We are pleased to announce the release of Spot 0.9.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.9.tar.gz (11MB)
The major news in this release are all related to the
logic-to-Büchi-automaton translation engine:
1. The linear-time fragment of PSL is supported.
This first implementation, enough to experiment with the
logic, shall be improved in future versions.
(Feedback most welcome.)
2. The LTL simplification code has been overhauled and
augmented with new rules.
3. A new simulation-based post-processing can be used
to simplify the TGBA constructed.
For more details about the first two points (supported operators, and
rewritings performed), please read the file doc/tl/tl.pdf included in
spot-0.9.tar.gz.
A consequence of the last two points is that Spot 0.9 is faster than
Spot 0.8.3 and can produce even smaller automata. For some
comparative benchmarks, please download
http://spot.lip6.fr/dl/bench-0.9.pdf
Please direct any feedback and questions to <spot(a)lrde.epita.fr>.
(Subscribe at https://www.lrde.epita.fr/mailman/listinfo/spot if you wish.)
A more detailed list of new features follows.
New in spot 0.9 (2012-05-09):
* New features:
- Operators from the linear fragment of PSL are supported. This
basically extends LTL with Sequential Extended Regulat
Expressions (SERE), and a couple of operators to bridge SERE and
LTL. See doc/tl/tl.pdf for the list of operators and their
semantics.
- Formula rewritings have been completely revamped, and augmented
with rules for PSL operators (and some new LTL rules as well).
See doc/tl/tl.pdf for the list of the rewritings implemented.
- Some of these rewritings that may produce larger formulas
(for instance to rewrite "{a;b;c}" into "a & X(b & Xc)")
may be explicitely disabled with a new option.
- The src/ltltest/randltl tool can now generate random SEREs
and random PSL formulae.
- Only one translator (ltl2tgba_fm) has been augmented to
translate the new SERE and PSL operators. The internal
translation from SERE to DFA is likely to be rewriten in a
future version.
- A new function, length_boolone(), computes the size of an
LTL/PSL formula while considering that any Boolean term has
length 1.
- The LTL/PSL parser recognizes some UTF-8 characters (like ◇ or
∧) as operators, and some output routines now have an UTF-8
output mode. Tools like randltl and ltl2tgba have gained an -8
option to enable such output. See doc/tl/tl.pdf for the list
of recognized codepoints.
- A new direct simulation reduction has been implemented. It
works directly on TGBAs. It is in src/tgbaalgos/simlation.hh,
and it can be tested via ltl2tgba's -RDS option.
- unabbreviate_wm() is a function that rewrites the W and M operators
of LTL formulae using R and U. This is called whenever we output
a formula in Spin syntax. By combining this with the aforementioned
PSL rewriting rules, many PSL formulae that use simple SERE can be
converted into LTL formulae that can be feed to tools that only
understand U and R. The web interface will let you do this.
- changes to the on-line translator:
+ SVG output is available
+ can display some properties of a formula
+ new options for direct simulation, larger rewritings, and
utf-8 output
- configure --without-included-lbtt will prevent LBTT from being
configured and built. This helps on systems (such as MinGW)
where LBTT cannot be built. The test-suite will skip any
LBTT-based test if LBTT is missing.
* Interface changes:
- Operators ->, <->, U, W, R, and M are now parsed as
right-associative to better match the PSL standard.
- The constructors for temporal formulae will perform some trivial
simplifications based on associativity, commutativity,
idempotence, and neutral elements. See doc/tl/tl.pdf for the
list of such simplifications.
- Formula instances now have many methods to inspect their
properties (membership to syntactic classes, absence of X
operator, etc...) in constant time.
- LTL/PSL formulae are now handled everywhere as 'const formula*'
and not just 'formula*'. This reflects the true nature of these
(immutable) formula objects, and cleanups a lot of code.
Unfortunately, it is a backward incompatible change: you may have
to add 'const' to a couple of lines in your code, and change
'ltl::const_vistitor' into 'ltl::visitor' if you have written a
custom visitor.
- The new entry point for LTL/PSL simplifications is the function
ltl_simplifier::simplify() declared in src/ltlvisit/simplify.hh.
The ltl_simplifier class implements a cache.
Functions such as reduce() or reduce_tau03() are deprecated.
- The old game-theory-based implementations for direct and delayed
simulation reductions have been removed. The old direct
simulation would only work on degeneralized automata, and yet
produce results inferior to the new direct simulation introduced
in this release. The implementation of delayed simulation was
unreliable. The function reduc_tgba_sim() has been kept
for compatibility (it calls the new direct simulation whatever
the type of simulation requested) and marked as deprecated.
ltl2tgba's options -Rd, -RD are gone. Options -R1t, -R1s,
-R2s, and -R2t are deprecated and all made equivalent to -RDS.
- The tgba_explicit hierarchy has been reorganized in order to
make room for sba_explicit classes that share most of the code.
The main consequence is that the tgba_explicit type no longuer
exists. However the tgba_explicit_number,
tgba_explicit_formula, and tgba_explicit_string still do.
We are pleased to announce the release of Spot 0.8.3.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This maintenance release fixes a few bugs, adds support for Python 3
(while still supporting Python 2), and improves the web interface.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.3.tar.gz (8.1MB)
New in spot 0.8.3 (2012-03-09):
* Support for both Python 2.x and Python 3.x.
(Previous versions would only work with Python 2.x.)
* The online ltl2tgba.html now stores its state in the URL so that
history is preserved, and links to particular setups can be sent.
* Bug fixes:
- Fix a segfault in the compression code used by the -Z
option of dve2check.
- Fix a race condition in the CGI script.
- Fix a segfault in the CGI script when computing a Büchi run.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.2.
Spot is a model-checking library developed collaboratively by LRDE
and LIP6. It provides algorithms and data structures to implement
the automata-theoretic approach to LTL model checking.
This maintenance release fixes a couple of bugs, and implement slight
speedups to the degeneralization and the Safra complementation.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.2.tar.gz
New in spot 0.8.2:
* configure now has a --disable-python option to disable
the compilation of Python bindings.
* Minor speedups in the Safra complementation.
* Better memory management for the on-the-fly degeneralization
algorithm. This mostly benefits to the Safra complementation.
* Bug fixes:
- spot::ltl::length() forgot to count the '&' and '|' operators
in an LTL formula.
- minimize_wdba() could fail to mark some transiant SCCs as accepting,
producing an automaton that was not fully minimized.
- minimize_dfa() could produce incorrect automata, but it is not
clear whether this could have had an inpact on WDBA minimization
(the worse case is that some TGBA would not have been minimized
when they could).
- Fix a Python syntax error in the CGI script.
- Fix compilation with g++ 4.0.
- Fix a make check failure when valgrind is missing.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.1.
Spot is a model-checking library developed collaboratively by LRDE and LIP6.
It provides algorithms and data structures to implement the automata-theoretic
approach to LTL model checking.
This maintenance release fixes a couple of bugs that crept in Spot 0.8,
as well as an older issue that caused WDBA minimization to be slower
than it should in some cases.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.1.tar.gz
New in spot 0.8.1:
* Only bug fixes:
- When ltl2tgba is set to perform both WDBA minimization and
degeneralization, do the latter only if the former failed.
In previous version, automata were (uselessly) degeneralized
before WDBA minimization, causing important slowdowns.
- Fix compilation with Clang 3.0.
- Fix a Makefile setup causing a "make check" failure on MacOS X.
- Fix an mkdir error in the CGI script.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.1.
Spot is a model-checking library developed collaboratively by LRDEand
LIP6. It provides algorithms and data structures to implementthe
automata-theoretic approach to LTL model checking.
This maintenance release fixes a couple of bugs that crept in Spot
0.8,as well as an older issue that caused WDBA minimization to be
slower thanit should when producing degeneralized Büchi automata.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.1.tar.gz
New in spot 0.8.1:
* Only bug fixes: - When ltl2tgba is set to perform both WDBA
minimization and degeneralization, do the latter only if the
former failed. In previous version, automata were (uselessly)
degeneralized before WDBA minimization, causing important
slowdowns. - Fix compilation with Clang 3.0. - Fix a Makefile
setup causing a "make check" failure on MacOS X. - Fix an mkdir
error in the CGI script.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.8.
Spot is a model-checking library developed collaboratively by LRDE
and LIP6. It provides algorithms and data structures to implement
the automata-theoretic approach to LTL model checking.
Although this version contains a few new features, this should really
be regarded as a maintenance release to fix a series of bugs that have
been reported over the last few months.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.8.tar.gz
New in spot 0.8 (2011-11-28):
* Major new features:
- Spot can read DiVinE models. See iface/dve2/README for details.
- The genltl tool can now output 20 different LTL formula families.
It also replaces the LTLcounter Perl scripts.
- There is a printer and parser for Kripke structures in text format.
* Major interface changes:
- The destructor of all states is now private. Any code that looks like
"delete some_state;" will cause an compile error and should be
updated to "some_state->destroy();". This new syntax is supported
since version 0.7.
- The experimental Nips interface has been removed.
* Minor changes:
- The dotty_reachable() function has a new option "assume_sba" that
can be used for rendering automata with state-based acceptance.
In that case, acceptance states are displayed with a double
circle. ltl2tgba (both command line and on-line) Use it to display
degeneralized automata.
- The dotty_reachable() function will also display transition
annotations (as returned by the tgba::transitition_annotation()).
This can be useful when displaying (small) state spaces.
- Identifiers used to name atomic proposition can contain dots.
E.g.: X.Y is now an atomic proposition, while it was understood
as X&Y in previous versions.
- The Doxygen documentation is no longer built as a PDF file.
* Internal improvements:
- The on-line ltl2tgba CGI script uses a cache to produce faster
answers.
- Better memory management for the states of explicit automata.
Thanks to the aforementioned ->destroy() change, we can avoid
cloning explicit states.
- tgba_product has learned how to be faster when one of the operands
is a Kripke structure (15% speedup).
- The reduction rule for "a M b" has been improved: it can be
reduced to "a & b" if "a" is a pure eventuallity.
- More useless acceptance conditions are removed by SCC simplifications.
* Bug fixes:
- Safra complementation has been fixed in cases where more than
one acceptance conditions where needed to convert the
deterministic Streett automaton as a TGBA.
- The degeneralization is now idempotent. Previously, degeneralizing
an already degeneralized automaton could add some states.
- The degeneralization now has a deterministic behavior. Previously
it was possible to obtain different output depending on the
memory layout.
- Spot now outputs neverclaims with fully parenthesized guards.
I.e., instead of
(!x && y) -> goto S1
it now outputs
((!(x)) && (y)) -> goto S1
This prevents problems when the model defines `x' as
#define x flag==0
because !x then evaluated to (!flag)==0 instead of !(flag==0).
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.7.1.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This is a quick maintenance release mainly to fix some configuration
problem if you already had a previous version of Spot installed, and
to address a more serious bug in WDBA minimization.
We have also integrated some minor features that should ease
comparisons with the Büchi Store. But beware: the Büchi Store (and
Goal) uses right-associativity for operators "W", "U", and "R", while
Spot applies left-associativity. A formula like "p W q U r" will be
interpreted differently. We will probably switch to
right-associativity in a future version in order to get closer to the
PSL standard.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.7.1.tar.gz (14MB)
New in spot 0.7.1 (2001-02-07):
* The LTL parser will accept operator ~ (for not) as well
as --> and <--> (for implication and equivalence), allowing
formulae from the Büchi Store to be read directly.
* The neverclaim parser will accept guards of the form
:: !(...) -> goto ...
instead of the more commonly used
:: (!(...)) -> goto ...
This makes it possible to read neverclaims provided by the Büchi Store.
* A new ltl2tgba option, -kt, will count the number of "sub-transitions".
I.e., a transition labelled by "true" counts for 4 "sub-transitions"
if the automaton uses 2 atomic propositions.
* Bugs fixed:
- Fix segfault during WDBA minimization on automata with useless states.
- Use the included BuDDy library if the one already installed
is older than the one distributed with Spot 0.7.
- Fix two typos in the code of the CGI scripts.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.7.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach for LTL model checking.
Highlights in this release include some speed improvements, and
a minimization of WDBA (weak deterministic Büchi automata).
The online translator has also been rewritten.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.7.tar.gz
New in spot 0.7 (2011-02-01):
* Spot is now able to read an automaton expressed as a Spin neverclaim.
* The "experimental" Kripke structure introduced in Spot 0.5 has
been rewritten, and is no longer experimental. We have a
developement version of checkpn using it, and it should be
released shortly after Spot 0.7.
* The function to_spin_string(), that outputs an LTL formula using
Spin's syntax, now takes an optional argument to request
parentheses at all levels.
* src/ltltest/genltl is a new tool that generates some interesting
families of LTL formulae, for testing purpose.
* bench/ltlclasses/ uses the above tool to conduct the same benchmark
as in the DepCoS'09 paper by Cichoń et al. The resulting benchmark
completes in 12min, while it tooks days (or exhausted the memory)
when the paper was written (they used Spot 0.4).
* Degeneralization has again been improved in two ways:
- It will merge degeneralized transitions that can be merged.
- It uses a cache to speed up the improvement introduced in 0.6.
* An implementation of Dax et al.'s paper for minimizing obligation
formulae has been integrated. Use ltl2tgba -Rm to enable this
optimization from the command-line; it will have no effect if the
property is not an obligation.
* bench/wdba/ conducts a benchmark similar to the one on Dax's
webpage, comparing the size of the automata expressing obligation
formula before and after minimization. See bench/wdba/README for
results.
* Using similar code, Spot can now construct deterministic monitors.
* New ltl2tgba options:
-XN: read an input automaton as a neverclaim.
-C, -CR: Compute (and display) a counterexample after running the
emptiness check. With -CR, the counterexample will be
replayed on the automaton to ensure it is correct
(previous version would always compute a replay a
counterexample when emptiness-check was enabled)
-ks: traverse the automaton to compute its number of states and
transitions (this is faster than -k which will also count
SCCs and paths).
-M: Build a deterministic monitor.
-O: Tell whether a formula represents a safety, guarantee, or
obligation property.
-Rm: Minimize automata representing obligation properties.
* The on-line tool to translate LTL formulae into automata
has been rewritten and is now at http://spot.lip6.fr/ltl2tgba.html
It requires a javascript-enabled browser.
* Bug fixes:
- Location of the errors messages in the TGBA parser where inaccurate.
- Various warning fixes for different versions of GCC and Clang.
- The neverclaim output with ltl2tgba -N or -NN used to ignore any
automaton simplification performed after degeneralization.
- The formula simplification based on universality and eventuality
had a quadratic run-time.
--
Alexandre Duret-Lutz
We are pleased to announce the release of Spot 0.6.
Spot is a model-checking library developed collaboratively by LRDE and
LIP6. It provides algorithms and data structures to implement the
automata-theoretic approach to LTL model checking.
This release adds support for W (weak until) and M (strong release)
LTL operators, it also improves LTL rewriting rules as well as the
degeneralization algorithm. The result is that a lot of LTL formulae
from our benchmark are translated to smaller automata, and the
reduction is even more important when producing never claims.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.6.tar.gz
New in spot 0.6 (16-04-2010):
* Several optimizations to improve some auxiliary steps
of the LTL translation (not the core of the translation):
- Better degeneralization
- SCC simplifications has been tuned for degeneralization
(ltl2tgba now has two options -R3 and -R3f: the latter will
remove every acceptance condition that used to be removed
in Spot 0.5 while the former will leave useless acceptance conditions
going to accepting SCC. Experience shows that -R3 is more
favorable to degeneralization).
- ltl2tgba will perform SCC optimizations before degeneralization
and not the converse
- We added a syntactic simplification rule to rewrite F(a)|F(b) as F(a|b).
We only had a rule for the more specific FG(a)|FG(b) = F(Ga|Gb).
- The syntactic simplification rule for F(a&GF(b)) = F(a)&GF(b) has
be disabled because the latter formula is in fact harder to translate
efficiently.
* New LTL operators: W (weak until) and its dual M (strong release)
- Weak until allows many LTL specification to be specified more
compactly.
- All LTL translation algorithms have been updated to
support these operators.
- Although they do not add any expressive power, translating
"a W b" is more efficient (read smaller output automaton) than
translating the equivalent form using the U operator.
- Basic syntactic rewriting rules will automatically rewrite "a U
(b | G(a))" and "(a U b)|G(a)" as "a W b", so you will benefit
from the new operators even if you do not use them. Similar
rewriting rules exist for R and M, although they are less used.
* New options have been added to the CGI script for
- SVG output
- SCC simplifications
* Bug fixes:
- The precedence of the "->" and "<->" Boolean operators has been
adjusted to better match other tools.
Spot <= 0.5 used to parse "a & b -> c & d" as "a & (b -> c) & d";
Spot >= 0.6 will parse it as "(a & b) -> (c & d)".
- The random graph generator was fixed (again!) not to produce
dead states as documented.
- Locations in the error messages of the LTL parser were off by one.
--
Alexandre Duret-Lutz
We're pleased to announce the release of Spot 0.5.
Spot is a model-checking library developed collaboratively
by LRDE and LIP6. It provides algorithms and data structures
to implement the automata-theoretic approach to LTL model
checking.
This release includes more than two year of work, with contributions
from Damien Lefortier, Guillaume Sadegh, Félix Abecassis, and
Alexandre Duret-Lutz. We would also like to thank Akim Demaille,
Denis Poitrenaud, and Kristin Y. Rozier for their bug reports and
help.
You can find the new release here:
http://spot.lip6.fr/dl/spot-0.5.tar.gz
Before listing what is new in this release, let me mention that we
have setup two mailing lists so you can stay informed, or discuss spot:
- <spot-announce(a)lrde.epita.fr> is read-only and will be used to
announce new releases. You may subscribe at
https://www.lrde.epita.fr/mailman/listinfo/spot-announce
- <spot(a)lrde.epita.fr> can be used to discuss anything related to
Spot. You may subscribe at
https://www.lrde.epita.fr/mailman/listinfo/spot-announce
What is new in spot 0.5 (2010-02-01):
* Two new LTL translations have been implemented:
- eltl_to_tgba_lacim() is a symbolic translation for ELTL based on
Couvreur's LaCIM'00 paper. For this translation (available with
ltl2tgba's option -le), all operators are described as finite
automata. A default set of operators is provided for LTL
(option -lo) and user may add more automaton operators.
- ltl_to_taa() is a translation based on Tauriainen's PhD thesis.
LTL is translated to "self-loop" alternating automata
and then to Transition-based Generalized Automata. (ltl2tgba's
option -taa).
The "Couvreur/FM" translation remains the best LTL translation
available in Spot.
* The data structures used to represent LTL formulae have been
overhauled, and it resulted in a big performence improvement
(in time and memory consumption) for the LTL translation.
* Two complementation algorithms for state-based Büchi automata
have been implemented:
- tgba_kv_complement is an on-the-fly implementation of the
Kupferman-Vardi construction (TCS'05) for generalized acceptance
conditions.
- tgba_safra_complement is an implementation of Safra's
complementation. This algorithm takes a degeneralized Büchi
automaton as input, but our implementation for the Streett->Büchi
step will produce a generalized automaton in the end.
* ltl2tgba has gained several options and the help text has been
reorganized. Please run src/tgbatest/ltl2tgba without arguments
for details. Couvreur/FM is now the default translation.
* The ltl2tgba.py CGI script can now run standalone. It also offers
the Tauriainen/TAA translation, and some options for SCC-based
reductions.
* Automata using BDD-encoded transitions relation can now be pruned
for useless states symbolically using the delete_unaccepting_scc()
function. This is ltl2tgba's -R3b option.
* The SCC-based simplification (ltl2tgba's -R3 option) has been
rewritten and improved.
* The "*" symbol, previously parsed as a synonym for "&" is no
longer recognized. This makes room for an upcoming support of
rational operators.
* More benchmarks in the bench/ directory:
- gspn-ssp/ some benchmarks published at ACSD'07,
- ltlcounter/ translation of a class of LTL formulae used by
Rozier & Vardi at SPIN'07
- scc-stats/ SCC statistics after translation of LTL formulae
- split-product/ parallelizing gain after splitting LTL automata
* An experimental Kripke interface has been developed to simplify
the integration of third party tools that do not use acceptance
conditions and that have label on states instead of transitions.
This interface has not been used yet.
* Experimental interface with the Nips virtual machine.
It is not very useful as Spot isn't able to retrieve any property
information from the model. This will just check assertions.
* Distribution:
- The Boost C++ library is now required.
- Update to Autoconf 2.65, Automake 1.11.1, Libtool 2.2.6b,
Bison 2.4.1, and Swig 1.3.40.
- Thanks to the newest Automake, "make check" will now
run in parallel if you use "make -j2 check" or more.
* Bug fixes:
- Disable warnings from the garbage collection of BuDDy, it
could break the standard output of ltl2tgba.
- Fix several C++ constructs to ensure Spot will build with
GCC 4.3, 4.4, and older 3.x releases, as well as with Intel's
ICC compiler.
- A very old bug in the hash function for LTL formulae caused Spot
to sometimes (but very rarely) consider two different LTL formulae
as equal.
--
Alexandre Duret-Lutz
