def generate_sat_problem(fsm, fml, length):
fsm = master_be_fsm()
offset = 0
wff = bmcutils.make_negated_nnf_boolean_wff(fml).to_node()
problem = generate_path(offset, length) \
& ltlspec.bounded_semantics_at_offset(fsm, wff, length, offset)
return problem
def generate_sat_problem(fsm, fml, length):
fsm = master_be_fsm()
offset = 0
wff = bmcutils.make_negated_nnf_boolean_wff(fml).to_node()
problem = generate_path(offset, length) \
& ltlspec.bounded_semantics_at_offset(fsm, wff, length, offset)
return problem
def generate_ltl_problem(fsm, prop_node, bound=10, loop=utils.all_loopbacks()):
"""
Generates a (non-incremental) Be expression corresponding to the SAT problem
denoted by :math:`[[fsm, prop\\_node]]_{bound}^{loop}`
That is to say it generates the problem that combines both the formula and
and the model to perform the verification. Put another way, this problem
can be read as:
.. math::
[[fsm]]_{bound} \\wedge \\neg ( (\\neg L_k \\wedge [[ \\neg prop\\_node]]_{k}) \\vee {}_{l}[[ \\neg prop\\_node]]_{k}^{l} )
:param fsm: the BeFsm object that represents the model against which the
property will be verified. (if in doubt, it can be obtained via
:func:`pynusmv.bmc.glob.master_be_fsm()` )
:param prop_node: the property for which to generate a verification problem
represented in a 'node' format (subclass of :class:`pynusmv.node.Node`)
which corresponds to the format obtained from the ast. (remark: if you
need to manipulate [ie negate] the formula before passing it, it is
perfectly valid to pass a node decorated by `Wff.decorate`).
:param bound: the bound of the problem, that is to say the maximum number of
times the problem will be unrolled. This parameter corresponds to the
value `k` used in the formal definitions of a bmc problem.
:param loop: a loop definition. This is an integer value corresponding to
the moment in time where the loop might be starting (the parameter `l`
in the formal definitions). However, this value is not as 'crude' as an
absolute moment in time since it may indicate:
- an absolute moment in time (obviously) when the value is positive
- indicate a relative moment in time (when it is a negative number
(for instance value -2 indicates that the loops are supposed to
start 2 states ago)
- that NO loop at all must be considered (ignore infinite behaviors)
when this parameter takes the special value defined in
:func:`pynusmv.bmc.utils.no_loopback()`
- that ALL possible loops in the model must be taken into account
when this parameter takes the special value defined in
:func:`pynusmv.bmc.utils.all_loopback()` (this is the default)
:return: a Be boolean expression representing the satisfiability problem of
for the verification of this property.
:raises ValueError: when the bound is infeasible (negative value) or when
the loop and bound values are inconsistent (loop is greater than the
bound but none of the special values described above)
"""
utils.check_consistency(bound, loop)
ltl_wff = utils.make_negated_nnf_boolean_wff(prop_node)
be_ptr = _bmc.Bmc_Gen_LtlProblem(fsm._ptr, ltl_wff._ptr, bound, loop)
return Be(be_ptr, fsm.encoding.manager)
def test_make_negated_nnf_boolean_wff(self):
load_from_string("""
MODULE main
VAR v : boolean;
w : boolean;
ASSIGN init(v) := TRUE;
next(v) := !v;
""")
with BmcSupport():
expr = Node.from_ptr(parse_ltl_spec("F G ( w <-> v )"))
wff = bmcutils.make_negated_nnf_boolean_wff(expr)
self.assertEquals(" F ( G (w <-> v))", str(expr))
# Via De Morgan Laws
self.assertEquals(" G ( F ((v & !w) | (!v & w)))", str(wff))
def generate_ltl_problem(fsm, prop_node, bound=10, loop=utils.all_loopbacks()):
"""
Generates a (non-incremental) Be expression corresponding to the SAT problem
denoted by [[fsm, prop_node]]_{bound}^{loop}
That is to say it generates the problem that combines both the formula and
and the model to perform the verification. Put another way, this problem
can be read as::
[[fsm]]_{bound} & ! ( (!Lk & [[ ! prop_node]]_{k}) | _{l}[[ ! prop_node]]_{k}^{l} )
:param fsm: the BeFsm object that represents the model against which the
property will be verified. (if in doubt, it can be obtained via
:see:`pynusmv.bmc.glob.master_be_fsm()` )
:param prop_node: the property for which to generate a verification problem
represented in a 'node' format (subclass of :see::class:`pynusmv.node.Node`)
which corresponds to the format obtained from the ast. (remark: if you
need to manipulate [ie negate] the formula before passing it, it is
perfectly valid to pass a node decorated by `Wff.decorate`).
:param bound: the bound of the problem, that is to say the maximum number of
times the problem will be unrolled. This parameter corresponds to the
value `k` used in the formal definitions of a bmc problem.
:param loop: a loop definition. This is an integer value corresponding to
the moment in time where the loop might be starting (the parameter `l`
in the formal definitions). However, this value is not as 'crude' as an
absolute moment in time since it may indicate::
- an absolute moment in time (obviously) when the value is positive
- indicate a relative moment in time (when it is a negative number
(for instance value -2 indicates that the loops are supposed to
start 2 states ago)
- that NO loop at all must be considered (ignore infinite behaviors)
when this parameter takes the special value defined in
:see:`pynusmv.bmc.utils.no_loopback()`
- that ALL possible loops in the model must be taken into account
when this parameter takes the special value defined in
:see:`pynusmv.bmc.utils.all_loopback()` (this is the default)
:return: a Be boolean expression representing the satisfiability problem of
for the verification of this property.
:raises ValueError: when the bound is infeasible (negative value) or when
the loop and bound values are inconsistent (loop is greater than the
bound but none of the special values described above)
"""
utils.check_consistency(bound, loop)
ltl_wff = utils.make_negated_nnf_boolean_wff(prop_node)
be_ptr = _bmc.Bmc_Gen_LtlProblem(fsm._ptr, ltl_wff._ptr, bound, loop)
return Be(be_ptr, fsm.encoding.manager)
def test_generate_ltl_problem(self):
# parse the ltl property
spec = Node.from_ptr(parse_ltl_spec("G ( y <= 7 )"))
# it must raise exception when the bound is not feasible
with self.assertRaises(ValueError):
ltlspec.generate_ltl_problem(self.fsm, spec, bound=-1)
# it must raise exception when the bound and loop are not consistent
with self.assertRaises(ValueError):
ltlspec.generate_ltl_problem(self.fsm, spec, bound=5, loop=6)
problem = ltlspec.generate_ltl_problem(self.fsm, spec, bound=10)
self.assertEqual("No counter example", self.do_verify(problem))
# verify that the generated problem corresponds to what is announced
model = BmcModel().path(10)
negspec = utils.make_negated_nnf_boolean_wff(spec)
formula = ltlspec.bounded_semantics(self.fsm, negspec, bound=10)
self.assertEqual(problem, model & formula)
def test_generate_ltl_problem(self):
# parse the ltl property
spec = Node.from_ptr(parse_ltl_spec("G ( y <= 7 )"))
# it must raise exception when the bound is not feasible
with self.assertRaises(ValueError):
ltlspec.generate_ltl_problem(self.fsm, spec, bound=-1)
# it must raise exception when the bound and loop are not consistent
with self.assertRaises(ValueError):
ltlspec.generate_ltl_problem(self.fsm, spec, bound=5, loop=6)
problem = ltlspec.generate_ltl_problem(self.fsm, spec, bound=10)
self.assertEqual("No counter example", self.do_verify(problem))
# verify that the generated problem corresponds to what is announced
model = BmcModel().path(10)
negspec = utils.make_negated_nnf_boolean_wff(spec)
formula = ltlspec.bounded_semantics(self.fsm, negspec, bound=10)
self.assertEqual(problem, model & formula)
