How to transform LTL into Automato in Promela - SPIN?

↘锁芯ラ 提交于 2019-12-01 22:51:41
Patrick Trentin

Spin generates the Promela code equivalent to the Buchi Automaton which matches the LTL formula, and envelops it into a never block.

From the docs:

NAME never - declaration of a temporal claim.

SYNTAX never { sequence }

DESCRIPTION A never claim can be used to define system behavior that, for whatever reason, is of special interest. It is most commonly used to specify behavior that should never happen. The claim is defined as a series of propositions, or boolean expressions, on the system state that must become true in the sequence specified for the behavior of interest to be matched.

Therefore, if you want to have a look at the code that matches a given LTL formula, you can simply type:

~$ spin -f "LTL_FORMULA"

e.g.:

~$ spin -f "[] (q1 -> ! q0)" 
never  {    /* [] (q1 -> ! q0) */
accept_init:
T0_init:
    do
    :: (((! ((q0))) || (! ((q1))))) -> goto T0_init
    od;
}

An alternative way for obtaining the same code, plus a graphic representation of the Buchi Automaton, is to follow this link.


Looking at both your comments and this other question of yours, it appears that you want to check whether two LTL formulas p and g contradict each other, that is whether it is definitively the case that a model satisfying p would necessarily violate g and vice-versa.

This could be theoretically done using spin. However, this tool does not simplify the code of the Buchi Automaton and therefore it is difficult to deal with its output.

I would reccomend you to download LTL2BA (at the following link) instead. To set it up, you just need to unpack the tar.gz file and type make in the console.

Let's see a usage example:

~$ ./ltl2ba -f "([] q0) && (<> ! q0)"
never {    /* ([] q0) && (<> ! q0) */
T0_init:
    false;
}

Since [] q0 and <> ! q0 contradict each other, the returned Buchi automaton is empty [n.b.: by empty i mean that it has no accepting execution]. In this context, the code never { false; } is the canonical form of an empty Buchi Automaton without any accepting execution.


Disclaimer: comparing the output with never { false } to decide whether the Buchi Automaton is empty or not, might lead to spurious results if the simplification steps are unable to transform all empty automatons in the canonical form.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!