Past Matters: Supporting LTL+Past in the BLACK Satisfiability Checker

LTL+Past is the extension of Linear Temporal Logic (LTL) supporting past temporal operators. The addition of the past does not add expressive power, but does increase the usability of the language both in formal verification and in artificial intelligence, e.g., in the context of multi-agent systems. In this paper, we add the support of past operators to BLACK, a satisfiability checker for LTL based on a SAT encoding of a tree-shaped tableau system. We implement two ways of supporting the past in the tool. The first one is an equisatisfiable translation that removes the past operators, obtaining a future-only formula that can be solved with the original LTL engine. The second one extends the SAT encoding of the underlying tableau to directly support the tableau rules that deal with past operators. We describe both approaches and experimentally compare the two between themselves and with the ?Xmv model checker, obtaining promising results

Reactive Synthesis from Extended Bounded Response LTL Specifications

Reactive synthesis is a key technique for the design of correct-by-construction systems and has been thoroughly investigated in the last decades. It consists in the synthesis of a controller that reacts to environment's inputs satisfying a given temporal logic specification. Common approaches are based on the explicit construction of automata and on their determinization, which limit their scalability. In this paper, we introduce a new fragment of Linear Temporal Logic, called Extended Bounded Response LTL (\LTLEBR), that allows one to combine bounded and universal unbounded temporal operators (thus covering a large set of practical cases), and we show that reactive synthesis from \LTLEBR specifications can be reduced to solving a safety game over a deterministic symbolic automaton built directly from the specification. We prove the correctness of the proposed approach and we successfully evaluate it on various benchmarks.Comment: Extended Versio

A first-order logic characterization of safety and co-safety languages

Linear Temporal Logic (LTL) is one of the most popular temporal logics, that comes into play in a variety of branches of computer science. Among the various reasons of its widespread use there are its strong foundational properties: LTL is equivalent to counter-free omega-automata, to star-free omega-regular expressions, and (by Kamp's theorem) to the first-order theory of one successor (S1S[FO]). Safety and co-safety languages, where a finite prefix suffices to establish whether a word does not belong or belongs to the language, respectively, play a crucial role in lowering the complexity of problems like model checking and reactive synthesis for LTL. SafetyLTL (resp., coSafetyLTL) is a fragment of LTL where only universal (resp., existential) temporal modalities are allowed, that recognises safety (resp., co-safety) languages only. The main contribution of this paper is the introduction of a fragment of S1S[FO], called SafetyFO, and of its dual coSafetyFO, which are expressively complete with respect to the LTL-definable safety and co-safety languages. We prove that they exactly characterize SafetyLTL and coSafetyLTL, respectively, a result that joins Kamp's theorem, and provides a clearer view of the characterization of (fragments of) LTL in terms of first-order languages. In addition, it gives a direct, compact, and self-contained proof that any safety language definable in LTL is definable in SafetyLTL as well. As a by-product, we obtain some interesting results on the expressive power of the weak tomorrow operator of SafetyLTL, interpreted over finite and infinite words. Moreover, we prove that, when interpreted over finite words, SafetyLTL (resp. coSafetyLTL) devoid of the tomorrow (resp., weak tomorrow) operator captures the safety (resp., co-safety) fragment of LTL over finite words

Controller Synthesis for Timeline-based Games

In the timeline-based approach to planning, the evolution over time of a set of state variables (the timelines) is governed by a set of temporal constraints. Traditional timeline-based planning systems excel at the integration of planning with execution by handling temporal uncertainty. In order to handle general nondeterminism as well, the concept of timeline-based games has been recently introduced. It has been proved that finding whether a winning strategy exists for such games is 2EXPTIME-complete. However, a concrete approach to synthesize controllers implementing such strategies is missing. This paper fills this gap, by providing an effective and computationally optimal approach to controller synthesis for timeline-based games.Comment: arXiv admin note: substantial text overlap with arXiv:2209.1031

Complexity of Safety and coSafety Fragments of Linear Temporal Logic

Linear Temporal Logic (LTL) is the de-facto standard temporal logic for system specification, whose foundational properties have been studied for over five decades. Safety and cosafety properties define notable fragments of LTL, where a prefix of a trace suffices to establish whether a formula is true or not over that trace. In this paper, we study the complexity of the problems of satisfiability, validity, and realizability over infinite and finite traces for the safety and cosafety fragments of LTL. As for satisfiability and validity over infinite traces, we prove that the majority of the fragments have the same complexity as full LTL, that is, they are PSPACE-complete. The picture is radically different for realizability: we find fragments with the same expressive power whose complexity varies from 2EXPTIME-complete (as full LTL) to EXPTIME-complete. Notably, for all cosafety fragments, the complexity of the three problems does not change passing from infinite to finite traces, while for all safety fragments the complexity of satisfiability (resp., realizability) over finite traces drops to NP-complete (resp., ${\Pi}^P_2$-complete)

Safe Decomposition of Startup Requirements: Verification and Synthesis

n/

A SAT-Based Encoding of the One-Pass and Tree-Shaped Tableau System for LTL

A new one-pass and tree-shaped tableau system for LTL sat- isfiability checking has been recently proposed, where each branch can be explored independently from others and, furthermore, directly cor- responds to a potential model of the formula. Despite its simplicity, it proved itself to be effective in practice. In this paper, we provide a SAT-based encoding of such a tableau system, based on the technique of bounded satisfiability checking. Starting with a single-node tableau, i.e., depth k of the tree-shaped tableau equal to zero, we proceed in an incremental fashion. At each iteration, the tableau rules are encoded in a Boolean formula, representing all branches of the tableau up to the current depth k. A typical downside of such bounded techniques is the effort needed to understand when to stop incrementing the bound, to guarantee the completeness of the procedure. In contrast, termination and completeness of the proposed algorithm is guaranteed without com- puting any upper bound to the length of candidate models, thanks to the Boolean encoding of the PRUNE rule of the original tableau system. We conclude the paper by describing a tool that implements our procedure, and comparing its performance with other state-of-the-art LTL solvers

Temporal Logic Specifications: Expressiveness, Satisfiability and Realizability

L’argomento principale di questa tesi riguarda le logiche temporali, con particolare attenzione alla loro potenza espressiva e ai problemi di soddisfacibilità e realizzabilità. Le logiche temporali sono oggigiorno un formalismo ben consolidato per esprimere proprietà su sequenze. La loro connessione con logiche al primo e second’ordine, con gli automi e con la verifica formale ha reso le logiche temporali non solo un potente framework teorico, ma anche un prezioso strumento pratico (per esempio per la specifica di sistemi concorrenti). Sul lato teorico, uno dei tipici problemi quando si lavora con una logica temporale è di caratterizzare esattamente la sua potenza espressiva, cioè di dare l’insieme di tutte e sole le proprietà che essa è in grado di formalizzare. Su un lato più pratico, ci sono due importanti problemi che vengono considerati quando si usano le logiche temporali come linguaggi di specifica: (i) il problema di soddisfacibilità, cioè stabilire se la formula data ammette almeno un modello; e (ii) il problema di realizzabilità, cioè stabilire se la formula data è implementabile. In verifica formale, la soddisfacibilità può essere usata come un controllo per individuare specifiche vacue (cioè formule valide o insoddisfacibili), mentre la realizzabilità può essere usata per controllare l’esistenza di implementazioni corrette per costruzione (e la loro conseguente sintesi). In questa tesi, cerchiamo di porci nell’intersezione tra il lato teorico e quello pratico delle logiche temporali, accompagnando i risultati teorici (quando possibile) con algoritmi, implementazioni e valutazioni sperimentali. Teoria: Introduciamo tre frammenti della Logica Temporale Lineare con Passato (LTL+P) e studiamo la loro potenza espressiva: (i) per il primo frammento (chiamato LTLEBR+P) dimostriamo che è espressivamente completo rispetto al frammento safety semantico di LTL+P (una proprietà si dice essere di safety se ogni sua violazione è irrimediabile); (ii) il secondo frammento (chiamato LTLEBR) è ottenuto da LTLEBR+P rimuovendo gli operatori al passato; dimostriamo che LTLEBR è strettamente meno espressivo di LTLEBR+P (iii) il terzo frammento `e chiamato GR-EBR ed è un’estensione di LTLEBR+P per esprimere proprietà che vanno oltre al frammento safety; confrontiamo la sua potenza espressiva con la Temporal Hierarchy di Manna e Pnueli. Inoltre proponiamo una caratterizzazione sintattica al prim’ordine (chiamata Safety-FO) che cattura il frammento safety semantico della logica al prim’ordine con un successore: questo risultato può essere considerato come la versione del Teorema di Kamp per proprietà safety. Problemi e Algoritmi: Consideriamo il problema di soddisfacibilità per LTL+P ed il problema di realizzabilità per specifiche di LTLEBR+P e GR-EBR. Particolare attenzione è rivolta all’uso di algoritmi simbolici al posto di quelli classici espliciti. Implementiamo tutti gli algoritmi che abbiamo proposto e li confrontiamo con gli altri tool concorrenti. Dai risultati delle valutazioni sperimentali, è spesso evidente che le nostre tecniche simboliche riescono a risolvere istanze di dimensioni che sono proibitive per gli altri tool basati su una rappresentazione esplicita. Ultimo, ma non per importanza, consideriamo un problema di rilevanza industriale nel contesto di requisiti real-time (cioè proprietà che esprimono non solo l’ordine tra gli eventi ma anche la quantità di tempo passata tra i due). Definiamo e formalizziamo il problema di compatibilità di requisiti temporizzati, diamo degli algoritmi simbolici per questo problema, e implementiamo e valutiamo la procedura proposta.The main topic of this thesis concerns temporal logics, with particular attention to their expressive power and to the satisfiability and realizability problems. Temporal logics are nowadays a well-established formalism for expressing properties about sequences. Their connection with first- and second-order logic, automata and formal verification makes temporal logics not only a powerful theoretical framework, but also a valuable tool in practical scenarios (e.g., for the specification of con- current systems). On the theoretical side, one typical problem when dealing with a temporal logic is to characterize exactly its expressive power, that is to give the set of all and only the properties that it can formalize. On a more practical side, there are two important problems that are considered when using temporal logics as specification languages: (i) the satisfiability problem, that is finding whether a given formula admits at least one model; and (ii) the realizability problem, namely to find whether a given formula is implementable. In formal verification, satisfiability can be used as a sanity check for detecting vacuous specifications (i.e., valid or unsatisfiable formulas), while realizability can be used to check the existence of correct-by-construction implementations (and their consequent synthesis). In this thesis, we try to stay in the intersection between the theoretical and the practical sides of temporal logics, by accompanying the theoretical results (whenever possible) with algorithms, implementations and experimental evaluations. Theory: We introduce three fragments of Linear Temporal Logic with Past (LTL+P) and study their expressive power: (i) for the first fragment (called LTLEBR+P), we prove that it is expressively complete with respect to the (semantically) safety fragment of LTL+P (a safety property is a property in which a violation is irremediable); (ii) the second fragment (called LTLEBR) is obtained from LTLEBR+P by removing past operators; we prove that LTLEBR is strictly less expressive than full LTLEBR+P; (iii) the third fragment is called GR-EBR and it is an extension of LTLEBR+P for expressing properties beyond the safety fragment; we compare its expressive power with the Temporal Hierarchy of Manna and Pnueli. In addition we propose a first-order syntactical characterization (called Safety-FO) that captures the semantically safety fragment of the first-order logic of one successor: this result can be considered as the version of Kamp’s Theorem for safety properties. Problems and Algorithms: We consider the satisfiability problem of LTL+P and the realizability problem from LTLEBR+P and GR-EBR specifications. Particular attention is devoted to the use of symbolic algorithms instead of classical explicit-state ones. We implement all the algorithms that we propose and we compare them with competitor tools. From the outcomes of the experimental evaluations, it is often evident that our symbolic techniques can solve instances of sizes that are prohibitive for the other tools based on an explicit-state representation. Last but not least, we consider an industrially relevant problem in the context of real-time requirements (i.e., properties expressing not only the ordering between events but also the amount of time elapsed between two events). We define and formalize the compatibility problem of timed requirements, give symbolic algorithms for this problem, and implement and evaluate the proposed procedure

The Quality Management System Adopted by SCM Zanussi

The purpose of this paper is to present the case study of SCM Zanussi, an enterprise that is located at Cordenons, in the province of Pordenone, Italy, and works in the metal sector. The enterprise activity consists of the planning, development, production and final check of dies for the casting under pressure of light alloys to be employed in the automotive field. The enterprise activity has always been based on collaboration relationships with customers during the steps of design and engineering of the dies. As a consequence, the quality management system adopted has allowed to obtain very good results as far as all the main parameters taken into account (customers\u2019 satisfaction, non compliances, production control) are concerned

One-pass and tree-shaped tableau systems for TPTL and TPTLb+past

In this paper, we propose a novel one-pass and tree-shaped tableau method for Timed Propositional Temporal Logic and for a bounded variant of its extension with past operators. Timed Propositional Temporal Logic (TPTL) is a real-time temporal logic, with an EXPSPACE-complete satisfiability problem, which has been successfully applied to the verification of real-time systems. In contrast to LTL, adding past operators to TPTL makes the satisfiability problem for the resulting logic (TPTL+P) non-elementary. In this paper, we devise a one-pass and tree-shaped tableau for both TPTL and bounded TPTL+P (TPTLb+P), a syntactic restriction introduced to encode timeline-based planning problems, which recovers the EXPSPACE-complete complexity. The tableau systems for TPTL and TPTLb+P are presented in a unified way, being very similar to each other, providing a common skeleton that is then specialised to each logic. In doing that, we characterise the semantics of TPTLb+P in terms of a purely syntactic fragment of TPTL+P, giving a translation that embeds the former into the latter. Soundness and completeness of the system are proved fully. In particular, we give a greatly simplified model-theoretic completeness proof, which sidesteps the complex combinatorial argument used by known proofs for the one-pass and tree-shaped tableau systems for LTL and LTL+P.Comment: In Proceedings GandALF 2018, arXiv:1809.0241