Results 1  10
of
24
Efficient OntheFly ModelChecking for Regular AlternationFree MuCalculus
, 2000
"... Modelchecking is a successful technique for automatically verifying concurrent finitestate systems. When building a modelchecker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the modelchecking problem, and the userfriendlin ..."
Abstract

Cited by 58 (11 self)
 Add to MetaCart
Modelchecking is a successful technique for automatically verifying concurrent finitestate systems. When building a modelchecker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the modelchecking problem, and the userfriendliness of the interface. We present a temporal logic and an associated modelchecking method that attempt to fulfill these criteria. The logic is an extension of the alternationfree µcalculus with ACTLlike action formulas and PDLlike regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The modelchecking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal for...
Information Flow Security in Dynamic Contexts
, 2002
"... We study a security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. The security property that we propose in this paper, named Persistent BNDC, is such that a process is "secure" when every state reachable from it satisfies a basic NonInterference pro ..."
Abstract

Cited by 51 (20 self)
 Add to MetaCart
We study a security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. The security property that we propose in this paper, named Persistent BNDC, is such that a process is "secure" when every state reachable from it satisfies a basic NonInterference property. We define a suitable bisimulation based equivalence relation among processes, that allows us to express the new property as a single equivalence check, thus avoiding the universal quantifications over all the reachable states (required by Persistent BNDC) and over all the possible hostile environments (implicit in the basic NonInterference property we adopt). We show that the novel security property is compositional and we discuss how it can be efficiently checked.
Model Checking via Reachability Testing for Timed Automata
, 1997
"... In this paper we develop an approach to modelchecking for timed automata via reachability testing. As our specification formalism, we consider a densetime logic with clocks. This logic may be used to express safety and bounded liveness properties of realtime systems. We show how to automatically ..."
Abstract

Cited by 44 (13 self)
 Add to MetaCart
In this paper we develop an approach to modelchecking for timed automata via reachability testing. As our specification formalism, we consider a densetime logic with clocks. This logic may be used to express safety and bounded liveness properties of realtime systems. We show how to automatically synthesize, for every logical formula ', a socalled test automaton T' in such a way that checking whether a system S satisfies the property ' can be reduced to a reachability question over the system obtained by making T' interact with S.
Deciding BisimulationLike Equivalences with FiniteState Processes
, 1999
"... We show that characteristic formulae for nitestate systems up to bisimulationlike equivalences (e.g., strong and weak bisimilarity) can be given in the simple branchingtime temporal logic EF. Since EF is a very weak fragment of the modal µcalculus, model checking with EF is decidable for many mo ..."
Abstract

Cited by 41 (14 self)
 Add to MetaCart
We show that characteristic formulae for nitestate systems up to bisimulationlike equivalences (e.g., strong and weak bisimilarity) can be given in the simple branchingtime temporal logic EF. Since EF is a very weak fragment of the modal µcalculus, model checking with EF is decidable for many more classes of infinitestate systems. This yields a general method for proving decidability of bisimulationlike equivalences between infinitestate processes and finitestate ones. We apply this method to the class of PAD processes, which strictly subsumes PA and pushdown (PDA) processes, showing that a large class of bisimulationlike equivalences (including, e.g., strong and weak bisimilarity) is decidable between PAD and finitestate processes. On the other hand, we also demonstrate that no `reasonable' bisimulationlike equivalence is decidable between stateextended PA processes and finitestate ones. Furthermore, weak bisimilarity with finitestate processes is shown to be undecidable even for state...
What can knowledge representation do for semistructured data
 In Proc. of the 15th Nat. Conf. on Artificial Intelligence (AAAI98
, 1998
"... The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. Graph schemas (Buneman et al. 1997) have been proposed recently as a simple and elegant formalism for representing se ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. Graph schemas (Buneman et al. 1997) have been proposed recently as a simple and elegant formalism for representing semistructured data. In this model, schemas are represented as graphs whose edges are labeled with unary formulae of a theory, and the notions of conformance of a database to a schema and of subsumption between two schemas are defined in terms of a simulation relation. Several authors have stressed the need of extending graph schemas with various types of constraints, such as edge existence and constraints on the number of outgoing edges. In this paper we analyze the appropriateness of various knowledge representation formalisms for representing and reasoning about graph schemas extended with constraints. We argue that neither First Order Logic, nor Logic Programming nor Framebased languages are satisfactory for this purpose, and present a solution based on very expressive Description Logics. We provide techniques and complexity analysis for the problem of deciding schema subsumption and conformance in various interesting cases, that differ by the expressive power in the specification of constraints.
Descriptive and relative completeness for logics for higherorder functions
 In ICALP’06, volume 4052 of LNCS
, 2006
"... Abstract. This paper establishes a strong completeness property of compositional program logics for pure and imperative higherorder functions introduced in [2, 15–18]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the former’s beha ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
Abstract. This paper establishes a strong completeness property of compositional program logics for pure and imperative higherorder functions introduced in [2, 15–18]. This property, called descriptive completeness, says that for each program there is an assertion fully describing the former’s behaviour up to the standard observational semantics. This formula is inductively calculable from the program text alone. As a consequence we obtain the first relative completeness result for compositional logics of pure and imperative callbyvalue higherorder functions in the full type hierarchy. 1
A modal fixpoint logic with chop
 Proc. 16th Symp. on Theoretical Aspects of Computer Science, STACS’99, volume 1563 of LNCS
, 1999
"... Abstract. We study a logic called FLC (Fixpoint Logic with Chop) that extends the modal mucalculus by a chopoperator and termination formulae. For this purpose formulae are interpreted by predicate transformers instead of predicates. We show that any contextfree process can be characterized by an ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
Abstract. We study a logic called FLC (Fixpoint Logic with Chop) that extends the modal mucalculus by a chopoperator and termination formulae. For this purpose formulae are interpreted by predicate transformers instead of predicates. We show that any contextfree process can be characterized by an FLCformula up to bisimulation or simulation. Moreover, we establish the following results: FLC is strictly more expressive than the modal mucalculus; it is decidable for finitestate processes but undecidable for contextfree processes; satisfiability and validity are undecidable; FLC does not have the finitemodel property. 1
Derivation of Characteristic Formulae
, 2001
"... This paper shows how modal mucalculus formulae characterizing finitestate processes up to strong or weak bisimulation can be derived directly from the wellknown greatest fixpoint characterizations of the bisimulation relations. Our derivation simplifies earlier proofs for the strong bisimulation ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
This paper shows how modal mucalculus formulae characterizing finitestate processes up to strong or weak bisimulation can be derived directly from the wellknown greatest fixpoint characterizations of the bisimulation relations. Our derivation simplifies earlier proofs for the strong bisimulation case and, by virtue of derivation, immediately generalizes to various other bisimulationlike relations, in particular weak bisimulation.
Semistructured data with constraints and incomplete information
 In Description Logics
, 1998
"... The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. In this paper, we base our work on bdfs, which is a formal and elegant model for semistructured data [Buneman et al., ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The problem of modeling semistructured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. In this paper, we base our work on bdfs, which is a formal and elegant model for semistructured data [Buneman et al., 1997] where schemas are graphs whose edges are labeled with formulae of a theory T. We extend bdfs with the possibility of expressing constraints and dealing with incomplete information. In particular, we consider different types of constraints, and discuss how the expressive power of the constraint language may influence the complexity of checking subsumption between schemas. We then set up a framework for defining bdfs schemas under the assumption that the theory T is not complete. Finally, we propose a new semistructured data model, which extends bdfs with both constraints and incomplete theories. We present a technique for checking subsumption in a setting where both the constraints and the theory are expressed in a very powerful language. 1