| 1 | % (c) 2014-2022 Lehrstuhl fuer Softwaretechnik und Programmiersprachen, | |
| 2 | % Heinrich Heine Universitaet Duesseldorf | |
| 3 | % This software is licenced under EPL 1.0 (http://www.eclipse.org/org/documents/epl-v10.html | |
| 4 | ||
| 5 | :- module(ltl_safety,[is_safety_property/2, safety_property_can_be_encoded_directly/1, | |
| 6 | ltl_mc_safety_property/3, | |
| 7 | is_ltl2ba_tool_installed/0, | |
| 8 | aut_transition/3, aut_final_state/1, aut_initial_state/1, | |
| 9 | tps_occurring/0, ltl_formula_uses_tps/1]). | |
| 10 | ||
| 11 | /* SICSTUS Libraries */ | |
| 12 | :- use_module(library(lists)). | |
| 13 | :- use_module(library(codesio)). | |
| 14 | :- use_module(library(terms)). | |
| 15 | :- use_module(library(file_systems)). | |
| 16 | ||
| 17 | /* ProB Libraries */ | |
| 18 | :- use_module(probsrc(tools), [ajoin/2]). | |
| 19 | :- use_module(probsrc(tools_platform), [host_platform/1]). | |
| 20 | :- use_module(probsrc(error_manager)). | |
| 21 | %% :- use_module(probsrc(debug)). | |
| 22 | :- use_module(probsrc(self_check)). | |
| 23 | %:- use_module(probsrc(system_call),[system_call/5]). | |
| 24 | :- use_module(probsrc(debug),[debug_println/2,debug_mode/1, debug_format/3]). | |
| 25 | :- use_module(probsrc(bsyntaxtree),[create_negation/2]). | |
| 26 | ||
| 27 | :- use_module(extension('ltl2ba/ltl2ba')). | |
| 28 | ||
| 29 | /* ProB LTL Model Checker Modules */ | |
| 30 | :- use_module(probltlsrc(safety_mc),[start_mc_safety_property/3]). | |
| 31 | :- use_module(probltlsrc(ltl_translate),[pp_ap/2,pp_tp/2]). | |
| 32 | ||
| 33 | :- use_module(probsrc(module_information),[module_info/2]). | |
| 34 | :- module_info(group,ltl). | |
| 35 | :- module_info(description,'This module provides predicates for checking whether an LTL formula is a safety property.'). | |
| 36 | ||
| 37 | :- dynamic ap_representation/2, tp_representation/2, tps_occurring/0. | |
| 38 | ||
| 39 | :- dynamic aut_transition/3, aut_final_state/1, aut_initial_state/1. | |
| 40 | ||
| 41 | clear_automaton_facts :- | |
| 42 | retractall(aut_transition(_,_,_)), | |
| 43 | retractall(aut_initial_state(_)), | |
| 44 | retractall(aut_final_state(_)). | |
| 45 | ||
| 46 | aut_state(S) :- aut_initial_state(S). | |
| 47 | aut_state(S) :- aut_final_state(S). | |
| 48 | % Note : these are not all the states !! | |
| 49 | ||
| 50 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 51 | %%%%%%%%%%% Checking whether an LTL property represents a safety property %%%%%%%%%% | |
| 52 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 53 | % The predicates check whether the parsed LTL property represents a safety property | |
| 54 | % by checking the syntactical structure of the formula. | |
| 55 | % The idea is borrowed from the following theorem from the paper | |
| 56 | % "Safety, Liveness and Fairness in Temporal Logic" of A. Sistla: | |
| 57 | %% THEOREM: Every propositional formula is a safety formula and if f,g are safety formulae, | |
| 58 | %% then so are f & g, f or g, X f, f W g, and G f, where 'W' is the weak-until operator. | |
| 59 | % | |
| 60 | % Note that the checked formula should be a positive formula. An LTL formula is said to | |
| 61 | % be a positive if none of the temporal operators appears in the scope of 'not'. | |
| 62 | ||
| 63 | % Testing various properties for being safety or liveness. Some of | |
| 64 | % the unit tests here represent examples from the paper mentioned above. | |
| 65 | % Note that the first argument of is_safety_property/2 should be negated, as | |
| 66 | % this is done after negating the original property that should be model checked (see select_ltl_mode/4 in ltl.pl) | |
| 67 | :- assert_must_succeed((F = ap(p), | |
| 68 | is_safety_property(not(F),_NF))). | |
| 69 | :- assert_must_succeed((F = globally(deadlock), | |
| 70 | is_safety_property(not(F),_NF))). | |
| 71 | :- assert_must_succeed((F = weakuntil(not(ap(alloc)),ap(request)), | |
| 72 | is_safety_property(not(F),_NF))). | |
| 73 | :- assert_must_succeed((F = and(weakuntil(not(ap(alloc)),ap(request)), | |
| 74 | globally(implies(ap(alloc),next(weakuntil(not(ap(alloc)),ap(request)))))), | |
| 75 | is_safety_property(not(F),_NF))). | |
| 76 | :- assert_must_succeed((F = globally(implies(not(ap(request)),or(ap(alloc),or(next(ap(alloc)),next(next(ap(alloc))))))), | |
| 77 | is_safety_property(not(F),_NF))). | |
| 78 | :- assert_must_succeed((F = globally(or(not(ap(p)),globally(not(ap(p))))), | |
| 79 | is_safety_property(not(F),_NF))). | |
| 80 | :- assert_must_succeed((F = not(until(ap(p1),until(ap(p2),ap(p3)))), | |
| 81 | is_safety_property(not(F),_NF))). | |
| 82 | :- assert_must_succeed((F = not(until(ap(p1),until(ap(p2),until(ap(p3),ap(p4))))), | |
| 83 | is_safety_property(not(F),_NF))). | |
| 84 | :- assert_must_succeed((F = not(until(ap(p1),until(ap(p2),until(ap(p3),until(ap(p4),until(ap(p5),until(ap(p6),ap(p7)))))))), | |
| 85 | is_safety_property(not(F),_NF))). | |
| 86 | :- assert_must_succeed((F = not(not(globally(deadlock))), | |
| 87 | is_safety_property(not(F),_NF))). | |
| 88 | :- assert_must_succeed((F = globally(or(ap(p),and(next(ap(q)),not(next(ap(q)))))), | |
| 89 | is_safety_property(not(F),_NF))). | |
| 90 | :- assert_must_succeed((F = and(globally(or(ap(p),next(globally(ap(q))))),globally(or(ap(p),next(globally(not(ap(q))))))), | |
| 91 | is_safety_property(not(F),_NF))). | |
| 92 | :- assert_must_fail((F = globally(implies(ap(request),finally(ap(alloc)))), | |
| 93 | is_safety_property(not(F),_NF))). | |
| 94 | :- assert_must_fail((F = globally(finally(ap(alloc))), | |
| 95 | is_safety_property(not(F),_NF))). | |
| 96 | :- assert_must_fail((F = globally(until(ap(request),finally(ap(alloc)))), | |
| 97 | is_safety_property(not(F),_NF))). | |
| 98 | :- assert_must_fail((F = implies(globally(finally(ap(send))),globally(finally(receive))), | |
| 99 | is_safety_property(not(F),_NF))). | |
| 100 | :- assert_must_fail((F = not(until(ap(p1),not(until(ap(p2),until(ap(p3),ap(p4)))))), | |
| 101 | is_safety_property(not(F),_NF))). | |
| 102 | ||
| 103 | ||
| 104 | is_safety_property(not(F),NF) :- | |
| 105 | normalize_to_release_pnf(F,NF), | |
| 106 | F \= true, % not(true) corresponds to G true which is also a liveness property and | |
| 107 | % will lead to a warning later that there is no accept_all state | |
| 108 | is_syntactically_safe(NF). | |
| 109 | ||
| 110 | is_syntactically_safe(deadlock) :- !. | |
| 111 | is_syntactically_safe(false) :- !. | |
| 112 | is_syntactically_safe(true) :- !. | |
| 113 | is_syntactically_safe(ap(F)) :- F \= available(_), !. % Gavin Lowe's available operator is only treated in ltlc.pl | |
| 114 | is_syntactically_safe(action(_)) :- !. | |
| 115 | is_syntactically_safe(and(F,G)) :- !, | |
| 116 | is_syntactically_safe(F), | |
| 117 | is_syntactically_safe(G). | |
| 118 | is_syntactically_safe(or(F,G)) :- !, | |
| 119 | is_syntactically_safe(F), | |
| 120 | is_syntactically_safe(G). | |
| 121 | is_syntactically_safe(next(F)) :- !, | |
| 122 | is_syntactically_safe(F). | |
| 123 | is_syntactically_safe(weakuntil(F,G)) :- !, | |
| 124 | is_syntactically_safe(F), | |
| 125 | is_syntactically_safe(G). | |
| 126 | is_syntactically_safe(release(F,G)) :- !, | |
| 127 | is_syntactically_safe(F), | |
| 128 | is_syntactically_safe(G). | |
| 129 | is_syntactically_safe(not(F)) :- !, | |
| 130 | is_atomic_proposition(F). | |
| 131 | ||
| 132 | is_atomic_proposition(F) :- | |
| 133 | F =.. [Functor|_Args], | |
| 134 | memberchk(Functor,[true,false,ap,action]). | |
| 135 | ||
| 136 | % Release PNF (the Release PNF does not imply exponential blow-up of the origin LTL formula) | |
| 137 | % f = true | false | a | not a | f1 & f2 | f1 or f2 | X f | f1 U f2 | f1 R f2 | |
| 138 | normalize_to_release_pnf(deadlock,deadlock) :- !. | |
| 139 | normalize_to_release_pnf(false,false) :- !. | |
| 140 | normalize_to_release_pnf(true,true) :- !. | |
| 141 | normalize_to_release_pnf(ap(P),ap(P)) :- !. | |
| 142 | normalize_to_release_pnf(action(P),action(P)) :- !. | |
| 143 | normalize_to_release_pnf(and(F,G),and(NF,NG)) :- !, | |
| 144 | normalize_to_release_pnf(F,NF), | |
| 145 | normalize_to_release_pnf(G,NG). | |
| 146 | normalize_to_release_pnf(or(F,G),or(NF,NG)) :- !, | |
| 147 | normalize_to_release_pnf(F,NF), | |
| 148 | normalize_to_release_pnf(G,NG). | |
| 149 | normalize_to_release_pnf(implies(F,G),NImplies) :- !, | |
| 150 | normalize_to_release_pnf(or(not(F),G),NImplies). | |
| 151 | normalize_to_release_pnf(next(F),next(NF)) :- !, | |
| 152 | normalize_to_release_pnf(F,NF). | |
| 153 | normalize_to_release_pnf(globally(F),release(false,NF)) :- !, | |
| 154 | normalize_to_release_pnf(F,NF). | |
| 155 | normalize_to_release_pnf(finally(F),until(true,NF)) :- !, | |
| 156 | normalize_to_release_pnf(F,NF). | |
| 157 | normalize_to_release_pnf(weakuntil(F,G),weakuntil(NF,NG)) :- !, | |
| 158 | normalize_to_release_pnf(F,NF), | |
| 159 | normalize_to_release_pnf(G,NG). | |
| 160 | normalize_to_release_pnf(release(F,G),release(NF,NG)) :- !, | |
| 161 | normalize_to_release_pnf(F,NF), | |
| 162 | normalize_to_release_pnf(G,NG). | |
| 163 | normalize_to_release_pnf(until(F,G),until(NF,NG)) :- !, | |
| 164 | normalize_to_release_pnf(F,NF), | |
| 165 | normalize_to_release_pnf(G,NG). | |
| 166 | % not rules | |
| 167 | normalize_to_release_pnf(not(true),false) :- !. | |
| 168 | normalize_to_release_pnf(not(false),true) :- !. | |
| 169 | normalize_to_release_pnf(not(and(F,G)),NOr) :- !, | |
| 170 | normalize_to_release_pnf(or(not(F),not(G)),NOr). | |
| 171 | normalize_to_release_pnf(not(or(F,G)),NAnd) :- !, | |
| 172 | normalize_to_release_pnf(and(not(F),not(G)),NAnd). | |
| 173 | normalize_to_release_pnf(not(next(F)),NNext) :- !, | |
| 174 | normalize_to_release_pnf(next(not(F)),NNext). | |
| 175 | normalize_to_release_pnf(not(finally(F)),NGlobally) :- !, | |
| 176 | normalize_to_release_pnf(release(false,not(F)),NGlobally). | |
| 177 | normalize_to_release_pnf(not(globally(F)),NUntil) :- !, | |
| 178 | normalize_to_release_pnf(until(true,not(F)),NUntil). | |
| 179 | normalize_to_release_pnf(not(until(F,G)),NRelease) :- !, | |
| 180 | normalize_to_release_pnf(release(not(F),not(G)),NRelease). | |
| 181 | normalize_to_release_pnf(not(F),NF) :- !, | |
| 182 | (F = not(F1) -> | |
| 183 | normalize_to_release_pnf(F1,NF) | |
| 184 | ; normalize_to_release_pnf(F,NF1), | |
| 185 | NF=not(NF1)). | |
| 186 | ||
| 187 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 188 | %%%%%%%%%%%%%%%%% Predicates for using the LTL2BA Tool %%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 189 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 190 | ||
| 191 | ltl_mc_safety_property(Ltl,StartNodes,Result) :- | |
| 192 | encode_ltl_formula_as_ba(Ltl,Ltl1,ExitResult), | |
| 193 | debug_print_ba_automaton, | |
| 194 | !, | |
| 195 | (ExitResult = ok -> | |
| 196 | SMode = breadth_first, % can also be random | |
| 197 | start_mc_safety_property(SMode,StartNodes,Result) % uses aut_transition/3, aut_final_state/1, aut_initial_state/1 from this module | |
| 198 | ; ExitResult = error -> | |
| 199 | add_error_fail(translating_ltl2ba,'An error appeared while translating LTL to BA for the following formula: ',Ltl1) | |
| 200 | ; | |
| 201 | add_error_fail(translating_ltl2ba,'Unexpected error occurred while translating LTL to BA for the following formula: ',Ltl1) | |
| 202 | ). | |
| 203 | ltl_mc_safety_property(_Ltl,_StarNodes,_Result) :- | |
| 204 | add_error_fail(translating_ltl2ba,'Please ensure that ltl2ba is installed (see Help menu in ProB Tcl/Tk)',''). | |
| 205 | ||
| 206 | ||
| 207 | % -------------------------- | |
| 208 | % some direct encodings for a few common LTL patterns | |
| 209 | ||
| 210 | safety_property_can_be_encoded_directly(F) :- direct_encode_ltl_as_ba(F,false). | |
| 211 | %safety_property_can_be_encoded_directly(F) :- format('Cannot encode LTL safety property without ltl2ba:~n ~w~n',[F]),fail. | |
| 212 | ||
| 213 | % custom rules to translate formulas without ltl2ba | |
| 214 | direct_encode_ltl_as_ba(not(false),GenAutomata) :- encode_not_globally(false,GenAutomata). | |
| 215 | direct_encode_ltl_as_ba(not(globally(F)),GenAutomata) :- encode_not_globally(F,GenAutomata). | |
| 216 | ||
| 217 | encode_not_globally(implies(AP,next(NextAP)),GenAutomata) :- % formulas like G([Loop] => XX{x=0}) | |
| 218 | translate_ap(AP,TAP), | |
| 219 | negate_ap(AP,NegTAP), | |
| 220 | negate_ap(NextAP,NegAP), | |
| 221 | (GenAutomata=false -> true | |
| 222 | ; clear_automaton_facts, | |
| 223 | assertz(aut_initial_state('T0_init')), | |
| 224 | %assertz(aut_final_state(accept_S12)), % ?? useful | |
| 225 | assertz(aut_final_state(accept_all)), | |
| 226 | assertz(aut_transition('T0_init', TAP, accept_S12)), | |
| 227 | assertz(aut_transition('T0_init', NegTAP, 'T0_init')), | |
| 228 | assertz(aut_transition('accept_S12', NegAP, accept_all)), | |
| 229 | assertz(aut_transition('accept_S12', NegTAP, 'T0_init')), | |
| 230 | assertz(aut_transition('accept_S12', TAP, accept_S12)) | |
| 231 | ). | |
| 232 | /* We could also encode it non-deterministically, as LTL2BA does: G( [Action] => PROP ) | |
| 233 | Transition: T0_init --(true)--> T0_init | |
| 234 | Transition: T0_init --([Action])--> accept_S2 | |
| 235 | Transition: accept_S2 --(! (PROP))--> accept_all | |
| 236 | */ | |
| 237 | encode_not_globally(AP,GenAutomata) :- % special translation for checking LTL formula G{Pred} | |
| 238 | negate_ap(AP,NegAP), | |
| 239 | (GenAutomata=false -> true | |
| 240 | ; clear_automaton_facts, | |
| 241 | assertz(aut_initial_state('T0_init')), | |
| 242 | assertz(aut_final_state(accept_all)), | |
| 243 | assertz(aut_transition('T0_init', NegAP, accept_all)), | |
| 244 | assertz(aut_transition('T0_init', true, 'T0_init')) | |
| 245 | ). | |
| 246 | ||
| 247 | translate_ap(action(BOP),tp(BOP)). | |
| 248 | translate_ap(ap(Pred),ap(Pred)). | |
| 249 | translate_ap(not(AP),NAP) :- negate_ap(AP,NAP). | |
| 250 | translate_ap(false,false). | |
| 251 | translate_ap(true,true). | |
| 252 | translate_ap(implies(A,B),implies(TA,TB)) :- translate_ap(A,TA), translate_ap(B,TB). | |
| 253 | translate_ap(equivalent(A,B),equivalent(TA,TB)) :- translate_ap(A,TA), translate_ap(B,TB). | |
| 254 | translate_ap(and(A,B),and(TA,TB)) :- translate_ap(A,TA), translate_ap(B,TB). | |
| 255 | translate_ap(or(A,B),or(TA,TB)) :- translate_ap(A,TA), translate_ap(B,TB). | |
| 256 | ||
| 257 | negate_ap(implies(A,B),and(TA,NB)) :- translate_ap(A,TA), negate_ap(B,NB). | |
| 258 | negate_ap(equivalent(A,B),equivalent(TA,NB)) :- translate_ap(A,TA), negate_ap(B,NB). | |
| 259 | negate_ap(or(A,B),and(NA,NB)) :- negate_ap(A,NA), negate_ap(B,NB). | |
| 260 | negate_ap(and(A,B),or(NA,NB)) :- negate_ap(A,NA), negate_ap(B,NB). | |
| 261 | negate_ap(ap(Pred),not(ap(Pred))). | |
| 262 | negate_ap(action(BOP),not(tp(BOP))). | |
| 263 | negate_ap(not(AP),TAP) :- translate_ap(AP,TAP). | |
| 264 | %negate_ap(true,false). | |
| 265 | negate_ap(false,true). | |
| 266 | ||
| 267 | % check if an LTL formula uses transition informations of the form [Action] | |
| 268 | ltl_formula_uses_tps(globally(A)) :- !, ltl_formula_uses_tps(A). | |
| 269 | ltl_formula_uses_tps(finally(A)) :- !, ltl_formula_uses_tps(A). | |
| 270 | ltl_formula_uses_tps(next(A)) :- !, ltl_formula_uses_tps(A). | |
| 271 | ltl_formula_uses_tps(until(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 272 | ltl_formula_uses_tps(weakuntil(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 273 | ltl_formula_uses_tps(release(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 274 | ltl_formula_uses_tps(action(_)) :- !. | |
| 275 | ltl_formula_uses_tps(AP) :- basic_ap(AP),!, fail. | |
| 276 | ltl_formula_uses_tps(not(AP)) :- !, ltl_formula_uses_tps(AP). | |
| 277 | ltl_formula_uses_tps(and(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 278 | ltl_formula_uses_tps(or(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 279 | ltl_formula_uses_tps(implies(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 280 | ltl_formula_uses_tps(equivalent(A,B)) :- !, (ltl_formula_uses_tps(A) -> true ; ltl_formula_uses_tps(B)). | |
| 281 | ltl_formula_uses_tps(A) :- add_internal_error('Unknown LTL property:',ltl_formula_uses_tps(A)). | |
| 282 | ||
| 283 | basic_ap(ap(_)). | |
| 284 | basic_ap(true). | |
| 285 | basic_ap(false). | |
| 286 | %basic_ap(deadlock). % are wrapped in ap(...) | |
| 287 | %basic_ap(sink). % ditto | |
| 288 | ||
| 289 | ||
| 290 | % -------------------------- | |
| 291 | ||
| 292 | encode_ltl_formula_as_ba(Ltl,Ltl1,ExitResult) :- | |
| 293 | GenAutomata=true,direct_encode_ltl_as_ba(Ltl,GenAutomata),!, | |
| 294 | (ltl_formula_uses_tps(Ltl) | |
| 295 | -> debug_format(19,'LTL (safety) formula uses transition informations~n',[]), | |
| 296 | assertz(tps_occurring) % influences the way the safety mc needs to run | |
| 297 | ; true), | |
| 298 | debug_format(19,'Encoding LTL formula directly without ltl2ba~n',[]), | |
| 299 | Ltl1=Ltl, ExitResult=ok. | |
| 300 | encode_ltl_formula_as_ba(Ltl,Ltl1,ExitResult) :- | |
| 301 | clear_automaton_facts, | |
| 302 | %format('LTL formula: ~w~n',[Ltl]), | |
| 303 | translate_to_ltl2ba_syntax(Ltl,Ltl1), % this has a side-effect of asserting tps_occurring, ... !!!! | |
| 304 | safe_ltl2ba_init, | |
| 305 | (debug_mode(on) -> Verbose = true; Verbose = false), | |
| 306 | c_call_ltl2ba(Ltl1,ltl_safety:assert_aut_initial_state, | |
| 307 | ltl_safety:assert_aut_final_state, | |
| 308 | ltl_safety:assert_aut_transition,Verbose,ExitResult). | |
| 309 | ||
| 310 | ||
| 311 | safe_ltl2ba_init :- | |
| 312 | catch(ltl2ba_init,Exc, | |
| 313 | (add_error(translating_ltl2ba,'Exception when initialising LTL2BA (possibly wrong architecture, try reinstalling with probcli -install ltl2ba):',Exc),fail)). | |
| 314 | ||
| 315 | is_ltl2ba_tool_installed :- is_ltl2ba_tool_installed(message). | |
| 316 | is_ltl2ba_tool_installed(GenerateMsg) :- | |
| 317 | host_platform(Platform), | |
| 318 | get_platform_specifix_ltl2ba_library(Platform,File), | |
| 319 | absolute_file_name(prob_lib(File),LTL2BALibrary), | |
| 320 | (file_exists(LTL2BALibrary) -> | |
| 321 | debug_println(9,'LTL2BA is installed.'), | |
| 322 | safe_ltl2ba_init | |
| 323 | ; GenerateMsg==message -> | |
| 324 | add_message(translating_ltl2ba, | |
| 325 | 'ltl2ba library could not be found in lib/ directory of ProB, install ltl2ba for faster model checking (see Help menu in ProB Tcl/Tk): ',LTL2BALibrary), | |
| 326 | fail | |
| 327 | ). | |
| 328 | ||
| 329 | get_platform_specifix_ltl2ba_library(darwin,'ltl2ba.bundle'):- !. | |
| 330 | get_platform_specifix_ltl2ba_library(linux,'ltl2ba.so') :- !. | |
| 331 | get_platform_specifix_ltl2ba_library(windows,'ltl2ba.dll') :- !. | |
| 332 | get_platform_specifix_ltl2ba_library(Unknown,_) :- | |
| 333 | add_error_fail(translating_ltl2ba,'Unknown platform: ', Unknown). | |
| 334 | ||
| 335 | :- public assert_aut_initial_state/1. % callback given to C | |
| 336 | assert_aut_initial_state(StateDescription) :- | |
| 337 | debug_println(9,asserting_initialstate(StateDescription)), | |
| 338 | assertz(aut_initial_state(StateDescription)). | |
| 339 | :- public assert_aut_final_state/1. % callback given to C | |
| 340 | assert_aut_final_state(StateDescription) :- | |
| 341 | debug_println(9,asserting_finitestate(StateDescription)), | |
| 342 | assertz(aut_final_state(StateDescription)). | |
| 343 | :- public assert_aut_transition/3. % callback given to C | |
| 344 | assert_aut_transition(Src,Atom,Dst) :- | |
| 345 | atom_codes(Atom,Codes), | |
| 346 | read_term_from_codes_exception(Codes,PrepRep,[]), | |
| 347 | redefine_transition_label(PrepRep,Label), | |
| 348 | debug_println(9,asserting_transition(aut_transition(Src,Label,Dst))), | |
| 349 | assertz(aut_transition(Src,Label,Dst)). | |
| 350 | ||
| 351 | read_term_from_codes_exception(Codes,PrepRep,Options) :- | |
| 352 | (read_term_from_codes(Codes,PrepRep,Options) | |
| 353 | -> true | |
| 354 | ; atom_codes(Atom,Codes), | |
| 355 | add_error(translating_ltl3ba_callback, 'Unexpected atom representation (does atom ends with fullstop?): ', Atom) | |
| 356 | ). | |
| 357 | ||
| 358 | %redefine_automaton_facts :- | |
| 359 | % aut_transition(Src,P,Dst), | |
| 360 | % redefine_transition(Src,P,Dst), | |
| 361 | % fail. | |
| 362 | %redefine_automaton_facts. | |
| 363 | %redefine_transition(Src,Predicate,Dst) :- | |
| 364 | % retract(aut_transition(Src,Predicate,Dst)), | |
| 365 | % redefine_transition_label(Predicate,Preposition), | |
| 366 | % assertz(aut_transition(Src,Preposition,Dst)). | |
| 367 | ||
| 368 | redefine_transition_label(true,Res) :- !, | |
| 369 | Res = true. | |
| 370 | redefine_transition_label(false,Res) :- !, | |
| 371 | Res = false. | |
| 372 | redefine_transition_label(not(AP),Res) :- | |
| 373 | ap_representation(AP,bpred(Pred)),!, | |
| 374 | create_negation(Pred,NegPred), | |
| 375 | create_atomic_b_predicate(NegPred,Res). | |
| 376 | redefine_transition_label(AP,Res) :- | |
| 377 | ap_representation(AP,Rep),!, | |
| 378 | Res = ap(Rep). | |
| 379 | redefine_transition_label(TP,Res) :- | |
| 380 | tp_representation(TP,Rep),!, | |
| 381 | Res = tp(Rep). | |
| 382 | redefine_transition_label(F,Res) :- | |
| 383 | F =.. [Functor|Args], | |
| 384 | maplist(redefine_transition_label,Args,NewArgs), | |
| 385 | Res =.. [Functor|NewArgs]. | |
| 386 | ||
| 387 | create_atomic_b_predicate(BPred,Res) :- | |
| 388 | Res = ap(bpred(BPred)). | |
| 389 | ||
| 390 | debug_print_ba_automaton :- | |
| 391 | %listing(aut_initial_state/1), listing(aut_final_state/1), listing(aut_transition/3), | |
| 392 | (debug_mode(on) | |
| 393 | -> print_transitions_fail_loop | |
| 394 | ; true). | |
| 395 | ||
| 396 | print_transitions_fail_loop :- | |
| 397 | aut_transition(Src,Label,Dst), | |
| 398 | print('Transition: '),print(Src), | |
| 399 | translate_and_print_label(Label), | |
| 400 | print(Dst),nl,fail. | |
| 401 | print_transitions_fail_loop. | |
| 402 | ||
| 403 | translate_and_print_label(Label) :- | |
| 404 | pp_ba_label(Label,Atom,[]), | |
| 405 | ajoin(Atom,Text), | |
| 406 | print_label(Text). | |
| 407 | ||
| 408 | %% pretty-printing predicate in Spin syntax (created just to test if ltl2ba produces the correct automaton) | |
| 409 | pp_ba_label(true,['true'|S],S) :- !. | |
| 410 | pp_ba_label(false,['false'|S],S) :- !. | |
| 411 | pp_ba_label(ap(AP),[Atom|S],S) :- !, | |
| 412 | pp_ap(AP,Atom). | |
| 413 | pp_ba_label(tp(TP),[Atom|S],S) :- !, | |
| 414 | pp_tp(TP,Atom). | |
| 415 | pp_ba_label(not(Pred),['! ('|S],T) :- !, | |
| 416 | pp_ba_label(Pred,S,[')'|T]). | |
| 417 | pp_ba_label(and(Pred1,Pred2),['('|S],T) :- !, | |
| 418 | pp_ba_label(Pred1,S,[' && '| S1]), | |
| 419 | pp_ba_label(Pred2,S1,[')'|T]). | |
| 420 | pp_ba_label(or(Pred1,Pred2),['('|S],T) :- !, | |
| 421 | pp_ba_label(Pred1,S,[' || '| S1]), | |
| 422 | pp_ba_label(Pred2,S1,[')'|T]). | |
| 423 | pp_ba_label(Otherwise,['???'|S],S) :- | |
| 424 | add_error(printing_ba_label_for_ltl2ba,'Non-expected label: ',Otherwise). | |
| 425 | ||
| 426 | print_label(Label) :- | |
| 427 | print(' --('),print(Label),print(')--> '). | |
| 428 | ||
| 429 | translate_to_ltl2ba_syntax(Formula,Text) :- | |
| 430 | retractall(ap_representation(_,_)), | |
| 431 | retractall(tp_representation(_,_)), | |
| 432 | retractall(tps_occurring), | |
| 433 | pp_formula_to_ltl2ba_syntax(Formula,Text). | |
| 434 | ||
| 435 | pp_formula_to_ltl2ba_syntax(Formula,Res) :- | |
| 436 | pp_to_ltl2ba_syntax(Formula,Atoms,[]), | |
| 437 | ajoin(Atoms,Res). | |
| 438 | ||
| 439 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 440 | %%%%%%%%%%%%%%%%% Unit Tests %%%%%%%%%%%%%%%%%%%%%% | |
| 441 | %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| 442 | ||
| 443 | :- assert_must_succeed((F = and(or(true,false),true), | |
| 444 | pp_formula_to_ltl2ba_syntax(F,Text), | |
| 445 | Text = '((true || false) && true)')). | |
| 446 | :- assert_must_succeed((F = implies(deadlock,not(true)), | |
| 447 | pp_formula_to_ltl2ba_syntax(F,Text), | |
| 448 | Text = '(deadlock -> ! true)')). | |
| 449 | :- assert_must_succeed((F = not(until(true,next(implies(deadlock,not(true))))), | |
| 450 | pp_formula_to_ltl2ba_syntax(F,Text), | |
| 451 | Text = '! (true U X ((deadlock -> ! true)))')). | |
| 452 | :- assert_must_succeed((F = weakuntil(true,false), | |
| 453 | pp_formula_to_ltl2ba_syntax(F,Text), | |
| 454 | Text = '((! true || false) V (true || false))')). | |
| 455 | :- assert_must_succeed((F = globally(finally(true)), | |
| 456 | pp_formula_to_ltl2ba_syntax(F,Text), | |
| 457 | Text = '[] (<> (true))')). | |
| 458 | ||
| 459 | ||
| 460 | pp_to_ltl2ba_syntax(true,['true'|S],S) :- !. | |
| 461 | pp_to_ltl2ba_syntax(false,['false'|S],S) :- !. | |
| 462 | pp_to_ltl2ba_syntax(deadlock,['deadlock'|S],S) :- !. | |
| 463 | pp_to_ltl2ba_syntax(ap(X),[AP|S],S) :- !, | |
| 464 | term_hash(X,Hash), | |
| 465 | ajoin(['ap',Hash],AP), | |
| 466 | (\+ap_representation(AP,_) -> assertz(ap_representation(AP,X)); true). | |
| 467 | pp_to_ltl2ba_syntax(action(X),[TP|S],S) :- !, | |
| 468 | assertz(tps_occurring), | |
| 469 | term_hash(X,Hash), | |
| 470 | ajoin(['tp',Hash],TP), | |
| 471 | (\+tp_representation(TP,_) -> assertz(tp_representation(TP,X)); true). | |
| 472 | pp_to_ltl2ba_syntax(not(X),['! '|S],T) :- !, | |
| 473 | pp_to_ltl2ba_syntax(X,S,T). | |
| 474 | pp_to_ltl2ba_syntax(and(X,Y),['('|S],T) :- !, | |
| 475 | pp_to_ltl2ba_syntax(X,S,[' && '|S1]), | |
| 476 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 477 | pp_to_ltl2ba_syntax(or(X,Y),['('|S],T) :- !, | |
| 478 | pp_to_ltl2ba_syntax(X,S,[' || '|S1]), | |
| 479 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 480 | pp_to_ltl2ba_syntax(implies(X,Y),['('|S],T) :- !, | |
| 481 | pp_to_ltl2ba_syntax(X,S,[' -> '|S1]), | |
| 482 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 483 | pp_to_ltl2ba_syntax(equivalent(X,Y),['('|S],T) :- !, | |
| 484 | pp_to_ltl2ba_syntax(X,S,[' <-> '|S1]), | |
| 485 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 486 | pp_to_ltl2ba_syntax(next(X),['X ('|S],T) :- !, | |
| 487 | pp_to_ltl2ba_syntax(X,S,[')'|T]). | |
| 488 | pp_to_ltl2ba_syntax(globally(X),['[] ('|S],T) :- !, | |
| 489 | pp_to_ltl2ba_syntax(X,S,[')'|T]). | |
| 490 | pp_to_ltl2ba_syntax(finally(X),['<> ('|S],T) :- !, | |
| 491 | pp_to_ltl2ba_syntax(X,S,[')'|T]). | |
| 492 | pp_to_ltl2ba_syntax(until(X,Y),['('|S],T) :- !, | |
| 493 | pp_to_ltl2ba_syntax(X,S,[' U '|S1]), | |
| 494 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 495 | pp_to_ltl2ba_syntax(release(X,Y),['('|S],T) :- !, | |
| 496 | pp_to_ltl2ba_syntax(X,S,[' V '|S1]), | |
| 497 | pp_to_ltl2ba_syntax(Y,S1,[')'|T]). | |
| 498 | pp_to_ltl2ba_syntax(weakuntil(X,Y),S,T) :- !, | |
| 499 | pp_to_ltl2ba_syntax(release(or(not(X),Y),or(X,Y)),S,T). |