Is AG(~q ∨ Fp) LTL formula satisfy in model below? why or why not?
model?
2
votes
Don't rely on attaching a link. This question will go bad when link gets broken. Write the gist in the question. Or if that's an image, attach it right. That's not how to do it
– Aminah Nuraini
@Aminah Nuraini thanks, I changed it.
– any
1 Answers
2
votes
First of all AG(~q ∨ Fp) is not an LTL formula, because the operator AG does not belong to LTL. I assume you meant G(~q v Fp).
Modeling: let's encode the system in NuSMV:
MODULE main ()
VAR
state : { S0, S1, S2, S3 };
p : boolean;
q : boolean;
ASSIGN
init(state) := S0;
next(state) := case
state = S0 : {S1, S2};
state = S1 : {S0, S3};
state = S2 : {S0};
state = S3 : {S3};
esac;
INVAR state = S0 <-> (!p & !q);
INVAR state = S1 <-> ( p & q);
INVAR state = S2 <-> (!p & q);
INVAR state = S3 <-> ( p & !q);
LTLSPEC G(!q | F p)
And verify it:
~$ NuSMV -int
NuSMV > reset; read_model -i f.smv; go; check_property
-- specification G (!q | F p) is false
-- as demonstrated by the following execution sequence
Trace Description: LTL Counterexample
Trace Type: Counterexample
-- Loop starts here
-> State: 2.1 <-
state = S0
p = FALSE
q = FALSE
-> State: 2.2 <-
state = S2
q = TRUE
-> State: 2.3 <-
state = S0
q = FALSE
Explanation: So the LTL formula is not satisfied by the model. Why?
Gmeans that the formula is satisfied only if~q v F pis verified by every reachable state.- State
S2is s.t.~qis FALSE, so in order to satisfy~q v F pit must necessarily hold thatF pis TRUE, that is it is necessarily the case that sooner or laterpbecomes TRUE. - There exists an infinite path starting from
S2s.t.pis always FALSE: the path that jumps fromS2toS0and back and never touches eitherS1orS3. - Contradiction: the LTL formula is not satisfied.
