Results 1  10
of
19
An AutomataTheoretic Approach to BranchingTime Model Checking
 JOURNAL OF THE ACM
, 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques ..."
Abstract

Cited by 360 (67 self)
 Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for modelchecking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of nonautomatatheoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automatatheoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal modelchecking algorithms. Moreover, the simple combinatorial structure that emerges from the a...
An automatatheoretic approach to linear temporal logic
 Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science
, 1996
"... Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over s ..."
Abstract

Cited by 294 (27 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automatatheoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1
Tableau Methods for Modal and Temporal Logics
, 1995
"... This document is a complete draft of a chapter by Rajeev Gor'e on "Tableau Methods for Modal and Temporal Logics" which is part of the "Handbook of Tableau Methods", edited by M. D'Agostino, D. Gabbay, R. Hahnle and J. Posegga, to be published in 1998 by Kluwer, Dordrec ..."
Abstract

Cited by 152 (20 self)
 Add to MetaCart
This document is a complete draft of a chapter by Rajeev Gor'e on "Tableau Methods for Modal and Temporal Logics" which is part of the "Handbook of Tableau Methods", edited by M. D'Agostino, D. Gabbay, R. Hahnle and J. Posegga, to be published in 1998 by Kluwer, Dordrecht. Any comments and corrections are highly welcome. Please email me at rpg@arp.anu.edu.au The latest version of this document can be obtained via my WWW home page: http://arp.anu.edu.au/ Tableau Methods for Modal and Temporal Logics Rajeev Gor'e Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Syntax and Notational Conventions . . . . . . . . . . . . 3 2.2 Axiomatics of Modal Logics . . . . . . . . . . . . . . . . 4 2.3 Kripke Semantics For Modal Logics . . . . . . . . . . . . 5 2.4 Known Correspondence and Completeness Results . . . . 6 2.5 Logical Consequence . . . . . . . . . . . . . . . . . . . . 8 2....
Safraless Decision Procedures
, 2005
"... The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formu ..."
Abstract

Cited by 82 (25 self)
 Add to MetaCart
The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formula and then checks that the language of this automaton is nonempty. The standard approach translates formulas into alternating parity tree automata, which are then translated, via Safra's determinization construction, into nondeterministic parity automata. This approach is not amenable to implementation because of the difficulty of implementing Safra's construction and the nonemptiness test for nondeterministic parity tree automata. In this
Module checking revisited
 In Proc. 9th CAV, LNCS 1254
, 1997
"... Abstract. When we verify the correctness of an open system with respect to a desired requirement, we should take into consideration the different environments with which the system may interact. Each environment induces a different behavior of the system, and we want all these behaviors to satisfy t ..."
Abstract

Cited by 44 (6 self)
 Add to MetaCart
(Show Context)
Abstract. When we verify the correctness of an open system with respect to a desired requirement, we should take into consideration the different environments with which the system may interact. Each environment induces a different behavior of the system, and we want all these behaviors to satisfy the requirement. Module checking is an algorithmic method that checks, given an open system (modeled as a finite structure) and a desired requirement (specified by a temporallogic formula), whether the open system satisfies the requirement with respect to all environments. In this paper we extend the modulechecking method with respect to two orthogonal issues. Both issues concern the fact that often we are not interested in satisfaction of the requirement with respect to all environments, but only with respect to these that meet some restriction. We consider the case where the environment has incomplete information about the system; i.e., when the system has internal variables, which are not readable by its environment, and the case where some assumptions are known about environment; i.e., when the system is guaranteed to satisfy the requirement only when its environment satisfies certain assumptions. We study the complexities of the extended modulechecking problems. In particular, we show that for universal temporal logics (e.g., LTL, ¥ CTL, and ¥ CTL ¦), module checking with incomplete information coincides with module checking, which by itself coincides with model checking. On the other hand, for nonuniversal temporal logics (e.g., CTL and CTL ¦), module checking with incomplete information is harder than module checking, which is by itself harder than model checking. 1
An automatatheoretic approach to reasoning about infinitestate systems
 LNCS
, 2000
"... Abstract. We develop an automatatheoretic framework for reasoning about infinitestate sequential systems. Our framework is based on the observation that states of such systems, which carry a finite but unbounded amount of information, can be viewed as nodes in an infinite tree, and transitions betw ..."
Abstract

Cited by 41 (4 self)
 Add to MetaCart
Abstract. We develop an automatatheoretic framework for reasoning about infinitestate sequential systems. Our framework is based on the observation that states of such systems, which carry a finite but unbounded amount of information, can be viewed as nodes in an infinite tree, and transitions between states can be simulated by finitestate automata. Checking that the system satisfies a temporal property can then be done by an alternating twoway tree automaton that navigates through the tree. As has been the case with finitestate systems, the automatatheoretic framework is quite versatile. We demonstrate it by solving several versions of the modelchecking problem for §calculus specifications and prefixrecognizable systems, and by solving the realizability and synthesis problems for §calculus specifications with respect to prefixrecognizable environments. 1
Alternating Automata and Program Verification
 In Computer Science Today. LNCS 1000
, 1995
"... . We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear tempora ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
. We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees. The simple combinatorial structures that emerge from the automatatheoretic approach decouple the logical and algorithmic components of finitestateprogram verification and yield clear and general verification algorithms. 1 Introduction Temporal logics, which are modal logics geared towards the description of the temporal ordering of events, have been adopted as a powerful tool for specifying and verifying concurrent programs [Pnu77, MP92]. One of the most significant developments in this area is the discovery of algorithmic methods for verifying temporal logic properties...
Safraless compositional synthesis
 In CAV
, 2006
"... Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. In spite of the rich theory developed for system synthesis, little of this theory has been reduced to practice. This is in contrast with of modelchecking theory, which has l ..."
Abstract

Cited by 27 (9 self)
 Add to MetaCart
Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. In spite of the rich theory developed for system synthesis, little of this theory has been reduced to practice. This is in contrast with of modelchecking theory, which has led to industrial development and use of formal verification tools. We see two main reasons for the lack of practical impact of synthesis. The first is algorithmic: synthesis involves Safra’s determinization of automata on infinite words, and a solution of parity games with highly complex state spaces; both problems have been notoriously resistant to efficient implementation. The second is methodological: current theory of synthesis assumes a single comprehensive specification. In practice, however, the specification is composed of a set of properties, which is typically evolving – properties may be added, deleted, or modified. In this work we address both issues. We extend the Safraless synthesis algorithm of Kupferman and Vardi so that it handles LTL formulas by translating them to nondeterministic generalized Büchi automata. This leads to an exponential improvement in the complexity of the algorithm. Technically, our algorithm reduces the synthesis problem to the emptiness problem of a nondeterministic Büchi tree automaton A. The generation of A avoids determinization, avoids the parity acceptance condition, and is based on an analysis of runs of universal generalized coBüchi tree automata. The clean and simple structure of A enables optimizations and a symbolic implementation. In addition, it makes it possible to use information gathered during the synthesis process of properties in the process of synthesizing their conjunction. 1
Tighter bounds for the determinisation of Büchi automata
 In FoSSaCS 09
, 2009
"... Abstract. The introduction of an eÆcient determinisation technique for Buchi automata by Safra has been a milestone in automata theory. To name only a few applications, eÆcient determinisation techniques for!word automata are the basis for several manipulations of!tree automata (most prominently t ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The introduction of an eÆcient determinisation technique for Buchi automata by Safra has been a milestone in automata theory. To name only a few applications, eÆcient determinisation techniques for!word automata are the basis for several manipulations of!tree automata (most prominently the nondeterminisation of alternating tree automata) as well as for satisability checking and model synthesis for branching and alternatingtime logics. This paper proposes a determinisation technique that is simpler than the constructions of Safra, Piterman, and Muller and Schupp, because it separates the principle acceptance mechanism from the concrete acceptance condition. The principle mechanism intuitively uses a Rabin condition on the transitions; we show how to obtain an equivalent Rabin transition automaton with approximately (1:65 n) n states from a nondeterministic Buchi automaton with n states. Having established this mechanism, it is simple to develop translations to automata with standard acceptance conditions. We can construct standard Rabin automata whose statespace is bilinear in the size of the input alphabet and the statespace of the Rabin transition automaton, or, for large input alphabets, contains approximately (2:66 n) n states, respectively. We also provide a
exible translation to parity automata with O(n! 2) states and 2n priorities based on a later introduction record, and hence connect the transformation of the acceptance condition to other record based transformations known from the literature. 1
Verification by augmented abstraction: The automatatheoretic view
 Journal of Computer and System Sciences
, 2001
"... ..."