Results 1  10
of
51
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2395 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Abstract

Cited by 1102 (16 self)
 Add to MetaCart
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
Reasoning about Infinite Computations
 Information and Computation
, 1994
"... We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping and repeating) for the automata. It turns out, however, that these logics all ..."
Abstract

Cited by 250 (55 self)
 Add to MetaCart
We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping and repeating) for the automata. It turns out, however, that these logics all have the same expressive power and that their decision problems are all PSPACEcomplete. We also investigate connectives defined by alternating automata and show that they do not increase the expressive power of the logic or the complexity of the decision problem. 1 Introduction For many years, logics of programs have been tools for reasoning about the input/output behavior of programs. When dealing with concurrent or nonterminating processes (like operating systems) there is, however, a need to reason about infinite computations. Thus, instead of considering the first and last states of finite computations, we need to consider the infinite sequences of states that the program goes through...
Symmetry and Model Checking
, 1994
"... We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model ch ..."
Abstract

Cited by 166 (15 self)
 Add to MetaCart
We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model checking. 1 Introduction In this paper, we show how to exploit symmetry in model checking. We focus on systems composed of many identical (isomorphic) processes. The global state transition graph M of such a system exhibits a great deal of symmetry, characterized by the group of graph automorphisms of M. The basic idea underlying our method is to reduce model checking over the original structure M, to model checking over a smaller quotient structure M, where symmetric states are identified. In the following paragraphs, we give a more detailed but still informal account of a "grouptheoretic" approach to exploiting symmetry. More precisely, the symmetry of M is reflected in the group, Aut M...
Efficient OntheFly Model Checking for CTL
, 1995
"... This paper gives an onthefly algorithm for determining whether a finitestate system satisfies a formula in the temporal logic CTL*. The time complexity of our algorithm matches that of the best existing "global algorithm" for model checking in this logic, and it performs as well as the best known ..."
Abstract

Cited by 50 (5 self)
 Add to MetaCart
This paper gives an onthefly algorithm for determining whether a finitestate system satisfies a formula in the temporal logic CTL*. The time complexity of our algorithm matches that of the best existing "global algorithm" for model checking in this logic, and it performs as well as the best known global algorithms for the sublogics CTL and LTL. In contrast with these approaches, however, our routine constructs the state space of the system under consideration in a needdriven fashion and will therefore perform better in practice.
Automated Temporal Reasoning about Reactive Systems
, 1996
"... . There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective a ..."
Abstract

Cited by 38 (2 self)
 Add to MetaCart
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
Supervisory Control of Discrete Event Systems with CTL* Temporal Logic Specifications
 SIAM Journal of Control and Optimization
"... Supervisory control problem of discrete event systems with temporal logic specifications is studied in this paper. The full branching time logic{CTL* is used for expressing specifications of discrete event systems. The control problem of CTL* is reduced to the decision problem of CTL*. A small model ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
Supervisory control problem of discrete event systems with temporal logic specifications is studied in this paper. The full branching time logic{CTL* is used for expressing specifications of discrete event systems. The control problem of CTL* is reduced to the decision problem of CTL*. A small model theorem for the control of CTL* is obtained. It is shown that the control problem of CTL* (resp., CTL) is complete for deterministic double (resp., single) exponential time. A sound and complete supervisor synthesis algorithm for the control of CTL* is provided. Special cases of the control of computation tree logic (CTL) and lineartime temporal logic (LTL) are also studied. Finally, a simple example is given for illustration. The contribution of the paper is summarized as follows: (i) For the first time a sound and complete supervisory synthesis algorithm for CTL* specifications has been obtained; (ii) Usage of temporal logic makes the specification specifying process easier and userfriendly since natural language specifications can be easily translated to temporal logic specifications (when compared to formal language/automatabased specifications) and at the same time there is no increase in the computational complexity (when compared to that of formal language/automatabased specifications); (iii) CTL* temporal logic allows the control constraints on the sequences of states which can be also captured by a regular language or !language, as well as on the more general branching structures of states which can not be captured by a regular language or !language.
Synthesis with incomplete informatio
 In Advances in Temporal Logic
, 2000
"... Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The specification considers all possible input sequences. Thus, if the specification is linear, it should hold in every computation generated by the interaction, and if the specification is branching, it should hold in the tree that embodies all possible input sequences. Often, the system cannot read all the input signals generated by its environment. For example, in a distributed setting, it might be that each process can read input signals of only part of the underlying processes. Then, we should transform a specification into a system whose output depends only on the readable parts of the input signals and the history of the computation. This is called synthesis with incomplete information. In this work we solve the problem of synthesis with incomplete information in its full generality. We consider linear and branching settings with complete and incomplete information. We claim that alternation is a suitable and helpful mechanism for coping with incomplete information. Using alternating tree automata, we show that incomplete information does not make the synthesis problem more complex, in both the linear and the branching paradigm. In particular, we prove that independently of the presence of incomplete information, the synthesis problems for CTL and CTL ⋆ are complete for EXPTIME and 2EXPTIME, respectively. 1.
Quantified Mucalculus for Control Synthesis
, 2003
"... We consider an extension of the mucalculus as a general framework to describe and synthesize controllers. This extension is obtained by quantifying atomic propositions, we call the resulting logic quanti ed mucalculus. We study its main theoretical properties and show its adequacy to control appl ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
We consider an extension of the mucalculus as a general framework to describe and synthesize controllers. This extension is obtained by quantifying atomic propositions, we call the resulting logic quanti ed mucalculus. We study its main theoretical properties and show its adequacy to control applications. The proposed framework is expressive: it offers a uniform way to describe as varied parameters as the kind of systems (closed or open), the control objective, the type of interaction between the controller and the system, the optimality criteria (fairness, maximally permissive), etc. To our knowledge, none of the former approaches can capture such a wide range of concepts.
Exponential Determinization for ωAutomata with StrongFairness Acceptance Condition
"... In [Saf88] an exponential determinization procedure for Buchi automata was shown, yielding tight bounds for decision procedures of some logics ([EJ88, Saf88, SV89, KT89]). In [SV89] the complexity of determinization and complementation of ωautomata was further investigated, leaving as an open q ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
In [Saf88] an exponential determinization procedure for Buchi automata was shown, yielding tight bounds for decision procedures of some logics ([EJ88, Saf88, SV89, KT89]). In [SV89] the complexity of determinization and complementation of ωautomata was further investigated, leaving as an open question the complexity of the determinization of a single class of ωautomata. For this class of ωautomata with strong fairness as acceptance condition (Streett automata), [SV89] managed to show an exponential complementation procedure, however the blowup of translating these automata, to any of the classes known to admit exponential determinization, is inherently exponential. This might suggest that the blowup of the determinization of Streett automata is inherently doubly exponential. This paper shows an exponential determinization construction for Streett automata. In fact, the complexity of our construction is roughly the same as the complexity achieved in [Saf88] for Büchi ...