Results 1  10
of
26
Alternatingtime Temporal Logic
 Journal of the ACM
, 1997
"... Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general var ..."
Abstract

Cited by 448 (47 self)
 Add to MetaCart
Temporal logic comes in two varieties: lineartime temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branchingtime temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternatingtime temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While lineartime and branchingtime logics are natural specification languages for closed systems, alternatingtime logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. Also the problems of receptiveness, realizability, and controllability can be formulated as modelchecking problems for alternatingtime formulas.
Open Systems in Reactive Environments: Control and Synthesis
, 2000
"... We study the problems of synthesizing open systems as well as controllers for open systems. We deal with specifications given as formulas of the branching temporal logic CTL ? and its sublogic CTL. A key aspect of our work is that we deal with reactive environments. These are environments that can ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
We study the problems of synthesizing open systems as well as controllers for open systems. We deal with specifications given as formulas of the branching temporal logic CTL ? and its sublogic CTL. A key aspect of our work is that we deal with reactive environments. These are environments that can disable some of their responses along the interaction with the system.
On the Completeness of Compositional Reasoning
 In CAV, volume 1855 of LNCS
, 2000
"... Several proof rules based on the assumeguarantee paradigm have been proposed for compositional reasoning about concurrent systems. ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
Several proof rules based on the assumeguarantee paradigm have been proposed for compositional reasoning about concurrent systems.
Deterministic Generators and Games for LTL Fragments
 ACM Trans. Comput. Log
, 2001
"... Deciding infinite twoplayer games on finite graphs with the winning condition specified by a linear temporal logic (Ltl) formula, is known to be 2Exptimecomplete. In this paper, we identify Ltl fragments of lower complexity. Solving Ltl games typically involves a doublyexponential translation from ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
Deciding infinite twoplayer games on finite graphs with the winning condition specified by a linear temporal logic (Ltl) formula, is known to be 2Exptimecomplete. In this paper, we identify Ltl fragments of lower complexity. Solving Ltl games typically involves a doublyexponential translation from Ltl formulas to deterministic !automata. First, we show that the longest distance (length of the longest simple path) of the generator is also an important parameter, by giving an O(d log n)space procedure to solve a Buchi game on a graph with n vertices and longest distance d. Then, for the Ltl fragment with only eventualities and conjunctions, we provide a translation to deterministic generators of exponential size and linear longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Pspacecomplete. Introducing next modalities in this fragment, we provide a translation to deterministic generators still of exponential size but also with exponential longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Exptimecomplete. For the fragment resulting by further adding disjunctions, we provide a translation to deterministic generators of doublyexponential size and exponential longest distance, show both of these bounds to be optimal, and prove the corresponding games to be Expspace. Finally, we show tightness of the doubleexponential bound on the size as well as the longest distance for deterministic generators for Ltl even in the absence of next and until modalities. This research was partially supported by NSF Career award CCR9734115, NSF award CCR9970925, SRC award 99TJ688, and Alfred P. Sloan Faculty Fellowship. y Partially supported by the M.U.R.S.T. in the framework of project TO...
Relating Linear and Branching Model Checking
 In IFIP Working Conference on Programming Concepts and Methods
, 1996
"... The difference in the complexity of branching and linear model checking has been viewed as an argument in favor of the branching paradigm. In particular, the computational advantage of CTL model checking over LTL model checking makes CTL a popular choice, leading to efficient modelchecking tools fo ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
The difference in the complexity of branching and linear model checking has been viewed as an argument in favor of the branching paradigm. In particular, the computational advantage of CTL model checking over LTL model checking makes CTL a popular choice, leading to efficient modelchecking tools for this logic. Can we use these tools in order to verify linear properties? In this paper we relate branching and linear model checking. With each LTL formula /, we associate a CTL formula /A that is obtained from / by preceding each temporal operator by the universal path quantifier A. We first describe a number of attempts to utilize the tight syntactic relation between / and /A in order to use CTL modelchecking tools in the process of checking the formula /. Neither attempt, however, suggests a method that is guaranteed to perform better than usual LTL model checkers. We then claim that, in practice, LTL model checkers perform nicely on formulas with equivalences of CTL. In fact, they oft...
Pushdown Module Checking with Imperfect Information
, 2012
"... The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems ( ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems (pushdown module checking). In this paper, we extend pushdown module checking to the imperfect information setting; i.e., to the case where the environment has only a partial view of the system’s control states and pushdown store content. We study the complexity of this problem with respect to the branchingtime temporal logics CTL, CTL ∗ and the propositional µcalculus. We show that pushdown module checking, which is by itself harder than pushdown model checking, becomes undecidable when the environment has imperfect information.
Automatatheoretic Decision of Timed Games
, 2013
"... The solution of games is a key decision problem in the context of verification of open systems and program synthesis. Given a game graph and a specification, we wish to determine if there exists a strategy of the protagonist that allows to select only behaviors fulfilling the specification. In this ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
The solution of games is a key decision problem in the context of verification of open systems and program synthesis. Given a game graph and a specification, we wish to determine if there exists a strategy of the protagonist that allows to select only behaviors fulfilling the specification. In this paper, we consider timed games, where the game graph is a timed automaton and the specification is given by formulas of the temporal logics Ltl and Ctl. We present an automatatheoretic approach to solve the addressed games, extending to the timed framework a successful approach to solve discrete games. The main idea of this approach is to translate the timed automaton A, modeling the game graph, into a tree automaton AT accepting all trees that correspond to a strategy of the protagonist. Then, given an automaton corresponding to the specification, we intersect it with the tree automaton AT and check for the nonemptiness of the resulting automaton. Our approach yields a decision algorithm running in exponential time for Ctl and in double exponential time for Ltl. The obtained algorithms are optimal in the sense that their computational complexity matches the known lower bounds.