The theory of the natural numbers with linear order and monadic predicates underlies propositional linear temporal logic. To study temporal logics that are suitable for reasoning about real-time systems, we combine this classical theory of in nite state sequences with a theory of discrete time, via a monotonic function that maps every state to its time. The resulting theory of timed state sequences is shown to be decidable, albeit nonelementary, and its expressive power is characterized by! -regular sets. Several more expressive variants are proved to be highly undecidable. This framework allows us to classify a wide variety of real-time logics according to their complexity and expressiveness. Indeed, it follows that most formalisms proposed in the literature cannot be decided. We are, however, able to identify two elementary real-time temporal logics as expressively complete fragments of the theory of timed state sequences, and we present tableau-based decision procedures for checking validity. Consequently, these two formalisms are well-suited for the speci cation and veri cation of real-time systems.

The most natural, compositional, way of modeling real-time systems uses a dense domain for time. The satis ability of timing constraints that are capable of expressing punctuality in this model, however, is known to be undecidable. We introduce a temporal language that can constrain the time difference between events only with finite, yet arbitrary, precision and show the resulting logic to be EXPSPACE-complete. This result allows us to develop an algorithm for the verification of timing properties of real-time systems with a dense semantics.

. The temporal logics pCTL and pCTL* have been proposed as tools for the formal specification and verification of probabilistic systems: as they can express quantitative bounds on the probability of system evolutions, they can be used to specify system properties such as reliability and performance. In this paper, we present model-checking algorithms for extensions of pCTL and pCTL* to systems in which the probabilistic behavior coexists with nondeterminism, and show that these algorithms have polynomial-time complexity in the size of the system. This provides a practical tool for reasoning on the reliability and performance of parallel systems. 1 Introduction Temporal logic has been successfully used to specify the behavior of concurrent and reactive systems. These systems are usually modeled as nondeterministic processes: at any moment in time, more than one future evolution may be possible, but a probabilistic characterization of their likelihood is normally not attempted. While ma...

Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation is illustrated on the particular cases of predicate abstraction, which is revisited to handle infinitary abstractions, and on the new parametric predicate abstraction. 1

Renewed motives for space exploration have inspired NASA to work toward the goal of establishing a virtual presence in space, through heterogeneous effets of robotic explorers. Information technology, and Artificial Intelligence in particular, will play a central role in this endeavor by endowing these explorers with a form of computational intelligence that we call remote agents. In this paper we describe the Remote Agent, a specific autonomous agent architecture based on the principles of model-based programming, on-board deduction and search, and goal-directed closed-loop commanding, that takes a significant step toward enabling this future. This architecture addresses the unique characteristics of the spacecraft domain that require highly reliable autonomous operations over long periods of time with tight deadlines, resource constraints, and concurrent activity among tightly coupled subsystems. The Remote Agent integrates constraint-based temporal planning and scheduling, robust multi-threaded execution, and model-based mode identification and reconfiguration. The demonstration of the integrated system as an on-board controller for Deep Space One, NASA's rst New Millennium mission, is scheduled for a period of a week in late 1998. The development of the Remote Agent also provided the opportunity to reassess some of AI's conventional wisdom about the challenges of implementing embedded systems, tractable reasoning, and knowledge representation. We discuss these issues, and our often contrary experiences, throughout the paper.

Goals capture, at different levels of abstraction, the various objectives the system under consideration should achieve.

We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model checking. 1 Introduction In this paper, we show how to exploit symmetry in model checking. We focus on systems composed of many identical (isomorphic) processes. The global state transition graph M of such a system exhibits a great deal of symmetry, characterized by the group of graph automorphisms of M. The basic idea underlying our method is to reduce model checking over the original structure M, to model checking over a smaller quotient structure M, where symmetric states are identified. In the following paragraphs, we give a more detailed but still informal account of a "group-theoretic" approach to exploiting symmetry. More precisely, the symmetry of M is reflected in the group, Aut M...

this paper, we describe the toolkit MOCHA in which the proposed approach is being implemented. The input language of MOCHA is a machine readable variant of reactive modules. The following functionalities are currently being supported:

We propose a framework for the formal speci cation and veri cation of timed and hybrid systems. For timed systems we propose a speci cation language that refers to time only through age functions which measure the length of the most recent timeinterval in which agiven formula has been continuously true. We then consider hybrid systems, which are systems consisting of a non-trivial mixture of discrete and continuous components, such as a digital controller that controls acontinuous environment. The proposed framework extends the temporal logic approach which has proven useful for the formal analysis of discrete systems such as reactive programs. The new framework consists of a semantic model for hybrid time, the notion of phase transition systems, which extends the formalism of discrete transition systems, an extended version of Statecharts for the speci cation of hybrid behaviors, and an extended version of temporal logic that enables reasoning about continuous change.

this paper appears in Proceedings of AAAI '96, pp. 1215-1222. F. Bacchus and F. Kabanza / Temporally Extended Goals 2 Yet this flexibility also poses a problem: how do we communicate to such an agent the task we want accomplished in a sufficiently precise manner so that it does what we really