COMPUTATION TREE LOGIC (CTL)

8/15/2019 COMPUTATION TREE LOGIC (CTL)

1/41

FORMAL METHODS

LECTURE IV: COMPUTATION TREE LOGIC (CTL)

Alessandro Artale

Faculty of Computer Science – Free University of Bolzano

Room 2.03

[email protected] http://www.inf.unibz.it/∼artale/

Some material (text, figures) displayed in these slides is courtesy of:

M. Benerecetti, A. Cimatti, M. Fisher, F. Giunchiglia, M. Pistore, M. Roveri, R.Sebastiani.Alessandro Artale FM – First Semester – 2010/2011 – . 1/37


2/41

a a S 0 0/ 0 /3


3/41

Computation Tree logic Vs. LTL

LTL implicitly quantifies universally over paths.

K M ,s |= φ iff for every path π starting at s K M ,π |= φ

Properties that assert the existence of a path cannot beexpressed. In particular, properties which mix existential

and universal path quantifiers cannot be expressed.The Computation Tree Logic—CTL solves theseproblems!

• CTL explicitly introduces path quantifiers!• CTL is the natural temporal logic interpreted over

Branching Time Structures.

Alessandro Artale FM – First Semester – 2010/2011 – . 3/37


4/41

CTL at a glance

CTL is evaluated over branching-time structures(Trees).

CTL explicitly introduces path quantifiers:

All Paths: P

Exists a Path: ♦P .

Every temporal operator ( ,

♦, , U ) preceded by a

path quantifier (P or ♦P ).

Universal modalities: P ♦, P , P , P U

The temporal formula is true in all the paths starting inthe current state.

Existential modalities: ♦P ♦,♦P ,♦P ,♦P U The temporal formula is true in some path starting inthe current state.



5/41

Summary

Computation Tree Logic: Intuitions.

CTL: Syntax and Semantics.

CTL in Computer Science.

CTL and Model Checking: Examples.

CTL Vs. LTL.CTL*.



6/41

CTL: Syntax

Countable set Σ of atomic propositions: p,q, . . . the set FORMof formulas is:

ϕ,ψ → p | ⊤ | ⊥ | ¬ϕ | ϕ∧ψ | ϕ∨ψ |

P ϕ | P ϕ | P ♦ϕ | P (ϕU ψ )

♦P ϕ |♦P ϕ |♦P ♦ϕ |♦P (ϕU ψ )



7/41

CTL Alternative Notation

Alternative notations are used for temporal operators.

♦P

E there Exists a pathP A in All paths

♦ F sometime in the Future G Globally in the future

X neXtime



8/41

CTL: Semantics

We interpret our CTL temporal formulas over KripkeModels linearized as trees.

done!done

done

done

done done done

done

!done

!done

!done

!done

Universal modalities (P ♦, P , P , P U ): thetemporal formula is true in all the paths starting in thecurrent state.

Existential modalities (♦P ♦,♦P ,♦P ,♦P U ): the

temporal formula is true in some path starting in thecurrent state.



9/41

CTL: Semantics (Cont.)

Let Σ be a set of atomic propositions. We interpret our CTLtemporal formulas over Kripke Models:

K M = S , I , R,Σ, L

The semantics of a temporal formula is provided by the

satisfaction relation:

|= : (K M ×S ×FORM) →{true, false}

Alessandro Artale FM – First Semester – 2010/2011 – . /37


12/41

CTL Semantics: Intuitions

CTL is given by the standard boolean logic enhanced withtemporal operators.

“Necessarily Next”. P ϕ is true in st iff ϕ is true in everysuccessor state st +1

“Possibly Next”. ♦P ϕ is true in st iff ϕ is true in onesuccessor state st +1“Necessarily in the future” (or “Inevitably”). P ♦ϕ is true in st iff ϕ is inevitably true in some st ′ with t ′ ≥ t

“Possibly in the future” (or “Possibly”). ♦P ♦ϕ is true in st iff ϕmay be true in some st ′ with t

′ ≥ t



13/41

CTL Semantics: Intuitions (Cont.)

“Globally” (or “always”). P ϕ is true in st iff ϕ is true in allst ′ with t

′ ≥ t

“Possibly henceforth”. ♦P ϕ is true in st iff ϕ is possibly truehenceforth

“Necessarily Until”. P

(ϕU ψ ) is true in st iff necessarily ϕholds until ψ holds.

“Possibly Until”. ♦P (ϕU ψ ) is true in st iff possibly ϕ holdsuntil ψ holds.



14/41

CTL Semantics: Intuitions (Cont.)

Pfinally Pglobally Pnext P until q

PEF PEX P U q ]E[PEG

AF P AX P P U q A[ ] AG P



15/41

A Complete Set of CTL Operators

All CTL operators can be expressed via: ♦P ,♦P ,♦P U

P ϕ≡ ¬♦

P

¬ϕP ♦ϕ≡¬♦P ¬ϕ

♦P

♦ϕ≡

♦P (⊤U ϕ)

P ϕ≡ ¬♦P ♦¬ϕ≡ ¬♦P (⊤U ¬ϕ)

P (ϕU ψ ) ≡ ¬♦P ¬ψ ∧¬♦P (¬ψ U (¬ϕ∧¬ψ ))



16/41

Summary





CTL Vs. LTL.CTL*.



17/41

Safety Properties

Safety:

“something bad will not happen”

Typical examples:

P ¬(reactor _ temp > 1000)

P ¬(one _ way∧ P other _ way)

P ¬(( x = 0)∧ P P P ( y = z/ x))

and so on.....

Usually: P ¬....



18/41

Liveness Properties

Liveness:

“something good will happen”

Typical examples:

P ♦rich

P ♦( x > 5)

P (start ⇒ P ♦terminate)and so on.....

Usually: P ♦ . . .



19/41

Fairness Properties

Often only really useful when scheduling processes,responding to messages, etc.

Fairness:

“something is successful/allocated infinitely often”

Typical example:

P (P ♦enabled )

Usually: P P ♦ . . .

Alessandro Artale FM – First Semester – 2010/2011 – . 1 /37


20/41

Summary





CTL Vs. LTL.CTL*.



21/41


22/41

Example 1: Mutual Exclusion (Safety)

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2

N = noncritical, T = trying, C = critical User 1 User 2

N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= P ¬(C 1∧C 2) ?



23/41


24/41

Example 2: Liveness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2turn=1

C1, N2

turn=1

T1, T2

turn=2


N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= P (T 1 ⇒ P ♦C 1) ?



25/41

Example 2: Liveness

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2turn=1

C1, N2

turn=1

T1, T2

turn=2


N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= P (T 1 ⇒ P ♦C 1) ?YES: every path starting from each state where T 1 holds

passes through a state where C 1 holds.(Same as (T 1 ⇒♦C 1) in LTL)



26/41

Example 3: Fairness

N1, N2

turn=0

turn=1

C1, T2

turn=1T1, T2

T1, N2

turn=1

C1, N2turn=1

T1, T2turn=2


N1, T2

turn=2

T1, C2

turn=2

turn=2N1, C2

K M |= P P ♦C 1 ?



27/41

Example 3: Fairness

N1, N2

turn=0

turn=1

C1, T2

turn=1T1, T2

T1, N2

turn=1

C1, N2turn=1

T1, T2turn=2


N1, T2

turn=2

T1, C2

turn=2

turn=2N1, C2

K M |= P P ♦C 1 ?NO: e.g., in the initial state, there is the blue cyclic path in

which C 1 never holds! (Same as ♦C 1 in LTL)



28/41


29/41

Example 4: Non-Blocking

N1, N2

turn=0

turn=1

C1, T2

turn=1

T1, T2

T1, N2

turn=1

C1, N2

turn=1

T1, T2

turn=2


N1, T2

turn=2

T1, C2

turn=2

turn=2

N1, C2

K M |= P ( N 1 ⇒♦P ♦T 1) ?

YES: from each state where N 1 holds there is a path leadingto a state where T 1 holds. (No corresponding LTL formulas)


S


30/41

Summary





CTL Vs. LTL.CTL*.



31/41

LTL V CTL E i (C )


32/41

LTL Vs. CTL: Expressiveness (Cont.)

CTL and LTL have incomparable expressive power.

The choice between LTL and CTL depends on theapplication and the personal preferences.

CTLLTL


S


33/41

Summary





CTL Vs. LTL.CTL*.

Alessandro Artale FM – First Semester – 2010/2011 – . 2 /37

Th C t ti T L i CTL*


34/41

The Computation Tree Logic CTL*

CTL* is a logic that combines the expressive power ofLTL and CTL.

Temporal operators can be applied without anyconstraints.

• P ( ϕ∨ ϕ).

Along all paths, ϕ is true in the next state or the next twosteps.

• ♦P ( ♦ϕ).There is a path along which ϕ is infinitely often true.


CTL* S t


35/41

CTL*: Syntax

Countable set Σ of atomic propositions: p,q, . . . wedistinguish between States Formulas (evaluated on states):

ϕ,ψ → p | ⊤ | ⊥ | ¬ϕ | ϕ∧ψ | ϕ∨ψ |P α |♦P α

and Path Formulas (evaluated on paths):α,β → ϕ |

¬α | α∧β | α∨β | α | α |♦α | (αU β)

The set of CTL* formulas FORM is the set of state formulas.


CTL* S ti St t F l


38/41

CTLs Vs LTL Vs CTL: Expressiveness

CTL* subsumes both CTL and LTL

ϕ in CTL =⇒ ϕ in CTL* (e.g., P ( N 1 ⇒♦P ♦T 1))

ϕ in LTL =⇒ P ϕ in CTL* (e.g., P ( ♦T 1 ⇒ ♦C 1))LTL ∪ CTL ⊂ CTL* (e.g., ♦P ( ♦ p ⇒ ♦q))

CTLLTL

CTL*


CTL* V LTL V CTL C l it


39/41

CTL* Vs LTL Vs CTL: Complexity

The following Table shows the Computational Complexity ofchecking Satisbiability

Logic Complexity

LTL PSpace-CompleteCTL ExpTime-Complete

CTL* 2ExpTime-Complete


CTL* V LTL V CTL C l it (C t )


40/41

CTL* Vs LTL Vs CTL: Complexity (Cont.)

The following Table shows the Computational Complexity ofModel Checking (M.C.)

• Since M.C. has 2 inputs – the model, M , and theformula, ϕ – we give two complexity measures.

Logic Complexity w.r.t. | ϕ | Complexity w.r.t. |M |

LTL PSpace-Complete P (linear)

CTL P-Complete P (linear)

CTL* PSpace-Complete P (linear)


S mmar of Lect re IV


41/41

Summary of Lecture IV





CTL Vs. LTL.CTL*.

Documents

COMPUTATION TREE LOGIC (CTL)