We are pleased to announce the release of Spot 0.9.1.
Spot is a model-checking library developed collaboratively by LRDE
and LIP6. It provides algorithms and data structures to implement
the automata-theoretic approach to LTL model checking.
This maintenance release fixes a couple of bugs, and improves the
speed of the translation slightly.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.9.1.tar.gz
An updated version of the translation benchmark has been put here:
http://spot.lip6.fr/dl/bench-0.9.1.pdf
New in spot 0.9.1 (2012-05-23):
* The version of LBTT we distribute includes a patch from Tomáš
Babiak to count the number of non-deterministic states, and the
number of deterministic automata produced.
See lbtt/NEWS for the list of other differences with the original
version of LBTT 1.2.1.
* The Couvreur/FM translator has learned two new tricks. These only
help to speedup the translation by not issuing states or
acceptance conditions that would be latter suppresed by other
optimizations.
- The translation rules used to translate subformulae of the G
operator have been adjusted not to produce useless loops
already implied by G. This generalizes the "GF" trick
presented in Couvreur's original FM'99 paper.
- Promises generated for formula of the form P(a U (b U c))
are reduced into P(c), avoiding the introduction of many
promises that imply each other.
* The tgba_parse() function is now available via the Python
bindings.
* Bug fixes:
- The random SERE generator was using the wrong operators
for "and" and "or", mistaking And/Or with AndRat/OrRat.
- The translation of !{r} was incorrect when this subformula
was recurring (e.g. in G!{r}) and r had loops.
- Correctly recognize ltl2tgba's option -rL.
- Using LTL simplification rules based on syntactic implication,
or based on language containment checks, caused BDD variables
to be allocated in an "unnatural" order, resulting in a slower
translation and a less optimal degeneralization.
- When ltl2tgba reads a neverclaim, it now considers the resulting
TGBA as a Büchi automaton, and will display double circles in
the dotty output.
We are pleased to announce the release of Spot 0.9.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.9.tar.gz (11MB)
The major news in this release are all related to the
logic-to-Büchi-automaton translation engine:
1. The linear-time fragment of PSL is supported.
This first implementation, enough to experiment with the
logic, shall be improved in future versions.
(Feedback most welcome.)
2. The LTL simplification code has been overhauled and
augmented with new rules.
3. A new simulation-based post-processing can be used
to simplify the TGBA constructed.
For more details about the first two points (supported operators, and
rewritings performed), please read the file doc/tl/tl.pdf included in
spot-0.9.tar.gz.
A consequence of the last two points is that Spot 0.9 is faster than
Spot 0.8.3 and can produce even smaller automata. For some
comparative benchmarks, please download
http://spot.lip6.fr/dl/bench-0.9.pdf
Please direct any feedback and questions to <spot(a)lrde.epita.fr>.
(Subscribe at https://www.lrde.epita.fr/mailman/listinfo/spot if you wish.)
A more detailed list of new features follows.
New in spot 0.9 (2012-05-09):
* New features:
- Operators from the linear fragment of PSL are supported. This
basically extends LTL with Sequential Extended Regulat
Expressions (SERE), and a couple of operators to bridge SERE and
LTL. See doc/tl/tl.pdf for the list of operators and their
semantics.
- Formula rewritings have been completely revamped, and augmented
with rules for PSL operators (and some new LTL rules as well).
See doc/tl/tl.pdf for the list of the rewritings implemented.
- Some of these rewritings that may produce larger formulas
(for instance to rewrite "{a;b;c}" into "a & X(b & Xc)")
may be explicitely disabled with a new option.
- The src/ltltest/randltl tool can now generate random SEREs
and random PSL formulae.
- Only one translator (ltl2tgba_fm) has been augmented to
translate the new SERE and PSL operators. The internal
translation from SERE to DFA is likely to be rewriten in a
future version.
- A new function, length_boolone(), computes the size of an
LTL/PSL formula while considering that any Boolean term has
length 1.
- The LTL/PSL parser recognizes some UTF-8 characters (like ◇ or
∧) as operators, and some output routines now have an UTF-8
output mode. Tools like randltl and ltl2tgba have gained an -8
option to enable such output. See doc/tl/tl.pdf for the list
of recognized codepoints.
- A new direct simulation reduction has been implemented. It
works directly on TGBAs. It is in src/tgbaalgos/simlation.hh,
and it can be tested via ltl2tgba's -RDS option.
- unabbreviate_wm() is a function that rewrites the W and M operators
of LTL formulae using R and U. This is called whenever we output
a formula in Spin syntax. By combining this with the aforementioned
PSL rewriting rules, many PSL formulae that use simple SERE can be
converted into LTL formulae that can be feed to tools that only
understand U and R. The web interface will let you do this.
- changes to the on-line translator:
+ SVG output is available
+ can display some properties of a formula
+ new options for direct simulation, larger rewritings, and
utf-8 output
- configure --without-included-lbtt will prevent LBTT from being
configured and built. This helps on systems (such as MinGW)
where LBTT cannot be built. The test-suite will skip any
LBTT-based test if LBTT is missing.
* Interface changes:
- Operators ->, <->, U, W, R, and M are now parsed as
right-associative to better match the PSL standard.
- The constructors for temporal formulae will perform some trivial
simplifications based on associativity, commutativity,
idempotence, and neutral elements. See doc/tl/tl.pdf for the
list of such simplifications.
- Formula instances now have many methods to inspect their
properties (membership to syntactic classes, absence of X
operator, etc...) in constant time.
- LTL/PSL formulae are now handled everywhere as 'const formula*'
and not just 'formula*'. This reflects the true nature of these
(immutable) formula objects, and cleanups a lot of code.
Unfortunately, it is a backward incompatible change: you may have
to add 'const' to a couple of lines in your code, and change
'ltl::const_vistitor' into 'ltl::visitor' if you have written a
custom visitor.
- The new entry point for LTL/PSL simplifications is the function
ltl_simplifier::simplify() declared in src/ltlvisit/simplify.hh.
The ltl_simplifier class implements a cache.
Functions such as reduce() or reduce_tau03() are deprecated.
- The old game-theory-based implementations for direct and delayed
simulation reductions have been removed. The old direct
simulation would only work on degeneralized automata, and yet
produce results inferior to the new direct simulation introduced
in this release. The implementation of delayed simulation was
unreliable. The function reduc_tgba_sim() has been kept
for compatibility (it calls the new direct simulation whatever
the type of simulation requested) and marked as deprecated.
ltl2tgba's options -Rd, -RD are gone. Options -R1t, -R1s,
-R2s, and -R2t are deprecated and all made equivalent to -RDS.
- The tgba_explicit hierarchy has been reorganized in order to
make room for sba_explicit classes that share most of the code.
The main consequence is that the tgba_explicit type no longuer
exists. However the tgba_explicit_number,
tgba_explicit_formula, and tgba_explicit_string still do.
We are pleased to announce the release of Spot 0.8.3.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This maintenance release fixes a few bugs, adds support for Python 3
(while still supporting Python 2), and improves the web interface.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.3.tar.gz (8.1MB)
New in spot 0.8.3 (2012-03-09):
* Support for both Python 2.x and Python 3.x.
(Previous versions would only work with Python 2.x.)
* The online ltl2tgba.html now stores its state in the URL so that
history is preserved, and links to particular setups can be sent.
* Bug fixes:
- Fix a segfault in the compression code used by the -Z
option of dve2check.
- Fix a race condition in the CGI script.
- Fix a segfault in the CGI script when computing a Büchi run.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.2.
Spot is a model-checking library developed collaboratively by LRDE
and LIP6. It provides algorithms and data structures to implement
the automata-theoretic approach to LTL model checking.
This maintenance release fixes a couple of bugs, and implement slight
speedups to the degeneralization and the Safra complementation.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.2.tar.gz
New in spot 0.8.2:
* configure now has a --disable-python option to disable
the compilation of Python bindings.
* Minor speedups in the Safra complementation.
* Better memory management for the on-the-fly degeneralization
algorithm. This mostly benefits to the Safra complementation.
* Bug fixes:
- spot::ltl::length() forgot to count the '&' and '|' operators
in an LTL formula.
- minimize_wdba() could fail to mark some transiant SCCs as accepting,
producing an automaton that was not fully minimized.
- minimize_dfa() could produce incorrect automata, but it is not
clear whether this could have had an inpact on WDBA minimization
(the worse case is that some TGBA would not have been minimized
when they could).
- Fix a Python syntax error in the CGI script.
- Fix compilation with g++ 4.0.
- Fix a make check failure when valgrind is missing.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.1.
Spot is a model-checking library developed collaboratively by LRDE and LIP6.
It provides algorithms and data structures to implement the automata-theoretic
approach to LTL model checking.
This maintenance release fixes a couple of bugs that crept in Spot 0.8,
as well as an older issue that caused WDBA minimization to be slower
than it should in some cases.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.1.tar.gz
New in spot 0.8.1:
* Only bug fixes:
- When ltl2tgba is set to perform both WDBA minimization and
degeneralization, do the latter only if the former failed.
In previous version, automata were (uselessly) degeneralized
before WDBA minimization, causing important slowdowns.
- Fix compilation with Clang 3.0.
- Fix a Makefile setup causing a "make check" failure on MacOS X.
- Fix an mkdir error in the CGI script.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.1.
Spot is a model-checking library developed collaboratively by LRDEand
LIP6. It provides algorithms and data structures to implementthe
automata-theoretic approach to LTL model checking.
This maintenance release fixes a couple of bugs that crept in Spot
0.8,as well as an older issue that caused WDBA minimization to be
slower thanit should when producing degeneralized Büchi automata.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.1.tar.gz
New in spot 0.8.1:
* Only bug fixes: - When ltl2tgba is set to perform both WDBA
minimization and degeneralization, do the latter only if the
former failed. In previous version, automata were (uselessly)
degeneralized before WDBA minimization, causing important
slowdowns. - Fix compilation with Clang 3.0. - Fix a Makefile
setup causing a "make check" failure on MacOS X. - Fix an mkdir
error in the CGI script.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.
Spot is a model-checking library developed collaboratively by LRDE
and LIP6. It provides algorithms and data structures to implement
the automata-theoretic approach to LTL model checking.
Although this version contains a few new features, this should really
be regarded as a maintenance release to fix a series of bugs that have
been reported over the last few months.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.tar.gz
New in spot 0.8 (2011-11-28):
* Major new features:
- Spot can read DiVinE models. See iface/dve2/README for details.
- The genltl tool can now output 20 different LTL formula families.
It also replaces the LTLcounter Perl scripts.
- There is a printer and parser for Kripke structures in text format.
* Major interface changes:
- The destructor of all states is now private. Any code that looks like
"delete some_state;" will cause an compile error and should be
updated to "some_state->destroy();". This new syntax is supported
since version 0.7.
- The experimental Nips interface has been removed.
* Minor changes:
- The dotty_reachable() function has a new option "assume_sba" that
can be used for rendering automata with state-based acceptance.
In that case, acceptance states are displayed with a double
circle. ltl2tgba (both command line and on-line) Use it to display
degeneralized automata.
- The dotty_reachable() function will also display transition
annotations (as returned by the tgba::transitition_annotation()).
This can be useful when displaying (small) state spaces.
- Identifiers used to name atomic proposition can contain dots.
E.g.: X.Y is now an atomic proposition, while it was understood
as X&Y in previous versions.
- The Doxygen documentation is no longer built as a PDF file.
* Internal improvements:
- The on-line ltl2tgba CGI script uses a cache to produce faster
answers.
- Better memory management for the states of explicit automata.
Thanks to the aforementioned ->destroy() change, we can avoid
cloning explicit states.
- tgba_product has learned how to be faster when one of the operands
is a Kripke structure (15% speedup).
- The reduction rule for "a M b" has been improved: it can be
reduced to "a & b" if "a" is a pure eventuallity.
- More useless acceptance conditions are removed by SCC simplifications.
* Bug fixes:
- Safra complementation has been fixed in cases where more than
one acceptance conditions where needed to convert the
deterministic Streett automaton as a TGBA.
- The degeneralization is now idempotent. Previously, degeneralizing
an already degeneralized automaton could add some states.
- The degeneralization now has a deterministic behavior. Previously
it was possible to obtain different output depending on the
memory layout.
- Spot now outputs neverclaims with fully parenthesized guards.
I.e., instead of
(!x && y) -> goto S1
it now outputs
((!(x)) && (y)) -> goto S1
This prevents problems when the model defines `x' as
#define x flag==0
because !x then evaluated to (!flag)==0 instead of !(flag==0).
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.7.1.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This is a quick maintenance release mainly to fix some configuration
problem if you already had a previous version of Spot installed, and
to address a more serious bug in WDBA minimization.
We have also integrated some minor features that should ease
comparisons with the Büchi Store. But beware: the Büchi Store (and
Goal) uses right-associativity for operators "W", "U", and "R", while
Spot applies left-associativity. A formula like "p W q U r" will be
interpreted differently. We will probably switch to
right-associativity in a future version in order to get closer to the
PSL standard.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.7.1.tar.gz (14MB)
New in spot 0.7.1 (2001-02-07):
* The LTL parser will accept operator ~ (for not) as well
as --> and <--> (for implication and equivalence), allowing
formulae from the Büchi Store to be read directly.
* The neverclaim parser will accept guards of the form
:: !(...) -> goto ...
instead of the more commonly used
:: (!(...)) -> goto ...
This makes it possible to read neverclaims provided by the Büchi Store.
* A new ltl2tgba option, -kt, will count the number of "sub-transitions".
I.e., a transition labelled by "true" counts for 4 "sub-transitions"
if the automaton uses 2 atomic propositions.
* Bugs fixed:
- Fix segfault during WDBA minimization on automata with useless states.
- Use the included BuDDy library if the one already installed
is older than the one distributed with Spot 0.7.
- Fix two typos in the code of the CGI scripts.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.7.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach for LTL model checking.
Highlights in this release include some speed improvements, and
a minimization of WDBA (weak deterministic Büchi automata).
The online translator has also been rewritten.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.7.tar.gz
New in spot 0.7 (2011-02-01):
* Spot is now able to read an automaton expressed as a Spin neverclaim.
* The "experimental" Kripke structure introduced in Spot 0.5 has
been rewritten, and is no longer experimental. We have a
developement version of checkpn using it, and it should be
released shortly after Spot 0.7.
* The function to_spin_string(), that outputs an LTL formula using
Spin's syntax, now takes an optional argument to request
parentheses at all levels.
* src/ltltest/genltl is a new tool that generates some interesting
families of LTL formulae, for testing purpose.
* bench/ltlclasses/ uses the above tool to conduct the same benchmark
as in the DepCoS'09 paper by Cichoń et al. The resulting benchmark
completes in 12min, while it tooks days (or exhausted the memory)
when the paper was written (they used Spot 0.4).
* Degeneralization has again been improved in two ways:
- It will merge degeneralized transitions that can be merged.
- It uses a cache to speed up the improvement introduced in 0.6.
* An implementation of Dax et al.'s paper for minimizing obligation
formulae has been integrated. Use ltl2tgba -Rm to enable this
optimization from the command-line; it will have no effect if the
property is not an obligation.
* bench/wdba/ conducts a benchmark similar to the one on Dax's
webpage, comparing the size of the automata expressing obligation
formula before and after minimization. See bench/wdba/README for
results.
* Using similar code, Spot can now construct deterministic monitors.
* New ltl2tgba options:
-XN: read an input automaton as a neverclaim.
-C, -CR: Compute (and display) a counterexample after running the
emptiness check. With -CR, the counterexample will be
replayed on the automaton to ensure it is correct
(previous version would always compute a replay a
counterexample when emptiness-check was enabled)
-ks: traverse the automaton to compute its number of states and
transitions (this is faster than -k which will also count
SCCs and paths).
-M: Build a deterministic monitor.
-O: Tell whether a formula represents a safety, guarantee, or
obligation property.
-Rm: Minimize automata representing obligation properties.
* The on-line tool to translate LTL formulae into automata
has been rewritten and is now at http://spot.lip6.fr/ltl2tgba.html
It requires a javascript-enabled browser.
* Bug fixes:
- Location of the errors messages in the TGBA parser where inaccurate.
- Various warning fixes for different versions of GCC and Clang.
- The neverclaim output with ltl2tgba -N or -NN used to ignore any
automaton simplification performed after degeneralization.
- The formula simplification based on universality and eventuality
had a quadratic run-time.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.6.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This release adds support for W (weak until) and M (strong release)
LTL operators, it also improves LTL rewriting rules as well as the
degeneralization algorithm. The result is that a lot of LTL formulae
from our benchmark are translated to smaller automata, and the
reduction is even more important when producing never claims.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.6.tar.gz
New in spot 0.6 (16-04-2010):
* Several optimizations to improve some auxiliary steps
of the LTL translation (not the core of the translation):
- Better degeneralization
- SCC simplifications has been tuned for degeneralization
(ltl2tgba now has two options -R3 and -R3f: the latter will
remove every acceptance condition that used to be removed
in Spot 0.5 while the former will leave useless acceptance conditions
going to accepting SCC. Experience shows that -R3 is more
favorable to degeneralization).
- ltl2tgba will perform SCC optimizations before degeneralization
and not the converse
- We added a syntactic simplification rule to rewrite F(a)|F(b) as F(a|b).
We only had a rule for the more specific FG(a)|FG(b) = F(Ga|Gb).
- The syntactic simplification rule for F(a&GF(b)) = F(a)&GF(b) has
be disabled because the latter formula is in fact harder to translate
efficiently.
* New LTL operators: W (weak until) and its dual M (strong release)
- Weak until allows many LTL specification to be specified more
compactly.
- All LTL translation algorithms have been updated to
support these operators.
- Although they do not add any expressive power, translating
"a W b" is more efficient (read smaller output automaton) than
translating the equivalent form using the U operator.
- Basic syntactic rewriting rules will automatically rewrite "a U
(b | G(a))" and "(a U b)|G(a)" as "a W b", so you will benefit
from the new operators even if you do not use them. Similar
rewriting rules exist for R and M, although they are less used.
* New options have been added to the CGI script for
- SVG output
- SCC simplifications
* Bug fixes:
- The precedence of the "->" and "<->" Boolean operators has been
adjusted to better match other tools.
Spot <= 0.5 used to parse "a & b -> c & d" as "a & (b -> c) & d";
Spot >= 0.6 will parse it as "(a & b) -> (c & d)".
- The random graph generator was fixed (again!) not to produce
dead states as documented.
- Locations in the error messages of the LTL parser were off by one.
--
Alexandre Duret-Lutz
