LTL to Bchi Automata

15-820A

LTL to Bchi Automata

Flavio Lerda

LTL to Bchi Automata

15-820A

LTL Formulas
Subset of CTL*
Distinct from CTL
AFG p LTL
f CTL . f AFG p

Contains a single universal quantifier

The path formula f holds for every path

Commonly:
A is omitted
G is replaced by (box or always)
F is replaced by (diamond or eventually)
2

LTL to Bchi Automata

15-820A

Examples of LTL formulas

Always eventually p:
p
AGF p or AG AF p

Always after p eventually q

( p q)
AG (p -> F q) or AG (p -> AF q)

Fairness
( p)
A ((GF p) )

Not a CTL formula

3

LTL to Bchi Automata

15-820A

LTL Semantics
Derived from the CTL* semantics
Given an infinite execution trace =s0s1
p p(s0)
( )
1 2 1 2
1 2 1 2
is the suffix of
i
i 0
starting at s
i 0 i
1 U 2i 0 i 2 0 j< i j 1
i

LTL to Bchi Automata

15-820A

Bchi Automata
Automaton which accepts infinite traces
A Bchi automaton is 4-tupleS, I,, F
S is a finite set of states
I S is a set of initial states
S S is a transition relation
F S is a set of accepting states

An infinite sequence of states is accepted

iff it contains accepting states infinitely
often
5

LTL to Bchi Automata

15-820A

Example
S0

S1

S2

1=S0S1S2S2S2S2

ACCEPTED

2=S0S1S2S1S2S1

ACCEPTED

3=S0S1S2S1S1S1

REJECTED

LTL to Bchi Automata

15-820A

LTL and Bchi Automata

LTL formula
Represents a set of infinite traces which
satisfy such formula

Bchi Automaton
Accepts a set of infinite traces

We can build an automaton which accepts

all and only the infinite traces represented
by an LTL formula
7

LTL to Bchi Automata

15-820A

Labeled Bchi Automata

Given a set of atomic proposition P
Define a labeling function
: S 2P
Each state is assigned a set of propositions
that must be true

Similar to the labeling for the model M

LTL to Bchi Automata

15-820A

Generating Bchi Automata

We need a procedure to generate a Bchi
automaton given an LTL formula
Efficiently
Formulas are usually small
Bchi automaton exponential in the size of the formula
The cost of model checking is proportional to the size of the
automaton

Non-deterministic Bchi automata are not equivalent

to deterministic Bchi automata
Cannot use automata minimization algorithms

Finding the minimal automata is exponential

LTL to Bchi Automata

15-820A

Approach
Formula rewriting
Rewrite the formula in negated normal form
Apply rewriting rules

Core translation
Turns an LTL formula into a generalized Bchi
automaton

Degeneralization
Turns a generalized Bchi automaton into a
Bchi automaton
10

LTL to Bchi Automata

15-820A

Rewriting
Negated normal form
Negation appears only in front of literals
Use the following identities

=
G = F
F = G
( U ) = () V ()
( V ) = () U ()

V (sometimes R) is the Release operator

Dual of Until
11

LTL to Bchi Automata

15-820A

Rewriting
Additional rewriting rules
They are not guaranteed to yield smaller
automata
The size of the automaton is exponential in
the size of the formula

Examples
(X ) U (X ) X ( U )
(X ) (X ) X ( )
GF GF GF ( )
12

LTL to Bchi Automata

15-820A

Rewriting
The core algorithm only handles
, , V, U

Use the following:

FTU
G F (T U ) = F V

13

LTL to Bchi Automata

15-820A

Core Translation
Idea
Make use of the following
U ( X( U ))
V ( X( V ))

14

LTL to Bchi Automata

15-820A

Example
Fp
(T U p)

Old:{}
New:{T U p}
Next:{}

Old:{T U p}
New:{T}
New:{}
Next:{T U p}

Old:{T U p,
p}p}
New:{p}
New:{}
Next:{}

Old:{}
New:{}
Next:{}

Old:{T U p}
Next:{T U p}

Old:{T U p, p}
Next:{}

Old:{}
Next:{}

15

LTL to Bchi Automata

15-820A

Core Translation
Node
Represent a sub-formula
Contain information about the past, the
present and the future

State
Represents a state in the final automaton
They are the nodes that have fully expanded

16

LTL to Bchi Automata

15-820A

Core Translation
Expansion
Select a formula from the New field
Old
field
( X( U ))
If it is a literal, add it toUthe
V ( X( V ))
Otherwise

(New{},Next{}) and (New{},Next{})
U
(New{},New{ U }) and (New{},Next{})
V
(New{},New{ V }) and (New{,},Next{})
17

LTL to Bchi Automata

15-820A

Core Translation
Nodes to states
If a node has no New formulas
Create a new node with all the Next formulas
Create an edge between the two nodes
Check if there is any equivalent state
With the same Next field
With the same Old field

18

LTL to Bchi Automata

15-820A

Core Translation
Accepting states
Generalized Bchi automaton

Multiple accepting sets

One for each Until sub-formula ( U )
Such that
The Old field doesnt contain U

or
The Old field does contain

19

LTL to Bchi Automata

15-820A

Degeneralization
Turn a generalized Bchi automaton into a
Bchi automaton
Consider as many copies of the automaton as
the number of accepting sets
Replace incoming edges from accepting states
with edges to the next copy
Each cycle must go through every copy
Each cycle must contains accepting states from
each accepting set
20

LTL to Bchi Automata

15-820A

Example
FaFb
T

21

1,2

LTL to Bchi Automata

15-820A

Example
T

22

LTL to Bchi Automata

15-820A

Example
T

23

LTL to Bchi Automata

15-820A

Example
T

24

LTL to Bchi Automata

15-820A

Example
T

25

LTL to Bchi Automata

15-820A

Example
T

26

LTL to Bchi Automata

15-820A

Optimizations
Can be done at each stage
Try to minimize
The number of states and transitions
The number of accepting states

Involve
Strongly connected components
Fair (bi)simulation

Expensive but
The Bchi automaton is usually small
The saving during verification can be very high
27