Results 1  10
of
22
Safraless Decision Procedures
, 2005
"... The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formu ..."
Abstract

Cited by 50 (19 self)
 Add to MetaCart
The automatatheoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the treemodel property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formula and then checks that the language of this automaton is nonempty. The standard approach translates formulas into alternating parity tree automata, which are then translated, via Safra's determinization construction, into nondeterministic parity automata. This approach is not amenable to implementation because of the difficulty of implementing Safra's construction and the nonemptiness test for nondeterministic parity tree automata. In this
Optimizations for LTL synthesis
 In 6th Conference on Formal Methods in Computer Aided Design (FMCAD’06
, 2006
"... Abstract — We present an approach to automatic synthesis of specifications given in Linear Time Logic. The approach is based on a translation through universal coBüchi tree automata and alternating weak tree automata [1]. By careful optimization of all intermediate automata, we achieve a major impr ..."
Abstract

Cited by 36 (9 self)
 Add to MetaCart
Abstract — We present an approach to automatic synthesis of specifications given in Linear Time Logic. The approach is based on a translation through universal coBüchi tree automata and alternating weak tree automata [1]. By careful optimization of all intermediate automata, we achieve a major improvement in performance. We present several optimization techniques for alternating tree automata, including a gamebased approximation to language emptiness and a simulationbased optimization. Furthermore, we use an incremental algorithm to compute the emptiness of nondeterministic Büchi tree automata. All our optimizations are computed in time polynomial in the size of the automaton on which they are computed. We have applied our implementation to several examples and show a significant improvement over the straightforward implementation. Although our examples are still small, this work constitutes the first implementation of a synthesis algorithm for full LTL. We believe that the optimizations discussed here form an important step towards making LTL synthesis practical. I.
SPOT: an Extensible Model Checking Library Using TransitionBased Generalized Büchi Automata
 IN PROC. OF MASCOTS’04
, 2004
"... Spot is a C++ library offering model checking bricks that can be combined and interfaced with third party tools to build a model checker. It relies on Transitionbased Generalized B uchi Automata (TGBA) and does not need to degeneralize these automata to check their emptiness. We motivate the choice ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
Spot is a C++ library offering model checking bricks that can be combined and interfaced with third party tools to build a model checker. It relies on Transitionbased Generalized B uchi Automata (TGBA) and does not need to degeneralize these automata to check their emptiness. We motivate the choice of TGBA by illustrating a very simple (yet efficient) translation of LTL into TGBA. We then show how it supports onthefly computations, and how it can be extended or integrated in other tools.
Runtime verification for LTL and TLTL
, 2007
"... This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible. The feasibility of the developed methodology is demontrated using a collection of realworld temporal logic specifications. Moreover, the presented approach is related to the properties monitorable in general and is compared to existing concepts in the literature. It is shown that the set of monitorable properties does not only encompass the safety and cosafety properties but is strictly larger. For TLTL, the same road map is followed by first defining a threevalued semantics. The corresponding construction of a timed monitor is more involved, yet, as shown, possible.
LTL Satisfiability Checking
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
"... We report here on an experimental investigation of LTL satisfiability checking via a reduction to model checking. By using large LTL formulas, we offer challenging modelchecking benchmarks to both explicit and symbolic model checkers. For symbolic model checking, we use CadenceSMV, NuSMV, and SALSM ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
We report here on an experimental investigation of LTL satisfiability checking via a reduction to model checking. By using large LTL formulas, we offer challenging modelchecking benchmarks to both explicit and symbolic model checkers. For symbolic model checking, we use CadenceSMV, NuSMV, and SALSMC. For explicit model checking, we use SPIN as the search engine, and we test essentially all publicly available LTL translation tools. Our experiments result in two major findings. First, most LTL translation tools are research prototypes and cannot be considered industrial quality tools. Second, when it comes to LTL satisfiability checking, the symbolic approach is clearly superior to the explicit approach.
Antichains: Alternative Algorithms for LTL Satisfiability and ModelChecking
"... The linear temporal logic (LTL) was introduced by Pnueli as a logic to express properties over the computations of reactive systems. Since this seminal work, there have been a large number of papers that have studied deductive systems and algorithmic methods to reason about the correctness of reac ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
The linear temporal logic (LTL) was introduced by Pnueli as a logic to express properties over the computations of reactive systems. Since this seminal work, there have been a large number of papers that have studied deductive systems and algorithmic methods to reason about the correctness of reactive programs with regard to LTL properties. In this paper, we propose new efficient algorithms for LTL satisfiability and modelchecking. Our algorithms do not construct nondeterministic automata from LTL formulas but work directly with alternating automata using efficient exploration techniques based on antichains.
Search control in planning for temporally extended goals
 In Proc. ICAPS05
, 2005
"... Current techniques for reasoning about search control knowledge in AI planning, such as those used in TLPlan, TALPlanner, or SHOP2, assume that search control knowledge is conditioned upon and interpreted with respect to a fixed set of goal states. Therefore, these techniques can deal with reachabil ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Current techniques for reasoning about search control knowledge in AI planning, such as those used in TLPlan, TALPlanner, or SHOP2, assume that search control knowledge is conditioned upon and interpreted with respect to a fixed set of goal states. Therefore, these techniques can deal with reachability goals but do not apply to temporally extended goals, such as goals of achieving a condition whenever a certain fact becomes true. Temporally extended goals convey several intermediate reachability goals to be achieved at different point of execution, sometimes with cyclic executions; that is, the notion of goal state becomes dynamic. In this paper, we describe a method for reasoning about search control knowledge in the presence of temporally extended goals. Given such a goal, we generate an equivalent Büchi automaton— an automaton recognising the language of the executions satisfying the goal—and interpret control knowledge over this automaton and the world state trajectories generated by a forward search planner. This method is implemented and experimented with as an extension of the TLPlan planner, which incidentally becomes capable of handling cyclic goals.
Runtime Verification Revisited
, 2005
"... In this paper, we address a typical obstacle in runtime verification of linear temporal logic (LTL) formulae: standard models of linear temporal logic are infinite traces, whereas runtime verification has to deal with only finite system behaviours. This problem is usually addressed by defining an L ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In this paper, we address a typical obstacle in runtime verification of linear temporal logic (LTL) formulae: standard models of linear temporal logic are infinite traces, whereas runtime verification has to deal with only finite system behaviours. This problem is usually addressed by defining an LTL semantics for finite traces, which, however, does usually not fit well to the infinite trace semantics. We define a 3valued semantics (true, false, inconclusive) for LTL on finite traces that resembles the infinite trace semantics in a preferable manner. Furthermore, we describe how to construct, given an LTL formula, a (deterministic) finite state machine with three output symbols. This automaton reads finite traces and yields their 3valued LTL semantics. Thus, it can directly be deployed for runtime verification. Our concepts are first developed in the setting of LTL and then extended to the timed case for which a linear realtime logic, abbreviated as TLTL, is considered. Consequently, for a TLTL formula a monitor is constructed that operates over finite timed traces. We have implemented the untimed setting and validated our whole approach by examining a realworld case study.
Larger automata and less work for LTL model checking
 In Model Checking Software, 13th Int’l SPIN Workshop, volume 3925 of LNCS
, 2006
"... Abstract. Many different automata and algorithms have been investigated in the context of automatatheoretic LTL model checking. This article compares the behaviour of two variations on the widely used Büchi automaton, namely (i) a Büchi automaton where states are labelled with atomic propositions a ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. Many different automata and algorithms have been investigated in the context of automatatheoretic LTL model checking. This article compares the behaviour of two variations on the widely used Büchi automaton, namely (i) a Büchi automaton where states are labelled with atomic propositions and transitions are unlabelled, and (ii) a form of testing automaton that can only observe changes in state propositions and makes use of special livelock acceptance states. We describe how these variations can be generated from standard Büchi automata, and outline an SCCbased algorithm for verification with testing automata. The variations are compared to standard automata in experiments with both random and humangenerated Kripke structures and LTL X formulas, using SCCbased algorithms as well as a recent, improved version of the classic nested search algorithm. The results show that SCCbased algorithms outperform their nested search counterpart, but that the biggest improvements come from using the variant automata. Much work has been done on the generation of small automata, but small automata do not necessarily lead to small products when combined with the system being verified. We investigate the underlying factors for the superior performance of the new variations. 1
SALT  Structured Assertion Language for Temporal Logic
, 2006
"... This paper presents Salt. Salt is a general purpose specification and assertion language developed for creating concise temporal specifications to be used in industrial verification environments. It incorporates ideas of existing approaches, such as specification patterns, but also provides nested s ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
This paper presents Salt. Salt is a general purpose specification and assertion language developed for creating concise temporal specifications to be used in industrial verification environments. It incorporates ideas of existing approaches, such as specification patterns, but also provides nested scopes, exceptions, support for regular expressions and realtime. The latter is needed in particular for verification tasks to do with reactive systems imposing strict execution times and deadlines.