Embed Size (px)
Citation preview
Unit-7: Linear Temporal Logic
B. Srivathsan
Chennai Mathematical Institute
NPTEL-course
July - November 2015
1/13
Module 1:Introduction to LTL
2/13
Transition Systems
+ G, F, X, GF
+NuSMV
Automata
Unit: 4
BüchiAutomata
Unit: 5,6
LTL
Unit: 7,8
CTL
Unit: 9
State-spaceexplosion
Unit: 10
3/13
p1: (request=1) p2: (status=busy)
Atomic propositions
{ p1 } { p1,p2 }
{ p2 }{}
request=1ready
request=1busy
request=0ready
request=0busy
MODULE main
VARrequest: boolean;
status: {ready, busy}
ASSIGNinit(status) := ready;
next(status) := caserequest : busy;
TRUE : {ready,busy};esac;
4/7
Transition System
AP = { p1, p2 }
Property
P
Transition system TS satisfies property P if
Traces(TS) ✓ P
4/13
Specifying properties
G, F, X, GF Finite Automata !-regular expressions
Here: Another formalism - Linear Temporal Logic
5/13
Specifying properties
G, F, X, GF Finite Automata !-regular expressions
Here: Another formalism - Linear Temporal Logic
5/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� :=
true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true |
pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi |
�1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP
�1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 |
¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 |
X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 |
X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � |
�1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � |
�1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1
F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)
G p1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6. . .{p1} {p1} {} {p2} {p1}
¬(p1 U p2)
. . .{p1,p3} {p1} {p1} {p2} {p1,p3}
p1 U (p2 ^ X p3)
. . .{p1} { } { } {p2} {p1}
X(¬p1 U p2)
. . .{p2} {p3} {p2} { } {p1}
true U p1F p1
. . .{p1} {p1,p2} {p1} {p1,p2} {p1}
¬(true U ¬p1)G p1
7/13
Derived operators
… �1 _ �2: ¬(¬�1 ^ ¬�2) (Or)
… �1 ! �2: ¬�1 _ �2 (Implies)
… F �: true U � (Eventually)
… G �: ¬ F ¬� (Always)
8/13
. . . . . . . . . . . .� � �
G F � (Infinitely often)
. . . . . .� � � �
F G � (Eventually forever)
9/13
. . . . . . . . . . . .� � �
G F � (Infinitely often)
. . . . . .� � � �
F G � (Eventually forever)
9/13
Coming next: More examples
10/13
non-crit wait
critexiting
y>0:y:=y-1y:=y+1PG1
non-crit wait
critexiting
y>0:y:=y-1y:=y+1PG2
NuSMV demo
12/15
non-crit wait
critexiting
y>0:y:=y-1y:=y+1PG1
non-crit wait
critexiting
y>0:y:=y-1y:=y+1PG2
NuSMV demo
12/15
|||
Atomic propositions AP = { crit1,wait1, crit2,wait2 }
crit1: pr1.location=crit wait1: pr1.location=wait
crit2: pr2.location=crit wait2: pr2.location=wait
11/13
… Safety: both processes cannot be in critical section simultaneously
G (¬crit1 _ ¬crit2)
… Liveness: each process visits critical section infinitely often
G F crit1 ^ G F crit2
12/13
Summary
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Derived operators
… �1 _ �2: ¬(¬�1 ^ ¬�2) (Or)
… �1 ! �2: ¬�1 _ �2 (Implies)
… F �: true U � (Eventually)
… G �: ¬ F ¬� (Always)
8/12
Derived operators
… �1 _ �2: ¬(¬�1 ^ ¬�2) (Or)
… �1 ! �2: ¬�1 _ �2 (Implies)
… F �: true U � (Eventually)
… G �: ¬ F ¬� (Always)
8/12
13/13
Unit-7: Linear Temporal Logic
B. Srivathsan
Chennai Mathematical Institute
NPTEL-course
July - November 2015
1/13
Module 2:Semantics of LTL
2/13
AP-INF = set of infinite words over PowerSet(AP)
Property 1: p1 is always true
{ A0A1A2 · · · 2AP-INF | each Ai contains p1 }
{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } . . .
{ p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } . . ....
Property 2: p1 is true at least once and p2 is always true
{ A0A1A2 · · · 2AP-INF | exists Ai containing p1 and every Aj contains p2 }
{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } . . .
{ p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } . . ....
3/13
AP-INF = set of infinite words over PowerSet(AP)
Property 1: p1 is always true
{ A0A1A2 · · · 2AP-INF | each Ai contains p1 }
{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } . . .
{ p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } . . ....
Property 2: p1 is true at least once and p2 is always true
{ A0A1A2 · · · 2AP-INF | exists Ai containing p1 and every Aj contains p2 }
{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } . . .
{ p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } . . ....
3/13
AP-INF = set of infinite words over PowerSet(AP)
Property 1: p1 is always true
{ A0A1A2 · · · 2AP-INF | each Ai contains p1 }
{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } . . .
{ p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } . . ....
Property 2: p1 is true at least once and p2 is always true
{ A0A1A2 · · · 2AP-INF | exists Ai containing p1 and every Aj contains p2 }
{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } . . .
{ p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } . . ....
3/13
AP-INF = set of infinite words over PowerSet(AP)
Property 1: p1 is always true
{ A0A1A2 · · · 2AP-INF | each Ai contains p1 }
{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } . . .
{ p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } . . ....
Property 2: p1 is true at least once and p2 is always true
{ A0A1A2 · · · 2AP-INF | exists Ai containing p1 and every Aj contains p2 }
{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } . . .
{ p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } . . ....
3/13
AP-INF = set of infinite words over PowerSet(AP)
Property 1: p1 is always true
{ A0A1A2 · · · 2AP-INF | each Ai contains p1 }
{ p1 } { p1 } { p1 } { p1 } { p1 } { p1 } { p1 } . . .
{ p1 } { p1,p2 } { p1 } { p1,p2 } { p1 } { p1,p2 } . . ....
Property 2: p1 is true at least once and p2 is always true
{ A0A1A2 · · · 2AP-INF | exists Ai containing p1 and every Aj contains p2 }
{ p2 } { p1,p2 } { p2 } { p2 } { p2 } { p1,p2 } { p2 } . . .
{ p1,p2 } { p2 } { p2 } { p2 } { p2 } { p2 } . . ....
3/13
AP-INF = set of infinite words over PowerSet(AP)
A property over AP is a subset of AP-INF
LTL can be used to specify properties
LTL can be used to describe subsets of AP-INF
4/13
AP-INF = set of infinite words over PowerSet(AP)
A property over AP is a subset of AP-INF
LTL can be used to specify properties
LTL can be used to describe subsets of AP-INF
4/13
AP-INF = set of infinite words over PowerSet(AP)
A property over AP is a subset of AP-INF
LTL can be used to specify properties
LTL can be used to describe subsets of AP-INF
4/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
LTL formula � �! Words(�)
✓ AP-INF
Words(�): set of words in AP-INF that satisfy �
5/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
LTL formula � �! Words(�) ✓ AP-INF
Words(�): set of words in AP-INF that satisfy �
5/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
LTL formula � �! Words(�) ✓ AP-INF
Words(�): set of words in AP-INF that satisfy �
5/13
When does a word satisfy LTL formula �?
6/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Word � : A0A1A2 . . . 2AP-INF
Every word satisfies true
� satisfies pi if pi 2A0
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
� satisfies ¬� if � does not satisfy �
� satisfies X � if A1A2A3 . . . satisfies �
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 0 i< j AiAi+1 . . . satisfies �1
7/13
Words(�) = { � 2AP-INF | � satisfies � }
8/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies true
Words(true) = AP-INF
� satisfies pi if pi 2A0
Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �
Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �
Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0
Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �
Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �
Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2
Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �
Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �
Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �
Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �
Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �
Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
. . .{p1,p2} {p1,p2} {p2} {p1,p2} {p2}
p1
p2
p1 ^ p2
. . .{p2} { p1} {p2} {p2} {p2}
X p1
¬p1
X (p1 ^ ¬p2)
. . .{p1} {p1} {p1} {p2} {p1}
p1 U p2
� := true | pi | �1 ^ �2 | ¬�1 | X � | �1 U �2
pi 2AP �1,�2 : LTL formulas
6/6
Every word satisfies trueWords(true) = AP-INF
� satisfies pi if pi 2A0Words(pi) = { A0A1A2 . . . | pi 2A0}
� satisfies �1 ^ �2 if � satisfies �1 and � satisfies �2Words(�1 ^ �2) = Words(�1) \Words(�2)
� satisfies ¬� if � does not satisfy �Words(¬�) = (Words(�))c
� satisfies X � if A1A2A3 . . . satisfies �Words(X �) = { A0A1A2 . . . | A1A2 · · · 2Words(�) }
� satisfies �1 U �2 if there exists j s.t. AjAj+1 . . . satisfies �2 andfor all 1 i< j AiAi+1 . . . satisfies �1
Words(�1U�2) = { A0A1A2 . . . | 9 j.AjAj+1 · · · 2Words(�2) and8 0 i< j. AiAi+1 · · · 2Words(�1) }
9/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �
and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �
and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �
and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �
and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
F �: true U �
� satisfies true U � if there exists j s.t. AjAj+1 . . . satisfies �
and for all 0 i< j AiAi+1 . . . satisfies true
G �: ¬ F ¬ �
� satisfies F ¬ � if there exists j s.t. AjAj+1 . . . satisfies ¬ �
� satisfies ¬ F ¬ � if � does not satisfy F ¬ �
� satisfies ¬ F ¬ � if for all j AjAj+1 . . . satisfies �
10/13
p1: (request=1) p2: (status=busy)
Atomic propositions
{ p1 } { p1,p2 }
{ p2 }{}
request=1ready
request=1busy
request=0ready
request=0busy
MODULE main
VARrequest: boolean;
status: {ready, busy}
ASSIGNinit(status) := ready;
next(status) := caserequest : busy;
TRUE : {ready,busy};esac;
4/7
Transition System
AP = { p1, p2 }
Property
LTL formula �
Transition system TS satisfies formula � if
Traces(TS) ✓Words(�)
11/13
p1: (request=1) p2: (status=busy)
Atomic propositions
{ p1 } { p1,p2 }
{ p2 }{}
request=1ready
request=1busy
request=0ready
request=0busy
MODULE main
VARrequest: boolean;
status: {ready, busy}
ASSIGNinit(status) := ready;
next(status) := caserequest : busy;
TRUE : {ready,busy};esac;
4/7
Transition System
AP = { p1, p2 }
Property
LTL formula �
Transition system TS satisfies formula � if
Traces(TS) ✓Words(�)
11/13
Words(�)
Traces(TS)
(Words(�))c
TS does not satisfy � TS does not satisfy ¬�
{ p1 } { p2 } { p2 }
Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1
12/13
Words(�)
Traces(TS)
(Words(�))c
TS does not satisfy � TS does not satisfy ¬�
{ p1 } { p2 } { p2 }
Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1
12/13
Words(�)
Traces(TS)
(Words(�))c
TS does not satisfy � TS does not satisfy ¬�
{ p1 } { p2 } { p2 }
Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1
12/13
Words(�)
Traces(TS)
(Words(�))c
TS does not satisfy � TS does not satisfy ¬�
{ p1 } { p2 } { p2 }
Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1
12/13
Words(�)
Traces(TS)
(Words(�))c
TS does not satisfy � TS does not satisfy ¬�
{ p1 } { p2 } { p2 }
Above TS does not satisfy F p1 Above TS does not satisfy ¬F p1
12/13
Semantics of LTL
13/13
Unit-7: Linear Temporal Logic
B. Srivathsan
Chennai Mathematical Institute
NPTEL-course
July - November 2015
1/7
Module 3:A Puzzle
2/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
Coming next: Solution using LTL model-checking
4/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Summary
LTL model-checking
Use in planning problem
7/7
Reference
Section 3.3.2
M. Huth and M. Ryan. Logic in Computer Science(Second Edition, Cambridge University Press)
7/7
Unit-7: Linear Temporal Logic
B. Srivathsan
Chennai Mathematical Institute
NPTEL-course
July - November 2015
1/7
Module 3:A Puzzle
2/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
RIVER
MAN
GOAT
WOLF
CABBAGE
… There is a boat that can be driven by the man
… Man can take only one passenger in the boat with him at a time
…Goat and cabbage cannot be left in the same bank if man is notthere
…Wolf and goat cannot be left in the same bank if man is not there
How can the man shift everyone to the right bank?
3/7
Coming next: Solution using LTL model-checking
4/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
RIVER
man = 0
goat = 0
wolf = 0
cabbage = 0
man = 1
goat = 1
wolf = 1
cabbage = 1
carry = {g,w,c,0}
man can carry a passenger which has same value as him
NuSMV demo
5/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Need a path in this transition system which satisfies:
�: ((goat = cabbage | wolf = goat) -> man = goat)
U (man & cabbage & goat & wolf)
NuSMV checks property on all paths
Check !� and look at the counter-example!
6/7
Summary
LTL model-checking
Use in planning problem
7/7
Reference
Section 3.3.2
M. Huth and M. Ryan. Logic in Computer Science(Second Edition, Cambridge University Press)
7/7
