Syntax and Language Structure

In the following, the syntax and structure of the SALMA property specifica-tion language is described throughout several separate definispecifica-tions that specify the grammar using a simplified version of the EBNF. In particular, when an argument list is given as (X, . . . , X), this is an abbreviation for the EBNF expression ”(”X{”,”X}”)”, i.e. it allows one or multiple arguments. Addi-tionally, a “hat” decoration likepˆis used to indicate that a symbol has arity0. The presentation starts withformulas as the top-level elements of the language and then discusses their ingredients one by one.

Definition 4.1 (Formulas). The syntax of a SALMA-PSL formulaΦis spec-ified by the following grammar:

Φ ::=true|f alse|

Θ∼Θ|pˆ|p(Θ, . . . ,Θ)|Fˆ_B|F_B(Θ, . . . ,Θ)|not(Φ)|and(Φ, . . . ,Φ)| or(Φ, . . . ,Φ)|implies(Φ,Φ)|f orall(x:T,Φ)|exists(x:T,Φ)| occur(α)|always(τ,Φ)|eventually(τ,Φ)|until(τ,Φ,Φ)| let(z: Θ,Φ)

Here, Θrepresents a term as defined in Definition 4.2, ∼ is a comparison operator (like <, >, =, or 6=), pˆand p are situation-independent predicates, Fˆ_B andF_Bare relational fluents,x andzare variable names, T is the name of afinite sort,αis an action instance as in Definition 4.5, andτ is an admissible time bound expression (see Definition 4.4). Besides that, not, and, or, and implies are the usual logical connectives. Furthermore, f orall and exists denote the universal and existential quantifiers that are restricted to finite domains, which have to be specified by means of an entity sort name after the colon in the quantifier’s variable declaration. The special predicateoccur tests whether an action or event was performed or happened in the current time step. As mentioned in the beginning, the temporal operators always, eventually, and untilare restricted with a finite time bound that is specified as the first argument. Finally, the keywordlet provides a means for assigning expression values to variables that can be reused within nested subformulas.

One point that immediately strikes out in the definition above is that fluents are used without a situation argument. Indeed, situation terms are

suppressed entirely in SALMA-PSL formulas and restored during evaluation according, either by inserting the current situation or a situation constructed in the context of lookahead evaluation (see Section 5.6.3). The basic ingredients of a formula areterms, which can be used as arguments of predicates or relational fluents or in comparisons.

Definition 4.2 (Terms). The syntax of SALMA-PSL terms, represented by Θ, is specified by the following grammar:

Θ ::= Θ_R|x|e|fˆ_T |f_T(Θ, . . . ,Θ)|Fˆ_T |F_T(Θ, . . . ,Θ)

HereΘ_Ris a numeric term (see Definition 4.3 below),xis a variable whose type is a finite sort, e is an entity value,T is a finite sort from the model,fˆT

and f_T are situation-independent functions of type T, and Fˆ_T as well as F_T are functional fluents of type T.

In the general definition of terms above, a distinction is made between numeric and non-numeric terms, i.e. terms that represent a value from a finite entity sort. The reason for this is that only the former may be used within arithmetic expressions.

Definition 4.3 (Numeric terms). Numeric terms have the following syntax:

Θ_R::=x|c|Θ_R~Θ_R|f_R(Θ, . . . ,Θ)|F_R(Θ, . . . ,Θ)| lastT ime(α)

Herexis a numeric variable,cis a numeric literal,~is an arithmetic oper-ator (like+,−,∗,/),fˆ_Rand f_Rare numeric situation-independent functions, and both Fˆ_R and F_R are numeric fluents. Furthermore, α is action instance and lastT ime is a special function that returns the last time at which the action instance α occurred.

It is actually necessary to constrain numeric terms further when they are used for specifying time bounds in temporal operators. In fact, SALMA only allows time bounds specified by either a natural number literal or a variable that is bound in alet-expression that encapsulates the temporal operator. The restriction to a plain natural number instead of a more complex expression is necessary because of the way such expressions are evaluated, which will be explained in Chapter 5. Without going into details, it can be said that a compound expression is translated into a conjunction of chained evaluations and variable assignments. However, because the time bound would have to be calculated before the temporal operator expression, it would not be possible to treat this temporal expression separately. Since that is necessary for the evaluation goal scheduling mechanism (see Section 5.5), allowing arbitrary ex-pressions time bounds would require a separate evaluation strategy. A solution

to this problem is to move the desired time bound expression to the definition of a variable in a let-expressions. During evaluation, the variable is replaced by the expression’s value and the let-block is eliminated. For the evaluation goal schedule, this effectively has the same effect as using a numeric literal.

Since it would be rather hard to guarantee that an expression always evaluates to a natural number, the SALMA-PSL interpreter allows any real number as time bound and rounds it appropriately (see Section 4.1.3). The restrictions defined above are summarized in the next definition.

Definition 4.4 (Admissible time bound expression). An expression τ is an admissible time bound expression if it is either a numeric literal, i.e. τ ∈ N, or the temporal operator that uses τ is nested in the body φ within a let -expression of the form let(τ : Θ_R, φ) where Θ_R is a numeric term as defined above.

As seen above, it is sometimes necessary to refer to anaction instance, i.e.

an action symbol together with a combination of arguments for all parameters according to the action’s signature (see Section 3.2.3).

Definition 4.5 (Action instance). An action instance is a special term con-strained by the following grammar:

α::= ˆa|a(Θ, . . . ,Θ)|evˆ |ev(Θ, . . . ,Θ)

Here Θrepresents an arbitrary term, ˆaand evˆ are0-ary action and event symbols, and a and ev are n-ary action and event symbols from the model signature.

Similarly, a fluent instance refers to a concrete selection of values for a fluent.

Definition 4.6 (Fluent instance). The syntax of a fluent instance is defined as follows:

γ ::= ˆFT |FT(Θ, . . . ,Θ)

Here,Θrepresents an arbitrary term, andFˆT andFT are0-ary and n-ary fluent symbols of type T.

The definitions above have introduced all constituents that are used to build formulas and terms in SALMA-PSL. The last step that is necessary in order to make a SALMA-PSL formula usable as a property that is checked

during statistical model checking is to mark it as either an invariant or a goal. This information is added by wrapping the formula in one of the pseudo-operators invariant or goal.

Definition 4.7 (SALMA-PSL property). The syntax of a SALMA-PSL prop-erty Propis specified by the grammar

Prop::= invariant(Φ)|goal(Φ) whereΦcan be any formula as defined in Definition 4.1.

Before the formal semantics of SALMA-PSL formulas is presented in Sec-tion 4.1.3, it is helpful to examine some examples that demonstrate the typical usage of the language constructs.