def test_explain_eg_first_state(self):
fsm = self.inputs_model()
manager = fsm.bddEnc.DDmanager
init = fsm.init
p = eval_ctl_spec(fsm, atom("p"))
egp = eval_ctl_spec(fsm, eg(atom("p")))
self.assertTrue(egp <= p)
state = fsm.pick_one_state(egp)
path, (inloop, loop) = explainEG(fsm, state, p)
self.assertEqual(state, path[0])
self.assertIn(loop, path)
self.assertEqual(len(path), 1)
for i in range(0, len(path), 2):
self.assertTrue(path[i] <= p)
self.assertTrue(path[-1] <= p)
def test_explain_eg(self):
fsm = self.init_model()
manager = fsm.bddEnc.DDmanager
init = fsm.init
adminAlice = eval_ctl_spec(fsm, atom("admin = alice"))
egAlice = eval_ctl_spec(fsm, eg(atom("admin = alice")))
self.assertTrue(egAlice <= adminAlice)
state = fsm.pick_one_state(egAlice)
self.assertTrue(BDD.false(manager) < state <= adminAlice)
self.assertTrue(state <= egAlice)
path, (inloop, loop) = explainEG(fsm, state, adminAlice)
self.assertEqual(state, path[0])
self.assertIn(loop, path)
for i in range(0,len(path), 2):
self.assertTrue(path[i] <= adminAlice)
self.assertTrue(path[-1] <= adminAlice)
def witness_branch(fsm, state, spec, context, originalspec):
"""
Return a TLACE branch explaining why state of fsm satisfies spec.
fsm -- a pynusmv.fsm.BddFsm representing the system.
state -- a pynusmv.dd.BDD representing a state of fsm.
spec -- a pynusmv.spec.spec.Spec node representing the specification.
context -- a pynusmv.spec.spec.Spec representing the context of spec in fsm.
originalspec -- a pynusmv.spec.spec.Spec representing the original spec;
used to annotate the produced branch, despite updated
specs.
Return a tlacebranch.Tlacebranch explaining why state of fsm satisfies spec.
Throw a NonExistentialSpecError if spec is not existential.
"""
if spec.type == parser.EX:
f = eval_ctl_spec(fsm, spec.car, context)
path = explainEX(fsm, state, f)
branch = (Tlacenode(path[0]),
path[1],
witness(fsm, path[2], spec.car, context))
return Tlacebranch(originalspec, branch)
elif spec.type == parser.EF:
newspec = eu(sptrue(), spec.car)
return witness_branch(fsm, state, newspec, context, originalspec)
elif spec.type == parser.EG:
f = eval_ctl_spec(fsm, spec.car, context)
(path, (inloop, loopstate)) = explainEG(fsm, state, f)
branch = []
# intermediate states
for s, i in zip(path[::2], path[1::2]):
wit = witness(fsm, s, spec.car, context)
branch.append(wit)
branch.append(i)
# manage the loop
if s == loopstate:
loop = wit
# last state
branch.append(witness(fsm, path[-1], spec.car, context))
return Tlacebranch(originalspec, tuple(branch), (inloop, loop))
elif spec.type == parser.EU:
f = eval_ctl_spec(fsm, spec.car, context)
g = eval_ctl_spec(fsm, spec.cdr, context)
path = explainEU(fsm, state, f, g)
branch = []
# intermediate states
for s, i in zip(path[::2], path[1::2]):
branch.append(witness(fsm, s, spec.car, context))
branch.append(i)
# last state
branch.append(witness(fsm, path[-1], spec.cdr, context))
return Tlacebranch(originalspec, tuple(branch))
elif spec.type == parser.EW:
euspec = eu(spec.car, spec.cdr)
egspec = eg(spec.car)
if state.entailed(eval_ctl_spec(fsm, euspec, context)):
return witness_branch(fsm, state, euspec, context, originalspec)
else:
return witness_branch(fsm, state, egspec, context, originalspec)
else:
# Default case, throw an exception because spec is not existential
raise NonExistentialSpecError()
def witness_branch(fsm, state, spec, context, originalspec):
"""
Return a TLACE branch explaining why state of fsm satisfies spec.
fsm -- a pynusmv.fsm.BddFsm representing the system.
state -- a pynusmv.dd.BDD representing a state of fsm.
spec -- a pynusmv.spec.spec.Spec node representing the specification.
context -- a pynusmv.spec.spec.Spec representing the context of spec in fsm.
originalspec -- a pynusmv.spec.spec.Spec representing the original spec;
used to annotate the produced branch, despite updated
specs.
Return a tlacebranch.Tlacebranch explaining why state of fsm satisfies spec.
Throw a NonExistentialSpecError if spec is not existential.
"""
if spec.type == parser.EX:
f = eval_ctl_spec(fsm, spec.car, context)
path = explainEX(fsm, state, f)
branch = (Tlacenode(path[0]), path[1],
witness(fsm, path[2], spec.car, context))
return Tlacebranch(originalspec, branch)
elif spec.type == parser.EF:
newspec = eu(sptrue(), spec.car)
return witness_branch(fsm, state, newspec, context, originalspec)
elif spec.type == parser.EG:
f = eval_ctl_spec(fsm, spec.car, context)
(path, (inloop, loopstate)) = explainEG(fsm, state, f)
branch = []
# intermediate states
for s, i in zip(path[::2], path[1::2]):
wit = witness(fsm, s, spec.car, context)
branch.append(wit)
branch.append(i)
# manage the loop
if s == loopstate:
loop = wit
# last state
branch.append(witness(fsm, path[-1], spec.car, context))
return Tlacebranch(originalspec, tuple(branch), (inloop, loop))
elif spec.type == parser.EU:
f = eval_ctl_spec(fsm, spec.car, context)
g = eval_ctl_spec(fsm, spec.cdr, context)
path = explainEU(fsm, state, f, g)
branch = []
# intermediate states
for s, i in zip(path[::2], path[1::2]):
branch.append(witness(fsm, s, spec.car, context))
branch.append(i)
# last state
branch.append(witness(fsm, path[-1], spec.cdr, context))
return Tlacebranch(originalspec, tuple(branch))
elif spec.type == parser.EW:
euspec = eu(spec.car, spec.cdr)
egspec = eg(spec.car)
if state.entailed(eval_ctl_spec(fsm, euspec, context)):
return witness_branch(fsm, state, euspec, context, originalspec)
else:
return witness_branch(fsm, state, egspec, context, originalspec)
else:
# Default case, throw an exception because spec is not existential
raise NonExistentialSpecError()