Results 11  20
of
76
Alternating Automata and Program Verification
 In Computer Science Today. LNCS 1000
, 1995
"... . We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear tempora ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
. We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees. The simple combinatorial structures that emerge from the automatatheoretic approach decouple the logical and algorithmic components of finitestateprogram verification and yield clear and general verification algorithms. 1 Introduction Temporal logics, which are modal logics geared towards the description of the temporal ordering of events, have been adopted as a powerful tool for specifying and verifying concurrent programs [Pnu77, MP92]. One of the most significant developments in this area is the discovery of algorithmic methods for verifying temporal logic properties...
The Complexity of the Graded µCalculus
"... In classical logic, existential and universal quantifiers express that there exists at least one individual satisfying a formula, or that all individuals satisfy a formula. In many logics, these quantifiers have been generalized to express that, for a nonnegative integer n, at least n individual ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
In classical logic, existential and universal quantifiers express that there exists at least one individual satisfying a formula, or that all individuals satisfy a formula. In many logics, these quantifiers have been generalized to express that, for a nonnegative integer n, at least n individuals or all but n individuals satisfy a formula. In modal logics, graded modalities generalize standard existential and universal modalities in that they express, e.g., that there exist at least n accessible worlds satisfying a certain formula. Graded modalities are useful expressive means in knowledge representation; they are present in a variety of other knowledge representation formalisms closely related to modal logic.
On the Complexity of Branching Modular Model Checking (Extended Abstract)
, 1995
"... In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consid ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consider assumeguarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular modelchecking problem. We consider both ACTL and ACTL*, the universal fragments of CTL and CTL*. We develop two fundamental techniques: building max...
Pushdown Specifications
, 2002
"... Traditionally, model checking is applied to finitestate systems and regular specifications. While researchers have successfully extended the applicability of model checking to infinitestate systems, almost all existing work still consider regular specification formalisms. There are, however, ma ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
Traditionally, model checking is applied to finitestate systems and regular specifications. While researchers have successfully extended the applicability of model checking to infinitestate systems, almost all existing work still consider regular specification formalisms. There are, however, many interesting nonregular properties one would like to model check.
Synthesis with incomplete informatio
 In Advances in Temporal Logic
, 2000
"... Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The specification considers all possible input sequences. Thus, if the specification is linear, it should hold in every computation generated by the interaction, and if the specification is branching, it should hold in the tree that embodies all possible input sequences. Often, the system cannot read all the input signals generated by its environment. For example, in a distributed setting, it might be that each process can read input signals of only part of the underlying processes. Then, we should transform a specification into a system whose output depends only on the readable parts of the input signals and the history of the computation. This is called synthesis with incomplete information. In this work we solve the problem of synthesis with incomplete information in its full generality. We consider linear and branching settings with complete and incomplete information. We claim that alternation is a suitable and helpful mechanism for coping with incomplete information. Using alternating tree automata, we show that incomplete information does not make the synthesis problem more complex, in both the linear and the branching paradigm. In particular, we prove that independently of the presence of incomplete information, the synthesis problems for CTL and CTL ⋆ are complete for EXPTIME and 2EXPTIME, respectively. 1.
An AutomataTheoretic Approach to Modular Model Checking
, 1998
"... this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in 8CTL and 8CTL
A SpaceEfficient Onthefly Algorithm for RealTime Model Checking
 In Proceedings of CONCUR'96, Volume 1119 of LNCS
"... . In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
. In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size of the state space of the program, which grows exponentially with the number of concurrent components. This problem, known as the stateexplosion problem, becomes more difficult when we consider realtime model checking, where the program and the specification involve quantitative references to time. In particular, when use timed automata to describe realtime programs and we specify timed behaviors in the logic TCTL, a realtime extension of the temporal logic CTL with clock variables, then the state space under consideration grows exponentially not only with the number of concurrent components, but also with the number of clocks and the length of the clock constraints used in the program a...
Strategy Logic
, 2007
"... We introduce strategy logic, a logic that treats strategies in twoplayer games as explicit firstorder objects. The explicit treatment of strategies allows us to handle nonzerosum games in a convenient and simple way. We show that the onealternation fragment of strategy logic, is strong enough ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
We introduce strategy logic, a logic that treats strategies in twoplayer games as explicit firstorder objects. The explicit treatment of strategies allows us to handle nonzerosum games in a convenient and simple way. We show that the onealternation fragment of strategy logic, is strong enough to express Nashequilibrium, secureequilibria, as well as other logics that were introduced to reason about games, such as ATL, ATL*, and gamelogic. We show that strategy logic is decidable, by constructing tree automata that recognize sets of strategies. While for the general logic, our decision procedure is nonelementary, for the simple fragment that is used above we show that complexity is polynomial in the size of the game graph and optimal in the formula (ranging between 2EXPTIME and polynomial depending on the exact formulas).
Pushdown Module Checking with Imperfect Information
, 2012
"... The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems ( ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems (pushdown module checking). In this paper, we extend pushdown module checking to the imperfect information setting; i.e., to the case where the environment has only a partial view of the system’s control states and pushdown store content. We study the complexity of this problem with respect to the branchingtime temporal logics CTL, CTL ∗ and the propositional µcalculus. We show that pushdown module checking, which is by itself harder than pushdown model checking, becomes undecidable when the environment has imperfect information.