Results 1  10
of
93
Fast LTL to Büchi Automata Translation
, 2001
"... We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B"uchi automaton as an intermediate step. Each automaton is simplified onthefly in ..."
Abstract

Cited by 177 (3 self)
 Add to MetaCart
(Show Context)
We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B&quot;uchi automaton as an intermediate step. Each automaton is simplified onthefly in order to save memory and time. As usual we simplify the LTL formula before any treatment. We implemented this algorithm and compared it with Spin: the experiments show that our algorithm is much more efficient than Spin. The criteria of comparison are the size of the resulting automaton, the time of the computation and the memory used. Our implementation is available on the web at the following address: http://verif.liafa.jussieu.fr/ltl2ba
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 143 (20 self)
 Add to MetaCart
(Show Context)
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
The ForSpec Temporal Logic: A New Temporal PropertySpecification Language
, 2001
"... In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of log ..."
Abstract

Cited by 89 (22 self)
 Add to MetaCart
In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and arithmetical operations on bit vectors to describe state properties, it enables the user to define temporal connectives over time windows, it enables the user to define regular events, which are regular sequences of Boolean events, and then relate such events via special connectives, it enables the user to express properties about the past, and it includes constructs that enable the user to model multiple clock and reset signals, which is useful in the verification of hardware design.
From nondeterministic Büchi and Streett automata to deterministic parity automata
 In 21st Symposium on Logic in Computer Science (LICS’06
, 2006
"... Determinization and complementation are fundamental notions in computer science. When considering finite automata on finite words determinization gives also a solution to complementation. Given a nondeterministic finite automaton there exists an exponential construction that gives a deterministic au ..."
Abstract

Cited by 74 (5 self)
 Add to MetaCart
(Show Context)
Determinization and complementation are fundamental notions in computer science. When considering finite automata on finite words determinization gives also a solution to complementation. Given a nondeterministic finite automaton there exists an exponential construction that gives a deterministic automaton for the same language. Dualizing the set of accepting states gives an automaton for the complement language. In the theory of automata on infinite words, determinization and complementation are much more involved. Safra provides determinization constructions for Büchi and Streett automata that result in deterministic Rabin automata. For a Büchi automaton with n states, Safra constructs a deterministic Rabin automaton with n O(n) states and n pairs. For a Streett automaton with n states and k pairs, Safra constructs a deterministic Rabin automaton with (nk) O(nk) states and n(k + 1) pairs. Here, we reconsider Safra’s determinization constructions. We show how to construct automata with fewer states and, most importantly, parity acceptance condition. Specifically, starting from a nondeterministic Büchi automaton with n states our construction yields a deterministic parity automaton with n 2n+2 states and index 2n (instead of a Rabin automaton with (12) n n 2n states and n pairs). Starting from a nondeterministic Streett automaton with n states and k pairs our construction yields a deterministic parity automaton with n n(k+2)+2 (k+1) 2n(k+1) states and index 2n(k + 1) (instead of a Rabin automaton with (12) n(k+1) n n(k+2) (k+1) 2n(k+1) states and n(k+1) pairs). The parity condition is much simpler than the Rabin condition. In applications such as solving games and emptiness of tree automata handling the Rabin condition involves an additional multiplier of n 2 n! (or (n(k + 1)) 2 (n(k + 1))! in the case of Streett) which is saved using our construction.
Assert and negate revisited: Modal semantics for UML sequence diagrams
 SOFTW SYST MODEL
, 2007
"... ... from necessary behavior. They thus enable the specification of rich multimodal scenariobased properties, such as mandatory, possible and forbidden scenarios. The sequence diagrams of UML 2.0 enrich those of previous versions of UML by two new operators, assert and negate, for specifying requir ..."
Abstract

Cited by 67 (26 self)
 Add to MetaCart
(Show Context)
... from necessary behavior. They thus enable the specification of rich multimodal scenariobased properties, such as mandatory, possible and forbidden scenarios. The sequence diagrams of UML 2.0 enrich those of previous versions of UML by two new operators, assert and negate, for specifying required and forbidden behaviors, which appear to have been inspired by LSC. The UML 2.0 semantics of sequence diagrams, however, being based on pairs of valid and invalid sets of traces, is inadequate, and prevents the new operators from being used effectively. We propose an extension of, and a different semantics for this UML language—Modal Sequence Diagrams (MSD)— based on the universal/existential modal semantics of LSC. In particular, in MSD assert and negate are really modalities, not operators. We define MSD as a UML 2.0 profile, thus paving the way to apply formal verification, synthesis, and scenariobased execution techniques from LSC to the mainstream UML standard.
Quantitative languages
"... Quantitative generalizations of classical languages, which assign to each word a real number instead of a boolean value, have applications in modeling resourceconstrained computation. We use weighted automata (finite automata with transition weights) to define several natural classes of quantitativ ..."
Abstract

Cited by 64 (23 self)
 Add to MetaCart
Quantitative generalizations of classical languages, which assign to each word a real number instead of a boolean value, have applications in modeling resourceconstrained computation. We use weighted automata (finite automata with transition weights) to define several natural classes of quantitative languages over finite and infinite words; in particular, the real value of an infinite run is computed as the maximum, limsup, liminf, limit average, or discounted sum of the transition weights. We define the classical decision problems of automata theory (emptiness, universality, language inclusion, and language equivalence) in the quantitative setting and study their computational complexity. As the decidability of the languageinclusion problem remains open for some classes of weighted automata, we introduce a notion of quantitative simulation that is decidable and implies language inclusion. We also give a complete characterization of the expressive power of the various classes of weighted automata. In particular, we show that most classes of weighted
Constructing Automata from Temporal Logic Formulas: A Tutorial
 Summer School on Trends in Computer Science, LNCS 2090
"... This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is alwa ..."
Abstract

Cited by 42 (0 self)
 Add to MetaCart
This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is always equal to the worstcase upper bound. It then turns to the techniques that can be used to improve this algorithm in order to obtain the quite effective algorithms that are now in use.
Antichains: A new algorithm for checking universality of finite automata
 In Proc. of CAV 2006, LNCS 4144
, 2006
"... Abstract. We propose and evaluate a new algorithm for checking the universality of nondeterministic finite automata. In contrast to the standard algorithm, which uses the subset construction to explicitly determinize the automaton, we keep the determinization step implicit. Our algorithm computes th ..."
Abstract

Cited by 42 (16 self)
 Add to MetaCart
(Show Context)
Abstract. We propose and evaluate a new algorithm for checking the universality of nondeterministic finite automata. In contrast to the standard algorithm, which uses the subset construction to explicitly determinize the automaton, we keep the determinization step implicit. Our algorithm computes the least fixed point of a monotone function on the lattice of antichains of state sets. We evaluate the performance of our algorithm experimentally using the random automaton model recently proposed by Tabakov and Vardi. We show that on the difficult instances of this probabilistic model, the antichain algorithm outperforms the standard one by several orders of magnitude. We also show how variations of the antichain method can be used for solving the languageinclusion problem for nondeterministic finite automata, and the emptiness problem for alternating finite automata. 1
Fair Simulation Relations, Parity Games, and State Space Reduction for Büchi Automata
"... We give efficient algorithms, beating or matching optimal known bounds, for computing a variety of simulation relations on the state space of a Buchi automaton. Our algorithms are derived via a unified and simple paritygame framework. This framework incorporates previously studied notions like fair ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
We give efficient algorithms, beating or matching optimal known bounds, for computing a variety of simulation relations on the state space of a Buchi automaton. Our algorithms are derived via a unified and simple paritygame framework. This framework incorporates previously studied notions like fair and direct simulation, but our main motivation is state space reduction, and for this purpose we introduce a new natural notion of simulation, called delayed simulation. We show that, unlike fair simulation, delayed simulation preserves the automaton language upon quotienting, and that it allows substantially better state reduction than direct simulation. We use the paritygame approach, based on a recent algorithm by Jurdzinski, to efficiently compute all the above simulation relations. In particular, we obtain an O(mn 3 )time and O(mn)space algorithm for computing both the delayed and fair simulation relations. The best prior algorithm for fair simulation requires time O(n 6 ) ([HKR97]). Our framework also allows one to compute bisimulations efficiently: we compute the fair bisimulation relation in O(mn 3 ) time and O(mn) space, whereas the best prior algorithm for fair bisimulation requires time O(n 10 ) ([HR00]). 1
Lattice automata
 In Proc. 8th International Conference on Verification, Model Checking, and Abstract Interpretation
, 2007
"... Abstract. Several verification methods involve reasoning about multivalued systems, in which an atomic proposition is interpreted at a state as a lattice element, rather than a Boolean value. The automatatheoretic approach for reasoning about Booleanvalued systems has proven to be very useful and ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
(Show Context)
Abstract. Several verification methods involve reasoning about multivalued systems, in which an atomic proposition is interpreted at a state as a lattice element, rather than a Boolean value. The automatatheoretic approach for reasoning about Booleanvalued systems has proven to be very useful and powerful. We develop an automatatheoretic framework for reasoning about multivalued objects, and describe its application. The basis to our framework are lattice automata on finite and infinite words, which assign to each input word a lattice element. We study the expressive power of lattice automata, their closure properties, the blowup involved in related constructions, and decision problems for them. Our framework and results are different and stronger then those known for semiring and weighted automata. Lattice automata exhibit interesting features from a theoretical point of view. In particular, we study the complexity of constructions and decision problems for lattice automata in terms of the size of both the automaton and the underlying lattice. For example, we show that while determinization of lattice automata involves a blow up that depends on the size of the lattice, such a blow up can be avoided when we complement lattice automata. Thus, complementation is easier than determinization. In addition to studying the theoretical aspects of lattice automata, we describe how they can be used for an efficient reasoning about a multivalued extension of LTL. 1