![Trigonometry 3D Trigonometry. r s h p q β α p, q and r are points on level ground, [sr] is a vertical flagpole of height h. The angles of elevation of.](https://static.fdocument.org/doc/165x107/5a4d1b4c7f8b9ab0599a5cf5/trigonometry-3d-trigonometry-r-s-h-p-q-p-q-and-r-are-points.jpg)
Daniel Neider 12 PauloTabuada 1 - University of PennsylvaniaDaniel Neider and Paulo Tabuada: Robust...
32
Robust LTL Daniel Neider 1,2 Paulo Tabuada 1 1 University of California, Los Angeles 2 University of Illinois at Urbana-Champaign Annual ExCAPE Meeting, MIT, Cambridge, Massachusetts, USA June 22 nd , 2015
Transcript of Daniel Neider 12 PauloTabuada 1 - University of PennsylvaniaDaniel Neider and Paulo Tabuada: Robust...
Robust LTL
Daniel Neider 1,2 Paulo Tabuada 1
1University of California, Los Angeles
2University of Illinois at Urbana-Champaign
Annual ExCAPE Meeting, MIT, Cambridge, Massachusetts, USAJune 22nd, 2015
Specifications of Open Systems
ϕ ⇒ ψ
Environment assumption System guarantee
Daniel Neider and Paulo Tabuada: Robust LTL 1
Specifications of Open Systems
ϕ ⇒ ψ
Environment assumption System guarantee
Fault Tolerance (Wikipedia)
“[...] If its operating quality decreases at all, the decrease isproportional to the severity of the failure, as compared to a naivelydesigned system in which even a small failure can cause totalbreakdown. [...]”
Daniel Neider and Paulo Tabuada: Robust LTL 1
Specifications of Open Systems
ϕ ⇒ ψ
Environment assumption System guarantee
GoalDevelop a semantics for LTL capturing “robustness”
I Here: only LTL( , )
Design Goals
I Robustness should be internal to the logicI We want to reuse the wealth of existing techniques for LTL
Daniel Neider and Paulo Tabuada: Robust LTL 1
Specifications of Open Systems
ϕ ⇒ ψ
Environment assumption System guarantee
GoalDevelop a semantics for LTL capturing “robustness”
I Here: only LTL( , )
Design Goals
I Robustness should be internal to the logicI We want to reuse the wealth of existing techniques for LTL
Daniel Neider and Paulo Tabuada: Robust LTL 1
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p
(1, 1, 1, 1)
p¬p p
(0, 1, 1, 1)
p¬p p
(0, 0, 1, 1)
p¬p p
(0, 0, 0, 1)
p¬p ¬p
(0, 0, 0, 0)
Daniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p (1, 1, 1, 1)
p¬p p (0, 1, 1, 1)
p¬p p (0, 0, 1, 1)
p¬p p (0, 0, 0, 1)
p¬p ¬p (0, 0, 0, 0)
shades
offalse
true
falseDaniel Neider and Paulo Tabuada: Robust LTL 2
Different Shades of False
In which ways can p be violated?
Weakening
p¬p p (1, 1, 1, 1)
p¬p p (0, 1, 1, 1)
p¬p p (0, 0, 1, 1)
p¬p p (0, 0, 0, 1)
p¬p ¬p (0, 0, 0, 0)
B4
Daniel Neider and Paulo Tabuada: Robust LTL 2
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:
I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebra
Daniel Neider and Paulo Tabuada: Robust LTL 3
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebra
Daniel Neider and Paulo Tabuada: Robust LTL 3
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebra
Daniel Neider and Paulo Tabuada: Robust LTL 3
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebra
Daniel Neider and Paulo Tabuada: Robust LTL 3
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebra
Daniel Neider and Paulo Tabuada: Robust LTL 3
A Da Costa Algebra over B4
Elements of B4 are ordered:
(0, 0, 0, 0) < (0, 0, 0, 1) < (0, 0, 1, 1) < (0, 1, 1, 1) < (1, 1, 1, 1)
Additionally, we introduce the following four operations:I a ∧ b = min {a, b}I a ∨ b = max {a, b}
I a ={
(0, 0, 0, 0) if a = (1, 1, 1, 1)(1, 1, 1, 1) otherwise
I a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
a b a ∧ b min {a, b} a ∨ b max {a, b}
0 0 0 0 0 00 1 0 0 1 11 0 0 0 1 11 1 1 1 1 1
Negation
(1, 1, 1, 1) (0, 0, 0, 0)
(0, 1, 1, 1) (1, 1, 1, 1)
(0, 0, 1, 1) (1, 1, 1, 1)
(0, 0, 0, 1) (1, 1, 1, 1)
(0, 0, 0, 0) (1, 1, 1, 1)
In fact, (B4, <,∧,∨, · ,→) is a so-called da Costa algebraDaniel Neider and Paulo Tabuada: Robust LTL 3
Robust Semantics
We use new symbols , and call this “logic” rLTL
The semantics of rLTL( , ) is a functionV : ΦrLTL( , ) × (2P)ω → B4 inductively defined by
I V (p, σ) ={
(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise
I V (ϕ ∧ ψ, σ) = V (ϕ, σ) ∧ V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) ∨ V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)
I V ( p, σ) = ( p, p, p, p)I V ( p, σ) = ( p, p, p, p)
Daniel Neider and Paulo Tabuada: Robust LTL 4
Robust Semantics
We use new symbols , and call this “logic” rLTL
The semantics of rLTL( , ) is a functionV : ΦrLTL( , ) × (2P)ω → B4 inductively defined by
I V (p, σ) ={
(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise
I V (ϕ ∧ ψ, σ) = V (ϕ, σ) ∧ V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) ∨ V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)
I V ( p, σ) = ( p, p, p, p)I V ( p, σ) = ( p, p, p, p)
Daniel Neider and Paulo Tabuada: Robust LTL 4
Robust Semantics
We use new symbols , and call this “logic” rLTL
The semantics of rLTL( , ) is a functionV : ΦrLTL( , ) × (2P)ω → B4 inductively defined by
I V (p, σ) ={
(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise
I V (ϕ ∧ ψ, σ) = V (ϕ, σ) ∧ V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) ∨ V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)
I V ( p, σ) = ( p, p, p, p)
I V ( p, σ) = ( p, p, p, p)
Daniel Neider and Paulo Tabuada: Robust LTL 4
Robust Semantics
We use new symbols , and call this “logic” rLTL
The semantics of rLTL( , ) is a functionV : ΦrLTL( , ) × (2P)ω → B4 inductively defined by
I V (p, σ) ={
(1, 1, 1, 1) if p ∈ σ(0)(0, 0, 0, 0) otherwise
I V (ϕ ∧ ψ, σ) = V (ϕ, σ) ∧ V (ψ, σ)I V (ϕ ∨ ψ, σ) = V (ϕ, σ) ∨ V (ψ, σ)I V (¬ϕ, σ) = V (ϕ, σ)I V (ϕ⇒ ψ, σ) = V (ϕ, σ)→ V (ψ, σ)
I V ( p, σ) = ( p, p, p, p)I V ( p, σ) = ( p, p, p, p)
Daniel Neider and Paulo Tabuada: Robust LTL 4
Example
Consider p ⇒ q, and assume V ( p ⇒ q, σ) = (1, 1, 1, 1)
I If p holds, then p evaluates to (1, 1, 1, 1). Hence, q has toevaluate to (1, 1, 1, 1), which means that q holds
I If p holds (and p does not), then p evaluates to(0, 1, 1, 1). Hence, q has to evaluate to (0, 1, 1, 1) or higher,which implies that q holds
I Similarly, p implies q and p implies q
Recall: a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
Daniel Neider and Paulo Tabuada: Robust LTL 5
Example
Consider p ⇒ q, and assume V ( p ⇒ q, σ) = (1, 1, 1, 1)I If p holds, then p evaluates to (1, 1, 1, 1). Hence, q has to
evaluate to (1, 1, 1, 1), which means that q holds
I If p holds (and p does not), then p evaluates to(0, 1, 1, 1). Hence, q has to evaluate to (0, 1, 1, 1) or higher,which implies that q holds
I Similarly, p implies q and p implies q
Recall: a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
Daniel Neider and Paulo Tabuada: Robust LTL 5
Example
Consider p ⇒ q, and assume V ( p ⇒ q, σ) = (1, 1, 1, 1)I If p holds, then p evaluates to (1, 1, 1, 1). Hence, q has to
evaluate to (1, 1, 1, 1), which means that q holdsI If p holds (and p does not), then p evaluates to
(0, 1, 1, 1). Hence, q has to evaluate to (0, 1, 1, 1) or higher,which implies that q holds
I Similarly, p implies q and p implies q
Recall: a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
Daniel Neider and Paulo Tabuada: Robust LTL 5
Example
Consider p ⇒ q, and assume V ( p ⇒ q, σ) = (1, 1, 1, 1)I If p holds, then p evaluates to (1, 1, 1, 1). Hence, q has to
evaluate to (1, 1, 1, 1), which means that q holdsI If p holds (and p does not), then p evaluates to
(0, 1, 1, 1). Hence, q has to evaluate to (0, 1, 1, 1) or higher,which implies that q holds
I Similarly, p implies q and p implies q
Recall: a→ b ={
(1, 1, 1, 1) if a ≤ bb otherwise
Daniel Neider and Paulo Tabuada: Robust LTL 5
Expressiveness
TheoremLTL( , ) and rLTL( , ) are equally expressive:
I Given an LTL( , ) formula ψ, one can construct an rLTL( , )formula ϕ such that for σ ∈ (2P)ω
V (ϕ, σ) = (1, 1, 1, 1) if and only if σ |= ψ
I Given an rLTL( , ) formula ϕ and b ∈ B4, one can construct anLTL( , ) formula ψ such that for σ ∈ (2P)ω
V (ϕ, σ) = b if and only if σ |= ψ
Note: |ψ| ∈ O(4|ϕ|)
Daniel Neider and Paulo Tabuada: Robust LTL 6
Expressiveness
TheoremLTL( , ) and rLTL( , ) are equally expressive:
I Given an LTL( , ) formula ψ, one can construct an rLTL( , )formula ϕ such that for σ ∈ (2P)ω
V (ϕ, σ) = (1, 1, 1, 1) if and only if σ |= ψ
I Given an rLTL( , ) formula ϕ and b ∈ B4, one can construct anLTL( , ) formula ψ such that for σ ∈ (2P)ω
V (ϕ, σ) = b if and only if σ |= ψ
Note: |ψ| ∈ O(4|ϕ|)
Daniel Neider and Paulo Tabuada: Robust LTL 6
Complexity ResultsTheoremGiven an rLTL( , ) formula ϕ over P, one can construct ageneralized Büchi Automaton A, containing dedicated states qb foreach b ∈ B4, such that for all σ ∈ (2P)ω
V (ϕ, σ) = b if and only if σ ∈ L(Aqb ).
A comprises O(5|ϕ|) states and at most 4 · |ϕ| acceptance sets.
Time complexity
rLTL( , ) LTL
Model checking 5|ϕ| 2|ϕ|
Synthesis 25|ϕ| 22|ϕ|
Daniel Neider and Paulo Tabuada: Robust LTL 7
Complexity ResultsTheoremGiven an rLTL( , ) formula ϕ over P, one can construct ageneralized Büchi Automaton A, containing dedicated states qb foreach b ∈ B4, such that for all σ ∈ (2P)ω
V (ϕ, σ) = b if and only if σ ∈ L(Aqb ).
A comprises O(5|ϕ|) states and at most 4 · |ϕ| acceptance sets.
Time complexity
rLTL( , ) LTL
Model checking 5|ϕ| 2|ϕ|
Synthesis 25|ϕ| 22|ϕ|
Daniel Neider and Paulo Tabuada: Robust LTL 7
Conclusion
Summary
I We introduced a semantics for LTL capturing robustnessI We demonstrated how to leverage the existing wealth of
techniques for LTL
What’s next?
I Full LTL (Next, Until, Release)I Address the “problem” of operators that work differently from
classical logics (e.g., “¬¬ϕ 6= ϕ”)I Do (complexity) results for restrictions of LTL carry over?
Daniel Neider and Paulo Tabuada: Robust LTL 8
![ˆ K G=K G arXiv:1703.03206v1 [math.RT] 9 Mar 2017arghyam/1703.03206.pdf · 2 A. MONDAL AND P. SANKARAN (A q;A q) of Gassociated to certain -stable parabolic algebras q ˆg of g 0](https://static.fdocument.org/doc/165x107/5eae230f1ba5fe20541dfdc5/-k-gk-g-arxiv170303206v1-mathrt-9-mar-arghyam170303206pdf-2-a-mondal.jpg)
