2

Basically, model checking deals a model 'm' (the behavior description of the system) and a property 'p', which the system shall satisfy. With both artifacts, a model checker determines whether the model satisfies the property.

My question is whether it's possible to specify the model 'm' as an LTL formula and check if the model as LTL 'm' satisfies the property 'p'.

Theoretically, I believe that this approach should work because we can generate two Büchi automaton, one for the LTL formula 'p' and another for the LTL property that describes the model 'm'. If the intersection of the two non-deterministic automata is empty, the model 'm' as LTL satisfies the property.

Can someone give me a hint? Is it possible?

igi
  • 29
  • 6

1 Answers1

1

interesting question: the short answer is probably no.

https://en.wikipedia.org/wiki/Linear_temporal_logic_to_B%C3%BCchi_automaton

typically during model checking, the translation of LTL to Buchi Automata is performed. this is possible because LTL is much less expressive than Buchi Automata. however, if you have some pre-existing design, it is unlikely to be able to capture it in LTL. for example, when the design has many many states, it might be a problem in LTL.

adrianX
  • 619
  • 7
  • 21
  • In other words, technically, you can specify models in LTL yet (Buchi) automata are more expressive and thus better suit the task. – Serge Sep 10 '19 at 14:54