Abstract. The automata-theoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automata-theoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1

We survey the properties of sets of integers recognizable by automata when they are written in p-ary expansions. We focus on Cobham’s theorem which characterizes the sets recognizable in different bases p and on its generalization to N m due to Semenov. We detail the remarkable proof recently given by Muchnik for the theorem of Cobham-Semenov, the original proof being published in Russian. 1

: The claim that interactive systems have richer behavior than algorithms is surprisingly easy to prove: Turing machines cannot model interaction machines because: interaction is not expressible by a finite initial input string. Interaction machines extend the Chomsky hierarchy, are modeled by interaction grammars, and precisely capture fuzzy concepts like open systems and empirical computer science. Part I of this paper examines extensions to interactive models for algorithms, machines, grammars, and semantics, while part II considers the expressiveness of different forms of interaction. Interactive identity machines are already more powerful than Turing machines, while noninteractive parallelism and distribution are algorithmic. The extension of Turing to interaction machines parallels that of the lambda to the pi calculus, but the ability to model shared state allows interaction machines to express more powerful behavior than calculi. Asynchronous and nonserializable interaction ar...

Even if access to the internal structure of the tested system is possible, it is not always a good idea to use it when performing tests, as this may lead to a bias in the testing process. Furthermore, the

Determinization and complementation are fundamental notions in computer science. When considering finite automata on finite words determinization gives also a solution to complementation. Given a nondeterministic finite automaton there exists an exponential construction that gives a deterministic automaton for the same language. Dualizing the set of accepting states gives an automaton for the complement language. In the theory of automata on infinite words, determinization and complementation are much more involved. Safra provides determinization constructions for Büchi and Streett automata that result in deterministic Rabin automata. For a Büchi automaton with n states, Safra constructs a deterministic Rabin automaton with n O(n) states and n pairs. For a Streett automaton with n states and k pairs, Safra constructs a deterministic Rabin automaton with (nk) O(nk) states and n(k + 1) pairs. Here, we reconsider Safra’s determinization constructions. We show how to construct automata with fewer states and, most importantly, parity acceptance condition. Specifically, starting from a nondeterministic Büchi automaton with n states our construction yields a deterministic parity automaton with n 2n+2 states and index 2n (instead of a Rabin automaton with (12) n n 2n states and n pairs). Starting from a nondeterministic Streett automaton with n states and k pairs our construction yields a deterministic parity automaton with n n(k+2)+2 (k+1) 2n(k+1) states and index 2n(k + 1) (instead of a Rabin automaton with (12) n(k+1) n n(k+2) (k+1) 2n(k+1) states and n(k+1) pairs). The parity condition is much simpler than the Rabin condition. In applications such as solving games and emptiness of tree automata handling the Rabin condition involves an additional multiplier of n 2 n! (or (n(k + 1)) 2 (n(k + 1))! in the case of Streett) which is saved using our construction.

. Two well-known formalisms for the specication and computation of tree transductions are compared: the mso graph transducer and the attributed tree transducer with look-ahead, respectively. The mso graph transducer, restricted to trees, uses monadic second order logic to dene the output tree in terms of the input tree. The attributed tree transducer is an attribute grammar in which all attributes are trees; it is preceded by a look-ahead phase in which all attributes have nitely many values. The main result is that these formalisms are equivalent, i.e., that the attributed tree transducer with look-ahead is an appropriate implementation model for the tree transductions that are speciable in mso logic. This result holds for mso graph transducers that produce trees with shared subtrees. If no sharing is allowed, the attributed tree transducer satises the single use restriction. 1 Introduction Formulas of monadic second order (mso) logic can be used to express properti...

Abstract not found

In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assume-guarantee paradigm. In this paper we consider assume-guarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular model-checking problem. We consider both ACTL and ACTL*, the universal fragments of CTL and CTL*. We develop two fundamental techniques: building max...

. The class of finitely locally threshold testable !-languages is proved to be decidable relatively to the class of all regular !-languages. We apply this to the monadic second order theory of infinite word structures with successor function: it is decidable whether for a given monadic second-order formula there exists a first-order formula with the same set of infinite word models. Introduction A language L of infinite words is said to be finitely locally threshold testable if the answer to the question `ff 2 L?' is determined by the prefix of ff of a given fixed length and the number of occurrences of the factors of ff of a bounded length counted up to a given fixed finite threshold. For (general) local threshold testability the answer may also depend on the set of the factors of ff of a bounded length which occur infinitely often. The present paper shows that the class of the finitely locally threshold testable !-languages is decidable relatively to the class of all regular ...

This paper compares two different styles of reasoning with inductively defined predicates, each style being encapsulated by a corresponding sequent calculus proof system. The first system supports traditional proof by induction, with induction rules formulated as sequent rules for introducing inductively defined predicates on the left of sequents. We show this system to be cut-free complete with respect to a natural class of Henkin models; the eliminability of cut follows as a corollary. The second system uses infinite (non-well-founded) proofs to represent arguments by infinite descent. In this system, the left rules for inductively defined predicates are simple case-split rules, and an infinitary, global condition on proof trees is required to ensure soundness. We show this system to be cut-free complete with respect to standard models, and again infer the eliminability of cut. The second infinitary system is unsuitable for formal reasoning. However, it has a natural restriction to proofs given by regular trees, i.e. to those proofs representable by finite graphs. This restricted “cyclic ” system subsumes the first system for proof by induction. We conjecture that the two systems are in fact equivalent, i.e., that proof by induction is equivalent to regular proof by infinite descent.