Sémantique des Systèmes Distribués et Embarqués -- UNSA 20091 Temporal Logics Temporal Logics (CTL, ACTL) Logic patterns SSDE Eric Madelaine -- vendredi.

Slides:

Advertisements

Présentations similaires

Primary French Presentation 2 Saying How You Are.

Advertisements

Sémantique des Systèmes Distribués et Embarqués -- UNSA 2009

Unité 2 La vie courante Leçon 3 Bon appétit

Lesson 07.04: Le verbe faire Lesson 07.05: Le négatif French 1 Segment 2.

Look at the following sentences and tell me if they are in the past or the present tense 1. I go to the swimming pool every Thursday. 1. I go to the swimming.

Y and en Two little words with a lot of meaning. y.

ROLE PLAY The role play is about communication and exchange of information. It is not the time for a LONG conversation! You can get full marks for very.

Laboratoire des outils informatiques pour la conception et la production en mécanique (LICP) ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE 1 Petri nets for.

Les verbes en -er. –er 5000 –er verbs !!!  They are called REGULAR verbs because about 5000 verbs have the same endings.  It’s a good idea to learn.

Transition Unit Personal Information Lesson 1

2 Des autres emploies du subjonctif Les normes: –Communications 1.2: Understanding the written and spoken language.

Les Temps Verbaux de Français II

3 Les Verbes -ER Talking about people’s activities Les normes: –Communication 1.2: Understanding the written and spoken language –Comparisons 4.1: Understanding.

Talking about people’s activities Les normes: Communication 1.2: Comparisons 4.1:

Le Comparatif et le Superlatif

Let’s go back to the verb endings. What are our 3 infinitive endings? ER IR RE What is an infinitive? An unconjugated verb In other words, a verb in the.

Qui est présent? Écoutons Les préférences Vocabulaire: les activités Panorama Culturel.

THE ADJECTIVES: BEAU, NOUVEAU AND VIEUX 1.

Forming questions in French

LA DATE MME YEE L'hôtel Français. Avant de lire 1. Have you ever stayed at a hotel? Where? 2. If not, what do you think it would be like? 3. What do you.

Les Mots Interrogatifs

Leçon 7: Une Boum Unité 3.

2 La négation Les normes: –Communication 1.2 –Comparisons 4.1:

L’Heure To ask what time it is in French, say: – Quelle heure est-il? To respond, say: – Il est... heure(s). – Ex: 02h00 Il est deux heures. 04h00 Il est.

Pile-Face 1. Parlez en français! (Full sentences) 2. One person should not dominate the conversation 3. Speak the entire time The goal: Practice! Get better.

Les verbes réfléchis au passé composé

Les Questions d’Information (Information questions)

Unité 2 La vie courante Leçon 3 Bon appétit. Thème et Objectifs Everyday life in France In this unit, you will learn how to get along in France. You will.

Les verbes réfléchis -au présent -à l’impérative (command) -avec l’infinitif Rouge, Unit 1, Part 1 Page 44.

Year 10. Bon appetit unit. Introducing ‘en’. ‘en’ – ‘some of it’ or ‘some of them’ ‘En’ is a small but important word in French that is commonly used.

La mémoire(1): Comment bien travailler

Irregular Adjectives Not all adjectives are made the same.

Les verbes réfléchis.

Bienvenue and Welcome to Our French II Live Lesson! We will begin shortly!

Welcome to our French II Live Lesson! Today we will talk about: Lessons 03.05, 03.06, Des Verbes Irréguliers Le Négatif.

Warm Up le 5 mars Écrivez tout ce que tu sais pour la grammaire française Par exemple: DR MRS VANDERTRAMP utilise être L’Academie Française.

Let’s enjoy making Session 2. Let’s enjoy making: Session 2 Les déménageurs sont arrivés !

Object pronouns How to say “him”, “her”, “it”, “them”

Les noms et les articles

Negatives ‘I ‘I don’t know’ ‘Je ‘Je ne sais pas’.

1. Est-ce que Est-ce que, literally translated "is it that," can be placed at the beginning of any affirmative sentence to turn it into a question: Je.

WE’RE ALMOST DONE – CONGRATULATIONS! LE PRONOM « Y »

Leçon 7: Une boum Les verbes en -er -e -ons -es -ez -e -ent je nous tu

WALT: how to tell the time in French WILF: to be able to understand ¼ past, ½ past, ¼ to and o’clock (level 2) to be able to understand all times in French.

Unité 6 Leçon B. Forming yes/no questions  To form a yes/no question in French in the simplest way, add a question mark at the end of the sentence, and.

Nous parlons des matières Buts: To be able to give extended opinions on school subjects To express agreement or disagreement.

Français II H Leçon 3A - Structures Prepositions with the infinitive Reciprocal reflexives.

Français I – Leçon 6A Structures demonstrative adjectives passé composé with avoir.

The Passé Composé Objective: to talk about things we have done on a visit to explain what events happened to speak and write about events in the past.

What’s the weather like?. Look at the verb phrase fait-il above Turn it around and you have il fait The phrase Il fait can be used to describe lots of.

U NITE 7A: E CHAUFFEMENT 1 L E PREMIER OCTOBRE Le mot juste Fill in each blank with an appropriate vocabulary word. 1. M. Tremaine doit ( must ) avoir.

We all ready know two French verbs. What are they?

© and ® 2011 Vista Higher Learning, Inc.5A.1-1 Point de départ Like other commonly used verbs, the verb faire (to do, to make) is irregular in the present.

Unité 3 Le passé composé avec ÊTRE. Le passé composé The passé composé is a PAST TENSE used to tell what has happened in the past. As its name implies,

Journal Grade only – Introductory Journal Entry Mon week-end  Students were asked to write a paragraph detailing a minimum of 5 things they DID.

QUELLE HEURE EST-IL? (What time is it?) Pages Nicole Fecteau, Timothy Edwards Middle School, December 2015.

Negative sentences Questions

Français 12/14/15 Ouvrez vos livres á la page 112. Ecrivez six phrases de sports et activités. What is worse than “raining cats and dogs?” Important(e)

Le Passif...getting to know the Passive Voice in French!

Unité 9 : les repas Leçon 35 : Un Client Difficile Ordering food in a restaurant Partie B : les pronoms compléments à l’impératif.

IP Multicast Text available on

Reflective verbs or Pronominal verbs

F RIENDS AND FRIENDSHIP Project by: POPA BIANCA IONELA.

What’s the weather like?

Transcription de la présentation:

Sémantique des Systèmes Distribués et Embarqués -- UNSA Temporal Logics Temporal Logics (CTL, ACTL) Logic patterns SSDE Eric Madelaine -- vendredi 27 mars 2009

Sémantique des Systèmes Distribués et Embarqués -- UNSA Reasoning about Executions We want to reason about execution trees –tree node = snap shot of the program’s state Reasoning consists of two layers –defining predicates on the program states (control points, variable values) –expressing temporal relationships between those predicates [L3, (mt3, vr3), ….] Explored State-Space (computation tree) Conceptual View [L1, (mt1, vr1), ….] [L2, (mt2, vr2), ….] [L5, (mt5, vr5), ….] L1L4 L2 L3 L5 ?b1 ?err ?b0 ?b1!a1 ?a1 ?b0 ?err !a0

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computational Tree Logic (CTL) Clarke & Emerson (early 1980’s)  ::= P …primitive propositions | !  |  &&  |  ||  |  ->  …propositional connectives | AG  | EG  | AF  | EF  …temporal operators | AX  | EX  | A[  U  ] | E[  U  ] Syntax Semantic Intuition AG p …along All paths p holds Globally EG p …there Exists a path where p holds Globally AF p …along All paths p holds at some state in the Future EF p …there Exists a path where p holds at some state in the Future path quantifiertemporal operator

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computational Tree Logic (CTL)  ::= P …primitive propositions | !  |  &&  |  ||  |  ->  …propositional connectives | AG  | EG  | AF  | EF  …path/temporal operators | AX  | EX  | A[  U  ] | E[  U  ] Syntax Semantic Intuition AX p …along All paths, p holds in the neXt state EX p …there Exists a path where p holds in the neXt state A[p U q] …along All paths, p holds Until q holds E[p U q] …there Exists a path where p holds Until q holds

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic p p p p p p p p p p p pppp AG p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic EG p p p p p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic AF p p p pp p p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic EF p p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic AX p p p p p pp p p p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic EX p p p p pp p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic A[p U q] p p p q q p p q q p p

Sémantique des Systèmes Distribués et Embarqués -- UNSA Computation Tree Logic E[p U q] p p q q p p q q q

Sémantique des Systèmes Distribués et Embarqués -- UNSA Example CTL Specifications For any state, a request (for some resource) will eventually be acknowledged AG(requested -> AF acknowledged) From any state, it is possible to get to a restart state AG(EF restart) An upwards travelling elevator at the second floor does not changes its direction when it has passengers waiting to go to the fifth floor AG((floor=2 && direction=up && button5pressed) -> A[direction=up U floor=5])

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exercices Ecrire en CTL: –P est vrai après Q –P devient vrai après Q –P répond à Q –On ne peut pas aller plus de 2 fois dans un état vérifiant P

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exercices ---Corrections --- Ecrire en CTL: –P est vrai après QAG(Q -> AG(P)) –P devient vrai après Q AG (!P U (Q & AF(P))) –P répond à QAG(Q -> AF(P)) –On ne peut pas aller plus de 2 fois dans un état vérifiant P !EF (!P & EX(P & EF(!P & EX(P & EF(!P & EX(P))))))

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exercice: Minimality It is sufficient to define CTL syntax as:  ::= P | !  |  &&  | AX  | EX  | A[  U  ] | E[  U  ] Express the other operators as derivatives: f || g = AF g = EF g = AG f = EG f =

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exercice: Minimality ---Corrections --- It is sufficient to define CTL syntax as:  ::= P | !  |  &&  | AX  | EX  | A[  U  ] | E[  U  ] Express the other operators as derivatives: f || g = ! (!f && !g) AF g = A[true U g] EF g = E[true U g] AG f = ! E[true U !f] EG f = ! A[true U !f]

Sémantique des Systèmes Distribués et Embarqués -- UNSA Semantics: interpretation on Kripke structures Kripke structure K = (S,R,L) –S set of states –R transition relation –L valuation function L(  )(s) -> True/False Path = infinite sequence (s 0,s 1, s 2, …) such that  i (s i,s i+1 )  R

Sémantique des Systèmes Distribués et Embarqués -- UNSA Semantics: interpretation on Kripke structures Formalisation of the semantics : s ⊨ p iff L(s)(p)where p atomic proposition s ⊨ !f iff s ⊭ f s 0 ⊨ AX f iff for all paths (s 0,s 1, s 2, …), s 1 ⊨ f s 0 ⊨ A(f U g) iff for all paths (s 0,s 1, …), for some i, si ⊨ f and for all j<i sj ⊨ g Exercice: s0 ⊨ AG f iff s0 ⊨ EF f iff

Sémantique des Systèmes Distribués et Embarqués -- UNSA Interpretation on Kripke structures ---Corrections --- Formalisation of the semantics : s ⊨ p iff L(s)(p)where p atomic proposition s ⊨ !f iff s ⊭ f s 0 ⊨ AX f iff for all paths (s 0,s 1, s 2, …), s 1 ⊨ f s 0 ⊨ A(f U g) iff for all paths (s 0,s 1, …), for some i, si ⊨ f and for all j<i sj ⊨ g Exercice: s0 ⊨ AG f iff for all paths (s0,s1, s2, …), for all i, si ⊨ f s0 ⊨ EF f iff there exists a path (s0,s1, s2, …), and an i, with si ⊨ f

Sémantique des Systèmes Distribués et Embarqués -- UNSA Modal Logics Temporal logics for Labelled Transition Systems (= action-based) HML (Hennessy-Milner, 85) ACTL (DeNicola-Vandrager, 90) Modal  -calculus (Kozen 83) Regular  -calculus (Madescu 03)

Sémantique des Systèmes Distribués et Embarqués -- UNSA ACTL: Action Computation Tree Logic Atomic propositions (on actions) + boolean connectors Paths formulas: Next

Sémantique des Systèmes Distribués et Embarqués -- UNSA ACTL: Action Computation Tree Logic Paths formulas: Until

Sémantique des Systèmes Distribués et Embarqués -- UNSA ACTL: Action Computation Tree Logic State formulas: Note the recursive def of path/state formulas. Define derived operators as usual:

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exemple: Scheduler_2 start1 start2 end1 end2 end1 i,j in {1,0} i ≠ j : AG tt [start_i] AG !end_i [start_j] ff !EF tt [start_i] EF !end_i [start_j] tt Or equivalently :

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exemple: Scheduler_2 start1 start2 end1 end2 end1 Que signifie ? AG tt (EF tt tt ∧ EF tt tt)

Sémantique des Systèmes Distribués et Embarqués -- UNSA Corrections --- Exemple: Scheduler_2 start1 start2 end1 end2 end1 Que signifie ? AG tt (EF tt tt ∧ EF tt tt) Vivacité : ttes les actions visibles sont toujours atteignables

Sémantique des Systèmes Distribués et Embarqués -- UNSA Exemple: Scheduler_2 start1 start2 end1 end2 end1 Que signifie ? AG tt [end_i] A (tt tt U start_i tt)

Sémantique des Systèmes Distribués et Embarqués -- UNSA Corrections --- Exemple: Scheduler_2 start1 start2 end1 end2 end1 Que signifie ? AG tt [end_i] A (tt tt U start_i tt) Inévitabilité / absence de famine : pour chaque i, start_i est inévitable en un nombre fini de transition à partir de n’importe quel end_i

Sémantique des Systèmes Distribués et Embarqués -- UNSA Temporal Logics Temporal Logic : CTL Modal logic: ACTL Logic patterns

Sémantique des Systèmes Distribués et Embarqués -- UNSA Motivation for Specification Patterns Temporal properties are not always easy to write Clearly many specifications can be captured in both CTL and ACTL (or LTL*) * left for personal research LTL: [](P -> <>Q) CTL: AG(P -> AF Q) Example: action Q must respond to action P Capture the experience base of expert designers Transfer that experience between practitioners. You can use specification patterns to:

Sémantique des Systèmes Distribués et Embarqués -- UNSA Pattern Hierarchy Property Patterns OccurrenceOrder Absence UniversalityExistence Bounded Existence Precedence Response Chain Precedence Chain Response Classification Occurrence Patterns: – require states/events to occur or not to occur Order Patterns –constrain the order of states/events

Sémantique des Systèmes Distribués et Embarqués -- UNSA Occurrence Patterns Absence: A given state/event does not occur within a scope Existence: A given state/event must occur within a scope Bounded Existence: A given state/event must occur k times within a scope –variants: at least k times in scope, at most k times in scope Universality: A given state/event must occur throughout a scope

Sémantique des Systèmes Distribués et Embarqués -- UNSA Order Patterns Precedence: A state/event P must always be preceded by a state/event Q within a scope Response: A state/event P must always be followed a state/event Q within a scope Chain Precedence: A sequence of state/events P1, …, Pn must always be preceded by a sequence of states/events Q1, …, Qm within a scope Chain Response: A sequence of state/events P1, …, Pn must always be followed by a sequence of states/events Q1, …, Qm within a scope

Sémantique des Systèmes Distribués et Embarqués -- UNSA Pattern Scopes Global Before Q After Q Between Q and R After Q and R State sequence QRQQRQ

Sémantique des Systèmes Distribués et Embarqués -- UNSA The Response Pattern To describe cause-effect relationships between a pair of events/states. An occurrence of the first, the cause, must be followed by an occurrence of the second, the effect. Also known as Follows and Leads-to. Intent Mappings: In these mappings, P is the cause and S is the effect [](P -> <>S) <>R -> (P -> (!R U (S & !R))) U R [](Q -> [](P -> <>S)) []((Q & !R & <>R) -> (P -> (!R U (S & !R))) U R) [](Q & !R -> ((P -> (!R U (S & !R))) W R) Globally: Before R: After Q: Between Q and R: After Q until R: LTL:

Sémantique des Systèmes Distribués et Embarqués -- UNSA The Response Pattern (continued) Mappings: In these mappings, P is the cause and S is the effect AG(P -> AF(S)) A[((P -> A[!R U (S & !R)]) | AG(!R)) W R] A[!Q W (Q & AG(P -> AF(S))] AG(Q & !R -> A[((P -> A[!R U (S & !R)]) | AG(!R)) W R]) AG(Q & !R -> A[(P -> A[!R U (S & !R)]) W R]) Globally: Before R: After Q: Between Q and R: After Q until R: CTL: Examples and Known Uses: Response properties occur quite commonly in specifications of concurrent systems. Perhaps the most common example is in describing a requirement that a resource must be granted after it is requested. Relationships Note that a Response property is like a converse of a Precedence property. Precedence says that some cause precedes each effect, and...

Sémantique des Systèmes Distribués et Embarqués -- UNSA Specify Patterns in Bandera The Bandera Pattern Library is populated by writing pattern macros: pattern { name = “Response” scope = “Globally” parameters = {P, S} format = “{P} leads to {S} globally” ltl = “[]({P} –> <>{S})” ctl = “AG({P} –> AF({S}))” }

Sémantique des Systèmes Distribués et Embarqués -- UNSA Evaluation (Kansas University, ) 555 TL specs collected from at least 35 different sources 511 (92%) matched one of the patterns Of the matches... –Response: 245 (48%) –Universality: 119 (23%) –Absence: 85 (17%)

Sémantique des Systèmes Distribués et Embarqués -- UNSA Questions Do patterns facilitate the learning of specification formalisms like CTL and LTL? Do patterns allow specifications to be written more quickly? Are the specifications generated from patterns more likely to be correct? Does the use of the pattern system lead people to write more expressive specifications? Based on anecdotal evidence, we believe the answer to each of these questions is “yes”

Sémantique des Systèmes Distribués et Embarqués -- UNSA Beyond LTL/CTL/ACTL: Logics with data MCL : Model Checking Language (Matescu 2008) = regular modal  -calculus + data 1: receive a value (with a condition) 2: data quantification 3: regular expressions, modalities, infinite loops, etc. (reduces the need for writing explicit fix-points) 1 2

Sémantique des Systèmes Distribués et Embarqués -- UNSA Vocabulary: back on important notions Safety / Liveness What does it means What kind of diagnostics ?

Sémantique des Systèmes Distribués et Embarqués -- UNSA Safety Properties Examples –Invariants: “x is always less than 10” –Deadlock freedom: “the system never reaches a state where no moves are possible” –Mutual exclusion: “the system never reaches a state where two processes are in the critical section” As soon as you see the “bad thing”, you know the property is false Safety properties can be falsified by a finite-prefix of an execution trace –Practically speaking, an error trace for a safety property is a finite list of states beginning with the initial state Informally, a safety property states that nothing bad ever happens

Sémantique des Systèmes Distribués et Embarqués -- UNSA Liveness Properties Examples –Termination: “the system eventually terminates” –Response properties: “if action X occurs then eventually action Y will occur” Need to keep looking for the “good thing” forever Liveness properties can be falsified by an infinite- suffix of an execution trace –Practically speaking, an error trace for a liveness property is a finite list of states beginning with the initial state followed by a cycle showing you a loop that can cause you to get stuck and never reach the “good thing” Informally, a liveness property states that something good will eventually happen

Sémantique des Systèmes Distribués et Embarqués -- UNSA Safety vs Liveness Practically, it is important to know the difference because… –It impacts how we design verification algorithms and tools Some tools only check safety properties (e.g., based on reachability algorithms) –It impacts how we run tools Different command line options are used for Spin –It impacts how we form abstractions Liveness properties often require forms of abstraction that differ from those used in safety properties

Sémantique des Systèmes Distribués et Embarqués -- UNSA Assessment Safety vs Liveness is an important distinction However, it is very coarse –Lots of variations within safety and liveness –A finer classification might be more useful Liveness is more useful when used with “fairness” conditions.

Sémantique des Systèmes Distribués et Embarqués -- UNSA Summary Computational Tree Logic : CTL –Properties of executions in non-deterministic state-based models Modal logic: ACTL –Idem, for action-based models Logic patterns –User friendly / natural language like constructs –With a formal definition !