Omega-Automaten: Automaten über unendlichen Eingabeworten, Büchi-Automaten

Automata and

Formal Lanugages

Büchi Automata and Model Checking Ralf Möller

based on slides

by Chang-Beom Choi

Provable Software Lab, KAIST

Transition System to

Mealy-Style Automaton Translation

2 1

3

Each state is labeled with the propositions that hold in that state

Example transition system Corresponding automaton

{p,q}

{p}

{q}

{p,q}

{q}

i

1

2 3

p,q

q p

But: No accept states

Overview

Büchi Automata

• Büchi Automata

– Automata which accept infinite words

– named after Julius Richard Büchi, Swiss Logician

• Usually used for modeling systems with

infinite sequences of states, each of which satisfies certain atomic propositions

• Büchi Automaton M accepts sequences of labels

for program states: L(M) describes all potential sequences of state labels of the system (and

therefore describes system behavior)

Overview

Büchi Automaton (deterministic version)

• Definition

– M = (Σ, S, s

, , F)

Σ : alphabet (set of “labels for program states”)

S : set of automaton states s

: initial state

 : a transition function (S x Σ x S)

F : a set of accepting states

– M = (Σ, S, s

, ^ , F)

– The input of M is infinite w : a₀, a₁, … (∈ Σ^ω) – A run is a sequence of states r: s₀,s1, … (^∈ S^ω)

• Initiation: s0 ∈ S0

• Consecution : s_i+1∈ (s_i, a_i)

– Accepting run (r = s0,s1, … )

• There exists an infinite number of integers i ∈ N such that s_i ∈ F

Overview

Büchi Automaton

Overview

Büchi Automata

• P must eventually occur,

and if it occurs P holds forever

• Σ = {P, true}

• S = {q₀, q₁}

• s₀ = {q₀}

•  = {(q₀,true, q₀), (q₀, P, q₁), (q₁,P, q₁)

• F = {q₁}

run : q₀, q₁, q₁, q₁, …

Overview

Büchi Automata

• P must eventually occur,

and if it occurs P holds forever

• Σ = {P, true}

• S = {q₀, q₁}

• s₀ = {q₀}

•  = {(q₀,true, q₀), (q₀, P, q₁), (q₁,P, q₁)

• F = {q₁}

Relation to

Linear Temporal Logic

LTL Properties  Büchi automata

G p p p

true

F p p p

true

G (F p) p

The size of the property automaton can be exponential in the size of the LTL formula

p

p

p

Overview

• Model checking

– Specify requirement properties and build system model – Generate possible states from the model and then check

whether given requirement properties are satisfied within

the state space OK

Error Trace Found

or

Target Program

Requirement Properties

Model Check





Overview

• A process of Model Checking

– Modeling

• Build a model of program or system

– Specification

• Describe requirement properties

– Verification

• Checking that a model of the program or system satisfies a given specification

Overview

• How can we model check of a program or system?

– Modeling

• Build a Büchi automaton for a given program or system

– Specification

• Describe requirement properties using Temporal Logic

– Verification

• Automatically (semi-automatic)

Model Checker

Overview

Process of Model Checking

Target Program Requirement

Properties



