• Home
  • Textbooks
  • Logic in Computer Science: Modelling and Reasoning About Systems
  • Verification by model checking

Logic in Computer Science: Modelling and Reasoning About Systems

Michael Huth, Mark Ryan

Chapter 3

Verification by model checking - all with Video Answers

Educators

Chapter Questions

Problem 1

Verify $\phi_1$ to $\phi_4$ for the transition system given in Figure 3.11 on page 198 . Which of them require the fairness constraints of the SMV program in Figure 3.10?

Check back soon!
21:12

Problem 1

Write the parse trees for the following CTL formulas:
(a) EGr
(b) $\mathrm{AG}(q \rightarrow \mathrm{EG} r)$
(c) $\mathrm{A}[p \mathrm{U} \mathrm{EF} r]$
(d) EF EG $p \rightarrow \mathrm{AF} r$, recall Convention 3.13
(e) $\mathrm{A}[p \mathrm{UA}[q \mathrm{U} r]]$
(f) $\mathrm{E}[\mathrm{A}[p \mathrm{U} q] \mathrm{U} r]$
(g) $\mathrm{AG}(p \rightarrow \mathrm{A}[p \mathrm{U}(\neg p \wedge \mathrm{A}[\neg p \mathrm{U} q])])$.

Chris Trentman
Chris Trentman
Numerade Educator
05:53

Problem 1

Consider the functions
$$
H_1, H_2, H_3: \mathcal{P}(\{1,2,3,4,5,6,7,8,9,10\}) \rightarrow \mathcal{P}(\{1,2,3,4,5,6,7,8,9,10\})
$$
defined by
$$
\begin{aligned}
& H_1(Y) \stackrel{\text { def }}{=} Y-\{1,4,7\} \\
& H_2(Y) \stackrel{\text { def }}{=}\{2,5,9\}-Y \\
& H_3(Y) \stackrel{\text { def }}{=}\{1,2,3,4,5\} \cap(\{2,4,8\} \cup Y)
\end{aligned}
$$
for all $Y \subseteq\{1,2,3,4,5,6,7,8,9,10\}$.
* (a) Which of these functions are monotone; which ones aren't? Justify your answer in each case.
* (b) Compute the least and greatest fixed points of $H_3$ using the iterations $H_3^i$ with $i=1,2, \ldots$ and Theorem 3.24 .

Chris Trentman
Chris Trentman
Numerade Educator

Problem 1

Draw parse trees for the LTL formulas:
(a) $\mathrm{F} p \wedge \mathrm{G} q \rightarrow p \mathrm{Wr}$
(b) $\mathrm{F}(p \rightarrow \mathrm{G} r) \vee \neg q \mathrm{U} p$
(c) $p \mathrm{~W}(q \mathrm{~W} r)$
(d) $\mathrm{GF} p \rightarrow \mathrm{F}(q \vee s)$

Check back soon!
03:04

Problem 1

Read Section 2.7 in case you have not yet done so and classify Alloy and its constraint analyser according to the classification criteria for formal methods proposed on page 172 .

Aadit Sharma
Aadit Sharma
Numerade Educator
09:01

Problem 1

Express the following properties in CTL and LTL whenever possible. If neither is possible, try to express the property in CTL*:
(a) Whenever $p$ is followed by $q$ (after finitely many steps), then the system enters an 'interval' in which no $r$ occurs until $t$.
(b) Event $p$ precedes $s$ and $t$ on all computation paths. (You may find it easier to code the negation of that specification first.)
(c) After $p, q$ is never true. (Where this constraint is meant to apply on all computation paths.)
(d) Between the events $q$ and $r$, event $p$ is never true.
(e) Transitions to states satisfying $p$ occur at most twice.
(f) Property $p$ is true for every second state along a path.

Chris Trentman
Chris Trentman
Numerade Educator
09:01

Problem 1

Consider the model in Figure 3.9 (page 193).
* (a) Verify that G(req $\rightarrow$ F busy) holds in all initial states.
(b) Does $\neg$ (req U $\neg$ busy) hold in all initial states of that model?
(c) NuSMV has the capability of referring to the next value of a declared variable $v$ by writing next(v). Consider the model obtained from Figure 3.9 by removing the self-loop on state !req \& busy. Use the NuSMV feature next (...) to code that modified model as an NuSMV program with the specification G(req $\rightarrow$ F busy). Then run it.

Chris Trentman
Chris Trentman
Numerade Educator
06:49

Problem 2

Let $A$ and $B$ be two subsets of $S$ and let $F: \mathcal{P}(S) \rightarrow \mathcal{P}(S)$ be a monotone function. Show that:
(a) $F_1: \mathcal{P}(S) \rightarrow \mathcal{P}(S)$ with $F_1(Y) \stackrel{\text { def }}{=} A \cap F(Y)$ is monotone;
(b) $F_2: \mathcal{P}(S) \rightarrow \mathcal{P}(S)$ with $F_2(Y) \stackrel{\text { def }}{=} A \cup(B \cap F(Y))$ is monotone.

Jacquelyn Trost
Jacquelyn Trost
Numerade Educator
01:23

Problem 2

Try to write a CTL formula that enforces non-blocking and no-strict-sequencing at the same time, for the SMV program in Figure 3.10 (page 196).

James Kiss
James Kiss
Numerade Educator
02:00

Problem 2

Explain why the following are not well-formed CTL formulas:
(a) $\mathrm{FG} r$
(b) $\mathrm{XXr}$
(c) $\mathrm{A} \neg \mathrm{G} \neg p$
(d) $\mathrm{F}[r \mathrm{U} q]$
(e) EXXr
(f) $\mathrm{AEFr}$
(g) $\mathrm{AF}[(r \mathrm{U} q) \wedge(p \mathrm{U} r)]$

Oluwapelumi Kolawole
Oluwapelumi Kolawole
Numerade Educator
02:22

Problem 2

Consider the system of Figure 3.39. For each of the formulas $\phi$ :
(a) Ga
(b) $a \mathrm{U} b$
(c) $a \mathrm{UX}(a \wedge \neg b)$
(d) $\mathrm{X} \neg b \wedge \mathrm{G}(\neg a \vee \neg b)$
(e) $\mathrm{X}(a \wedge b) \wedge \mathrm{F}(\neg a \wedge \neg b)$
(i) Find a path from the initial state $q_3$ which satisfies $\phi$.
(ii) Determine whether $\mathcal{M}, q_3 \vDash \varnothing$.

Sana Riaz
Sana Riaz
Numerade Educator
02:12

Problem 2

Explain in detail why the LTL and CTL formulas for the practical specification patterns of pages 183 and 215 capture the stated 'informal' properties expressed in plain English.

Jake Zanazzi
Jake Zanazzi
Numerade Educator
01:32

Problem 2

Visit and browse the websites ${ }^3$ and $^4$ to find formal methods that interest you for whatever reason. Then classify them according to the criteria from page 172 .

Ronald Prasad
Ronald Prasad
Numerade Educator

Problem 2

Verify Remark 3.11 from page 190 .

Check back soon!
01:30

Problem 3

Draw the transition system described by the ABP program.
Remarks: There are 28 reachable states of the ABP program. (Looking at the program, you can see that the state is described by nine boolean variables, namely S.st, S.message1, S.message2, R.st, R.ack, R. expected, msg_chan. output1, msg_chan.output 2 and finally ack_chan.output. Therefore, there are $2^9=512$ states in total. However, only 28 of them can be reached from the initial state by following a finite path.)

If you abstract away from the contents of the message (e.g., by setting S.message 1 and msg_chan. output1 to be constant 0 ), then there are only 12 reachable states. This is what you are asked to draw.

Adriano Chikande
Adriano Chikande
Numerade Educator
03:53

Problem 3

Use Theorems 3.25 and 3.26 to compute the following sets (the underlying model is in Figure 3.42):
(a) $[\mathrm{EF} p]$
(b) $[\mathrm{EG} q]$

Mike Gaerlan
Mike Gaerlan
Numerade Educator

Problem 3

Consider the set of LTL/CTL formulas $\mathcal{F}=\{\mathrm{F} p \rightarrow \mathrm{F} q, \mathrm{AF} p \rightarrow \mathrm{AF} q, \mathrm{AG}(p \rightarrow$ $\mathrm{AF} q)\}$.
(a) Is there a model such that all formulas hold in it?
(b) For each $\phi \in \mathcal{F}$, is there a model such that $\phi$ is the only formula in $\mathcal{F}$ satisfied in that model?
(c) Find a model in which no formula of $\mathcal{F}$ holds.

Check back soon!
02:56

Problem 3

State which of the strings below are well-formed CTL formulas. For those which are well-formed, draw the parse tree. For those which are not well-formed, explain why not.
(a) $\neg(\neg p) \vee(r \wedge s)$
(b) $\mathrm{X} q$
(c) $\neg \mathrm{AX} q$
(d) $p \mathrm{U}(\mathrm{AX} \perp)$
(e) $\mathrm{E}[(\mathrm{AX} q) \mathrm{U}(\neg(\neg p) \vee(\top \wedge s))]$
(f) $(\mathrm{F} r) \wedge(\mathrm{AG} q)$
(g) $\neg(\mathrm{AG} q) \vee(\mathrm{EG} q)$

Chris Trentman
Chris Trentman
Numerade Educator

Problem 3

Apply the labelling algorithm to check the formulas $\phi_1, \phi_2, \phi_3$ and $\phi_4$ of the mutual exclusion model in Figure 3.7 (page 188).

Check back soon!

Problem 3

Working from the clauses of Definition 3.1 (page 175), prove the equivalences:
$$
\begin{aligned}
\phi \mathbf{U} \psi & \equiv \phi \mathbf{W} \psi \wedge \mathrm{F} \psi \\
\phi \mathbf{W} \psi & \equiv \phi \mathbf{U} \psi \vee \mathbf{G} \phi \\
\phi \mathbf{W} \psi & \equiv \psi \mathbf{R}(\phi \vee \psi) \\
\phi \mathbf{R} \psi & \equiv \psi \mathbf{W}(\phi \wedge \psi) .
\end{aligned}
$$

Check back soon!
01:09

Problem 4

Using the function $F(X)=\llbracket \phi \rrbracket \cup$ pre $_{\forall}(X)$ prove that $\llbracket A F \phi \rrbracket$ is the least fixed point of $F$. Hence argue that the procedure $\mathrm{SAT}_{\mathrm{AF}}$ is correct and terminates.

Carson Merrill
Carson Merrill
Numerade Educator
01:28

Problem 4

List all subformulas of the formula $\mathrm{AG}(p \rightarrow \mathrm{A}[p \mathrm{U}(\neg p \wedge \mathrm{A}[\neg p \mathrm{U} q])])$.

Narayan Hari
Narayan Hari
Numerade Educator
01:19

Problem 4

Prove that $\phi \mathrm{U} \psi \equiv \psi \mathrm{R}(\phi \vee \psi) \wedge \mathrm{F} \psi$.

Ajay Singhal
Ajay Singhal
Numerade Educator

Problem 4

Apply the labelling algorithm to check the formulas $\phi_1, \phi_2, \phi_3$ and $\phi_4$ of the mutual exclusion model in Figure 3.8 (page 191).

Check back soon!
08:29

Problem 4

Consider the CTL formula $\mathrm{AG}(p \rightarrow \mathrm{AF}(s \wedge \mathrm{AX}(\mathrm{AF} t)))$. Explain what exactly it expresses in terms of the order of occurrence of events $p, s$ and $t$.

Sherrie Fenner
Sherrie Fenner
Numerade Educator
01:15

Problem 5

Does $\mathrm{E}[$ req $\mathrm{U} \neg$ busy $]$ hold in all initial states of the model in Figure 3.9 on page 193 ?

Timothy James
Timothy James
Numerade Educator
01:34

Problem 5

Prove that (3.8) on page 228 holds in all models. Does your proof require that for every state $s$ there is some state $s^{\prime}$ with $s \rightarrow s^{\prime}$ ?

Jay Patel
Jay Patel
Numerade Educator
01:28

Problem 5

List all subformulas of the LTL formula $\neg p \mathrm{U}(\mathrm{F} r \vee G \neg q \rightarrow q \mathrm{~W} \neg r)$.

Narayan Hari
Narayan Hari
Numerade Educator
02:16

Problem 5

Extend the algorithm NNF from page 62 which computes the negation normal form of propositional logic formulas to CTL*. Since CTL* is defined in terms of two syntactic categories (state formulas and path formulas), this requires two separate versions of NNF which call each other in a way that is reflected by the syntax of CTL* given on page 218.

Akash M
Akash M
Numerade Educator

Problem 5

One may also compute $\mathrm{AG} \phi$ directly as a fixed point. Consider the function $H: \mathcal{P}(S) \rightarrow \mathcal{P}(S)$ with $H(X)=\left[\phi \rrbracket \cap \operatorname{pre}_{\forall}(X)\right.$. Show that $H$ is monotone and that $[\mathrm{AG} \phi]$ is the greatest fixed point of $H$. Use that insight to write a procedure $\mathrm{SAT}_{A G}$.

Check back soon!

Problem 6

Consider the system $\mathcal{M}$ in Figure 3.40 .
(a) Beginning from state $s_0$, unwind this system into an infinite tree, and draw all computation paths up to length 4 (= the first four layers of that tree).
(b) Determine whether $\mathcal{M}, s_0 \vDash \phi$ and $\mathcal{M}, s_2 \vDash \phi$ hold and justify your answer, where $\phi$ is the LTL or CTL formula:
* (i) $\neg p \rightarrow r$
(ii) $\mathrm{F} t$
*(iii) $\neg \mathrm{EG} r$
(iv) $\mathrm{E}(t \mathrm{U} q)$
(v) $\mathrm{Fq}$
(vi) $\mathrm{EF} q$
(vii) EG $r$
(viii) $\mathrm{G}(r \vee q)$.

Check back soon!
00:23

Problem 6

Morally' there ought to be a dual for W. Work out what it might mean, and then pick a symbol based on the first letter of the meaning.

Mohamed Mohamed
Mohamed Mohamed
Numerade Educator
01:03

Problem 6

Similarly, one may compute $\mathrm{A}\left[\phi_1 \mathrm{U} \phi_2\right]$ directly as a fixed point, using $K: \mathcal{P}(S) \rightarrow \mathcal{P}(S)$, where $K(X)=\left[\phi_2\right] \cup\left(\left[\phi_1 \rrbracket \cap \operatorname{pre}_{\forall}(X)\right)\right.$. Show that $K$ is monotone and that $\left[\mathrm{A}\left[\phi_1 \mathrm{U} \phi_2\right] \rrbracket\right.$ is the least fixed point of $K$. Use that insight to write a procedure $\mathrm{SAT}_{A U}$. Can you use that routine to handle all calls of the form $\operatorname{AF} \phi$ as well?

Carson Merrill
Carson Merrill
Numerade Educator
03:21

Problem 6

Inspecting the definition of the labelling algorithm, explain what happens if you perform it on the formula $p \wedge \neg p$ (in any state, in any model).

Chris Trentman
Chris Trentman
Numerade Educator
01:02

Problem 6

Find a transition system which distinguishes the following pairs of CTL* formulas, i.e., show that they are not equivalent:
(a) AFG $p$ and AFAG $p$
(b) AGF $p$ and AGEF $p$
(c) $\mathrm{A}[(p \mathrm{U} r) \vee(q \mathrm{U} r)]$ and $\mathrm{A}[(p \vee q) \mathrm{U} r)]$
(d) $\mathrm{A}[X p \vee \mathrm{XX} p]$ and $\mathrm{AX} p \vee \mathrm{AXAX} p$
(e) $\mathrm{E}[\mathrm{GF} p]$ and EG EF $p$.

Tyler Moulton
Tyler Moulton
Numerade Educator

Problem 7

Prove that for all paths $\pi$ of all models, $\pi \vDash \phi \mathrm{W} \psi \wedge \mathrm{F} \psi$ implies $\pi \vDash \phi \mathrm{U} \psi$. That is, prove the remaining half of equivalence (3.2) on page 185 .

Check back soon!
02:10

Problem 7

Prove that $\llbracket \mathrm{A}\left[\begin{array}{lll}\phi_1 & \mathrm{U} & \phi_2\end{array}\right] \rrbracket=\left[\phi_2 \vee\left(\phi_1 \wedge \mathrm{AX}\left(\mathrm{A}\left[\phi_1 \mathrm{U} \phi_2\right]\right)\right)\right]$.

Chandra Jain
Chandra Jain
Numerade Educator
01:40

Problem 7

Let $\mathcal{M}=(S, \rightarrow, L)$ be any model for CTL and let $\llbracket \phi \rrbracket$ denote the set of all $s \in S$ such that $\mathcal{M}, s \vDash \phi$. Prove the following set identities by inspecting the clauses of Definition 3.15 from page 211.
(a) $\llbracket \top \rrbracket=S$
(b) $\llbracket \perp \rrbracket=\emptyset$
(c) $\llbracket \neg \phi \rrbracket=S-\llbracket \phi \rrbracket$,
(d) $\llbracket \phi_1 \wedge \phi_2 \rrbracket=\llbracket \phi_1 \rrbracket \cap \llbracket \phi_2 \rrbracket$
(e) $\llbracket \phi_1 \vee \phi_2 \rrbracket=\llbracket \phi_1 \rrbracket \cup \llbracket \phi_2 \rrbracket$
(f) $\llbracket \phi_1 \rightarrow \phi_2 \rrbracket=\left(S-\llbracket \phi_1 \rrbracket\right) \cup \llbracket \phi_2 \rrbracket$
(g) $\llbracket \mathrm{AX} \phi \rrbracket=S-\llbracket \mathrm{EX} \neg \phi \rrbracket$
(h) $\llbracket \mathrm{A}\left(\phi_2 \mathrm{U} \phi_2\right) \rrbracket=\llbracket \neg\left(\mathrm{E}\left(\neg \phi_1 \mathrm{U}\left(\neg \phi_1 \wedge \neg \phi_2\right)\right) \vee \mathrm{EG} \neg \phi_2\right) \rrbracket$.

Doruk Isik
Doruk Isik
Numerade Educator

Problem 7

The translation from CTL with boolean combinations of path formulas to plain CTL introduced in Section 3.5.1 is not complete. Invent CTL equivalents for:
(a) $\mathrm{E}[\mathrm{F} p \wedge(q \mathrm{U} r)]$
(b) $\mathrm{E}[\mathrm{F} p \wedge \mathrm{G} q]$.
In this way, we have dealt with all formulas of the form $\mathrm{E}[\phi \wedge \psi]$. Formulas of the form $\mathrm{E}[\phi \vee \psi]$ can be rewritten as $\mathrm{E}[\phi] \vee \mathrm{E}[\psi]$ and $\mathrm{A}[\phi]$ can be written $\neg \mathrm{E}[\neg \phi]$. Use this translation to write the following in CTL:
(c) $\mathrm{E}[(p \mathrm{U} q) \wedge \mathrm{F} p]$
(d) $\mathrm{A}[(p \mathrm{U} q) \wedge \mathrm{G} p]$
(e) $\mathrm{A}[\mathrm{F} p \rightarrow \mathrm{F} q]$.

Check back soon!

Problem 7

Modify the pseudo-code for SAT on page 227 by writing a special procedure for $\mathrm{AG} \psi_1$, without rewriting it in terms of other formulas ${ }^5$.

Check back soon!

Problem 8

Write the pseudo-code for SAT ${ }_{\mathrm{EG}}$, based on the description in terms of deleting labels given in Section 3.6.1.

Check back soon!
02:16

Problem 8

Recall the algorithm NNF on page 62 which computes the negation normal form of propositional logic formulas. Extend this algorithm to LTL: you need to add program clauses for the additional connectives $\mathrm{X}, \mathrm{F}, \mathrm{G}$ and $\mathrm{U}, \mathrm{R}$ and $\mathrm{W}$; these clauses have to animate the semantic equivalences that we presented in this section.

Akash M
Akash M
Numerade Educator

Problem 8

Consider the model $\mathcal{M}$ in Figure 3.41. Check whether $\mathcal{M}, s_0 \vDash \phi$ and $\mathcal{M}, s_2 \vDash \phi$ hold for the CTL formulas $\phi$ :
(a) $\mathrm{AF} q$
(b) $\mathrm{AG}(\mathrm{EF}(p \vee r))$
(c) EX (EXr)
(d) $\mathrm{AG}(\mathrm{AFq})$.

Check back soon!

Problem 8

The aim of this exercise is to demonstrate the expansion given for $\mathrm{AW}$ at the end of the last section, i.e., $\mathrm{A}[p \mathrm{~W} q] \equiv \neg \mathrm{E}[\neg q \mathrm{U} \neg(p \vee q)]$.
(a) Show that the following LTL formulas are valid (i.e., true in any state of any model):
(i) $\neg q \mathrm{U}(\neg p \wedge \neg q) \rightarrow \neg \mathrm{G} p$
(ii) $\mathrm{G} \neg q \wedge \mathrm{F} \neg p \rightarrow \neg q \mathrm{U}(\neg p \wedge \neg q)$.
(b) Expand $\neg((p \mathrm{U} q) \vee \mathrm{G} p)$ using de Morgan rules and the LTL equivalence $\neg(\phi \mathrm{U} \psi) \equiv(\neg \psi \mathrm{U}(\neg \phi \wedge \neg \psi)) \vee \neg \mathrm{F} \psi$
(c) Using your expansion and the facts (i) and (ii) above, show $\neg((p \mathrm{U} q) \vee$ $\mathrm{G} p) \equiv \neg q \mathrm{U} \neg(p \wedge q)$ and hence show that the desired expansion of AW above is correct.

Check back soon!
01:33

Problem 8

Prove that $\llbracket \mathrm{AG} \phi \rrbracket=\llbracket \phi \wedge \mathrm{AX}(\mathrm{AG} \phi)]$.

Amany Waheeb
Amany Waheeb
Numerade Educator
03:00

Problem 9

The meaning of the temporal operators $\mathrm{F}, \mathrm{G}$ and $\mathrm{U}$ in LTL and $\mathrm{AU}, \mathrm{EU}, \mathrm{AG}$, EG, AF and EF in CTL was defined to be such that 'the present includes the future.' For example, EF $p$ is true for a state if $p$ is true for that state already. Often one would like corresponding operators such that the future excludes the present. Use suitable connectives of the grammar on page 208 to define such (six) modified connectives as derived operators in CTL.

N D
N D
Numerade Educator

Problem 9

Show that the repeat-statements in the code for SAT SU $^{\text {and SAT }}$ EG always terminate. Use this fact to reason informally that the main program SAT terminates for all valid CTL formulas $\phi$. Note that some subclauses, like the one for AU, call SAT recursively and with a more complex formula. Why does this not affect termination?

Check back soon!
01:48

Problem 9

For mutual exclusion, draw a transition system which forces the two processes to enter their critical section in strict sequence and show that $\phi_4$ is false of its initial state.

Adriano Chikande
Adriano Chikande
Numerade Educator
02:29

Problem 10

Which of the following pairs of CTL formulas are equivalent? For those which are not, exhibit a model of one of the pair which is not a model of the other:
(a) $\mathrm{EF} \phi$ and $\mathrm{EG} \phi$
(b) $\mathrm{EF} \phi \vee \mathrm{EF} \psi$ and $\mathrm{EF}(\phi \vee \psi)$
(c) $\mathrm{AF} \phi \vee \mathrm{AF} \psi$ and $\mathrm{AF}(\phi \vee \psi)$
(d) $\mathrm{AF} \neg \phi$ and $\neg \mathrm{EG} \phi$
(e) $\mathrm{EF} \neg \phi$ and $\neg \mathrm{AF} \phi$
(f) $\mathrm{A}\left[\phi_1 \mathrm{UA}\left[\phi_2 \mathrm{U} \phi_3\right]\right]$ and $\mathrm{A}\left[\mathrm{A}\left[\phi_1 \mathrm{U} \phi_2\right] \mathrm{U} \phi_3\right]$, hint: it might make it simpler if you think first about models that have just one path
(g) $\mathrm{T}$ and $\mathrm{AG} \phi \rightarrow \mathrm{EG} \phi$
(h) $\mathrm{T}$ and $\mathrm{EG} \phi \rightarrow \mathrm{AG} \phi$.

David Collins
David Collins
Numerade Educator
00:25

Problem 10

Use the definition of $\vDash$ between states and CTL formulas to explain why $s \vDash$ $\mathrm{AGAF} \phi$ means that $\phi$ is true infinitely often along every path starting at $s$.

Amrita Bhasin
Amrita Bhasin
Numerade Educator

Problem 11

Find operators to replace the ?, to make the following equivalences:
(a) $\mathrm{AG}(\phi \wedge \psi) \equiv \mathrm{AG} \phi ? \mathrm{AG} \psi$
(b) $\mathrm{EF} \neg \phi \equiv \neg ? ? \phi$

Check back soon!

Problem 11

Show that a CTL formula $\phi$ is true on infinitely many states of a computation path $s_0 \rightarrow s_1 \rightarrow s_2 \rightarrow \ldots$ iff for all $n \geq 0$ there is some $m \geq n$ such that $s_m \vDash \phi$.

Check back soon!
03:30

Problem 12

State explicitly the meaning of the temporal connectives AR etc., as defined on page 217

Nicole Smina
Nicole Smina
Numerade Educator

Problem 12

Run the NuSMV system on some examples. Try commenting out, or deleting, some of the fairness constraints, if applicable, and see the counter examples NuSMV generates. NuSMV is very easy to run.

Check back soon!

Problem 13

Prove the equivalences (3.6) on page 216.

Check back soon!
01:13

Problem 13

In the one-bit channel, there are two fairness constraints. We could have written this as a single one, inserting ' $\&$ ' between running and the long formula, or we could have separated the long formula into two and made it into a total of three fairness constraints.
In general, what is the difference between the single fairness constraint $\phi_1 \wedge \phi_2 \wedge$ $\cdots \wedge \phi_n$ and the $n$ fairness constraints $\phi_1, \phi_2, \ldots, \phi_n$ ? Write an SMV program with a fairness constraint a \& b which is not equivalent to the two fairness constraints a and b. (You can actually do it in four lines of SMV.)

Lauren Shelton
Lauren Shelton
Numerade Educator
03:51

Problem 14

Write pseudo-code for a recursive function TRANSLATE which takes as input an arbitrary CTL formula $\phi$ and returns as output an equivalent CTL formula $\psi$ whose only operators are among the set $\{\perp, \neg, \wedge, \mathrm{AF}, \mathrm{EU}, \mathrm{EX}\}$.

Chris Trentman
Chris Trentman
Numerade Educator
00:44

Problem 14

Explain the construction of formula $\phi_4$, used to express that the processes need not enter their critical section in strict sequence. Does it rely on the fact that the safety property $\phi_1$ holds?

Heather Zimmers
Heather Zimmers
Numerade Educator
03:06

Problem 15

Compute the $\mathrm{E}_C \mathrm{G} T$ labels for Figure 3.11, given the fairness constraints of the code in Figure 3.10 on page 196.

Bobby Barnes
Bobby Barnes
University of North Texas