LOGIC (CTL)artale/FM/slide4.pdf · Summary of Lecture IV Computation Tree Logic: Intuitions. CTL: Syntax and Semantics. CTL in Computer Science. CTL and

Summary of Lecture IV

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.

CTL*.

Alessandro Artale (FM – First Semester – 2010/2011) – p. 37/37