[Slides]
INFOF412 ·Formal verification of computer systems
Chapter 4: Computation tree logic
Mickael Randour
Formal Methods and Verification group
Computer Science Department, ULB
March 2017
CTL CTL model checking CTL vs. LTL CTL∗
Branching time semantics: a reminder
{a}
∅
{a,b}
{b}
Branching time semantics deals with
the execution (or computation) tree.
Infinite unfolding considering all
branching possibilities.
E.g., do all executions always have the
possibility to eventually reach {b}?Yes.
→Cannot be expressed as a LT property
(intuitively, requires branching).
{a}
∅
{a} {b}
{b}
{b}
{a,b}
∅{a} {a,b}
{a} {b} {a,b}∅{a} {a,b}
Chapter 4: Computation tree logic Mickael Randour 3 / 71
CTL CTL model checking CTL vs. LTL CTL∗
Intuition
In LTL, s|=φmeans that all paths starting is ssatisfy φ.
Implicit universal quantification.
Could be made explicit by writing s|=∀φ.
What if we want to talk about some paths?
E.g., does there exist a path satisfying φstarting in s?
Could be expressed using the duality between universal and
existential quantification: s|=∃φiff s6|=∀ ¬φ.
What if the property is more complex? E.g., do all executions
always have the possibility to eventually reach {b}?
s|=∀♦bdoes not work as it requires all paths to always
return in {b}, not just to have the possibility to do so.
Not expressible in LTL. We need nesting of path
quantifiers (∀,∃).
→s|=∀∃♦bis a CTL formula: “for all paths, it is always the
case (i.e., at every step along the branch) that there exists a
path (which can be branching) that eventually reaches b.”
Chapter 4: Computation tree logic Mickael Randour 4 / 71
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
1
/
74
100%
![[PDF File]](http://s1.studylibfr.com/store/data/008201380_1-219d7b6e826254d77b69f7abf0acb8f8-300x300.png)
