17-Buechi-Automata
advertisement
Automata and
Formal Lanugages
Büchi Automata and Model Checking
Ralf Möller
based on slides
by Chang-Beom Choi
Provable Software Lab, KAIST
Transition System to
Mealy-Style Automaton Translation
Example transition system
p,q
Corresponding automaton
i
1
But: No accept states
{p,q}
1
q
2
3
p
{p,q}
{q}
{q}
2
Each state is labeled with
the propositions that hold
in that state
3
{p}
Overview
Büchi Automata
• Büchi Automata
– Automata which accept infinite words
– named after Julius Richard Büchi, Swiss Logician
• Usually used for modeling systems with
infinite sequences of states, each of which
satisfies certain atomic propositions
• Büchi Automaton M accepts sequences of
labels
for program states: L(M) describes all potential
sequences of state labels of the system (and
therefore describes system behavior)
Overview
Büchi Automaton (deterministic version)
• Definition
– M = (Σ, S, s0, d, F)
Σ : alphabet (set of “labels for program
states”)
S : set of automaton states
s0 : initial state
d : a transition function (S x Σ x S)
F : a set of accepting states
Overview
Büchi Automaton
– M = (Σ, S, s0, d, F)
– The input of M is infinite w : a0, a1, … (∈ Σω)
– A run is a sequence of states r: s0,s1, … (∈ Sω)
• Initiation: s0 ∈ S0
• Consecution : si+1∈ d (si, ai)
– Accepting run (r = s0,s1, … )
• There exists an infinite number of integers
i ∈ N such that si ∈ F
Overview
Büchi Automata
• P must eventually occur,
and if it occurs P holds forever
•
•
•
•
•
Σ = {P, true}
S = {q0, q1}
s0 = {q0}
d = {(q0,true, q0), (q0, P, q1), (q1,P, q1)
F = {q1}
run : q0, q1, q1, q1, …
Overview
Büchi Automata
• P must eventually occur,
and if it occurs P holds forever
•
•
•
•
•
Σ = {P, true}
Relation to
S = {q0, q1}
Linear Temporal
s0 = {q0}
d = {(q0,true, q0), (q0, P, q1), (q1,P, q1)
F = {q1}
Logic
LTL Properties Büchi automata
true
Gp
p
p
true
Fp
G (F p)
p
p
p
p
p
p
The size of the property automaton can be exponential
in the size of the LTL formula
Overview
• Model checking
– Specify requirement properties and build system model
– Generate possible states from the model and then check
whether given requirement properties are satisfied within
the state space
OK
Target
Program
Model Check
Requirement
Properties
(F
W)
or
Error Trace
Found
Overview
• A process of Model Checking
– Modeling
• Build a model of program or system
– Specification
• Describe requirement properties
– Verification
• Checking that a model of the program or system
satisfies a given specification
Overview
• How can we model check of a program or system?
– Modeling
• Build a Büchi automaton for a given program or system
– Specification
• Describe requirement properties using Temporal Logic
– Verification
• Automatically (semi-automatic)
Overview
Process of Model Checking
Requirement
Properties
Target Program
(F
Model Checker
W)
