Formal Systems for Temporal Logic in Computer Science

Formal Systems for Temporal Logic in Computer Science
Slide Note
Embed
Share

This course covers the basic temporal operators and why they are essential in transitioning from combinational to sequential behavior in logics. Explore linear time, branching time logic, SystemVerilog assertions, and architectural styles for assertion IPs. Understand the significance of temporal logic in properties spanning cycle boundaries and different implementations. Delve into transition systems, Kripke structures, and path sequences within this engaging field.

  • Formal Systems
  • Temporal Logic
  • Computer Science
  • SystemVerilog
  • Kripke Structures
sorellava
sorellava Follow

Uploaded on Apr 12, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. LTL Properties COURSE: CS60030 FORMAL SYSTEMS Pallab Dasgupta Professor, Dept. of Computer Sc & Engg 1 INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR

  2. Agenda The Basic Temporal Operators Why we need temporal operators From combinational behavior to sequential behavior Logics for Temporal Specification Linear Time and Branching Time Logic SystemVerilog Assertions A concise tutorial Architectural Styles for Assertion IPs 2

  3. Why do we need temporal logic? Propositional Logic Boolean formulas cout a1 a2 a1 a2 s cout Half Adder s a1 a2 g1 g2 r1 r2 RR Arbiter Temporal Logic Properties span across cycle boundaries Consider a property of a two way round-robin arbiter If the request bit r1 is true in a cycle then the grant bit g1has to be true within the next two cycles

  4. What does temporal mean? g1 g2 r1 r2 If r1 is true in a cycle then g1has to be true within the next two cycles RR Arbiter Temporal worlds r1(1) r2(1) g1(1) g2(1) r1(2) r2(2) g1(2) g2(2) r1(0) r2(0) g1(0) g2(0) t [ r1(t) g1(t+1) g1(t+2) ] time:1 time:2 time:0 In propositional temporal logic, the time variable t is implicit. For example, we may write: always r1 (next g1) or (next next g1) 4

  5. Implementations may not be logically equivalent Specification: g1 r1 r2 g1 g2 r1 r2 RR Arbiter g2 Implementation-1 (neither reads r1 nor r2 !!) Design an arbiter with the following properties: 1. Whenever r1 is raised, the arbiter must assert g1 within the next two cycles g1 r1 r2 2. Whenever r2 is raised, the arbiter must eventually assert g2 g2 Implementation-2 (reads r1 but not r2 !!) 3. The grant lines g1 and g2 are never asserted together 5

  6. Transition Systems (Kripke Structure) K = (AP, S, S0, T, L) AP is a set of atomic propositions S is a set of states S0 is a set of initial states T S X S, is a total transition relation L: S 2AP is a labeling function p q r S0 (010) S1 (001) S4 (000) S2 (100) S3 (111) p,q p 6

  7. Path A path = n0, n1, in a Kripke structure, K = (AP, S, S0, T, L), is a sequence of states such that k, (nk, nk+1) T p q r S0 (010) S1 (001) S4 (000) S2 (100) S3 (111) k suffix of nk in p,q p = n0, n1, , nk, nk+1, Sample paths: s0, s1, s4, s4, s4, s0, s2, s3, s0, s2, s3, s0, s2, s3, s1, s3, s0, prefix of nk in 7

  8. Temporal Operators Two fundamental path operators: Next operator Xp property p holds in the next state Until operator p U q property p holds in all states up to the state where property q holds Several derived (and commonly used operators) Eventual operator Fp property p holds eventually (at some future state) Always operator Gp property p holds always (at all states) All these operators are interpreted over paths of the underlying Kripke structure Temporal logics also support all the Boolean operators 8

  9. The Next Operator X p p holds p holds in the next state of the path Formally: |= Xf iff 1 |= f 9

  10. The Until Operator p U q p holds q holds q holds eventually and p holds until q holds Formally: |= f U g iff k such that k |= g and j, 0 j < k we have j |= f 10

  11. The eventual Operator F p p holds p holds eventually (in future) Alternatively p does not hold always Formally: |= Fg iff k such that k |= g which has the same meaning as true U g 11

  12. The always Operator G p p holds p holds always (globally) Alternatively p does not hold eventually Formally: which has the same meaning as (F f) or (true U f) |= Gf iff j we have j |= f 12

  13. Always and Eventual are dual operators eventually f this is a variant of DeMorgan s Laws!! = f (next f) (next next f) (next next next f) = ( f (next f) (next next f) (next next next f) ) = ( always f ) Thus: Fp = G( p) Gp = F( p) 13

  14. Nesting of Temporal Operators F G p Along the path there exists a state from which p will hold forever G F p Along the path for all states there will eventually be some state where p holds alternatively Along the path p will hold infinitely often 14

  15. Linear Temporal Logic (LTL) Syntax: Given a set, AP, of atomic propositions: All Boolean formulas over AP are LTL properties, and If f and g are LTL properties, then so are f, X f, and f U g Semantics: A Kripke structure K models a LTL property g (denoted as K |= g) iff for every path , which starts at some initial state of K, |= g This means that the property does not hold on K if there is any path in K which refutes the property 15

  16. Examples p q r S0 (010) S1 (001) S4 (000) S2 (100) S3 (111) p,q p The property pUq holds The property Fq holds The property GFq does not hold Counterexample trace: s0, s1, s4, s4* The property p U (qUr) does not hold Counterexample trace: s0, s2, s3, s0, (s2, s3, s0)* 16

  17. Path Quantifiers A for all paths E there exists a path Used to specify that all of the paths or some of the paths starting at a particular state have some property 17

  18. Branching Time Logic Branching time paradigm: Interpreted over computation trees, not linear traces Computation tree: a b a b b c c c b c c a b c 18

  19. Universal Path Quantification AG p AX p p p p p p p p p p . . . . . . . . . . . . . . . . . . . . . . . . Along all the paths p holds forever In all the next states p holds 19

  20. Universal Path Quantification AF p A(p U q) p q p p q q p p . . . . . . . . . . . . . . . . . . . . . . . . Along all the paths p holds eventually Along all paths p holds until q holds

  21. Existential Path Quantification EX p EG p p p p p . . . . . . . . . . . . . . . . . . . . . . . . There exists a path along which p holds forever There exists a next state where p holds 21

  22. Existential Path Quantification E(p U q) EF p p p q p . . . . . . . . . . . . . . . . . . . . . . . . There exists a path along which p holds eventually There exists a path along which p holds until q holds 22

  23. Computation Tree Logic (CTL) Syntax: Given a set, AP, of atomic propositions: All Boolean formulas over AP are CTL properties, and If f and g are LTL properties, then so are f, AXf, EXf, A[fUg] and E[fUg] We also have derived properties like EFg, AFg, EGf, and AGf Semantics: The property Af is true at a state s of the Kripke structure, iff the path property f holds on all paths starting at s The property Ef is true at a state s of the Kripke structure, iff the path property f holds on some path starting at s 23

  24. Nested Properties in CTL AX AG p from all the next states p holds forever along all paths EX EF q there exists a next state from which there exists a path to a state where q holds AG EF r from any state there exists a path to a state where r holds 24

  25. Example: Analyzing Request and Grants s 5 4 req a 3 9 1 req req req b c 1 1 2 1 1 5 req gr gr gr gr gr 1 2 gr gr From s the system always makes a request in future: AFreq All requests are eventually granted:AG(req Sometimes requests are immediately granted: EF(req Requests are not always immediately granted: AG(req Requests are held till grant is received: AG(req AFgr) EXgr) AXgr) AF(req U gr)) 25

  26. LTL versus CTL CTL has more operators than LTL which allows us to specify branching time properties (not supported in LTL). Can all LTL properties be expressed in CTL? No. For example, FGp cannot be expressed in CTL Note that FGp is not equivalent to AFAGp p p s0 p p p s1 p p p p Satisfies FGp but not AFAGp p s2 p 26

  27. Simple Case Study: A Memory Arbiter g1 g2 r1 r2 Mem Arbiter mem-arbiter( input r1, r2, clk, output g1, g2 ) Properties: 1. Request line r1 has higher priority than request line r2. Whenever r1 goes high, the grant line g1 must be asserted for the next two cycles G[ r1 Xg1 XXg1 ] 2. When none of the request lines are high, the arbiter parks the grant on g2 in the next cycle G[ r1 r2 Xg2 ] 3. The grant lines g1 and g2 are mutually exclusive G[ g1 g2 ] 27

  28. Memory Arbiter: Is the Specification Correct? mem-arbiter( input r1, r2, clk, output g1, g2 ) g1 g2 r1 r2 Mem Arbiter G[ r1 Xg1 XXg1 ] 1. G[ r1 r2 Xg2 ] 2. G[ g1 g2 ] 3. Consider the case when r1 is high at time t and low at time t+1, and r2 is low at both time steps. The first property forces g1 to be high at time t+2 The second property forces g2 to be high at time t+2 The third property says g1 and g2 cannot be high together We have a conflict !! Lets go back to the specification 28

  29. Memory Arbiter: Revised Specs g1 g2 r1 r2 Mem Arbiter mem-arbiter( input r1, r2, clk, output g1, g2 ) Properties: 1. Request line r1 has higher priority than request line r2. Whenever r1 goes high, the grant line g1 must be asserted for the next two cycles G[ r1 Xg1 XXg1 ] 2. When none of the request lines are high, the arbiter parks the grant on g2 in the next cycle G[ r1 r2 Xg2 ] revised to G[ g1 g2 ] 3. The grant lines g1 and g2 are mutually exclusive G[ g1 g2 ] 29

  30. Memory Arbiter: Is the Specification Complete? mem-arbiter( input r1, r2, clk, output g1, g2 ) 1. G[ r1 Xg1 XXg1 ] 2. G[ g1 g2 ] 3. G[ g1 g2 ] g1 g2 r1 r2 Mem Arbiter Observation: We can satisfy the specification by designing an arbiter which always asserts g1 and never asserts g2!! We need to add either of the following types of properties: Ones which specify when g2 should be high, or Ones which specify when g1 should be low Lets go back to the specification 30

  31. Memory Arbiter: Revised Specs g1 g2 r1 r2 Mem Arbiter mem-arbiter( input r1, r2, clk, output g1, g2 ) Properties: 1. Request line r1 has higher priority than request line r2. Whenever r1 goes high, the grant line g1 must be asserted for the next two cycles G[ r1 Xg1 XXg1 ] 2. When none of the request lines are high, the arbiter parks the grant on g2 in the next cycle G[ g1 g2 ] 3. When r1 is low for consecutive cycles, then g1 should be low in the next cycle G[ r1 X r1 XX g1 ] 4. The grant lines g1 and g2 are mutually exclusive G[ g1 g2 ] New!! 31

  32. Memory Arbiter: Is the Specs Complete Now? mem-arbiter( input r1, r2, clk, output g1, g2 ) 1. G[ r1 Xg1 XXg1 ] 2. G[ g1 g2 ] 3. G[ r1 X r1 XX g1 ] 4. G[ g1 g2 ] g1 g2 r1 r2 Mem Arbiter Observation: We cannot satisfy the specs without reading the value of r1, but we can satisfy the specs without reading r2!! Consider the following implementation strategy: Assert g1 for two cycles whenever we get r1 Assert g2 otherwise Lets us live with this specification 32

  33. Real-Time Properties Real-time systems Predictable response times are essential for correctness Example: controllers for aircraft, industrial machinery, robots, etc It is difficult to express complex timing properties Simple: event p will happen in the future Fp Complex: event p will happen within at most n time units p X p XX p [XX (n times)] p 33

  34. Bounded Temporal Operators Specify real-time constraints over bounded traces Various bounded temporal operators G[m, n] p p always holds between the mth and nth time step F[m, n] p p eventually holds between mth and nth time step Xm p p holds at the mth time step p U[m,n] q q eventually holds between mth and nth time step and p holds until that point of time 34

  35. Examples Time step 0 1 2 3 4 G[2,4] p p holds p holds always between the 2nd and 4th time step 35

  36. Examples Time step 0 1 2 3 4 F[2,4] p p holds p holds eventually between the 2nd and 4th time step 36

  37. Examples Time step 0 1 2 3 4 X3 p p holds p holds in the 3rd time step 37

  38. Examples Time step 0 1 2 3 4 p U[2,4] q p holds q holds q holds eventually between the 2nd and 4th time step and p holds until q holds 38

  39. Assertions: Industry Standards Predecessors Sugar from IBM Haifa Forspec from Intel Open Vera Assertions (OVA) from Synopsys Main standards today Property Specification Language (PSL) Supports both branching time and linear time properties SystemVerilog Assertions (SVA) An integral part of SystemVerilog Open Verification Library (OVL) A collection of simple monitor libraries that can be stitched together to monitor more complex behaviors Originally developed by Accellera. PSL has become IEEE 1850 PSL and SVA is a part of IEEE 1800 SystemVerilog 39

  40. SystemVerilog Scheduling Semantics 1. Preponed 2. Pre-active 3. Active 4. Inactive 5. Pre-NBA 6. NBA 7. Post-NBA 8. Observed 9. Post-observed 10. Reactive 11. Postponed 40

  41. SystemVerilog Scheduling Semantics Preponed It allows for user code to access data at the current time slot before any net or variable has changed state Observed Evaluates property expressions if they are triggered Reactive Evaluates pass/fail code of the properties 41

  42. Signal Sampling Signal driven here Signal sampled here Input Skew Output Skew Implicitly negative Implicitly positive 42

  43. Example Simulation ticks Clock ticks req 1 2 3 4 6 8 9 10 11 12 5 7 1. Value of req at clock tick 5 is 1 not 0 2. Value of req at clock tick 9 is 0 not 1 43

  44. SVA: A Quick Overview The Memory Arbiter Example: mem-arbiter( input r1, r2, clk, output g1, g2 ) Properties: P1: P2: P3: P4: G[ r1 G[ g1 G[ r1 X r1 G[ g1 g2 ] Xg1 XXg1 ] g2 ] XX g1 ] We will first code these properties in SVA. We will then see how to bind these properties with the interface of the DUT 44

  45. SVA: A Quick Overview property P2; @( posedge clk ) !g1 | g2; endproperty property P1; @( posedge clk ) r1 | ##1 g1 ##1 g1; endproperty LTL Properties: P1: G[ r1 P2: G[ g1 P3: G[ r1 X r1 Xg1 XXg1 ] g2 ] XX g1 ] P4: G[ g1 g2 ] property P4; @( posedge clk ) !g1 || !g2; endproperty property P3; @( posedge clk ) !r1 ##1 !r1 | endproperty ##1 !g1; 45

  46. Interfaces and Binding module arbiter (DUT) Assertions Bind Interface Test Bench Simulator + Assertion Checker 46

  47. Interface: Memory Arbiter interface ArbChecker( input g1, g2, r1, r2, clk ) ; property P1; @(posedge clk) r1 | endproperty property P2; @(posedge clk) !g1 | endproperty ---- ---- GrantWhenRequest: assert property(P1) else $display( Property P1 has failed ); OneGrantHigh: assert property(P2) else $display( Property P2 has failed ); ---- endinterface ##1 g1 ##1 g1; g2; 47

  48. Test Bench: Memory Arbiter module Top; wire r1, r2, g1, g2; reg clk; arbiter A(r1, r2, g1, g2, clk); // Instantiation of the module arbiter initial begin end clk = 1; forever begin end #1 clk = ~clk; // Rest of the test bench code ---- ---- endmodule 48

  49. Binding We need to bind the interface, ArbChecker, with the test bench This can be done using the following statement: bind Top ArbChecker ArbC( g1, g2, r1, r2, clk ) 49

  50. SVA: Sequence Expressions Sequence expressions are the basic building blocks of SVA Examples: ##0 r1 // r1 is true in this cycle ##1 r1 // r1 is true in the next cycle ##5 r1 // r1 is true exactly after 5 cycles ##[5:9] r1 // r1 is true sometime between the 5th and 9th cycle Comparison with Timed LTL ##1 r1 is the same as ##5 r1 is the same as F[5,5] r1 ##[5:9] r1 is the same as What is the meaning of the following sequence expression? a ##[1:5] (b||c) ##3 d Xr1 F[5,9] r1 50

Related


Temporal Data Management in TSQL Queries

Temporal Data Management in TSQL Queries

rosalyn
Localised Adaptive Spatial-Temporal Graph Neural Network

Localised Adaptive Spatial-Temporal Graph Neural Network

belladonna
Logic Families

Logic Families

eilonwy
Logic Circuits in Aircraft Systems

Logic Circuits in Aircraft Systems

ailani
Computer Science Department Information and Courses Offered

Computer Science Department Information and Courses Offered

suki
Behavioral Data Analysis During Saccadic Eye Movement Task

Behavioral Data Analysis During Saccadic Eye Movement Task

millierose
Logic in Mathematics and Computer Science

Logic in Mathematics and Computer Science

tinsley
Discussion on Temporal Entities and Simultaneity in CIDOC CRM Meeting

Discussion on Temporal Entities and Simultaneity in CIDOC CRM Meeting

ludo
Propositional Logic and Mathematical Logic in Computer Science

Propositional Logic and Mathematical Logic in Computer Science

leov452
Formal Invitation Card Etiquette

Formal Invitation Card Etiquette

eh_662
Binary Logic Systems in Documentation

Binary Logic Systems in Documentation

jape412
Formal and Informal Language with Subjunctive Form

Formal and Informal Language with Subjunctive Form

jaes844
Introduction to Symbolic Logic: Understanding Logical Inferences

Introduction to Symbolic Logic: Understanding Logical Inferences

ais_m
Advanced Concepts in Temporal Point Processes for Human-Centered Machine Learning

Advanced Concepts in Temporal Point Processes for Human-Centered Machine Learning

mcke_a
First-Order Predicate Logic in Computer Science Education

First-Order Predicate Logic in Computer Science Education

amariyana
Evolution of Logic in Informatics and Computer Science

Evolution of Logic in Informatics and Computer Science

emto520
Digital Logic Circuits and Design Principles

Digital Logic Circuits and Design Principles

joy_mo
Introduction to Digital Electronic Circuits and Logic Gates

Introduction to Digital Electronic Circuits and Logic Gates

innleyw
Introduction to Logical Thinking: Science of Correct Reasoning

Introduction to Logical Thinking: Science of Correct Reasoning

szay
Practical Hoare Logic: Iris Tool in Provable Programming

Practical Hoare Logic: Iris Tool in Provable Programming

zurg935
Temporal Quality Assessment for Mobile Videos

Temporal Quality Assessment for Mobile Videos

kody_4
Probabilistic Database Model

Probabilistic Database Model

smen

More Related Content