# MCSV Assignment 3
### Arghadeep Ghosh and Kapil Pause

This notebook contains the implementation of BMC on general LTL formulas using z3 SAT Solver, as described in the paper "Symbolic Model Checking without BDDs" by Armin Biere, Alessandro Cimatti, Edmund Clarke, and Yunshan Zhu. 



## Installing dependencies and Importing Libraries

The dependencies for this notebook are:
*  z3 SMT Solver:<br> 
To perform the BMC SAT solving tasks. <br>
```pip install z3-solver```
*   ply <br>
To build our parser to parse LTL Formulas <br>
```pip install ply```
*  The following python scripts parse the LTL formulas and are therefore necessary to run the program.
1.   ply_parser.py
2.   ply_lexer.py
3.   formulas.py




In [None]:
pip install z3-solver

Collecting z3-solver
[?25l  Downloading https://files.pythonhosted.org/packages/6d/51/86d4d708593b77dd43e1154f25b107d9d9a3300da49759c88254192a0a04/z3_solver-4.8.9.0-py2.py3-none-manylinux1_x86_64.whl (30.5MB)
[K     |████████████████████████████████| 30.5MB 159kB/s 
[?25hInstalling collected packages: z3-solver
Successfully installed z3-solver-4.8.9.0


In [None]:
pip install ply



In [None]:
from z3 import *
from ply_parser import *

Generating LALR tables


## LTL Solver

The following section contains the Kripke class to represent kripke structures and the implementation of the BMC model checking algorithm. 

####To define a Kripke Structure:
The constructor for the Kripke class accepts three arguments.
*   ```states```: Boolean variables describing the state space of the kripke structure, represented as a list of characters.<br>
```states = ['s', 'c', 'h', 'e']``` 
*  ```init```: The initial state described as a dictionary using ```states``` as its keys. <br>
```init = {'s': False, 'c' = False, 'h' = False, 'e' = False}```
*  ```Trans```: The transition relation, defined as a python function taking as argument two lists of characters representing current and next state. 


In [None]:
class Kripke:
    def __init__(self, states, init, Trans):
        self.states = states
        self.Trans = Trans
        self.init = init

    def state(self, n = None):
        if n == None:
            return [Bool(var) for var in self.states]
        return [Bool(var + str(n)) for var in self.states]
    
    def initConstraint(self, state):
        return And([state[i] == self.init[self.states[i]] for i in range(len(self.states))])

    def pathConstraint(self, pathStates):
        constraint = []
        for i in range(len(pathStates)-1):
            constraint += [self.Trans(pathStates[i], pathStates[i+1])]
        return And(self.initConstraint(pathStates[0]), And(constraint))

    def LTLConstraint(self, i, k, formula, pathStates):
        if formula == True:
            return True
        if formula == False:
            return False
        if list(formula.keys())[0] == 'p':
            return formula['p'](pathStates[i])
        elif list(formula.keys())[0] == '!p':
            return Not(formula['!p'](pathStates[i]))
        elif list(formula.keys())[0] == 'OR':
            return Or(self.LTLConstraint(i, k, formula['OR'][0], pathStates), self.LTLConstraint(i, k, formula['OR'][1], pathStates))
        elif list(formula.keys())[0] == 'AND':
            return And(self.LTLConstraint(i, k, formula['AND'][0], pathStates), self.LTLConstraint(i, k, formula['AND'][1], pathStates))
        elif list(formula.keys())[0] == 'G':
            return False
        elif list(formula.keys())[0] == 'F':
            return Or([self.LTLConstraint(j, k, formula['F'], pathStates) for j in range(i, k+1)])
        elif list(formula.keys())[0] == 'X':
            if i < k:
                return self.LTLConstraint(i+1, k, formula['X'], pathStates)
            else:
                return False
        elif list(formula.keys())[0] == 'U':
            return Or([And(self.LTLConstraint(j, k, formula['U'][1], pathStates), And([self.LTLConstraint(n, k, formula['U'][0], pathStates) for n in range(i, j)])) for j in range(i, k+1)])
        elif list(formula.keys())[0] == 'R':
            return Or([And(self.LTLConstraint(j, k, formula['U'][0], pathStates), And([self.LTLConstraint(n, k, formula['U'][1], pathStates) for n in range(i, j+1)])) for j in range(i, k+1)])

    def LTLConstraintLoop(self, i, k, l, formula, pathStates):
        if formula == True:
            return True
        if formula == False:
            return False
        if list(formula.keys())[0] == 'p':
            return formula['p'](pathStates[i])
        elif list(formula.keys())[0] == '!p':
            return Not(formula['!p'](pathStates[i]))
        elif list(formula.keys())[0] == 'OR':
            return Or(self.LTLConstraintLoop(i, k, l, formula['OR'][0], pathStates), self.LTLConstraintLoop(i, k, l, formula['OR'][1], pathStates))
        elif list(formula.keys())[0] == 'AND':
            return And(self.LTLConstraintLoop(i, k, l, formula['AND'][0], pathStates), self.LTLConstraintLoop(i, k, l, formula['AND'][1], pathStates))
        elif list(formula.keys())[0] == 'G':
            return And([self.LTLConstraintLoop(j, k, l, formula['G'], pathStates) for j in range(min(i, l), k+1)])
        elif list(formula.keys())[0] == 'F':
            return Or([self.LTLConstraintLoop(j, k, l, formula['F'], pathStates) for j in range(min(i, l), k+1)])
        elif list(formula.keys())[0] == 'X':
            if i < k-1:
                return self.LTLConstraintLoop(i+1, k, l, formula['X'], pathStates)
            elif i == k-1:
                return self.LTLConstraintLoop(l, k, l, formula['X'], pathStates)
        elif list(formula.keys())[0] == 'U':
            constraint1 = Or([And(self.LTLConstraintLoop(j, k, l, formula['U'][1], pathStates), And([self.LTLConstraintLoop(n, k, l, formula['U'][0], pathStates) for n in range(i, j)])) for j in range(i, k+1)])
            constraint2 = Or([And(self.LTLConstraintLoop(j, k, l, formula['U'][1], pathStates), And([self.LTLConstraintLoop(n, k, l, formula['U'][0], pathStates) for n in range(i, k+1)]), And([self.LTLConstraintLoop(n, k, l, formula['U'][0], pathStates) for n in range(l, j)])) for j in range(l, i)])
            return Or(constraint1, constraint2)
        elif list(formula.keys())[0] == 'R':
            constraint1 = And([self.LTLConstraintLoop(j, k, l, formula['R'][1], pathStates) for j in range(min(i, l), k+1)])
            constraint2 = Or([And(self.LTLConstraintLoop(j, k, l, formula['U'][0], pathStates), And([self.LTLConstraintLoop(n, k, l, formula['U'][1], pathStates) for n in range(i, j+1)])) for j in range(i, k+1)])
            constraint3 = Or([And(self.LTLConstraintLoop(j, k, l, formula['U'][0], pathStates), And([self.LTLConstraintLoop(n, k, l, formula['U'][1], pathStates) for n in range(i, k+1)]), And([self.LTLConstraintLoop(n, k, l, formula['U'][1], pathStates) for n in range(l, j)])) for j in range(l, i)])
            return Or(constraint1, constraint2, constraint3)

    def Loop(self, l, k, pathStates):
        return self.Trans(pathStates[k], pathStates[l])

    def KmodelCheck(self, k, formula):
        pathStates = []
        for j in range(k+1):
            pathStates += [self.state(j)]
        pathConstraint = self.pathConstraint(pathStates)
        KLoopConstraint = Or([self.Loop(l, k, pathStates) for l in range(k+1)])
        LTLConstraint = And(Not(KLoopConstraint), self.LTLConstraint(0, k, formula, pathStates))
        LTLConstraintLoop = Or([And(self.Loop(l, k, pathStates), self.LTLConstraintLoop(0, k, l, formula, pathStates)) for l in range(k+1)])
        return And(pathConstraint, Or(LTLConstraint, LTLConstraintLoop)), pathStates

    def LTLsize(self, formula):
        if formula == True:
            return 1
        if formula == False:
            return 1
        if list(formula.keys())[0] == 'p':
            return 1
        elif list(formula.keys())[0] == '!p':
            return 2
        elif list(formula.keys())[0] == 'OR':
            return self.LTLsize(formula['OR'][0]) + self.LTLsize(formula['OR'][1]) + 1
        elif list(formula.keys())[0] == 'AND':
            return self.LTLsize(formula['AND'][0]) + self.LTLsize(formula['AND'][1]) + 1
        elif list(formula.keys())[0] == 'G':
            return self.LTLsize(formula['G']) + 1 
        elif list(formula.keys())[0] == 'F':
            return self.LTLsize(formula['F']) + 1
        elif list(formula.keys())[0] == 'X':
            return self.LTLsize(formula['X']) + 1
        elif list(formula.keys())[0] == 'U':
            return self.LTLsize(formula['U'][0]) + self.LTLsize(formula['U'][1]) + 1
        elif list(formula.keys())[0] == 'R':
            return self.LTLsize(formula['R'][0]) + self.LTLsize(formula['R'][1]) + 1
    
    def recDiam(self):
        k = 0
        while True:
            solver = z3.Solver()
            pathStates = []
            for j in range(k+1):
                pathStates += [self.state(j)] 
            pathConstraint = self.pathConstraint(pathStates)
            loopConstraint = Not(Or([ And([x == y for x, y in zip(pathStates[i],pathStates[j])]) for i in range(k+1) for j in range(i+1,k+1)]))
            solver.add(And(pathConstraint, loopConstraint))
            if solver.check() == unsat:
                return k-1
            k+=1
   
    def modelCheck(self, formula):
        formula = parser.parse(formula)
        formula = parseFormula(formula)
        if list(formula.keys())[0] == 'G' and list(formula['G'].keys())[0] == 'F':
            LTLbound = self.recDiam()
        elif list(formula.keys())[0] == 'F' and list(formula['F'].keys())[0] == 'G':
            LTLbound = self.recDiam()
        else:
            LTLbound = (2 ** len(self.states)) * (2 ** self.LTLsize(formula))
        for k in range(LTLbound):
            print('Step: ' + str(k+1) + '/' + str(LTLbound))
            solver = z3.Solver()
            solver.add(self.KmodelCheck(k, formula)[0])
            pathStates = self.KmodelCheck(k, formula)[1]
            if solver.check() == sat:
                model = solver.model()
                for i in range(k):
                    print(i)
                    ps = '('
                    for j in range(len(self.states)):
                        ps += f'{pathStates[i][j]} = {model[pathStates[i][j]]}, '
                    ps = ps[:-2] + ') --> '
                    print(ps, end = '') 
                ps = '('             
                for j in range(len(self.states)):
                    ps += f'{pathStates[-1][j]} = {model[pathStates[-1][j]]}, '
                ps = ps[:-2] + ')'
                print(ps)
                return 'LTL SAT'
        return 'LTL UNSAT'


In [None]:
def parseFormula(formula):
    if formula.type == 'PROP':
        return {'p': globals()[formula.child]}
    elif formula.type == 'NOT':
        if formula.child.type == 'PROP':
            return {'!p': globals()[formula.child.child]}
        else:
            print('Formula not in Negation Normal Form')
    elif formula.type == 'LITERAL':
        if formula.child == 'tru':
            return True
        if formula.child == 'fls':
            return False
    elif formula.type in ['OR', 'AND', 'U', 'R']:
        return {formula.type: (parseFormula(formula.left), parseFormula(formula.right))}
    elif formula.type in ['X', 'F', 'G']:
        return {formula.type: parseFormula(formula.child)}

## Examples

We have built the Microwave Kripke structure as decribed in the coursebook.



In [None]:
def Trans(curr, next):
    return Or(
       And(Not(curr[0]), Not(curr[1]), Not(curr[2]), Not(curr[3]), next[0], Not(next[1]), Not(next[2]), next[3]),
       And(Not(curr[0]), Not(curr[1]), Not(curr[2]), Not(curr[3]), Not(next[0]), next[1], Not(next[2]), Not(next[3])),
       And(Not(curr[0]), curr[1], Not(curr[2]), Not(curr[3]), Not(next[0]), Not(next[1]), Not(next[2]), Not(next[3])),
       And(Not(curr[0]), curr[1], curr[2], Not(curr[3]), Not(next[0]), Not(next[1]), Not(next[2]), Not(next[3])),
       And(Not(curr[0]), curr[1], curr[2], Not(curr[3]), Not(next[0]), next[1], next[2], Not(next[3])),
       And(Not(curr[0]), curr[1], curr[2], Not(curr[3]), Not(next[0]), next[1], Not(next[2]), Not(next[3])),
       And(curr[0], Not(curr[1]), Not(curr[2]), curr[3], next[0], next[1], Not(next[2]), next[3]),
       And(curr[0], curr[1], Not(curr[2]), curr[3], next[0], Not(next[1]), Not(next[2]), next[3]),
       And(curr[0], curr[1], Not(curr[2]), curr[3], Not(next[0]), next[1], Not(next[2]), Not(next[3])),
       And(Not(curr[0]), curr[1], Not(curr[2]), Not(curr[3]), next[0], next[1], Not(next[2]), Not(next[3])),
       And(curr[0], curr[1], Not(curr[2]), Not(curr[3]), next[0], next[1], next[2], Not(next[3])),
       And(curr[0], curr[1], curr[2], Not(curr[3]), Not(next[0]), next[1], next[2], Not(next[3])))

def f(state): # Atomic formulas are represented as python functions
    return state[0]
def g(state):
    return state[1]

In [None]:
k = Kripke(['s', 'c', 'h', 'e'], {'s': False, 'c': False, 'h': False, 'e': False}, Trans)

print(k.modelCheck("F (G ((!f) . (f)))"))

Step: 1/6
Step: 2/6
Step: 3/6
Step: 4/6
Step: 5/6
Step: 6/6
LTL UNSAT
