Results 1  10
of
65
Quantitative Stochastic Parity Games
"... We study perfectinformation stochastic parity games. These are twoplayer nonterminating games which are played on a graph with turnbased probabilistic transitions. A play results in an infinite path and the conflicting goals of the two players are!regular path properties, formalized as parity w ..."
Abstract

Cited by 55 (24 self)
 Add to MetaCart
We study perfectinformation stochastic parity games. These are twoplayer nonterminating games which are played on a graph with turnbased probabilistic transitions. A play results in an infinite path and the conflicting goals of the two players are!regular path properties, formalized as parity winning conditions. The qualitative solution of such a game amounts to computing the set of vertices from which a player has a strategy to win with probability 1 (or with positive probability). The quantitative solution amounts to computing the value of the game in every vertex, i.e., the highest probability with which a player can guarantee satisfaction of his own objective in a play that starts from the vertex. For the important special case of oneplayer stochastic parity games (parity Markov decision processes) we give polynomialtime algorithms both for the qualitative and the quantitative solution. The running time of the qualitative solution is O(d \Delta m 3=2) for graphs with m edges and d priorities. The quantitative solution is based on a linearprogramming formulation.
TreeLike Counterexamples in Model Checking
 In Proceedings of the 17 th Annual IEEE Symposium on Logic in Computer Science (LICS’02
, 2002
"... Counterexamples for specification violations provide engineers with important debugging information. Although counterexamples are considered one of the main advantages of model checking, stateof the art model checkers are restricted to relatively simple counterexamples, and surprisingly little rese ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
Counterexamples for specification violations provide engineers with important debugging information. Although counterexamples are considered one of the main advantages of model checking, stateof the art model checkers are restricted to relatively simple counterexamples, and surprisingly little research effort has been put into counterexamples. In this paper, we introduce a new general framework for counterexamples. The paper has three main contributions: (i) We determine the general form of ACTL counterexamples. To this end, we investigate the notion of counterexample and show that a large class of temporal logics beyond ACTL admits counterexamples with a simple treelike transition relation. We show that the existence of treelike counterexamples is related to a universal fragment of extended branching time logic based on ! regular temporal operators. (ii) We present new symbolic algorithms to generate treelike counterexamples for ACTL specifications. (iii) Based on treelike counterexamples we extend the abstraction refinement methodology developed recently by Clarke et al. (CAV'2000) to full ACTL. This demonstrates the conceptual simplicity and elegance of treelike counterexamples.
Simple stochastic parity games
 In CSL’03, volume 2803 of LNCS
, 2003
"... p m), compared with O(mn) best algorithm known ..."
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 36 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Bounded Model Construction for Monadic SecondOrder Logics
 In 12th International Conference on ComputerAided Verification (CAV’00), number 1855 in LNCS
, 2000
"... The monadic logics M2LStr and WS1S have been successfully used for verification, although they are nonelementary decidable. Motivated by ideas from bounded model checking, we investigate procedures for bounded model construction for these logics. The problem is, given a formula and a bound k, does ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
The monadic logics M2LStr and WS1S have been successfully used for verification, although they are nonelementary decidable. Motivated by ideas from bounded model checking, we investigate procedures for bounded model construction for these logics. The problem is, given a formula and a bound k, does there exist a word model for of length k. We give a bounded model construction algorithm for M2LStr that runs in a time exponential in k. For WS1S, we prove a negative result: bounded model construction is as hard as validity checking, i.e., it is nonelementary. From this, negative results for other monadic logics, such as S1S, follow. We present too preliminary tests using a SATbased implementation of bounded model construction; for certain problem classes it can find counterexamples substantially faster than automatabased decision procedures.
A robust class of contextsensitive languages
 In LICS
, 2007
"... We define a new class of languages defined by multistack automata that forms a robust subclass of contextsensitive languages, with decidable emptiness and closure under boolean operations. This class, called multistack visibly pushdown languages (MVPLs), is defined using multistack pushdown auto ..."
Abstract

Cited by 25 (6 self)
 Add to MetaCart
We define a new class of languages defined by multistack automata that forms a robust subclass of contextsensitive languages, with decidable emptiness and closure under boolean operations. This class, called multistack visibly pushdown languages (MVPLs), is defined using multistack pushdown automata with two restrictions: (a) the pushdown automaton is visible, i.e. the input letter determines the operation on the stacks, and (b) any computation of the machine can be split into�stages, where in each stage, there is at most one stack that is popped. MVPLs are an extension of visibly pushdown languages that captures noncontext free behaviors, and has applications in analyzing abstractions of multithreaded recursive programs, significantly enlarging the search space that can be explored for them. We show that MVPLs are closed under boolean operations, and problems such as emptiness and inclusion are decidable. We characterize MVPLs using monadic secondorder logic over appropriate structures, and exhibit a Parikh theorem for them. 1.
Alternating Automata and Logics over Infinite Words (Extended Abstract)
, 2000
"... We give a uniform treatment of the logical properties of alternating weak automata on infinite strings, extending and refining work of Müller, Saoudi, and Schupp (1984) and Kupferman and Vardi (1997). Two ideas are essential in the present setup: There is no acyclicity requirement on the transition ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
We give a uniform treatment of the logical properties of alternating weak automata on infinite strings, extending and refining work of Müller, Saoudi, and Schupp (1984) and Kupferman and Vardi (1997). Two ideas are essential in the present setup: There is no acyclicity requirement on the transition structure of weak alternating automata, and acceptance is defined only in terms of reachability of states; moreover, the run trees of the standard framework are replaced by run dags of bounded width. As applications, one obtains a new normal form for monadic second order logic, a simple complementation proof for weak alternating automata, and elegant connections to temporal logic.
Symbolic Synthesis of FiniteState Controllers for RequestResponse Specifications
 In CIAA, LNCS
, 2003
"... We present a method to solve certain infinite games over finite state spaces and apply this for the automatic synthesis of finitestate controllers. A liftcontroller problem serves as an example for which the implementation of our algorithm has been tested. The specifications consist of safety c ..."
Abstract

Cited by 19 (2 self)
 Add to MetaCart
We present a method to solve certain infinite games over finite state spaces and apply this for the automatic synthesis of finitestate controllers. A liftcontroller problem serves as an example for which the implementation of our algorithm has been tested. The specifications consist of safety conditions and socalled "requestresponseconditions" (which have the form "after visiting a state of P later a state of R is visited"). Many reallife problems can be modeled in this framework.
On the theory of structural subtyping
, 2003
"... We show that the firstorder theory of structural subtyping of nonrecursive types is decidable. Let Σ be a language consisting of function symbols (representing type constructors) and C a decidable structure in the relational language L containing a binary relation ≤. C represents primitive types; ..."
Abstract

Cited by 18 (8 self)
 Add to MetaCart
We show that the firstorder theory of structural subtyping of nonrecursive types is decidable. Let Σ be a language consisting of function symbols (representing type constructors) and C a decidable structure in the relational language L containing a binary relation ≤. C represents primitive types; ≤ represents a subtype ordering. We introduce the notion of Σtermpower of C, which generalizes the structure arising in structural subtyping. The domain of the Σtermpower of C is the set of Σterms over the set of elements of C. We show that the decidability of the firstorder theory of C implies the decidability of the firstorder theory of the Σtermpower of C. This result implies the decidability of the firstorder theory of structural subtyping of nonrecursive types.