Results 1  10
of
31
Using Temporal Logics to Express Search Control Knowledge for Planning
 ARTIFICIAL INTELLIGENCE
, 1999
"... Over the years increasingly sophisticated planning algorithms have been developed. These have made for more efficient planners, but unfortunately these planners still suffer from combinatorial complexity even in simple domains. Theoretical results demonstrate that planning is in the worst case in ..."
Abstract

Cited by 275 (11 self)
 Add to MetaCart
Over the years increasingly sophisticated planning algorithms have been developed. These have made for more efficient planners, but unfortunately these planners still suffer from combinatorial complexity even in simple domains. Theoretical results demonstrate that planning is in the worst case intractable. Nevertheless, planning in particular domains can often be made tractable by utilizing additional domain structure. In fact, it has long been acknowledged that domain independent planners need domain dependent information to help them plan effectively. In this
Lazy theorem proving for bounded model checking over infinite domains
, 2002
"... Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program ..."
Abstract

Cited by 74 (11 self)
 Add to MetaCart
Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program states, and an upper bound k, our procedure determines if there is a falsifying path of length k to the hypothesis that M satisfies the specification '. This problem can be reduced to the satisfiability of Boolean constraint formulas. Our verification engine for these kinds of formulas is lazy in that propositional abstractions of Boolean constraint formulas are incrementally refined by generating lemmas on demand from an automated analysis of spurious counterexamples using theorem proving. We exemplify bounded model checking for timed automata and for RTL level descriptions, and investigate the lazy integration of SAT solving and theorem proving. 1 Introduction Model checking decides the problem of whether a system satisfies a temporal logic property by exploring the underlying state space. It applies primarily to finitestate systems but also to certain infinitestate systems, and the state space can be represented in symbolic or explicit form. Symbolic model checking has traditionally employed a boolean representation of state sets using binary decision diagrams (BDD) [4] as a way of checking temporal properties, whereas explicitstate model checkers enumerate the set of reachable states of the system.
On Model Checking Safety Properties
 IN MODEL CHECKING SOFTWARE. 10TH INTERNATIONAL SPIN WORKSHOP
, 2002
"... Safety properties are an interesting subset of general temporal properties for systems. In the linear time paradigm, model checking of safety properties is simpler than the general case, because safety properties can be captured by finite automata. This work discusses the theoretical and some of the ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Safety properties are an interesting subset of general temporal properties for systems. In the linear time paradigm, model checking of safety properties is simpler than the general case, because safety properties can be captured by finite automata. This work discusses the theoretical and some of the practical issues related to model checking LTL properties. Our first
On Complementing Nondeterministic Büchi Automata
, 2003
"... Several optimal algorithms have been proposed for the complementation of nondeterministic B uchi word automata. Due to the intricacy of the problem and the exponential blowup that complementation involves, these algorithms have never been used in practice, even though an effective complementatio ..."
Abstract

Cited by 21 (8 self)
 Add to MetaCart
Several optimal algorithms have been proposed for the complementation of nondeterministic B uchi word automata. Due to the intricacy of the problem and the exponential blowup that complementation involves, these algorithms have never been used in practice, even though an effective complementation construction would be of significant practical value. Recently, Kupferman and Vardi described a complementation algorithm that goes through weak alternating automata and that seems simpler than previous algorithms. We combine their algorithm with known and new minimization techniques. Our approach is based on optimizations of both the intermediate weak alternating automaton and the final nondeterministic automaton, and involves techniques of rank and height reductions, as well as direct and fair simulation.
A Brief Account of Runtime Verification
, 2008
"... In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishi ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishing features are pointed out. Moreover, extensions of runtime verification such as monitororiented programming, and monitorbased runtime reflection are sketched and their similarities and differences are discussed. Finally, the use of runtime verification for contract enforcement is briefly pointed out.
Alternationfree modal mucalculus for data trees
 In LICS’07
, 2007
"... An alternationfree modal µcalculus over data trees is introduced and studied. A data tree is an unranked ordered tree whose every node is labelled by a letter from a finite alphabet and an element (“datum”) from an infinite set. For expressing datasensitive properties, the calculus is equipped wi ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
An alternationfree modal µcalculus over data trees is introduced and studied. A data tree is an unranked ordered tree whose every node is labelled by a letter from a finite alphabet and an element (“datum”) from an infinite set. For expressing datasensitive properties, the calculus is equipped with freeze quantification. A freeze quantifier stores in a register the datum labelling the current tree node, which can then be accessed for equality comparisons deeper in the formula. The main results in the paper are that, for the fragment with forward modal operators and one register, satisfiability over finite data trees is decidable but not primitive recursive, and that for the subfragment consisting of safety formulae, satisfiability over countable data trees is decidable but not elementary. The proofs use alternating tree automata which have registers, and establish correspondences with nondeterministic tree automata which have faulty counters. Allowing backward modal operators or two registers causes undecidability. As consequences, decidability is obtained for two datasensitive fragments of the XPath query language. The paper shows that, for reasoning about data trees, the forward fragment of the calculus with one register is a powerful alternative to a recently proposed firstorder logic with two variables. 1.
Proving more properties with bounded model checking
 In: CAV. Volume 3114 of LNCS. (2004) 96–108
, 2004
"... Abstract. Bounded Model Checking, although complete in theory, has been thus far limited in practice to falsification of properties that were not invariants. In this paper we propose a termination criterion for all of LTL, and we show its effectiveness through experiments. Our approach is based on c ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
Abstract. Bounded Model Checking, although complete in theory, has been thus far limited in practice to falsification of properties that were not invariants. In this paper we propose a termination criterion for all of LTL, and we show its effectiveness through experiments. Our approach is based on converting the LTL formula to a Büchi automaton so as to reduce model checking to the verification of a fairness constraint. This reduction leads to one termination criterion that applies to all formulae. We also discuss cases for which a dedicated termination test improves bounded model checking efficiency. 1
On Bounded Specifications
 In Proc. of the Int. Conference on Logic for Programming and Automated Reasoning (LPAR’01), LNAI
, 2002
"... Bounded model checking methodologies check the correctness of a system with respect to a given specification by examining computations of a bounded length. Results from settheoretic topology imply that sets in are both open and closed (clopen sets) are precisely bounded sets: membership of a ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
Bounded model checking methodologies check the correctness of a system with respect to a given specification by examining computations of a bounded length. Results from settheoretic topology imply that sets in are both open and closed (clopen sets) are precisely bounded sets: membership of a word in a clopen set can be determined by examining a bounded prefix of it.
On the construction of fine automata for safety properties
 In Proc. 4th ATVA, LNCS 4218
, 2006
"... Abstract. Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Each safety property ψ can be associated with a set of bad prefixes: a set of finite computations such that an infinite computation violates ψ iff it has ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Abstract. Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Each safety property ψ can be associated with a set of bad prefixes: a set of finite computations such that an infinite computation violates ψ iff it has a prefix in the set. By translating a safety property to an automaton for its set of bad prefixes, verification can be reduced to reasoning about finite words: a system is correct if none of its computations has a bad prefix. Checking the latter circumvents the need to reason about cycles and simplifies significantly methods like symbolic fixedpoint based verification, bounded model checking, and more. A drawback of the translation lies in the size of the automata: while the translation of a safety LTL formula ψ to a nondeterministic Büchi automaton is exponential, its translation to a tight badprefix automaton — one that accepts all the bad prefixes of ψ, is doubly exponential. Kupferman and Vardi showed that for the purpose of verification, one can replace the tight automaton by a fine automaton — one that accepts at least one bad prefix of each infinite computation that violates ψ. They also showed that for many safety LTL formulas, a fine automaton has the same structure as the Büchi automaton for the formula. The problem of constructing fine automata for general safety LTL formulas was left open. In this paper we solve this problem and show that while a fine automaton cannot, in general, have the same structure as the Büchi automaton for the formula, the size of a fine automaton is still only exponential in the length of the formula. 1