Results 1  10
of
63
Reasoning about Infinite Computations
 Information and Computation
, 1994
"... We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping and repeating) for the automata. It turns out, however, that these logics all ..."
Abstract

Cited by 250 (55 self)
 Add to MetaCart
We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping and repeating) for the automata. It turns out, however, that these logics all have the same expressive power and that their decision problems are all PSPACEcomplete. We also investigate connectives defined by alternating automata and show that they do not increase the expressive power of the logic or the complexity of the decision problem. 1 Introduction For many years, logics of programs have been tools for reasoning about the input/output behavior of programs. When dealing with concurrent or nonterminating processes (like operating systems) there is, however, a need to reason about infinite computations. Thus, instead of considering the first and last states of finite computations, we need to consider the infinite sequences of states that the program goes through...
Tree Automata, MuCalculus and Determinacy (Extended Abstract)
 IN PROCEEDINGS OF THE 32ND ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE, FOCS ’91
, 1991
"... We show that the propositional MuCalculus is equivalent in expressive power to finite automata on infinite trees. Since complementation is trivial in the MuCalculus, our equivalence provides a radically simplified, alternative proof of Rabin's complementation lemma for tree automata, which is the ..."
Abstract

Cited by 215 (4 self)
 Add to MetaCart
We show that the propositional MuCalculus is equivalent in expressive power to finite automata on infinite trees. Since complementation is trivial in the MuCalculus, our equivalence provides a radically simplified, alternative proof of Rabin's complementation lemma for tree automata, which is the heart of one of the deepest decidability results. We also show how MuCalculus can be used to establish determinacy of infinite games used in earlier proofs of complementation lemma, and certain games used in the theory of online algorithms.
A completeness theorem for Kleene algebras and the algebra of regular events
 Information and Computation
, 1994
"... We givea nitary axiomatization of the algebra of regular events involving only equations and equational implications. Unlike Salomaa's axiomatizations, the axiomatization given here is sound for all interpretations over Kleene algebras. 1 ..."
Abstract

Cited by 188 (23 self)
 Add to MetaCart
We givea nitary axiomatization of the algebra of regular events involving only equations and equational implications. Unlike Salomaa's axiomatizations, the axiomatization given here is sound for all interpretations over Kleene algebras. 1
Visibly pushdown languages
, 2004
"... Abstract. We study congruences on words in order to characterize the class of visibly pushdown languages (Vpl), a subclass of contextfree languages. For any language L, we define a natural congruence on words that resembles the syntactic congruence for regular languages, such that this congruence i ..."
Abstract

Cited by 133 (15 self)
 Add to MetaCart
Abstract. We study congruences on words in order to characterize the class of visibly pushdown languages (Vpl), a subclass of contextfree languages. For any language L, we define a natural congruence on words that resembles the syntactic congruence for regular languages, such that this congruence is of finite index if, and only if, L is a Vpl. We then study the problem of finding canonical minimal deterministic automata for Vpls. Though Vpls in general do not have unique minimal automata, we consider a subclass of VPAs called kmodule singleentry VPAs that correspond to programs with recursive procedures without input parameters, and show that the class of wellmatched Vpls do indeed have unique minimal kmodule singleentry automata. We also give a polynomial time algorithm that minimizes such kmodule singleentry VPAs. 1 Introduction The class of visibly pushdown languages (Vpl), introduced in [1], is a subclassof contextfree languages accepted by pushdown automata in which the input letter determines the type of operation permitted on the stack. Visibly pushdown languages are closed under all boolean operations, and problems such as inclusion, that are undecidable for contextfree languages, are decidable for Vpl. Vpls are relevant to several applications that use contextfree languages suchas the modelchecking of software programs using their pushdown models [13]. Recent work has shown applications in other contexts: in modeling semanticsof effects in processing XML streams [4], in game semantics for programming languages [5], and in identifying larger classes of pushdown specifications thatadmit decidable problems for infinite games on pushdown graphs [6].
Reasoning about The Past with TwoWay Automata
 In 25th International Colloqium on Automata, Languages and Programming, ICALP ’98
, 1998
"... Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete. This upp ..."
Abstract

Cited by 129 (12 self)
 Add to MetaCart
Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete. This upper bound, however, is known for a version of the logic that has only forward modalities, which express weakest preconditions, but not backward modalities, which express strongest postconditions. Our main result in this paper is an exponential time upper bound for the satisfiability problem of the pcalculus with both forward and backward modalities. To get this result we develop a theory of twoway alternating automata on infinite trees. 1
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
"... We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but n ..."
Abstract

Cited by 116 (37 self)
 Add to MetaCart
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 101 (16 self)
 Add to MetaCart
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
Games for the µCalculus
"... Given a formula of the propositional µcalculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of ..."
Abstract

Cited by 52 (5 self)
 Add to MetaCart
Given a formula of the propositional µcalculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of the formula while the strategy for the second forms what we call a refutation of the formula. Using Martin's Determinacy Theorem, we prove that any formula has either a model or a refutation. This completeness result is a starting point for the completeness theorem for the µcalculus to be presented elsewhere. However, we argue that refutations have some advantages of their own. They are generated by a natural system of sound logical rules and can be presented as regular trees of the size exponential in the size of a refuted formula. This last aspect completes the small model theorem for the µcalculus established by Emerson and Jutla [3]. Thus, on a more practical side, refutations can be...
Fair Simulation
 Information and Computation
, 1997
"... The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedd ..."
Abstract

Cited by 49 (18 self)
 Add to MetaCart
The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branchingtime formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branchingtime properties. Third, based on its local definition, simulation between finitestate systems can be checked in polynomial time. Finally, simulation implies tracecontainment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...