We investigate extensions of temporal logic by connectives defined by finite automata on infinite words. We consider three different logics, corresponding to three different types of acceptance conditions (finite, looping and repeating) for the automata. It turns out, however, that these logics all have the same expressive power and that their decision problems are all PSPACE-complete. We also investigate connectives defined by alternating automata and show that they do not increase the expressive power of the logic or the complexity of the decision problem. 1 Introduction For many years, logics of programs have been tools for reasoning about the input/output behavior of programs. When dealing with concurrent or nonterminating processes (like operating systems) there is, however, a need to reason about infinite computations. Thus, instead of considering the first and last states of finite computations, we need to consider the infinite sequences of states that the program goes through...

We show that the propositional Mu-Calculus is equivalent in expressive power to finite automata on infinite trees. Since complementation is trivial in the Mu-Calculus, our equivalence provides a radically simplified, alternative proof of Rabin's complementation lemma for tree automata, which is the heart of one of the deepest decidability results. We also show how Mu-Calculus can be used to establish determinacy of infinite games used in earlier proofs of complementation lemma, and certain games used in the theory of on-line algorithms.

We give a finitary axiomatization of the algebra of regular events involving only equations and equational implications. Unlike Salomaa 's axiomatizations, the axiomatization given here is sound for all interpretations over Kleene algebras. 1 Introduction Kleene algebras are algebraic structures with operators +, \Delta, , 0, and 1 satisfying certain axioms. They arise in various guises in a number of settings: relational algebra [22, 23], semantics and logics of programs [14, 24], automata and formal language theory [18, 19], and the design and analysis of algorithms [1, 21, 12]. An important example of a Kleene algebra is Reg \Sigma , the family of regular sets over a finite alphabet \Sigma. The equational theory of this structure has been called the algebra of regular events. This theory was first studied by Infor. and Comput. 110:2 (May 1994), 366--390. A preliminary version of this paper appeared as [16]. Kleene [13], who posed axiomatization as an open problem. Salomaa [2...

The µ-calculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the µ-calculus is EXPTIME-complete. This upper bound, however, is known for a version of the logic that has only forward modalities, which express weakest preconditions, but not backward modalities, which express strongest postconditions. Our main result in this paper is an exponential time upper bound for the satisfiability problem of the µ-calculus with both forward and backward modalities. To get this result we develop a theory of two-way alternating automata on infinite trees.

We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow non-deterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the non-deterministic, but not probabilistic, choices. The presence of non-determinism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...

Abstract. We study congruences on words in order to characterize the class of visibly pushdown languages (Vpl), a subclass of context-free languages. For any language L, we define a natural congruence on words that resembles the syntactic congruence for regular languages, such that this congruence is of finite index if, and only if, L is a Vpl. We then study the problem of finding canonical minimal deterministic automata for Vpls. Though Vpls in general do not have unique minimal automata, we consider a subclass of VPAs called k-module single-entry VPAs that correspond to programs with recursive procedures without input parameters, and show that the class of well-matched Vpls do indeed have unique minimal k-module single-entry automata. We also give a polynomial time algorithm that minimizes such k-module single-entry VPAs. 1 Introduction The class of visibly pushdown languages (Vpl), introduced in [1], is a subclassof context-free languages accepted by pushdown automata in which the input letter determines the type of operation permitted on the stack. Visibly push-down languages are closed under all boolean operations, and problems such as inclusion, that are undecidable for context-free languages, are decidable for Vpl. Vpls are relevant to several applications that use context-free languages suchas the model-checking of software programs using their pushdown models [1-3]. Recent work has shown applications in other contexts: in modeling semanticsof effects in processing XML streams [4], in game semantics for programming languages [5], and in identifying larger classes of pushdown specifications thatadmit decidable problems for infinite games on pushdown graphs [6].

Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proof-based approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixed-point expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...

The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branching-time formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branching-time properties. Third, based on its local definition, simulation between finite-state systems can be checked in polynomial time. Finally, simulation implies trace-containment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...

Given a formula of the propositional µ-calculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of the formula while the strategy for the second forms what we call a refutation of the formula. Using Martin's Determinacy Theorem, we prove that any formula has either a model or a refutation. This completeness result is a starting point for the completeness theorem for the µ-calculus to be presented elsewhere. However, we argue that refutations have some advantages of their own. They are generated by a natural system of sound logical rules and can be presented as regular trees of the size exponential in the size of a refuted formula. This last aspect completes the small model theorem for the µ-calculus established by Emerson and Jutla [3]. Thus, on a more practical side, refutations can be...

Abstract not found