state_machine_checker 0.1.0

data/lib/state_machine_checker/ctl/binary_formula.rb

@@ -0,0 +1,23 @@
+require_relative "formula"
+
+module StateMachineChecker
+  module CTL
+    class BinaryFormula < Formula
+      def initialize(subformula1, subformula2)
+        @subformula1 = subformula1
+        @subformula2 = subformula2
+      end
+
+      # Return an enumerator over the atoms of the sub-formulae.
+      #
+      # @return [Enumerator<Atom>]
+      def atoms
+        subformula1.atoms + subformula2.atoms
+      end
+
+      private
+
+      attr_reader :subformula1, :subformula2
+    end
+  end
+end

data/lib/state_machine_checker/ctl/e_f.rb

@@ -0,0 +1,34 @@
+require_relative "unary_operator"
+
+module StateMachineChecker
+  module CTL
+    # The existential eventually operator.
+    class EF < UnaryOperator
+      # Check which states of the model have as a successor a state
+      # satisfying the subformula.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        subresult = subformula.check(model)
+        result = subresult.to_h
+        model.states.each do |state|
+          sub_state_result = subresult.for_state(state)
+
+          if sub_state_result.satisfied? # Mark predecessors as satisfied.
+            model.traverse(state, reverse: true) do |s, transitions|
+              witness = transitions + sub_state_result.witness
+              result[s] = StateResult.new(true, witness)
+            end
+          end
+        end
+
+        CheckResult.new(result)
+      end
+
+      def to_s
+        "EF(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/e_g.rb

@@ -0,0 +1,139 @@
+module StateMachineChecker
+  module CTL
+    # The existential universal operator.
+    class EG < UnaryOperator
+      # Check which states of the model have a path for which the subformula is
+      # always satisfied
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        subresult = subformula.check(model)
+        projection = subformula_projection(model, subresult)
+        scc = strongly_connected_components(projection)
+
+        # Components must have more than one element, a self loop, or no
+        # transitions in the original fsm.
+        # TODO: this being necessary probably means we're doing something wrong.
+        scc.select! do |states|
+          states.length > 1 ||
+            begin
+              c = states.first
+              transitions = model.transitions_from(c)
+
+              transitions.empty? ||
+                transitions.any? { |t| t.to == c }
+            end
+        end
+
+        build_check_result(scc, model, projection)
+      end
+
+      def to_s
+        "EG(#{subformula})"
+      end
+
+      private
+
+      # A graph containing only states for which the subformula is true.
+      def subformula_projection(model, subresult)
+        transitions = model.transitions.select { |t|
+          subresult.for_state(t.from).satisfied? &&
+            subresult.for_state(t.to).satisfied?
+        }
+
+        FiniteStateMachine.new(model.initial_state, transitions)
+      end
+
+      # Implements Kosaraju's algorithm.
+      def strongly_connected_components(projection)
+        visited = Set.new
+        l = []
+
+        projection.states.each do |s|
+          visit(s, visited, l, projection)
+        end
+
+        assigned = Set.new
+        assignments = {} # root -> set of states in component
+        l.reverse_each do |s|
+          assign(s, s, assigned, assignments, projection)
+        end
+
+        assignments.values
+      end
+
+      def build_check_result(scc, model, projection)
+        # Initialize hash with every state unsatisfied.
+        result = model.states.each_with_object({}) { |s, h|
+          h[s] = StateResult.new(false, [])
+        }
+
+        scc.each do |component_states|
+          # For each state of the component search backwards.
+          component_states.each do |state|
+            loop_witness = scc_loop(component_states, state, projection)
+
+            projection.traverse(state, reverse: true) do |s, transitions|
+              # Ignore other states in the component.
+              if s == state || !component_states.include?(s)
+                result[s] = StateResult.new(true, transitions + loop_witness)
+              else
+                false
+              end
+            end
+          end
+        end
+
+        CheckResult.new(result)
+      end
+
+      # Find a series of transitions within the component_states which start and
+      # end with the given state.
+      def scc_loop(component_states, start, model)
+        model.traverse(start) do |state, path|
+          # Only search within the component states.
+          if component_states.include?(state)
+            transitions = model.transitions_from(state)
+            to_start = transitions.find { |t| t.to == start }
+
+            if to_start
+              return path.push(to_start.name)
+            else
+              true # continue
+            end
+          else
+            false
+          end
+        end
+
+        []
+      end
+
+      def visit(s, visited, l, projection)
+        unless visited.include?(s)
+          visited << s
+          projection.transitions_from(s).each do |transition|
+            visit(transition.to, visited, l, projection)
+          end
+          l << s
+        end
+      end
+
+      def assign(s, root, assigned, assignments, projection)
+        unless assigned.include?(s)
+          assigned << s
+
+          if assignments[root].nil?
+            assignments[root] = Set.new
+          end
+          assignments[root] << s
+
+          projection.transitions_to(s).each do |transition|
+            assign(transition.from, root, assigned, assignments, projection)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/e_u.rb

@@ -0,0 +1,42 @@
+require_relative "binary_formula"
+
+module StateMachineChecker
+  module CTL
+    # The existential until operator. This is the "strong" until, it is only
+    # satisfied if the second sub-formula is eventually satisifed.
+    class EU < BinaryFormula
+      # Check which states of the model have a path for which the first
+      # subformula is satisifed until the second subformula is.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        subresult1 = subformula1.check(model)
+        subresult2 = subformula2.check(model)
+
+        result = subresult2.to_h # States satisfying sub-formula2 satisfy this.
+
+        model.states.lazy.select { |s| subresult2.for_state(s).satisfied? }.each do |end_state|
+          model.traverse(end_state, reverse: true) do |state, path|
+            if state == end_state || subresult1.for_state(state).satisfied?
+              # Don't update states that are already satisfied, to keep the
+              # simpler witness.
+              unless result[state].satisfied?
+                result[state] = StateResult.new(true, path)
+              end
+              true
+            else
+              false
+            end
+          end
+        end
+
+        CheckResult.new(result)
+      end
+
+      def to_s
+        "(#{subformula1}) EU (#{subformula2})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/e_x.rb

@@ -0,0 +1,40 @@
+require_relative "unary_operator"
+require "state_machine_checker/check_result"
+require "state_machine_checker/state_result"
+
+module StateMachineChecker
+  module CTL
+    # The existential next operator.
+    class EX < UnaryOperator
+      # Check which states of the model have as a direct successor a state
+      # satisfying the subformula.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        # Initialize hash with every state unsatisfied.
+        result = model.states.each_with_object({}) { |s, h|
+          h[s] = StateResult.new(false, [])
+        }
+
+        subresult = subformula.check(model)
+        model.states.each do |state|
+          sub_state_result = subresult.for_state(state)
+
+          if sub_state_result.satisfied? # Mark direct predecessors as satisfied.
+            model.transitions_to(state).each do |transition|
+              witness = [transition.name] + sub_state_result.witness
+              result[transition.from] = StateResult.new(true, witness)
+            end
+          end
+        end
+
+        CheckResult.new(result)
+      end
+
+      def to_s
+        "EX(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/formula.rb

@@ -0,0 +1,42 @@
+module StateMachineChecker
+  module CTL
+    # Abstract base class for CTL formulae.
+    class Formula
+      # The logical conjuction of this formula with others.
+      def and(*other_subformulae)
+        other_subformulae.map! { |f| atom_or_formula(f) }
+        And.new(other_subformulae << self)
+      end
+
+      # The logical disjunction of this formula with others.
+      def or(*other_subformulae)
+        other_subformulae.map! { |f| atom_or_formula(f) }
+        Or.new(other_subformulae << self)
+      end
+
+      # Logical implication
+      def implies(other_subformula)
+        Implication.new(self, atom_or_formula(other_subformula))
+      end
+
+      # The existential until operator.
+      def EU(end_formula) # rubocop:disable Naming/MethodName
+        EU.new(self, atom_or_formula(end_formula))
+      end
+
+      def AU(end_formula) # rubocop:disable Naming/MethodName
+        AU.new(self, atom_or_formula(end_formula))
+      end
+
+      private
+
+      def atom_or_formula(subformula)
+        if subformula.is_a? Formula
+          subformula
+        else
+          Atom.new(subformula)
+        end
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/implication.rb

@@ -0,0 +1,19 @@
+require_relative "binary_formula"
+require_relative "not"
+
+module StateMachineChecker
+  module CTL
+    # Logical implication.
+    class Implication < BinaryFormula
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        subformula1.and(subformula2).or(Not.new(subformula1)).check(model)
+      end
+
+      def to_s
+        "(#{subformula1}) ⇒ (#{subformula2})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/not.rb

@@ -0,0 +1,36 @@
+require_relative "unary_operator"
+require "state_machine_checker/check_result"
+require "state_machine_checker/state_result"
+
+module StateMachineChecker
+  module CTL
+    # The logical negation of a formula.
+    class Not < UnaryOperator
+      # Check whether each state is not satisfied by the subformula.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        subresult = subformula.check(model)
+
+        result = model.states.each_with_object({}) { |state, h|
+          state_result = subresult.for_state(state)
+
+          # Negate whether it was satisfied, keep the same path.
+          path = if state_result.satisfied?
+            state_result.witness
+          else
+            state_result.counterexample
+          end
+          h[state] = StateResult.new(!state_result.satisfied?, path)
+        }
+
+        CheckResult.new(result)
+      end
+
+      def to_s
+        "¬(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/or.rb

@@ -0,0 +1,40 @@
+require_relative "formula"
+
+module StateMachineChecker
+  module CTL
+    # The logical disjunction of two or more sub-formulae.
+    class Or < Formula
+      # Disjoin several formulae.
+      #
+      # @example
+      #   Or.new([Atom.new(:even?), Atom.new(:positive?)])
+      def initialize(subformulae)
+        @subformulae = subformulae
+      end
+
+      # Return an enumerator over the atoms of all sub-formulae.
+      #
+      # @return [Enumerator]
+      def atoms
+        subformulae.lazy.flat_map(&:atoms)
+      end
+
+      # Check which states of the model are satisfied by at least one subformulae.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        sub_results = subformulae.lazy.map { |f| f.check(model) }
+        sub_results.reduce(&:union)
+      end
+
+      def to_s
+        subformulae.map(&:to_s).map { |s| "(#{s})" }.join(" ∨ ")
+      end
+
+      private
+
+      attr_reader :subformulae
+    end
+  end
+end

data/lib/state_machine_checker/ctl/unary_operator.rb

@@ -0,0 +1,22 @@
+module StateMachineChecker
+  module CTL
+    # Abstract base class for operators with a single sub-formula.
+    class UnaryOperator < Formula
+      # @param [Formula] subformula
+      def initialize(subformula)
+        @subformula = subformula
+      end
+
+      # Return an enumerator over the atoms of the sub-formula
+      #
+      # @return [Enumerator<Atom>]
+      def atoms
+        subformula.atoms
+      end
+
+      private
+
+      attr_reader :subformula
+    end
+  end
+end

data/lib/state_machine_checker/finite_state_machine.rb

@@ -0,0 +1,120 @@
+module StateMachineChecker
+  # Represents a finite state machine: a set of states, an initial state, and
+  # transitions among them.
+  #
+  # This class is used to limit the dependency on any particular state machine
+  # library.
+  class FiniteStateMachine
+    attr_reader :initial_state, :transitions
+
+    # @param [Symbol] initial_state the name of the initial state.
+    # @param [Array<Transition>] transitions the transitions of the FSM.
+    def initialize(initial_state, transitions)
+      @initial_state = initial_state
+      @transitions = transitions
+    end
+
+    # Enumerate the states and for each provide a path to it.
+    #
+    # @return [Enumerator<Array(Symbol, Array<Transition>)>] an enumerator where
+    #   each element is a pair of a state and an array of transitions to reach the
+    #   state.
+    def state_paths
+      Enumerator.new do |yielder|
+        depth_first_search(Set.new, initial_state, [], yielder)
+      end
+    end
+
+    # Enumerate the states.
+    #
+    # @return [Enumerator<Symbol>] an enumerator over the names of the states.
+    def states
+      seen = Set.new
+
+      Enumerator.new do |yielder|
+        seen << initial_state
+        yielder << initial_state
+
+        transitions.each do |transition|
+          unless seen.include?(transition.from)
+            seen << transition.from
+            yielder << transition.from
+          end
+
+          unless seen.include?(transition.to)
+            seen << transition.to
+            yielder << transition.to
+          end
+        end
+      end
+    end
+
+    # Traverse the graph from the given state. Yield each state and the
+    # transitions from it to the from_state. If the result of the block is falsey
+    # for any state then the search will not continue to the children of that
+    # state.
+    #
+    # @param [Symbol] from_state
+    # @param [true, false] reverse traverse in reverse?
+    # @yield [Symbol, Array<Symbol>]
+    def traverse(from_state, reverse: false, &block)
+      rec_traverse(from_state, [], Set[from_state], reverse, &block)
+    end
+
+    def transitions_from(state)
+      transitions.select { |t| t.from == state }
+    end
+
+    def transitions_to(state)
+      transitions.select { |t| t.to == state }
+    end
+
+    private
+
+    # Traverse the graph, maintaining a stack of transitions.
+    def rec_traverse(state, stack, seen, reverse, &block)
+      # If we are reverse searching than the stack will be in reverse order.
+      path = reverse ? stack.reverse : stack.clone
+      continue = block.yield(state, path.map(&:name)) != false
+
+      if continue
+        trans = if reverse
+          transitions_to(state)
+        else
+          transitions_from(state)
+        end
+
+        trans.each do |transition|
+          next_state = if reverse
+            transition.from
+          else
+            transition.to
+          end
+
+          unless seen.include?(next_state)
+            seen.add(next_state)
+            stack.push(transition)
+
+            rec_traverse(next_state, stack, seen, reverse, &block)
+
+            stack.pop
+          end
+        end
+      end
+    end
+
+    def depth_first_search(visited, state, transitions, yielder)
+      yielder << [state, transitions]
+
+      visited.add(state)
+
+      transitions_from(state).each do |transition|
+        unless visited.include?(transition.to)
+          new_transitions = transitions.clone
+          new_transitions << transition
+          depth_first_search(visited, transition.to, new_transitions, yielder)
+        end
+      end
+    end
+  end
+end

data/lib/state_machine_checker/labeled_machine.rb

@@ -0,0 +1,51 @@
+module StateMachineChecker
+  # A finite state machine where every node is mapped to a set of labels. AKA a
+  # Kripke structure.
+  class LabeledMachine
+    # @param [FiniteStateMachine] fsm
+    # @param [Labeling] labeling
+    def initialize(fsm, labeling)
+      @fsm = fsm
+      @labeling = labeling
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#initial_state)
+    def initial_state
+      fsm.initial_state
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#transitions)
+    def transitions
+      fsm.transitions
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#states)
+    def states
+      fsm.states
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#traverse)
+    def traverse(from_state, reverse: false, &block)
+      fsm.traverse(from_state, reverse: reverse, &block)
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#transitions_to)
+    def transitions_to(state)
+      fsm.transitions_to(state)
+    end
+
+    # (see StateMachineChecker::FiniteStateMachine#transitions_from)
+    def transitions_from(state)
+      fsm.transitions_from(state)
+    end
+
+    # (see StateMachineChecker::Labeling#for_state)
+    def labels_for_state(state)
+      labeling.for_state(state)
+    end
+
+    private
+
+    attr_reader :fsm, :labeling
+  end
+end

data/lib/state_machine_checker/labeling.rb

@@ -0,0 +1,48 @@
+module StateMachineChecker
+  # A mapping from states to the values of each atom.
+  class Labeling
+    # @param [Enumerator<CTL::Atom>] atoms the atoms which will be the labels.
+    # @param [FiniteStateMachine] machine the machine to generate labels for.
+    # @param [Proc] instance_generator a nullary function which returns an
+    #   instance of an object in the initial state.
+    def initialize(atoms, machine, instance_generator)
+      @labels_by_state = build_map(atoms, machine, instance_generator)
+    end
+
+    # Get the labels for the given state.
+    #
+    # @param [Symbol] state
+    # @return [Set<CTL::Atom>] the atoms which are true in the state
+    def for_state(state)
+      labels_by_state[state]
+    end
+
+    private
+
+    attr_reader :labels_by_state
+
+    # Generate a hash of state -> atoms
+    def build_map(atoms, machine, instance_generator)
+      machine.state_paths.each_with_object({}) { |(state, transitions), states_map|
+        instance = instance_from_transitions(transitions, instance_generator)
+
+        states_map[state] = atoms.each_with_object(Set.new) { |atom, labels|
+          if atom.apply(instance)
+            labels << atom
+          end
+        }
+      }
+    end
+
+    # Walk an instance through the given transitions.
+    def instance_from_transitions(transitions, instance_generator)
+      instance = instance_generator.call
+
+      transitions.each do |transition|
+        transition.execute(instance)
+      end
+
+      instance
+    end
+  end
+end