--------------------------------------------------------------------------------
l2s distribution for lmcs experiments
--------------------------------------------------------------------------------
Description

This archive contains tools to perform the liveness-to-safety
transformation (l2s) with NuSMV or Cadence SMV as used for the
experiments in [BHLJS06] and developed in [SB04, Sch06]. Main
differences are as follows:

- the description in the main part of [BHLJS06] is close to the
  bounded model checking encoding in that paper. This implementation
  uses a variant that is closer to [SB04] for loop detection but with
  either Bchi automata [KPR98,SB05] or a dedicated encoding based on
  [LBHJ05] for the property
- halt optimization is not supported

The tools have only been used in a limited number of
environments. They should be considered pre-alpha.

--------------------------------------------------------------------------------
License/Disclaimer

See LICENSE file (taken from Armin Biere's Limmat distribution).

--------------------------------------------------------------------------------
Organization

LICENCE  license/disclaimer
README   this file
bin/     bash/perl scripts for conversion
ltl2l2s/ C programs to generate automata/encodings for past LTL
srg5/	 example

--------------------------------------------------------------------------------
Installation

1. ltl2l2s: make
2. bin:
   - set BASE in convert.bash
   - adapt config.bash
   - link/copy ltl2l2s/ltl2l2s and ltl2l2s/ltl2tsmv here (or modify
     config.bash)

--------------------------------------------------------------------------------
Usage

- bin/convert.bash is the main tool, see head of file or call w/o
  arguments for help

--------------------------------------------------------------------------------
Examples

- BDD-based (or BMC-based) invariant checking of model + property
  subjected to l2s (tight encoding and variable optimization enabled):

[in srg5]
../bin/convert.bash -nusmv -l2sbmc -tight -optic srg5 p0

  - result
    - srg5.p0.l2sbmc.tight.ic.nusmv
      - model+property subjected to l2s
      - can be submitted to either BDD-based or BMC-based invariant checking
      - for BMC might have to change INVARSPEC to LTLSPEC
    - srg5.p0.l2sbmc.tight.ic.ord
      - variable order optimized for l2s (must be used for BDD-based
        variant, probably not for BMC)
      - if no ${model}.ord was present before calling convert, this
        just interleaves model variables and their l2s copies
        according to the initial variable order used by NuSMV for that model
    - srg5.p0.l2sbmc.tight.ic.var
      - list of variables not copied/compared
      - for logging purposes only

  - test
    - bdd is true as follows

NuSMV -i srg5.p0.l2sbmc.tight.ic.ord srg5.p0.l2sbmc.tight.ic.nusmv

    - for bmc (vanilla contained in NuSMV 2.3.1) change
      "INVARSPEC\n  !__l2s_looped__" to "LTLSPEC\n G !__l2s_looped__",
      NuSMV stops after 10 iterations w/o counterexample

NuSMV -bmc srg5.p0.l2sbmc.tight.ic.nusmv

  - variants (not all combinations allowed, see bin/convert.bash):
    - for Cadence SMV, use "-csmv" instead of "-nusmv"
    - to disable dedicated encoding and use Bchi automaton, use
      "-l2scgh" instead of "-l2sbmc"
    - to disable tightness, use "-notight" instead of "-tight"
    - for partial unrolling, use "-maxunroll=x" with x a natural
      number instead of "-tight"
    - to disable variable optimization, use "-optnone" instead of "-optic"

- traditional no-fair-path checking on model + Bchi automaton
  ([KPR98] implemented by NuSMV's ltl2smv for non-tight automaton,
  [SB05] implemented by ltl2tsmv)

[in srg5]
../bin/convert.bash -nusmv -ltl -notight -optnone srg5 p0

  - result
    - srg5.p0.ltl.notight.none.nusmv
      - model + property as Bchi automaton
      - can be submitted to either BDD-based or BMC-based no-fair-path
        checking

  - test
    - bdd is true as follow

NuSMV -f srg5.p0.ltl.notight.none.nusmv

    - bmc (vanilla contained in NuSMV 2.3.1) stops after 10 iterations
      w/o counterexample

NuSMV -bmc srg5.p0.ltl.notight.none.nusmv

  - variants:
    - for Cadence SMV, use "-csmv" instead of "-nusmv"
    - to disable tightness, use "-notight" instead of "-tight"

--------------------------------------------------------------------------------
References

[BHJLS06] A. Biere, K. Heljanko, T. Junttila, T. Latvala, V. Schuppan:
          Linear Encodings of Bounded LTL Model Checking. Submitted to
          LMCS, 2006

[KPR98]   Y. Kesten, A. Pnueli, L. Raviv: Algorithmic Verification of
          Linear Temporal Properties. In: Proc. ICALP'98, LNCS 1443,
          pp. 1-16.

[LBHJ05]  T. Latvala, A. Biere, K. Heljanko, T. Junttila: Simple is
          Better: Efficient Bounded Model Checking for Past LTL. In:
          Proc. VMCAI'05, LNCS 3385, pp. 380-395

[SB04]    V. Schuppan, A. Biere: Efficient reduction of finite state
          model checking to reachability analysis. In: STTT (2004) 5,
          pp. 185-204

[SB05]    V. Schuppan, A. Biere: Shortest Counterexamples for Symbolic
          Model Checking of LTL with Past. In: Proc. TACAS'05, LNCS
          3440, pp. 493-509

[Sch06]   V. Schuppan: Liveness Checking as Safety Checking to Find
          Shortest Counterexamples to Linear Time Properties. PhD
          Thesis, ETH Zrich, 2006

--------------------------------------------------------------------------------
Changes

05.01.2006	- initial
09.01.2006	- replace optnone with optic in variant 2
                - add srg5.ptimo.icvar to srg5/
21.02.2006	- add LICENSE
		- adapt README for general distribution
                - rename ptimo to p0
                - modify BASE in convert.bash
01.07.2006	- change R(elease) to V in ltl2l2s/
--------------------------------------------------------------------------------
Viktor Schuppan, 01.07.2006
