Results 1  10
of
93
Fast LTL to Büchi Automata Translation
, 2001
"... We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B"uchi automaton as an intermediate step. Each automaton is simplified onthefly in ..."
Abstract

Cited by 178 (3 self)
 Add to MetaCart
(Show Context)
We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B&quot;uchi automaton as an intermediate step. Each automaton is simplified onthefly in order to save memory and time. As usual we simplify the LTL formula before any treatment. We implemented this algorithm and compared it with Spin: the experiments show that our algorithm is much more efficient than Spin. The criteria of comparison are the size of the resulting automaton, the time of the computation and the memory used. Our implementation is available on the web at the following address: http://verif.liafa.jussieu.fr/ltl2ba
Alternating refinement relations
 In Proceedings of the Ninth International Conference on Concurrency Theory (CONCUR’98), volume 1466 of LNCS
, 1998
"... Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the syste ..."
Abstract

Cited by 164 (20 self)
 Add to MetaCart
Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the system (which may involve some or all components), in alternating transition systems, each transition corresponds to a possible move in a game between the components. In this paper, we study refinement relations between alternating transition systems, such as “Does the implementation refine the set £ of specification components without constraining the components not in £? ” In particular, we generalize the definitions of the simulation and trace containment preorders from labeled transition systems to alternating transition systems. The generalizations are called alternating simulation and alternating trace containment. Unlike existing refinement relations, they allow the refinement of individual components within the context of a composite system description. We show that, like ordinary simulation, alternating simulation can be checked in polynomial time using a fixpoint computation algorithm. While ordinary trace containment is PSPACEcomplete, we establish alternating trace containment to be EXPTIMEcomplete. Finally, we present logical characterizations for the two preorders in terms of ATL, a temporal logic capable of referring to games between system components. 1
Vacuity Detection in Temporal Model Checking
, 1999
"... One of the advantages of temporallogic modelchecking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the specification in the system. On the other hand, when the answer to the correctness query is positive, most modelcheckin ..."
Abstract

Cited by 79 (15 self)
 Add to MetaCart
One of the advantages of temporallogic modelchecking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the specification in the system. On the other hand, when the answer to the correctness query is positive, most modelchecking tools provide no witness for the satisfaction of the specification. In the last few years there has been growing awareness to the importance of suspecting the system or the specification of containing an error also in the case model checking succeeds. The main justification of such suspects are possible errors in the modeling of the system or of the specification. Many such errors can be detected by further automatic reasoning about the system and the environment. In particular, Beer et al. described a method for the detection of vacuous satisfaction of temporal logic specifications and the generation of interesting witnesses for the satisfaction of specifications. For example, verifying a sy...
From nondeterministic Büchi and Streett automata to deterministic parity automata
 In 21st Symposium on Logic in Computer Science (LICS’06
, 2006
"... Determinization and complementation are fundamental notions in computer science. When considering finite automata on finite words determinization gives also a solution to complementation. Given a nondeterministic finite automaton there exists an exponential construction that gives a deterministic au ..."
Abstract

Cited by 73 (4 self)
 Add to MetaCart
(Show Context)
Determinization and complementation are fundamental notions in computer science. When considering finite automata on finite words determinization gives also a solution to complementation. Given a nondeterministic finite automaton there exists an exponential construction that gives a deterministic automaton for the same language. Dualizing the set of accepting states gives an automaton for the complement language. In the theory of automata on infinite words, determinization and complementation are much more involved. Safra provides determinization constructions for Büchi and Streett automata that result in deterministic Rabin automata. For a Büchi automaton with n states, Safra constructs a deterministic Rabin automaton with n O(n) states and n pairs. For a Streett automaton with n states and k pairs, Safra constructs a deterministic Rabin automaton with (nk) O(nk) states and n(k + 1) pairs. Here, we reconsider Safra’s determinization constructions. We show how to construct automata with fewer states and, most importantly, parity acceptance condition. Specifically, starting from a nondeterministic Büchi automaton with n states our construction yields a deterministic parity automaton with n 2n+2 states and index 2n (instead of a Rabin automaton with (12) n n 2n states and n pairs). Starting from a nondeterministic Streett automaton with n states and k pairs our construction yields a deterministic parity automaton with n n(k+2)+2 (k+1) 2n(k+1) states and index 2n(k + 1) (instead of a Rabin automaton with (12) n(k+1) n n(k+2) (k+1) 2n(k+1) states and n(k+1) pairs). The parity condition is much simpler than the Rabin condition. In applications such as solving games and emptiness of tree automata handling the Rabin condition involves an additional multiplier of n 2 n! (or (n(k + 1)) 2 (n(k + 1))! in the case of Streett) which is saved using our construction.
Synthesizing Distributed Systems
, 2001
"... In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is un ..."
Abstract

Cited by 64 (1 self)
 Add to MetaCart
In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is undecidable for general architectures, and is nonelementary decidable for hierarchical architectures, where the processes are linearly ordered and information among them ows in one direction. In this paper we present a signicant extension of this result. We handle both linear and branching specications, and we show that a sucient condition for decidability of the synthesis problem is a linear or cyclic order among the processes, in which information ows in either one or both directions. We also allow the processes to have internal hidden variables, and we consider communications with and without delay. Many practical applications fall into this class. 1 Introduction In system synthesis, we...
Distributed Controller Synthesis for Local Specifications
, 2001
"... We consider the problem of synthesizing distributed controllers for reactive systems against local specifications. We show that a larger class of architectures become decidable in comparison to the analogous problem for global specifications. We identify the exact class of architectures for which th ..."
Abstract

Cited by 42 (3 self)
 Add to MetaCart
We consider the problem of synthesizing distributed controllers for reactive systems against local specifications. We show that a larger class of architectures become decidable in comparison to the analogous problem for global specifications. We identify the exact class of architectures for which the problem is decidable. Our results also show the decidability of a related realizability problem for local specifications.
Reasoning About Strategies
 In IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science’10, LIPIcs 8
, 2010
"... In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between open entities and express that the system is correct no matter how the environment behaves. An important contribution in this context is given by modal logics for stra ..."
Abstract

Cited by 41 (19 self)
 Add to MetaCart
In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between open entities and express that the system is correct no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ability, in the setting of multiagent games, such as ATL, ATL*, and the like. Recently, Chatterjee, Henzinger, and Piterman introduced Strategy Logic, which we denote here by SLCHP, with the aim of getting a powerful framework for reasoning explicitly about strategies. SLCHP is obtained by using firstorder quantifications over strategies and it has been investigated in the specific setting of twoagents turnedbased game structures where a nonelementary modelchecking algorithm has been provided. While SLCHP is a very expressive logic, we claim that it does not fully capture the strategic aspects of multiagent systems. In this paper, we introduce and study a more general strategy logic, denoted SL, for reasoning about strategies in multiagent concurrent systems. We prove that SL strictly includes SLCHP, while maintaining a decidable modelchecking problem. Indeed, we show that it is 2EXPTIMECOMPLETE, thus not harder than that for ATL * and a remarkable improvement of the same problem for SLCHP. We also consider the satisfiability problem and show that it is undecidable already for the sublogic SLCHP under the concurrent game semantics. Digital Object Identifier 10.4230/LIPIcs.FSTTCS.2010.133 1
Alternating Automata and Program Verification
 In Computer Science Today. LNCS 1000
, 1995
"... . We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear tempora ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
(Show Context)
. We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees. The simple combinatorial structures that emerge from the automatatheoretic approach decouple the logical and algorithmic components of finitestateprogram verification and yield clear and general verification algorithms. 1 Introduction Temporal logics, which are modal logics geared towards the description of the temporal ordering of events, have been adopted as a powerful tool for specifying and verifying concurrent programs [Pnu77, MP92]. One of the most significant developments in this area is the discovery of algorithmic methods for verifying temporal logic properties...
The Complexity of the Graded µCalculus
"... In classical logic, existential and universal quantifiers express that there exists at least one individual satisfying a formula, or that all individuals satisfy a formula. In many logics, these quantifiers have been generalized to express that, for a nonnegative integer n, at least n individual ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
In classical logic, existential and universal quantifiers express that there exists at least one individual satisfying a formula, or that all individuals satisfy a formula. In many logics, these quantifiers have been generalized to express that, for a nonnegative integer n, at least n individuals or all but n individuals satisfy a formula. In modal logics, graded modalities generalize standard existential and universal modalities in that they express, e.g., that there exist at least n accessible worlds satisfying a certain formula. Graded modalities are useful expressive means in knowledge representation; they are present in a variety of other knowledge representation formalisms closely related to modal logic.
XPath, transitive closure logic, and nested tree walking automata
 In Proceedings PODS 2008
, 2008
"... We consider the navigational core of XPath, extended with two operators: the Kleene star for taking the transitive closure of path expressions, and a subtree relativisation operator, allowing one to restrict attention to a specific subtree while evaluating a subexpression. We show that the expressiv ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
We consider the navigational core of XPath, extended with two operators: the Kleene star for taking the transitive closure of path expressions, and a subtree relativisation operator, allowing one to restrict attention to a specific subtree while evaluating a subexpression. We show that the expressive power of this XPath dialect equals that of FO(MTC), first order logic extended with monadic transitive closure. We also give a characterization in terms of nested treewalking automata. Using the latter we then proceed to show that the language is strictly less expressive than MSO. This solves an open question about the relative expressive power of FO(MTC) and MSO on trees. We also investigate the complexity for our XPath dialect. We show that query evaluation be done in polynomial time (combined complexity), but that satisfiability and query containment (as well as emptiness for our automaton model) are 2ExpTimecomplete (it is ExpTimecomplete for Core XPath).