Download Decision Problems for Metric Temporal Logic

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
Document related concepts

Computational fluid dynamics wikipedia , lookup

Corecursion wikipedia , lookup

Halting problem wikipedia , lookup

Transcript 
Decision Problems for Metric Temporal Logic
Joël Ouaknine
Department of Computer Science
Oxford University
Quantitative Model Checking Winter School, February 2012
Metric Temporal Logic (MTL)
• MTL = LTL + timing constraints on operators:
– ♦[3,5] a
– !(a → ♦=1 b)
ϕ ::= TRUE | ϕ1 ∧ ϕ2 | ¬ϕ | a | ϕ1 UI ϕ2
where a is atomic and I ⊆ R is an interval with integer (or
unbounded) endpoints.
Modal operators !I and ♦I are derived from UI in the usual way.
Metric Temporal Logic (MTL)
• MTL = LTL + timing constraints on operators:
– ♦[3,5] a
– !(a → ♦=1 b)
• ϕ ::= TRUE | ϕ1 ∧ ϕ2 | ¬ϕ | a | ϕ1 UI ϕ2
where a is atomic and I ⊆ R is an interval with integer (or
unbounded) endpoints.
Modal operators !I and ♦I are derived from UI in the usual way.
Metric Temporal Logic (MTL)
• MTL = LTL + timing constraints on operators:
– ♦[3,5] a
– !(a → ♦=1 b)
• ϕ ::= TRUE | ϕ1 ∧ ϕ2 | ¬ϕ | a | ϕ1 UI ϕ2
where a is atomic and I ⊆ R is an interval with integer (or
unbounded) endpoints.
• Modal operators !I and ♦I are derived from UI in the usual way.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
1
t0
c
a
2
c
a
3
The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
1
t0
c
a
2
c
a
3
The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
1
t0
c
a
2
c
a
3
The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
• The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
• The continuous semantics is based on flows (or signals):
p
0
q
q
r
1
s
p
r
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
• The continuous semantics is based on flows (or signals):
p
0
q
t1
q
r
t2 t3
1
s
t4
p
r
t5
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
• The continuous semantics is based on flows (or signals):
p
0
q
t1
q
r
t2 t3
1
s
t4
p
r
t5
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
The Semantics of MTL
MTL has two main semantics: point-based and continuous:
• The point-based semantics is based on timed words
(finite or infinite sequences of timed events):
a
b
b
0
t1
t2
t0
1
2
a
c
c
a
t3
t4
t5
t6
3
• The continuous semantics is based on flows (or signals):
p
0
q
t1
q
r
t2 t3
1
s
t4
p
r
t5
2
3
We require that infinite timed words be non-Zeno: time should diverge
(timestamps get unboundedly large).
We also require that flows have finite variability: only finitely many
discontinuities in any finite amount of time.
Point-based vs. Continuous Semantics
• The point-based semantics is used to express specifications for
timed automata with labels on transitions.
It offers a series of ‘snapshot observations’ of the system under
consideration, every time an event (discrete change) occurs.
The continuous semantics is used to express specifications for
timed automata with labels on states.
It follows the evolution of the system at every instant in time.
Point-based vs. Continuous Semantics
• The point-based semantics is used to express specifications for
timed automata with labels on transitions.
It offers a series of ‘snapshot observations’ of the system under
consideration, every time an event (discrete change) occurs.
• The continuous semantics is used to express specifications for
timed automata with labels on states.
It follows the evolution of the system at every instant in time.
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
For example, let ϕ be:
!(request −→ ♦[0,1] grant)
Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
– Let w be:
!(request −→ ♦[0,1] grant)
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
– Let w be:
!(request −→ ♦[0,1] grant)
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
– Let w be:
!(request −→ ♦[0,1] grant)
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
– Let w be:
!(request −→ ♦[0,1] grant)
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
– Let w be:
!(request −→ ♦[0,1] grant)
1
0
Does w " ϕ ?
1
2
3
Point-based Semantics for MTL
• The relationship w " ϕ is defined inductively as in LTL.
– For example, let ϕ be:
!(request −→ ♦[0,1] grant)
– Let w be:
1
0
Indeed, w " ϕ.
1
2
3
Decision Problems for MTL
• Model checking: Given ϕ and a timed automaton A, does w " ϕ for
all words/flows w ∈ L(A) ?
• Satisfiability: Given ϕ, does there exist a word/flow w such that
w"ϕ?
Undecidability
Unfortunately, a transcription error led to the widespread belief
[AH92, AH93, H98, HR04, . . . ] that:
“Theorem.” Model checking and satisfiability are undecidable for
(weak fragments of) MTL.
In fact,
Theorem. [Alur and Henzinger, LICS 90]. MTL + past temporal
operators is undecidable (over both finite and infinite words/flows).
The original theorem and proof were correct, however an oversight
led to the claim, in the Conclusion, that “Any dense-time logic that
can express !(a −→ ♦=1 b) is undecidable.”
This led to the folklore slogan that
“Punctuality =⇒ undecidability.”
Undecidability
Unfortunately, a transcription error led to the widespread belief
[AH92, AH93, H98, HR04, . . . ] that:
“Theorem.” Model checking and satisfiability are undecidable for
(weak fragments of) MTL.
In fact,
Theorem. [Alur and Henzinger, LICS 90]. MTL + past temporal
operators is undecidable (over both finite and infinite words/flows).
The original theorem and proof were correct, however an oversight
led to the claim, in the Conclusion, that “Any dense-time logic that
can express !(a −→ ♦=1 b) is undecidable.”
This led to the folklore slogan that
“Punctuality =⇒ undecidability.”
Undecidability
Unfortunately, a transcription error led to the widespread belief
[AH92, AH93, H98, HR04, . . . ] that:
“Theorem.” Model checking and satisfiability are undecidable for
(weak fragments of) MTL.
In fact,
Theorem. [Alur and Henzinger, LICS 90]. MTL + past temporal
operators is undecidable (over both finite and infinite words/flows).
• The original theorem and proof were correct, however an oversight
led to the claim, in the Conclusion, that “Any dense-time logic that
can express !(a −→ ♦=1 b) is undecidable.”
• This led to the folklore slogan that
“Punctuality =⇒ undecidability.”
“The Benefits of Relaxing Punctuality”
• The perceived undecidability of MTL led researchers to investigate
‘punctually relaxed’ versions of MTL.
• Alur, Feder, and Henzinger defined the logic
Metric Interval Temporal Logic (MITL) [JACM 96].
MITL restricts MTL by forbidding punctual (singleton) intervals
I as time constraints.
They showed that model checking and satisfiability are
EXPSPACE-Complete.
The proof was very intricate (11 pages). Later on, Hirshfeld and
Rabinovich, as well as Maler, Nickovic, and Pnueli, published
considerably improved proofs.
Other attempted restrictions include, e.g., interpreting MTL over
integer time (also EXPSPACE-Complete). . .
“The Benefits of Relaxing Punctuality”
• The perceived undecidability of MTL led researchers to investigate
‘punctually relaxed’ versions of MTL.
• Alur, Feder, and Henzinger defined the logic
Metric Interval Temporal Logic (MITL) [JACM 96].
– MITL restricts MTL by forbidding punctual (singleton) intervals
I as time constraints.
They showed that model checking and satisfiability are
EXPSPACE-Complete.
The proof was very intricate (11 pages). Later on, Hirshfeld and
Rabinovich, as well as Maler, Nickovic, and Pnueli, published
considerably improved proofs.
Other attempted restrictions include, e.g., interpreting MTL over
integer time (also EXPSPACE-Complete). . .
“The Benefits of Relaxing Punctuality”
• The perceived undecidability of MTL led researchers to investigate
‘punctually relaxed’ versions of MTL.
• Alur, Feder, and Henzinger defined the logic
Metric Interval Temporal Logic (MITL) [JACM 96].
– MITL restricts MTL by forbidding punctual (singleton) intervals
I as time constraints.
– They showed that model checking and satisfiability are
EXPSPACE-Complete.
– The proof was very intricate (11 pages). Later on, Hirshfeld and
Rabinovich, as well as Maler, Nickovic, and Pnueli, published
considerably improved proofs.
Other attempted restrictions include, e.g., interpreting MTL over
integer time (also EXPSPACE-Complete). . .
“The Benefits of Relaxing Punctuality”
• The perceived undecidability of MTL led researchers to investigate
‘punctually relaxed’ versions of MTL.
• Alur, Feder, and Henzinger defined the logic
Metric Interval Temporal Logic (MITL) [JACM 96].
– MITL restricts MTL by forbidding punctual (singleton) intervals
I as time constraints.
– They showed that model checking and satisfiability are
EXPSPACE-Complete.
– The proof was very intricate (11 pages). Later on, Hirshfeld and
Rabinovich, as well as Maler, Nickovic, and Pnueli, published
considerably improved proofs.
• Other attempted restrictions include, e.g., interpreting MTL over
integer time (also EXPSPACE-Complete). . .
Safety and Liveness
A property of a real-time system is a set of timed words.
• Safety property: every violation has a finite bad (irredeemable)
prefix.
– ‘You do not shoot your supervisor’: !¬shoot.
• Liveness property: there are no bad prefixes (it’s never too late).
– ‘You eventually submit your thesis’: ♦submit.
Safety and Liveness
Q. Classify the following property: safety, liveness, or a mixture?
– ‘You submit your thesis within 3 years’: ♦[0,3] submit.
A. This is a safety property because of the non-Zenoness assumption
on timed words. Any non-Zeno word violating the property has a
finite bad prefix.
Realistic specifications define safety properties relative to the
divergence of time. Contrast with ‘You submit your thesis’!
Safety and Liveness
Q. Classify the following property: safety, liveness, or a mixture?
– ‘You submit your thesis within 3 years’: ♦[0,3] submit.
A. This is a safety property because of the non-Zenoness assumption
on timed words. Any non-Zeno word violating the property has a
finite bad prefix.
Realistic specifications define safety properties relative to the
divergence of time. Contrast with ‘You submit your thesis’!
Safety and Liveness
Q. Classify the following property: safety, liveness, or a mixture?
– ‘You submit your thesis within 3 years’: ♦[0,3] submit.
A. This is a safety property because of the non-Zenoness assumption
on timed words. Any non-Zeno word violating the property has a
finite bad prefix.
Realistic specifications define safety properties relative to the
divergence of time. Contrast with ‘You submit your thesis’!
Safety Fragments of MTL
There are various ways to impose syntactic restrictions on MTL to obtain
safety fragments of it:
• BMTL requires that all time constraints I be bounded.
– BMTL is in some sense ‘dual’ to MITL.
IMTL extends BMTL in allowing unbounded !I , but only under an
even number of negations.
IMTL = BMTL + Invariance.
Safety MTL requires that all future eventualities (♦I , UI ) be
time-bounded.
We have BMTL ⊆ IMTL ⊆ Safety MTL.
Safety Fragments of MTL
There are various ways to impose syntactic restrictions on MTL to obtain
safety fragments of it:
• BMTL requires that all time constraints I be bounded.
– BMTL is in some sense ‘dual’ to MITL.
• IMTL extends BMTL in allowing unbounded !I , but only under an
even number of negations.
– IMTL = BMTL + Invariance.
Safety MTL requires that all future eventualities (♦I , UI ) be
time-bounded.
We have BMTL ⊆ IMTL ⊆ Safety MTL.
Safety Fragments of MTL
There are various ways to impose syntactic restrictions on MTL to obtain
safety fragments of it:
• BMTL requires that all time constraints I be bounded.
– BMTL is in some sense ‘dual’ to MITL.
• IMTL extends BMTL in allowing unbounded !I , but only under an
even number of negations.
– IMTL = BMTL + Invariance.
• Safety MTL requires that all future eventualities (♦I , UI ) be
time-bounded.
We have BMTL ⊆ IMTL ⊆ Safety MTL.
Safety Fragments of MTL
There are various ways to impose syntactic restrictions on MTL to obtain
safety fragments of it:
• BMTL requires that all time constraints I be bounded.
– BMTL is in some sense ‘dual’ to MITL.
• IMTL extends BMTL in allowing unbounded !I , but only under an
even number of negations.
– IMTL = BMTL + Invariance.
• Safety MTL requires that all future eventualities (♦I , UI ) be
time-bounded.
We have BMTL ⊆ IMTL ⊆ Safety MTL.
Safety Fragments of MTL
Note that:
• All these fragments define safety properties relative to the
assumption of non-Zenoness.
• All these fragments allow punctuality.
• Only BMTL is closed under negation.
Flat and Coflat Fragments of MTL
• Flat MTL is defined as follows in negation-normal form:
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
– Flat MTL = BMTL + MITL-Persistence.
Coflat MTL is the dual logic (negation of Flat MTL):
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
MITL, BMTL, IMTL ⊆ Coflat MTL.
Note: Neither Flat MTL nor Coflat MTL are safety fragments.
Flat and Coflat Fragments of MTL
• Flat MTL is defined as follows in negation-normal form:
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
– Flat MTL = BMTL + MITL-Persistence.
• Coflat MTL is the dual logic (negation of Flat MTL):
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
– MITL, BMTL, IMTL ⊆ Coflat MTL.
Note: Neither Flat MTL nor Coflat MTL are safety fragments.
Flat and Coflat Fragments of MTL
• Flat MTL is defined as follows in negation-normal form:
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
– Flat MTL = BMTL + MITL-Persistence.
• Coflat MTL is the dual logic (negation of Flat MTL):
ϕ ::= p | ¬p | ϕ ∧ ϕ | ϕ ∨ ϕ | ϕ UI ϕ | ϕ U!I ϕ
where I unbounded ⇒ ϕ ∈ MITL.
– MITL, BMTL, IMTL ⊆ Coflat MTL.
Note: Neither Flat MTL nor Coflat MTL are safety fragments.
Fragments of MTL
BMTL
IMTL
Safety MTL
MTL
LTL
MITL
Coflat MTL
Examples
!(request −→ ♦=1 grant)
is in IMTL, Safety MTL, and Coflat MTL.
It is not in BMTL or Flat MTL. (Nor in MITL.)
is not a safety formula.
!(request −→ ♦grant)
Since it is in LTL, it is in both Flat MTL and Coflat MTL. (And MITL.)
Examples
!(request −→ ♦=1 grant)
is in IMTL, Safety MTL, and Coflat MTL.
It is not in BMTL or Flat MTL. (Nor in MITL.)
is not a safety formula.
!(request −→ ♦grant)
Since it is in LTL, it is in both Flat MTL and Coflat MTL. (And MITL.)
Examples
!(request −→ ♦=1 grant)
is in IMTL, Safety MTL, and Coflat MTL.
It is not in BMTL or Flat MTL. (Nor in MITL.)
is not a safety formula.
!(request −→ ♦grant)
Since it is in LTL, it is in both Flat MTL and Coflat MTL. (And MITL.)
Examples
!(request −→ ♦=1 grant)
is in IMTL, Safety MTL, and Coflat MTL.
It is not in BMTL or Flat MTL. (Nor in MITL.)
is not a safety formula.
!(request −→ ♦grant)
Since it is in LTL, it is in both Flat MTL and Coflat MTL. (And MITL.)
Channel Machines
a b c
a!
a?
a?
c!
b?
c?
b!
Thm. The halting problem for channel machines is undecidable.
Channel Machines
a b c
a!
a?
a?
c!
b?
c?
b!
Thm. The halting problem for channel machines is undecidable.
Channel Machines
a b c a
a!
a?
a?
c!
b?
c?
b!
Thm. The halting problem for channel machines is undecidable.
Channel Machines
b c a
a!
a?
a?
c!
b?
c?
b!
Thm. The halting problem for channel machines is undecidable.
Channel Machines
b c a c
a!
a?
a?
c!
b?
c?
b!
Thm. The halting problem for channel machines is undecidable.
Channel Machines
b c a c
q1
a!
a?
a?
q0
c!
q3
q2
b?
c?
b!
q4
Thm. The halting problem for channel machines is undecidable.
Channel Machines
b c a c
q1
a!
a?
a?
q0
c!
q3
q2
b?
c?
b!
q4
Trace: q0 a! q1 a? q2 c! q3 · · ·
Channel Cycles
abcde
Channel Cycles
abcde
Channel Cycles
abcdef
Channel Cycles
abcdef g
Channel Cycles
bcdef g
Channel Cycles
cdef g
Channel Cycles
cdef gh
Channel Cycles
cdef ghi
Channel Cycles
cdef ghij
Channel Cycles
def ghij
Channel Cycles
def ghijk
Channel Cycles
def ghijkl
Channel Cycles
def ghijklm
Channel Cycles
def ghijklmn
Channel Cycles
ef ghijklmn
Channel Cycles
f ghijklmn
Channel Cycles
f ghijklmn
An EXPSPACE Algorithm
Theorem. The cycle-bounded reachability problem for single-channel
machines is decidable in EXPSPACE.
• Channel may contain doubly exponentially many messages in terms
of the number of cycles.
• Proof idea: can guess and verify a computation table using
exponential space.
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q
b! r
r a? q c! p
d! q b? r
r b! p c? r a! r d? q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Computation Table
a!
b!
a?
c!
d!
b?
b!
c?
a!
d?
p −→ q −→ r −→ q −→ p −→ q −→ r −→ p −→ r −→ r −→ q
p a! q q q q q q q b! r
r a? q c! p p p d! q b? r
r b! p c? r a! r d? q q q
Reducing BMTL to Cycle-Bounded Channel Machines
• BMTL has a small-model property:
Satisfiable BMTL formulas have models with prefixes of duration at
most exponential (in the size of the formula).
Runs of the corresponding alternating automaton can be computed
with an (exponential) cycle-bounded Channel Automaton that in
addition has global Renaming and Occurrence Testing as primitive
operations (CAROTs).
The halting problem for CAROTS is also in EXPSPACE.
Corollary: BMTL Satisfiability is in EXPSPACE.
Reducing BMTL to Cycle-Bounded Channel Machines
• BMTL has a small-model property:
Satisfiable BMTL formulas have models with prefixes of duration at
most exponential (in the size of the formula).
• Runs of the corresponding alternating automaton can be computed
with an (exponential) cycle-bounded Channel Automaton that in
addition has global Renaming and Occurrence Testing as primitive
operations (CAROTs).
The halting problem for CAROTS is also in EXPSPACE.
Corollary: BMTL Satisfiability is in EXPSPACE.
Reducing BMTL to Cycle-Bounded Channel Machines
• BMTL has a small-model property:
Satisfiable BMTL formulas have models with prefixes of duration at
most exponential (in the size of the formula).
• Runs of the corresponding alternating automaton can be computed
with an (exponential) cycle-bounded Channel Automaton that in
addition has global Renaming and Occurrence Testing as primitive
operations (CAROTs).
• The halting problem for CAROTS is also in EXPSPACE.
Corollary: BMTL Satisfiability is in EXPSPACE.
Reducing BMTL to Cycle-Bounded Channel Machines
• BMTL has a small-model property:
Satisfiable BMTL formulas have models with prefixes of duration at
most exponential (in the size of the formula).
• Runs of the corresponding alternating automaton can be computed
with an (exponential) cycle-bounded Channel Automaton that in
addition has global Renaming and Occurrence Testing as primitive
operations (CAROTs).
• The halting problem for CAROTS is also in EXPSPACE.
Corollary: BMTL Satisfiability is in EXPSPACE.
Coflat MTL Model Checking
• Let A be a timed automaton and ϕ a Coflat MTL formula.
• We can construct a timed alternating automaton BA,¬ϕ that captures
the joint runs of A and ¬ϕ.
• Using flatness and a ranking argument, one can show that any run of
BA,¬ϕ can be partitioned into ‘active’ and ‘MITL’ segments:
active
MITL
active
MITL active
MITL
active
MITL . . .
• Moreover, the number of active segments is exponentially bounded,
and their total duration is also exponentially bounded.
• The runs of BA,¬ϕ can be simulated by a CAROT C.
• A " ϕ iff C has no accepting computations.
• Corollary: Coflat MTL model checking is EXPSPACE-Complete.
Complexity of MTL Fragments over the Point-Based Semantics
Model Checking
Satisfiability
LTL
PSPACE-Complete
PSPACE-Complete
MITL
EXPSPACE-Complete
EXPSPACE-Complete
BMTL
EXPSPACE-Complete
EXPSPACE-Complete
IMTL
EXPSPACE-Complete
Non-Elem.-Hard
Safety MTL
Non-Prim. Rec.
Non-Elem.-Hard
Coflat MTL
EXPSPACE-Complete
Undecidable
MTL (finite)
Non-Prim. Rec.
Non-Prim. Rec.
MTL
Undecidable
Undecidable
Complexity of MTL Fragments over the Continuous Semantics
Model Checking
Satisfiability
LTL
PSPACE-Complete
PSPACE-Complete
MITL
EXPSPACE-Complete
EXPSPACE-Complete
BMTL
EXPSPACE-Complete
EXPSPACE-Complete
IMTL
EXPSPACE-Complete
Undecidable
Safety MTL
Undecidable
Undecidable
Coflat MTL
EXPSPACE-Complete
Undecidable
MTL (finite)
Undecidable
Undecidable
MTL
Undecidable
Undecidable
Summary and Future Directions
• A fairly broad picture of the complexity of Metric Temporal Logic
and its various fragments.
• Techniques employed reveal surprising connections between various
fragments of MTL and various types of faulty Turing machines.
• Such techniques apply more generally to infinite-state systems
operating on unbounded structured data (with restrictions).
Timing Is Everything!
Related documents
Invited speaker Topic 2 Professor Shuichi Hasegawa Georisks
Invited speaker Topic 2 Professor Shuichi Hasegawa Georisks
Predicting the Accuracy of Regression Models in the Retail Industry
Predicting the Accuracy of Regression Models in the Retail Industry
Improving Teacher Knowledge in Geometry and Measurement
Improving Teacher Knowledge in Geometry and Measurement
Cooper Crouse-Hinds MTL Releases Next Generation Fieldbus Surge Protection 5/1/10 Read more
Cooper Crouse-Hinds MTL Releases Next Generation Fieldbus Surge Protection 5/1/10 Read more
Human MTL Lesions: Evidence Against the PM Hypothesis
Human MTL Lesions: Evidence Against the PM Hypothesis
Alternative Chemistries for Wafer Patterning and PECVD Chamber
Alternative Chemistries for Wafer Patterning and PECVD Chamber
Stronger version of standard completeness theorem for
Stronger version of standard completeness theorem for
Sparse but not `Grandmother-cell` coding in the medial temporal lobe
Sparse but not `Grandmother-cell` coding in the medial temporal lobe
long term memory
long term memory
Expressive Completeness for Metric Temporal Logic
Expressive Completeness for Metric Temporal Logic
Study Guide Solutions
Study Guide Solutions
Database Systems and Security Research
Database Systems and Security Research
Principles of Programming Languages
Principles of Programming Languages