Introduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL

Similar documents
Formal Methods in Software Engineering. Lecture 07

How to Verify a CSP Model? February 28, 2009

Finite State Verification. CSCE Lecture 14-02/25/2016

Deadlocks. Deadlock in Resource Sharing Environment. CIT 595 Spring Recap Example. Representing Deadlock

The Drinking Philosophers Problem-1

Finite State Verification. CSCE Lecture 21-03/28/2017

Software Model Checking: Theory and Practice

Algorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

Formal Specification and Verification

Proving the Correctness of Distributed Algorithms using TLA

T Reactive Systems: Kripke Structures and Automata

Formal Methods for Software Development

3C03 Concurrency: Starvation and Deadlocks

Interprocess Communication By: Kaushik Vaghani

Liveness properties. Deadlock

Class Notes, 3/21/07, Operating Systems

Formal modelling and verification in UPPAAL

Resource Allocation. Pradipta De

Deadlocks: Detection & Avoidance

15-440/15-640: Homework 1 Due: September 27, :30am

[module 2.2] MODELING CONCURRENT PROGRAM EXECUTION

The Dining Philosophers with Pthreads

The Deadlock Lecture

Deadlock. Concepts to discuss. A System Model. Deadlock Characterization. Deadlock: Dining-Philosophers Example. Deadlock: Bridge Crossing Example

Operating Systems 2010/2011

Synchronization Principles II

Chapter 9. Labelled Transition Systems. System Composition. specifications. implementations.

Resource Allocation - Dining Philosophers. Dining Philosophers - Properties. OK? EATING[(i%N)+1]) Impossibility Result for Symmetric Algorithm

CMPT 300 Introduction to Operating Systems

SFDV3006 Concurrent Programming

Using Spin to Help Teach Concurrent Programming

Process Synchronization

Timo Latvala. January 28, 2004

Classical Synchronization Problems. Copyright : University of Illinois CS 241 Staff 1

Dining Philosophers, Semaphores

5. Liveness and Guarded Methods

Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Distributed Systems Programming (F21DS1) Formal Verification

TTM/PAT: Specifying and Verifying Timed Transition Models

Lecture 3: Intro to Concurrent Processing using Semaphores

CMSC 330: Organization of Programming Languages. Threads Classic Concurrency Problems

Operating Systems. Thread Synchronization Primitives. Thomas Ropars.

The Dining Philosophers Problem CMSC 330: Organization of Programming Languages

Lecture Topics. Announcements. Today: Concurrency (Stallings, chapter , 5.7) Next: Exam #1. Self-Study Exercise #5. Project #3 (due 9/28)

Operating Systems 2006/2007

Mutual Exclusion. 1 Formal problem definitions. Time notion CSE /17/2015. Outline of this lecture:

CMSC 330: Organization of Programming Languages. The Dining Philosophers Problem

Quiz Answers. CS 537 Lecture 9 Deadlock. What can go wrong? Readers and Writers Monitor Example

Lecture 27: Safety and Liveness Properties, Java Synchronizers, Dining Philosophers Problem

Verifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China

Deadlock. Disclaimer: some slides are adopted from Dr. Kulkarni s and book authors slides with permission 1

Temporal Logic of Actions (TLA) (a brief introduction) Shmuel Katz Computer Science Department The Technion

Process Management And Synchronization

Roadmap. Readers-Writers Problem. Readers-Writers Problem. Readers-Writers Problem (Cont.) Dining Philosophers Problem.

5 Classical IPC Problems

CSE 20 DISCRETE MATH. Fall

Formal Verification. Lecture 10

CISC 7310X. C10: Deadlocks. Hui Chen Department of Computer & Information Science CUNY Brooklyn College. 4/12/2018 CUNY Brooklyn College

Concurrent Object Oriented Languages

Basic concepts and Terminologies

Dining Philosophers with π-calculus

Back to synchronization

Lecture 11 Lecture 11 Nov 5, 2014

Asynchronous Models. Chapter Asynchronous Processes States, Inputs, and Outputs

High Performance Computing Lecture 21. Matthew Jacob Indian Institute of Science

Yet another synchronization problem

System Software. Computer Science and Engineering College of Engineering The Ohio State University. Lecture 13

Petri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.

Distributed Systems Programming (F21DS1) SPIN: Formal Analysis I

Chapter 3: Propositional Languages

Concurrency pros and cons. Concurrent Programming Problems. Linked list example. Linked list example. Mutual Exclusion. Concurrency is good for users

Introduction to Operating Systems

Last Class: Synchronization Problems!

CSE 4/521 Introduction to Operating Systems

Dealing with Issues for Interprocess Communication

Formal Verification for UML/SysML models

CSE 20 DISCRETE MATH. Winter

Distributed Systems Programming (F21DS1) SPIN: Formal Analysis II

Reducing Fair Stuttering Refinement of Transaction Systems

Frequently asked questions from the previous class survey

A Modification to the Chandy-Misra Dining Philosophers Algorithm to Support Dynamic Resource Conflict Graphs

CHAPTER 6: PROCESS SYNCHRONIZATION

Scheduling. The Basics

Cover Page. The handle holds various files of this Leiden University dissertation

Deadlocks. Copyright : University of Illinois CS 241 Staff 1

Deadlock. INF2140 Parallel Programming: Lecture 6. March 07, INF2140 Parallel Programming: Lecture 6 Deadlock

THE QUEEN S UNIVERSITY OF BELFAST

Process Synchronization

Extending BPEL with transitions that can loop

Chapter 6: Process Synchronization

COMP 150-CCP Concurrent Programming. Lecture 12: Deadlock. Dr. Richard S. Hall

Model Checking with Automata An Overview

Model checking Timber program. Paweł Pietrzak

Chapter 6 Concurrency: Deadlock and Starvation

Process Synchronization

Property-based design with HORUS / SYNTHORUS

Deadlocks: Part I Prevention and Avoidance Yi Shi Fall 2017 Xi an Jiaotong University

Lecture 11: More on invariants and textual reasoning - examples. K. V. S. Prasad Dept of Computer Science Chalmers University Friday 30 Sep 2016

CMU-Q Lecture 6: Planning Graph GRAPHPLAN. Teacher: Gianni A. Di Caro

Transcription:

Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1

Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax & semantics of LTL formulas Example LTL identities Example specifications CSE 814 Introduction to LTL 2

Why Temporal Logic? Classical logic is good for describing static structures: a fixed world Most computing systems are dynamic: worlds change over time Introduce temporal operators to describe how worlds change over time w/o explicitly referring to time CSE 814 Introduction to LTL 3

Why Temporal Logic? Want to be able to specify and verify properties about how a system changes over time (world = system state) Properties of interest include Safety: Nothing bad will happen Liveness: Something good will happen Fairness: Independent subsystems make progress Properties not directly expressible as constraints on a 1-step transition relation CSE 814 Introduction to LTL 4

Resource sharing and deadlock Dining philosophers: abstracts a resource sharing paradigm n ( 5) philosophers alternately think and eat at a round table n chopsticks, one between each pair a philosopher needs the chopstick on the left and on the right to eat Greedy heuristic: Each phil repeatedly: picks up an available chopstick and holds onto it; when other is available, picks it up and eats; puts both chopsticks Deadlock: The system should not reach a state in which no further action is possible CSE 814 Introduction to LTL 5

Greedy algorithm: Deadlock CSE 814 Introduction to LTL 6

Resource sharing and starvation Less greedy heuristic: pick up right chopstick only if left is also available Prevents deadlock Livelock, Starvation: When a subsystem is prevented from taking any action because of resource contention CSE 814 Introduction to LTL 7

Less Greedy algorithm: Starvation CSE 814 Introduction to LTL 8

Fairness Assumptions Weak Fairness: Any action that is continuously enabled will eventually occur Guarantees that a philosopher holding both chopsticks eventually puts them down Does not prevent previous scenario for less greedy philosophers Strong Fairness: Any action that is enabled infinitely often will eventually occur Prevents previous scenario (since picking up right fork is enabled infinitely often) But is it enough to guarantee all philosophers eat infinitely often? CSE 814 Introduction to LTL 9

Why Temporal Logic? Allows specification of properties such as Safety: Nothing bad ever happen e.g., no deadlock e.g., no violation of mutual exclusion Liveness: Something good eventually happens e.g., if a chopstick is held, it is eventually put down e.g., a program eventually terminates Fairness: Describe assumptions necessary to guarantee that a subsystem makes progress e.g., if a philosopher s chopstick is available infinitely often, the philosopher will eventually get to pick it up (strong fairness) CSE 814 Introduction to LTL 10

Temporal Logics Introduce temporal operators to describe how worlds change over time w/o explicitly referring to time Vary in how they view time Linear time: quantify over the worlds in an execution path Branching time: quantify over both execution paths and worlds Underlying both: Computation abstracted as a finite-state labeled transition system (LTS) CSE 814 Introduction to LTL 11

Propositions and States LTL is defined relative to a set of primitive propositions, P Example primitive proposition: wait i,l phil i is waiting to pick up the left fork eat i phil i is eating turn i,j it is phil i s turn to use fork j incs A process A is executing in a critical section x = 0 the value of variable x is 0 p@1 process p is at line 1 A state, s, is defined by the set of primitive propositions that are true in that state i.e., CSE 814 Introduction to LTL 12

LTL Temporal Operators Quantify over the states in a sequence of states. Informally, given PLTL formulas, f and g Next f: f is true at the next state Henceforth f: f is true at all future states Eventually f: f is true at some future state f until g: g is true at some future state and f is true at each state until then Alternate notations: X for Next instead of circle, G for Henceforth instead of a box F for Eventually instead of a diamond CSE 814 Introduction to LTL 13

Syntax of LTL The set of well-formed LTL formulas (relative to P ) is defined inductively by the following formation rules: CSE 814 Introduction to LTL 14

Semantics of LTL Terminology: xx xx xx CSE 814 Introduction to LTL 15

Semantics of LTL CSE 814 Introduction to LTL 16

Semantics of LTL Eventually f : (, j) = 3f i 9 k (k j ^ (, k) = f ) CSE 814 Introduction to LTL 17

Semantics of LTL Strong until -- because g must be satisfied in the future CSE 814 Introduction to LTL 18

Semantics of LTL Boolean operators defined in the usual manner... CSE 814 Introduction to LTL 19

Some LTL identities Henceforth and Eventually are duals: Henceforth and Eventually are idempotent: Henceforth, Eventually are derivable from Until Waits for (weak until) operator, W, can be defined CSE 814 Introduction to LTL 20

Some LTL identities Distributive properties Many other identities CSE 814 Introduction to LTL 21

Some example specifications Suppose incs X denotes process X is in the critical section Process A and B are never both in their critical sections at the same time (mutual exclusion) Neither process monopolizes the critical section CSE 814 Introduction to LTL 22

Some example specifications Given primitive proposition: wait i,r phil i is waiting to pick up the right fork eat i phil i is eating turn i,j it is phil i s turn to use fork j A philosopher waits continuously until she eats Corollary: No (hungry) philosopher starves CSE 814 Introduction to LTL 23

Some example specifications The philosophers take turns fairly CSE 814 Introduction to LTL 24

Exercise Given primitive proposition: begin p control is as the start of procedure p pre p procedure p s precondition is true end p control is at the end of procedure p post p procedure p s post condition is true in p control is in procedure p Write a temporal logic formula that expresses partial correctness Write a temporal logic formula that expresses total correctness CSE 814 Introduction to LTL 25

Acknowledgements Formal Methods: Lecture III: Linear Time Temporal Logic, A. Artale, Free University of Bolzano, http://web.iitd.ac.in/~sumeet/slide3.pdf An Introduction to Temporal Logics, M. Lawford, McMaster University, https://www.cas.mcmaster.ca/~lawford/.../model.pdf V.S. Alagar, K. Periyasamy, Specification of Software Systems, Chapter 11, DOI 10.1007/978-0-85729-277-3_11 Temporal Verification of Reactive Systems, Z. Manna & A. Pnueli, Springer, 1995. CSE 814 Introduction to LTL 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback