Crash course Verification of Finite Automata CTL model ...
Transcript of Crash course Verification of Finite Automata CTL model ...
![Page 1: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/1.jpg)
1Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Crash course – Verification of Finite AutomataCTL model-checking
•Exercise session - 08.12.2016
•Romain Jacob
Important noteCorrections have been made to the CTL part.An important hypothesis was missing (see slide 15)
![Page 2: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/2.jpg)
2Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Reminders – Big picture
Objective Verify properties over DES models
Formal method ⇒ Absolute guarantee!
Problem Combinatorial explosion
→ Huge amount of states, computationally intractable
Solution Work with sets of states→ Symbolic Model-Checking→ (O)BDDs
![Page 3: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/3.jpg)
3Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Reminders – First exercise session
Equivalence between sets and Boolean equations
BBD representation ofBoolean functions
![Page 4: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/4.jpg)
4Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Let see what you remember!
![Page 5: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/5.jpg)
5Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
![Page 6: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/6.jpg)
6Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Today’s menu
1. Reachability of states
2. Comparison of automata
3. Formulation and verification of CTL properties
Can be formulated asreachability problems
![Page 7: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/7.jpg)
7Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Reachability of states
Fairly simple
1. Start from the initial set of states,
2. Compute all states you can transition to in one hop (one transition),→ The successor states,
3. Join the two sets,
4. Iterate from 2. until you reach a fix point.
5. Done !
Is this guarantee to terminate?
![Page 8: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/8.jpg)
8Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Reachability of states
Fairly simple
1. Start from the initial set of states,
2. Compute all states you can transition to in one hop (one transition),→ The successor states,
3. Join the two sets,
4. Iterate from 2. until you reach a fix point.
5. Done !
Is this guarantee to terminate?→ Only if you have a finite model!!
How can we formalize this problem?
![Page 9: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/9.jpg)
9Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formalization of reachable states
E𝛿 ∶ 𝑋 ⊆ 𝐸 ⟶ 𝑋′ ⊆ 𝐸
𝑞 ⟼ 𝑞′ 𝑋
E
𝑋′
𝛿𝑞
𝑞
𝑞 ∈ 𝑋 ⇔ ∃ 𝑞′ ∈ 𝑋′, 𝛿 𝑞, 𝑞′ 𝑖𝑠 𝑑𝑒𝑓𝑖𝑛𝑒𝑑
𝜓𝛿 𝑞, 𝑞′ = 1
𝑞 ∉ 𝑋 ⇔ ∄ 𝑞′ ∈ 𝑋′, 𝛿 𝑞, 𝑞′ 𝑖𝑠 𝑑𝑒𝑓𝑖𝑛𝑒𝑑
∀ 𝑞′ ∈ 𝑋 ,𝜓𝛿 𝑞, 𝑞′ = 0
𝑞′
![Page 10: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/10.jpg)
10Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formalization of reachable states
E𝛿 ∶ 𝑋 ⊆ 𝐸 ⟶ 𝑋′ ⊆ 𝐸
𝑞 ⟼ 𝑞′ 𝑋
E
𝑋′
𝛿
𝑞′ ∈ 𝑄′ ⇒ 𝑞′ ∈ 𝑋′ ⇒ ∃𝑞 ∈ 𝑋,𝜓𝛿 𝑞, 𝑞′ = 1
Q
Q’= Suc(Q,𝛿)
What is Q’?
Not sufficient !
We also need that 𝑞 belongs to 𝑄 ∶ 𝑞 ∈ 𝑄 or equivalently 𝜓𝑄 𝑞 = 1
𝑞′satisfies
𝑞
![Page 11: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/11.jpg)
11Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formalization of reachable states
E𝛿 ∶ 𝑋 ⊆ 𝐸 ⟶ 𝑋′ ⊆ 𝐸
𝑞 ⟼ 𝑞′ 𝑋
E
𝑋′
𝛿
𝑞′ ∈ 𝑄′ ⇔ ∃𝑞 ∈ 𝑋, 𝜓𝑄 𝑞 = 1 and 𝜓𝛿 𝑞, 𝑞′ = 1
⇔ ∃𝑞 ∈ 𝑋, 𝜓𝑄 𝑞 ⋅ 𝜓𝛿 𝑞, 𝑞′ = 1
Q
Q’= Suc(Q,𝛿)
What is Q’? 𝑞′
𝑞
𝑄′ = 𝑆𝑢𝑐 𝑄, 𝛿 = 𝑞′ ∃𝑞 ∈ 𝑋,𝜓𝑄 𝑞 ⋅ 𝜓𝛿 𝑞, 𝑞′ = 1}
![Page 12: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/12.jpg)
12Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formalization of reachable states
E𝛿 ∶ 𝑋 ⊆ 𝐸 ⟶ 𝑋′ ⊆ 𝐸
𝑞 ⟼ 𝑞′ 𝑋
E
𝑋′
𝛿
Q
Q’= Suc(Q,𝛿)
𝑞′
𝑞
𝑄′ = 𝑆𝑢𝑐 𝑄, 𝛿 = 𝑞′ ∃𝑞 ∈ 𝑋,𝜓𝑄 𝑞 ⋅ 𝜓𝛿 𝑞, 𝑞′ = 1}
⇔ 𝜓𝑄′ = 𝜓𝑄 ⋅ 𝜓𝛿
𝑄𝑅 = 𝑄0 𝑖≥0 𝑆𝑢𝑐(𝑄𝑖 , 𝛿)
⇔ 𝜓𝑄𝑅 = 𝜓𝑄0 𝑖≥0𝜓𝑄𝑖 ⋅ 𝜓𝛿
𝑄𝑅: set of reachable states Again, finite union if finite model
![Page 13: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/13.jpg)
13Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Computation of the joint transition function,
Computation of the reachable states (method according to previous slides),
Computation of the reachable output values,
The automata are not equivalent if the following term is true,
Comparison of automata
Two automata are equivalent
Same input produces same output⇔
Get rid of the input
Compute 𝑄𝑅
Deduce reachable outputs
Test for equivalence
Don’t compare states!
![Page 14: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/14.jpg)
14Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
Based on atomic propositions (𝜙) and quantifiers
A𝜙 → «All 𝜙», 𝜙 holds on all paths
E𝜙 → «Exists 𝜙», 𝜙 holds on at least one path
X𝜙 → «NeXt 𝜙», 𝜙 holds on the next state
F𝜙 → «Finally 𝜙», 𝜙 holds at some state along the path
G𝜙 → «Globally 𝜙», 𝜙 holds on all states along the path
𝜙1U𝜙2 → «𝜙1Until 𝜙2», 𝜙1 holds until 𝜙2 holds
Quantifiers over paths
Path-specific quantifiers
![Page 15: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/15.jpg)
15Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Missing Hypothesis
Formulation of CTL properties
Proper CTL formula: {A,E} {X,F,G,U}𝜙
→ Quantifiers go by pairs, you need one of each.
Interpretation on CTL formula
→ Transition functions are fully defined(i.e. every state has at least one successor)
→
Automaton of interest Automaton to work with
![Page 16: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/16.jpg)
16Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
EF 𝜙 : “There exists a path along which at some state 𝜙 holds.”
q
⊨ 𝜙
q ⊨ EF 𝜙
r
s
r ⊨ ?s ⊨ ?
![Page 17: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/17.jpg)
17Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
EF 𝜙 : “There exists a path along which at some state 𝜙 holds.”
q
⊨ 𝜙
q ⊨ EF 𝜙
r
s
r ⊨ EF 𝜙s ⊨ EF 𝜙
![Page 18: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/18.jpg)
18Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
AF 𝜙 : “On all paths, at some state 𝜙 holds .”
q
⊨ 𝜙
q ⊨ AF 𝜙
r
s
r ⊨ ?s ⊨ ?
![Page 19: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/19.jpg)
19Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
AF 𝜙 : “On all paths, at some state 𝜙 holds .”
q
⊨ 𝜙
q ⊨ AF 𝜙
r
s
r ⊨ AF 𝜙s ⊨ AF 𝜙
![Page 20: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/20.jpg)
20Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
AG 𝜙 : “On all paths, for all states 𝜙 holds.”
q
⊨ 𝜙
q ⊨ AG 𝜙
r
s
r ⊨ ?s ⊨ ?
![Page 21: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/21.jpg)
21Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
AG 𝜙 : “On all paths, for all states 𝜙 holds.”
q
⊨ 𝜙
q ⊨ AG 𝜙
r
s
r ⊨ AG 𝜙s ⊨ AG 𝜙
![Page 22: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/22.jpg)
22Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
EG 𝜙 : “There exists a path along which for all states 𝜙 holds .”
q
⊨ 𝜙
q ⊨ EG 𝜙
r
s
r ⊨ ?s ⊨ ?
![Page 23: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/23.jpg)
23Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Formulation of CTL properties
EG 𝜙 : “There exists a path along which for all states 𝜙 holds .”
q
⊨ 𝜙
q ⊨ EG 𝜙
r
s
r ⊨ EG 𝜙s ⊨ EG 𝜙
![Page 24: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/24.jpg)
24Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
E𝜙UΨ : “There exists a path along which 𝜙 holds until Ψ holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ 𝜙EUΨ
⊨ Ψ
r
s
r ⊨ ?s ⊨ ?
![Page 25: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/25.jpg)
25Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
E𝜙UΨ : “There exists a path along which 𝜙 holds until Ψ holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ 𝜙EUΨ
⊨ Ψ
r
s
r ⊨ 𝜙EUΨ
s ⊨ 𝜙EUΨ
![Page 26: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/26.jpg)
26Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
A𝜙UΨ : “On all paths, 𝜙 holds until Ψ holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ 𝜙AUΨ
⊨ Ψ
r
s
r ⊨ ?s ⊨ ?
![Page 27: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/27.jpg)
27Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
A𝜙UΨ : “On all paths, 𝜙 holds until Ψ holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ 𝜙AUΨ
⊨ Ψ
r
s
r ⊨ 𝜙AUΨ
s ⊨ 𝜙AUΨ
![Page 28: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/28.jpg)
28Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
AX𝜙 : “On all paths, the next state satisfies 𝜙.”
EX𝜙 : “There exists a path along which the next state satisfies 𝜙.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ EX𝜙
r
s
r ⊨ ?s ⊨ ?
![Page 29: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/29.jpg)
29Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
AX𝜙 : “On all paths, the next state satisfies 𝜙.”
EX𝜙 : “There exists a path along which the next state satisfies 𝜙.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ EX𝜙
r
s
r ⊨ EX𝜙
s ⊨ EX𝜙
![Page 30: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/30.jpg)
30Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
AG EF 𝜙 : “On all paths and for all states,
there exists a path along which at some state 𝜙 holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ AG EF𝜙
rr
s
r ⊨ ?s ⊨ ?
![Page 31: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/31.jpg)
31Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
AG EF 𝜙 : “On all paths and for all states,
there exists a path along which at some state 𝜙 holds.”
Formulation of CTL properties
q
⊨ 𝜙
q ⊨ AG EF𝜙
rr
s
r ⊨ AG EF𝜙
s ⊨ AG EF𝜙
![Page 32: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/32.jpg)
32Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
AG 𝜙 ≡ ¬ EF ¬𝜙
AF 𝜙 ≡ ¬ EG¬𝜙
EF 𝜙 ≡ ¬ AG¬𝜙
EG 𝜙 ≡ ¬ AF ¬𝜙
Remark There exists other temporal logics
→ LTL (Linear Tree Logic)
→ CTL* = {CTL,LTL}
→ …
Inverting properties is sometimes useful!
“On all paths, for all states 𝜙 holds.”
≡
“There exists no path along which at some state 𝜙 doesn’t hold.”
…
![Page 33: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/33.jpg)
33Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
How to verify CTL properties?
Convert the property verification into a reachability problem
1. Start from states in which the property holds;
2. Compute all predecessor states for which the property still holds true;(same as for computing successor, with the inverse the transition function)
3. If initial states set is a subset, the property is satisfied by the model.
Computation specifics are described in the lecture slides.
![Page 34: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/34.jpg)
34Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
So… what is Model-Checking exactly?
An algorithm
Input
A DES model, M Finite automata,
Petri nets,
Kripke machine, …
Output M⊨ 𝝓 ?
A trace for which the property does not hold!
A logic property, 𝝓 CTL,
LTL, …
![Page 35: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/35.jpg)
35Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Crash course – Verification of Finite AutomataCTL model-checking
Your turn to work!Slides online on my webpage:
http://people.ee.ethz.ch/~jacobr/
![Page 36: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/36.jpg)
36Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
![Page 37: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/37.jpg)
37Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Comparison of Finite Automata
a) Express the characteristic function of the transition relation for both automaton, 𝜓𝑟(𝑥, 𝑥
′, 𝑢).
![Page 38: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/38.jpg)
38Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Comparison of Finite Automata
b) Express the joint transition function, 𝜓𝑓.
![Page 39: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/39.jpg)
39Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Comparison of Finite Automata
c) Express the characteristic function of the reachable states, 𝜓𝑋(𝑥𝐴, 𝑥𝐵).
![Page 40: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/40.jpg)
40Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Comparison of Finite Automata
d) Express the characteristic function of the reachable output, 𝜓𝑌(𝑥𝐴, 𝑥𝐵).
and
![Page 41: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/41.jpg)
41Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Comparison of Finite Automata
e) Are the automata equivalent? Hint: Evaluate, for example, 𝜓𝑌(0,1).
Or, in a more general way,
and
implies
→ Automata are not equivalent.
![Page 42: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/42.jpg)
42Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
i. EF a
ii. EG a
iii. EX AX a
iv. EF ( a AND EX NOT(a) )
2
0
3 1
![Page 43: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/43.jpg)
43Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
i. EF a
ii. EG a
iii. EX AX a
iv. EF ( a AND EX NOT(a) )
2
0
3 1
![Page 44: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/44.jpg)
44Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
i. EF a
ii. EG a
iii. EX AX a
iv. EF ( a AND EX NOT(a) )
2
0
3 1
![Page 45: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/45.jpg)
45Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
i. EF a
ii. EG a
iii. EX AX a
iv. EF ( a AND EX NOT(a) )
2
0
3 1
![Page 46: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/46.jpg)
46Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
i. EF a
ii. EG a
iii. EX AX a
iv. EF ( a AND EX NOT(a) )
2
0
3 1
![Page 47: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/47.jpg)
47Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Temporal Logic
Trick AF Z not(EG not(Z))
![Page 48: Crash course Verification of Finite Automata CTL model ...](https://reader030.fdocuments.net/reader030/viewer/2022012508/618598686238c221c6012027/html5/thumbnails/48.jpg)
48Computer Engineering and Networks
Technische Informatik und Kommunikationsnetze
Crash course – Verification of Finite AutomataCTL model-checking
See you next week!Slides online on my webpage:
http://people.ee.ethz.ch/~jacobr/