15-820A
1
LTL to Büchi Automata
LTL to Büchi Automata
Flavio Lerda
15-820A
2
LTL to Büchi Automata
LTL Formulas
• Subset of CTL*– Distinct from CTL
• AFG p LTL f CTL . f ≠ AFG p
• Contains a single universal quantifier– The path formula f holds for every path
• Commonly:– A is omitted– G is replaced by (box or always)– F is replaced by (diamond or eventually)
15-820A
3
LTL to Büchi Automata
Examples of LTL formulas
• Always eventually p: p– AGF p or AG AF p
• Always after p eventually q ( p q)– AG (p -> F q) or AG (p -> AF q)
• Fairness– ( p ) – A ((GF p) ) Not a CTL formula
15-820A
4
LTL to Büchi Automata
LTL Semantics
• Derived from the CTL* semantics• Given an infinite execution trace =s0s1…
╞ p p(s0)╞ ¬ ¬( ╞ )
╞ 1 2 ╞ 1 ╞ 2
╞ 1 2 ╞ 1 ╞ 2
╞ i 0 i╞ ╞ i 0 i╞ ╞ 1 U 2i 0 i╞ 2 0 j< i j╞ 1
i is the suffix of starting at si
15-820A
5
LTL to Büchi Automata
Büchi Automata
• Automaton which accepts infinite traces• A Büchi automaton is 4-tupleS, I,, F
– S is a finite set of states– I S is a set of initial states S S is a transition relation– F S is a set of accepting states
• An infinite sequence of states is accepted iff it contains accepting states infinitely often
15-820A
6
LTL to Büchi Automata
Example
S0 S1 S2
1=S0S1S2S2S2S2…
2=S0S1S2S1S2S1…
3=S0S1S2S1S1S1…
ACCEPTED
ACCEPTED
REJECTED
15-820A
7
LTL to Büchi Automata
LTL and Büchi Automata
• LTL formula– Represents a set of infinite traces which
satisfy such formula
• Büchi Automaton– Accepts a set of infinite traces
• We can build an automaton which accepts all and only the infinite traces represented by an LTL formula
15-820A
8
LTL to Büchi Automata
Labeled Büchi Automata
• Given a set of atomic proposition P– Define a labeling function
: S 2P
– Each state is assigned a set of propositions that must be true
• Similar to the labeling for the model M
15-820A
9
LTL to Büchi Automata
Generating Büchi Automata
• We need a procedure to generate a Büchi automaton given an LTL formula– Efficiently
• Formulas are usually small• Büchi automaton exponential in the size of the formula• The cost of model checking is proportional to the size of the
automaton
– Non-deterministic Büchi automata are not equivalent to deterministic Büchi automata
• Cannot use automata minimization algorithms
– Finding the minimal automata is exponential
15-820A
10
LTL to Büchi Automata
Approach
• Formula rewriting– Rewrite the formula in negated normal form– Apply rewriting rules
• Core translation– Turns an LTL formula into a generalized Büchi
automaton
• Degeneralization– Turns a generalized Büchi automaton into a
Büchi automaton
15-820A
11
LTL to Büchi Automata
Rewriting
• Negated normal form– Negation appears only in front of literals– Use the following identities
• ¬¬ = • ¬G = F ¬• ¬F = G ¬• ¬( U ) = (¬) V (¬)• ¬( V ) = (¬) U (¬)
• V (sometimes R) is the Release operator– Dual of Until
15-820A
12
LTL to Büchi Automata
Rewriting
• Additional rewriting rules– They are not guaranteed to yield smaller
automata– The size of the automaton is exponential in
the size of the formula
• Examples– (X ) U (X ) X ( U )– (X ) (X ) X ( )– GF GF GF ( )
15-820A
13
LTL to Büchi Automata
Rewriting
• The core algorithm only handles , , V, U
• Use the following:– F T U – G ¬F ¬ ¬(T U ¬) = F V
15-820A
14
LTL to Büchi Automata
Core Translation
Idea
• Make use of the following U ( X( U ))
V ( X( V ))
15-820A
15
LTL to Büchi Automata
ExampleF p
(T U p)Old:{}New:{T U p}Next:{}
Old:{T U p}New:{T}Next:{T U p}
Old:{T U p}New:{p}Next:{}
Old:{T U p}New:{}Next:{T U p}
Old:{T U p}Next:{T U p}
Old:{T U p, p}New:{}Next:{}
Old:{T U p, p}Next:{}
T pp
Old:{}New:{}Next:{}
Old:{}Next:{}
15-820A
16
LTL to Büchi Automata
Core Translation
• Node– Represent a sub-formula– Contain information about the past, the
present and the future
• State– Represents a state in the final automaton– They are the nodes that have fully expanded
15-820A
17
LTL to Büchi Automata
Core Translation
• Expansion– Select a formula from the New field– If it is a literal, add it to the Old field– Otherwise
(New{},Next{}) and (New{},Next{})
U (New{},New{ U }) and (New{},Next{})
V (New{},New{ V }) and
(New{,},Next{})
U ( X( U )) V ( X( V ))
15-820A
18
LTL to Büchi Automata
Core Translation
• Nodes to states– If a node has no New formulas– Create a new node with all the Next formulas– Create an edge between the two nodes– Check if there is any equivalent state
• With the same Next field• With the same Old field
15-820A
19
LTL to Büchi Automata
Core Translation
• Accepting states– Generalized Büchi automaton
• Multiple accepting sets– One for each Until sub-formula ( U )– Such that
• The Old field doesn’t contain U
or• The Old field does contain
15-820A
20
LTL to Büchi Automata
Degeneralization
• Turn a generalized Büchi automaton into a Büchi automaton
• Consider as many copies of the automaton as the number of accepting sets
• Replace incoming edges from accepting states with edges to the next copy
• Each cycle must go through every copy• Each cycle must contains accepting states from
each accepting set
15-820A
21
LTL to Büchi Automata
Example
T
a b
T
a b
T
1
1,2
2
F a F b
15-820A
22
LTL to Büchi Automata
Example
T
a b
T
a
T
T
a b
T
b
T
15-820A
23
LTL to Büchi Automata
Example
T
a b
T
a
T
T
a b
T
b
T
15-820A
24
LTL to Büchi Automata
Example
T
a b
T
a
T
T
a b
T
15-820A
25
LTL to Büchi Automata
Example
T
a b
T
a
T T
15-820A
26
LTL to Büchi Automata
Example
T
a b
T
a
TT
15-820A
27
LTL to Büchi Automata
Optimizations
• Can be done at each stage• Try to minimize
– The number of states and transitions– The number of accepting states
• Involve– Strongly connected components– Fair (bi)simulation
• Expensive but– The Büchi automaton is usually small– The saving during verification can be very high