Results 1  10
of
21
A classification of symbolic transition systems
 ACM TRANSACTIONS ON COMPUTATIONAL LOGIC
, 2005
"... We define five increasingly comprehensive classes of infinitestate systems, called STS1STS5, whose state spaces have finitary structure. For four of these classes, we provide examples from hybrid systems.STS1 These are the systems with finite bisimilarity quotients. They can be analyzed symbolica ..."
Abstract

Cited by 53 (6 self)
 Add to MetaCart
We define five increasingly comprehensive classes of infinitestate systems, called STS1STS5, whose state spaces have finitary structure. For four of these classes, we provide examples from hybrid systems.STS1 These are the systems with finite bisimilarity quotients. They can be analyzed symbolically by iteratively applying predecessor and Boolean operations on state sets, starting from a finite number of observable state sets. Any such iteration is guaranteed to terminate in that only a finite number of state sets can be generated. This enables model checking of the μcalculus.STS2 These are the systems with finite similarity quotients. They can be analyzed symbolically by iterating the predecessor and positive Boolean operations. This enables model checking of the existential and universal fragments of the μcalculus.STS3 These are the systems with finite traceequivalence quotients. They can be analyzed symbolically by iterating the predecessor operation and a restricted form of positive Boolean operations (intersection is restricted to intersection with observables). This enables model checking of all ωregular properties, including linear temporal logic.STS4 These are the systems with finite distanceequivalence quotients (two states are equivalent if for every distance d, the same observables can be reached in d transitions). The systems in this class can be analyzed symbolically by iterating the predecessor operation and terminating when no new state sets are generated. This enables model checking of the existential conjunctionfree and universal disjunctionfree fragments of the μcalculus.STS5 These are the systems with finite boundedreachability quotients (two states are equivalent if for every distance d, the same observables can be reached in d or fewer transitions). The systems in this class can be analyzed symbolically by iterating the predecessor operation and terminating when no new states are encountered (this is a weaker termination condition than above). This enables model checking of reachability properties.
From Verification to Control: Dynamic Programs for Omegaregular Objectives
, 2001
"... Dynamic programs, or fixpoint iteration schemes, are useful for solving many problems on state spaces, including model checking on Kripke structures ("verification"), computing shortest paths on weighted graphs ("optimization"), computing the value of games played on game graphs ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Dynamic programs, or fixpoint iteration schemes, are useful for solving many problems on state spaces, including model checking on Kripke structures ("verification"), computing shortest paths on weighted graphs ("optimization"), computing the value of games played on game graphs ("control"). For Kripke structures, a rich fixpoint theory is available in the form of the calculus. Yet few connections have been made between different interpretations of fixpoint algorithms. We study the question of when a particular fixpoint iteration scheme ' for verifying an !regular property on a Kripke structure can be used also for solving a twoplayer game on a game graph with winning objective. We provide a sufficient and necessary criterion for the answer to be a rmative in the form of an extremalmodel theorem for games: under a game interpretation, the dynamic program' solves the game with objective if and only if both (1) under an existential interpretation on Kripke structures,' is equivalent to 9, and (2) under a universal interpretation on Kripke structures,' is equivalent to 8. In other words,' is correct on all twoplayer game graphs i it is correct on all extremal game graphs, where one or the other player has no choice of moves. The theorem generalizes to quantitative interpretations, where it connects twoplayer games with costs to weighted graphs. While the standard translations from !regular properties to thecalculus violate (1) or (2), we give a translation that satisfies both conditions. Our construction, therefore, yields fixpoint iteration schemes that can be uniformly applied on Kripke structures, weighted graphs, game graphs, and game graphs with costs, in order to meet or optimize a given !regular objective.
Pushdown module checking
, 2005
"... Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depe ..."
Abstract

Cited by 25 (18 self)
 Add to MetaCart
(Show Context)
Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depends on the interaction with their environment. The model checking problem for finite– state open systems (called module checking) has been intensively studied in the literature. In this paper, we focus on open pushdown systems and we study the related model–checking problem (pushdown module checking, for short) with respect to properties expressed by CTL and CTL ∗ formulas. We show that pushdown module checking against CTL (resp., CTL ∗ ) is 2Exptimecomplete (resp., 3Exptimecomplete). Moreover, we prove that for a fixed CTL (resp., CTL ∗ ) formula, the problem is Exptimecomplete. 1
Focus games for satisfiability and completeness of temporal logic
 In Proc. 16th Symp. on Logic in Computer Science, LICS’01
, 2001
"... We introduce a simple game theoretic approach to satisfiability checking of temporal logic, for LTL and CTL, which has the same complexity as using automata. The mechanisms involved are both explicit and transparent, and underpin a novel approach to developing complete axiom systems for temporal log ..."
Abstract

Cited by 21 (9 self)
 Add to MetaCart
(Show Context)
We introduce a simple game theoretic approach to satisfiability checking of temporal logic, for LTL and CTL, which has the same complexity as using automata. The mechanisms involved are both explicit and transparent, and underpin a novel approach to developing complete axiom systems for temporal logic. The axiom systems are naturally factored into what happens locally and what happens in the limit. The completeness proofs utilise the game theoretic construction for satisfiability: if a finite set of formulas is consistent then there is a winning strategy (and therefore construction of an explicit model is avoided). 1
Combining temporal logics for querying XML documents
 In International Conference on Database Theory
, 2006
"... Abstract. Close relationships between XML navigation and temporal logics have been discovered recently, in particular between logics LTL and CTL ⋆ and XPath navigation, and between the µcalculus and navigation based on regular expressions. This opened up the possibility of bringing modelchecking t ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Close relationships between XML navigation and temporal logics have been discovered recently, in particular between logics LTL and CTL ⋆ and XPath navigation, and between the µcalculus and navigation based on regular expressions. This opened up the possibility of bringing modelchecking techniques into the field of XML, as documents are naturally represented as labeled transition systems. Most known results of this kind, however, are limited to Boolean or unary queries, which are not always sufficient for complex querying tasks. Here we present a technique for combining temporal logics to capture nary XML queries expressible in two yardstick languages: FO and MSO. We show that by adding simple terms to the language, and combining a temporal logic for words together with a temporal logic for unary tree queries, one obtains logics that select arbitrary tuples of elements, and can thus be used as building blocks in complex query languages. We present general results on the expressiveness of such temporal logics, study their modelchecking properties, and relate them to some common XML querying tasks. 1
An Overview of the mCRL2 Toolset and its Recent Advances
"... Abstract. The analysis of complex distributed systems requires dedicated software tools. The mCRL2 language and toolset have been developed to support such analysis. We highlight changes and improvements made to the toolset in recent years. On the one hand, these affect the scope of application, whi ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The analysis of complex distributed systems requires dedicated software tools. The mCRL2 language and toolset have been developed to support such analysis. We highlight changes and improvements made to the toolset in recent years. On the one hand, these affect the scope of application, which has been broadened with extended support for data structures like infinite sets and functions. On the other hand, considerable progress has been made regarding the performance of our tools for state space generation and model checking, due to improvements in symbolic reduction techniques and due to a shift towards parity gamebased solving. We also discuss the software architecture of the toolset, which was well suited to accommodate the above changes, and we address a number of case studies to illustrate the approach. 1
Distributed synthesis for alternatingtime logics
 In Proceedings of the 5th International Symposium on Automated Technology for Verification and Analysis (ATVA 2007), LNCS 4762
, 2007
"... Abstract. We generalize the distributed synthesis problem to the setting of alternatingtime temporal logics. Alternatingtime logics specify the gamelike interaction between processes in a distributed system, which may cooperate on some objectives and compete on others. Our synthesis algorithm w ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We generalize the distributed synthesis problem to the setting of alternatingtime temporal logics. Alternatingtime logics specify the gamelike interaction between processes in a distributed system, which may cooperate on some objectives and compete on others. Our synthesis algorithm works for hierarchical architectures (in any two processes there is one that can see all inputs of the other process) and specifications in the temporal logics ATL, ATL*, and the alternatingtime µcalculus. Given an architecture and a specification, the algorithm constructs a distributed system that is guaranteed to satisfy the specification. We show that the synthesis problem for nonhierarchical architectures is undecidable, even for CTL specifications. Our algorithm is therefore a comprehensive solution for the entire range of specification languages from CTL to the alternatingtime µcalculus. 1
Algorithms and Methodology for Scalable Model Checking
 University of California at Berkeley
, 1999
"... ..."
(Show Context)
PDMC 2008 A MultiCore Solver for Parity Games
"... We describe a parallel algorithm for solving parity games, with applications in, e.g., modal µcalculus model checking with arbitrary alternations, and (branching) bisimulation checking. The algorithm is based on Jurdzinski’s Small Progress Measures. Actually, this is a class of algorithms, dependin ..."
Abstract
 Add to MetaCart
(Show Context)
We describe a parallel algorithm for solving parity games, with applications in, e.g., modal µcalculus model checking with arbitrary alternations, and (branching) bisimulation checking. The algorithm is based on Jurdzinski’s Small Progress Measures. Actually, this is a class of algorithms, depending on a selection heuristics. Our algorithm operates lockfree, and mostly waitfree (except for infrequent termination detection), and thus allows maximum parallelism. Additionally, we conserve memory by avoiding storage of predecessor edges for the parity graph through strictly forwardlooking heuristics. We evaluate our multicore implementation’s behaviour on parity games obtained from µcalculus model checking problems for a set of communication protocols, randomly generated problem instances, and parametric problem instances from the literature. Key words: parity games, boolean equation systems, model checking, multicore algorithm, µcalculus 1