Results 1  10
of
24
Alternatingtime Temporal Logic
 Journal of the ACM
, 1997
"... Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general var ..."
Abstract

Cited by 448 (47 self)
 Add to MetaCart
Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternatingtime temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While lineartime and branchingtime logics are natural specification languages for closed systems, alternatingtime logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. Also the problems of receptiveness, realizability, and controllability can be formulated as modelchecking problems for alternatingtime formulas.
Timed Control with Partial Observability
, 2003
"... We consider the problem of synthesizing controllers for timed systems modeled using timed automata. The point of departure from earlier work is that we consider controllers that have only a partial observation of the system that it controls. In discrete event systems (where continuous time is not ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
We consider the problem of synthesizing controllers for timed systems modeled using timed automata. The point of departure from earlier work is that we consider controllers that have only a partial observation of the system that it controls. In discrete event systems (where continuous time is not modeled), it is well known how to handle partial observability, and decidability issues do not differ from the complete information setting. We show however that timed control under partial observability is undecidable even for internal specifications (while the analogous problem under complete observability is decidable) and we identify a decidable subclass.
OptimalReachability and Control for Acyclic Weighted Timed Automata
 Proc. 2nd IFIP International Conference on Theoretical Computer Science (TCS’02
, 2002
"... Weighted timed automata extend timed automata with costs on both locations and transitions. In this framework we study the optimal reachability and the optimal control synthesis problems for the automata with acyclic control graphs. This class of automata is relevant for some practical problems such ..."
Abstract

Cited by 23 (3 self)
 Add to MetaCart
Weighted timed automata extend timed automata with costs on both locations and transitions. In this framework we study the optimal reachability and the optimal control synthesis problems for the automata with acyclic control graphs. This class of automata is relevant for some practical problems such as some static scheduling problems or airtraffic control problems. We give a nondeterministic polynomial time algorithm to solve the decision version of the considered optimal reachability problem. This algorithm matches the known lower bound on the reachability for acyclic timed automata, and thus the problem is NPcomplete. We also solve in doubly exponential time the corresponding control synthesis problem. ∗ The first and the second authors were supported in part by the NSF award CCR9970925,
Dense Realtime Games
 IN LICS 02
, 2002
"... The rapid development of complex and safetycritical systems requires the use of reliable verification methods and tools for system design (synthesis). Many systems of interest are reactive, in the sense that their behavior depends on the interaction with the environment. A natural framework to mode ..."
Abstract

Cited by 21 (4 self)
 Add to MetaCart
The rapid development of complex and safetycritical systems requires the use of reliable verification methods and tools for system design (synthesis). Many systems of interest are reactive, in the sense that their behavior depends on the interaction with the environment. A natural framework to model them is a twoplayer game: the system versus the environment. In this context, the central problem is to determine the existence of a winning strategy according to a given winning condition. We focus on realtime systems, and choose to model the related game as a nondeterministic timed automaton. We express winning conditions by formulas of the branchingtime temporal logic TCTL. While timed games have been studied in the literature, timed games with densetime winning conditions constitute a new research topic. The main result of this paper is an exponentialtime algorithm to check for the existence of a winning strategy for TCTL games where equality is not allowed in the timing constraints. Our approach consists on translating to timed tree automata both the game graph and the winning condition, thus reducing the considered decision problem to the emptiness problem for this class of automata. The proposed algorithm matches the known lower bound on timed games. Moreover, if we relax the limitation we have placed on the timing constraints, the problem becomes undecidable.
Fault diagnosis using timed automata
 Foundations of Software Science and Computational Structures: 8th International Conference, FOSSACS 2005, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2005
, 2005
"... Abstract. Fault diagnosis consists in observing behaviours of systems, and in detecting online whether an error has occurred or not. In the context of discrete event systems this problem has been wellstudied, but much less work has been done in the timed framework. In this paper, we consider the pr ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
Abstract. Fault diagnosis consists in observing behaviours of systems, and in detecting online whether an error has occurred or not. In the context of discrete event systems this problem has been wellstudied, but much less work has been done in the timed framework. In this paper, we consider the problem of diagnosing faults in behaviours of timed plants. We focus on the problem of synthesizing fault diagnosers which are realizable as deterministic timed automata, with the motivation that such diagnosers would function as efficient online fault detectors. We study two classes of such mechanisms, the class of deterministic timed automata (DTA) and the class of eventrecording timed automata (ERA). We show that the problem of synthesizing diagnosers in each of these classes is decidable, provided we are given a bound on the resources available to the diagnoser. We prove that under this assumption diagnosability is 2EXPTIMEcomplete in the case of DTA’s whereas it becomes PSPACEcomplete for ERA’s. 1
Minimumtime reachability in timed games
 In ICALP 2007, volume 4596 of LNCS
, 2007
"... Abstract. We consider the minimumtime reachability problem in concurrent twoplayer timed automaton game structures. We show how to compute the minimum time needed by a player to reach a location against all possible choices of the opponent We do not put any syntactic restriction on the game struct ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Abstract. We consider the minimumtime reachability problem in concurrent twoplayer timed automaton game structures. We show how to compute the minimum time needed by a player to reach a location against all possible choices of the opponent We do not put any syntactic restriction on the game structure, nor do we require any player to guarantee time divergence. We only require players to use physically realizable strategies. The minimal time is computed in part using a fixpoint expression which we show can be used on equivalence classes of a nontrivial extension of the region equivalence relation. 1
Controller synthesis for MTL specifications
 In Proc. 17th International Conference on Concurrency Theory (CONCUR’06
, 2006
"... Abstract. We consider the control problem for timed automata against specifications given as MTL formulas. The logic MTL is a lineartime timed temporal logic which extends LTL with timing constraints on modalities, and recently, its modelchecking has been proved decidable in several cases. We inve ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Abstract. We consider the control problem for timed automata against specifications given as MTL formulas. The logic MTL is a lineartime timed temporal logic which extends LTL with timing constraints on modalities, and recently, its modelchecking has been proved decidable in several cases. We investigate these decidable fragments of MTL (full MTL when interpreted over finite timed words, and SafetyMTL when interpreted over infinite timed words), and prove two kinds of results. (1) We first prove that, contrary to modelchecking, the control problem is undecidable. Roughly, the computation of a lossy channel system could be encoded as a modelchecking problem, and we prove here that a perfect channel system can be encoded as a control problem. (2) We then prove that if we fix the resources of the controller (by resources we mean clocks and constants that the controller can use), the control problem becomes decidable. This decidability result relies on properties of well (and better) quasiorderings. 1
Timed Parity Games: Complexity and Robustness
"... We consider twoplayer games played in real time on game structures with clocks and parity objectives. The games are concurrent in that at each turn, both players independently propose a time delay and an action, and the action with the shorter delay is chosen. To prevent a player from winning by bl ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We consider twoplayer games played in real time on game structures with clocks and parity objectives. The games are concurrent in that at each turn, both players independently propose a time delay and an action, and the action with the shorter delay is chosen. To prevent a player from winning by blocking time, we restrict each player to strategies that ensure that the player cannot be responsible for causing a zeno run. First, we present an efficient reduction of these games to turnbased (i.e., nonconcurrent) finitestate (i.e., untimed) parity games. The states of the resulting game are pairs of clock regions of the original game. Our reduction improves the best known complexity for solving timed parity games. Moreover, the rich class of algorithms for classical parity games can now be applied to timed parity games. Second, we consider two restricted classes of strategies for the player that represents the controller in a realtime synthesis problem, namely, limitrobust and boundedrobust strategies. Using a limitrobust strategy, the controller cannot choose an exact realvalued time delay but must allow for some nonzero jitter in each of its actions. If there is a given lower bound on the jitter, then the strategy is boundedrobust. We show that exact strategies are more powerful than limitrobust strategies, which are more powerful than boundedrobust strategies for any bound. For both kinds of robust strategies, we present efficient reductions to standard timed automaton games. These reductions provide algorithms for the synthesis of robust realtime controllers.
Incremental Synthesis of FaultTolerant RealTime Programs
"... In this paper, we focus on the problem of automated addition of faulttolerance to an existing faultintolerant realtime program. We consider three levels of faulttolerance, namely nonmasking, failsafe, and masking, based on safety and liveness properties satisfied in the presence of faults. More ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
In this paper, we focus on the problem of automated addition of faulttolerance to an existing faultintolerant realtime program. We consider three levels of faulttolerance, namely nonmasking, failsafe, and masking, based on safety and liveness properties satisfied in the presence of faults. More specifically, a nonmasking (respectively, failsafe, masking) program satisfies liveness (respectively, safety, both safety and liveness) in the presence of faults. For failsafe and masking faulttolerance, we consider two additional levels, soft and hard, based on satisfaction of timing constraints in the presence of faults. We present a polynomial time algorithm (in the size of the input program’s region graph) that adds boundedtime recovery from an arbitrary given set of states to another arbitrary set of states. Using this algorithm, we propose a sound and complete synthesis algorithm that transforms a faultintolerant realtime program into a nonmasking faulttolerant program. Furthermore, we introduce sound and complete algorithms for adding soft/hardfailsafe faulttolerance. For reasons of space, our results on addition of soft/hardmasking faulttolerance are presented in a technical report.
Modal logics for timed control
, 2005
"... Abstract. In this paper we use the timed modal logic Lν to specify control objectives for timed plants. We show that the control problem for a large class of objectives can be reduced to a modelchecking problem for an extension (L cont ν) of the logic Lnu with a new modality. More precisely we defi ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract. In this paper we use the timed modal logic Lν to specify control objectives for timed plants. We show that the control problem for a large class of objectives can be reduced to a modelchecking problem for an extension (L cont ν) of the logic Lnu with a new modality. More precisely we define a fragment of Lν, namely L det ν, such that any formula that holds for the plant if and only if there is a controller that can enforce the control objective. We also show that the new modality of L cont ν strictly increases the expressive power of Lν while modelchecking of Lc remains EXPTIMEcomplete. control objective of L det ν can be translated into a L cont ν 1