## An automata-theoretic approach to reasoning about infinite-state systems (2000)

### Cached

### Download Links

- [www.cs.huji.ac.il]
- [www.cs.huji.ac.il]
- [www.cs.rice.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | LNCS |

Citations: | 33 - 4 self |

### BibTeX

@INPROCEEDINGS{Kupferman00anautomata-theoretic,

author = {Orna Kupferman and Moshe Y. Vardi},

title = {An automata-theoretic approach to reasoning about infinite-state systems},

booktitle = {LNCS},

year = {2000},

pages = {36--52},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. We develop an automata-theoretic framework for reasoning about infinitestate sequential systems. Our framework is based on the observation that states of such systems, which carry a finite but unbounded amount of information, can be viewed as nodes in an infinite tree, and transitions between states can be simulated by finite-state automata. Checking that the system satisfies a temporal property can then be done by an alternating two-way tree automaton that navigates through the tree. As has been the case with finite-state systems, the automatatheoretic framework is quite versatile. We demonstrate it by solving several versions of the model-checking problem for §-calculus specifications and prefixrecognizable systems, and by solving the realizability and synthesis problems for §-calculus specifications with respect to prefix-recognizable environments. 1

### Citations

2426 | D.: Model Checking
- Clarke, Grumberg, et al.
- 2001
(Show Context)
Citation Context ...ystem with respect to a desired behavior by checking whether a labeled state-transition graph that models the system satisfies a temporal logic formula that specifies this behavior (for a survey, see =-=[CGP99]-=-). Symbolic methods that enable model checking of very large state spaces, and the great ease of use of fully algorithmic methods, led to industrial acceptance of temporal model checking [BBG ¨ 94]. A... |

1266 | The model checker SPIN - Holzmann - 1997 |

1183 | Automatic verification of finite-state concurrent systems using temporal logics - Clarke, Emerson, et al. - 1986 |

586 | An automata-theoretic approach to automatic program verification - Vardi, Wolper |

448 | Alternating-time temporal logic - Alur, Henzinger, et al. |

360 |
Propositional dynamic logic of regular programs
- Fischer, Ladner
- 1979
(Show Context)
Citation Context ... Theorems 3 and 4 implies that the realizability and synthesis problem is in EXPTIME. Thus, it is not harder than in the satisfiability problem for the -calculus, and it matches the known lower bound =-=[FL79]-=-. Formally, we have the following. £ ¢sTheorem 7. The realizability and synthesis problems for a context-free or a prefix recognizablerewrite system ��¡�£�� ¦©¨�����¦©��¦¤ ��©� and a graph automaton ¢... |

337 | On the synthesis of a reactive module - Pnueli, Rosner - 1989 |

300 | An Automata-Theoretic Approach to Branching-Time Model Checking - Kupferman, Vardi, et al. |

292 | Reachability analysis of pushdown automata: Application to model-checking
- Bouajjani, Esparza, et al.
- 1997
(Show Context)
Citation Context ... and “previously” modalities). Hence, the algorithm can be used to compute successors and predecessors of regular state sets, and can be viewed as the automata-theoretic approach to the algorithms in =-=[BEM97]-=-. This observation is related to the work in [LS98], where bottom-up automata on finite trees are used in order to recognize sets of terms in Process Algebra. Given a term £ , [LS98] shows that it is ... |

269 | Simple on-the-fly automatic verification of linear temporal logic
- Gerth, Peled, et al.
- 1995
(Show Context)
Citation Context ...ically optimal algorithms. The automata-theoretic framework for reasoning about finitestate systems has proven to be very versatile. Automata are the key to techniques such as on-the-fly verification =-=[GPVW95]-=-, and they are useful also for modular verification [KV98], partial-order verification [GW94,WW96], verification of real-time and hybrid systems [HKV96,DW99], and verification of open systems [AHK97,K... |

260 |
Results on the propositional -calculus
- Kozen
- 1983
(Show Context)
Citation Context ..., where ������ is the size of a nondeterministic automaton provided for the regular ex�� � pression .s2.2s-calculus Thes-calculus is a modal logic augmented with least and greatest fixpoint operators =-=[Koz83]-=-. Given a finite set ¨���� of actions and a finite set ¡£¢¥¤ of variables, as-calculus formula (in a positive normal form) over ¨���� and ¡£¢¦¤ is one of the following: – §©¨���� , ��������� , or � fo... |

252 | Reasoning about infinite computations - Vardi, Wolper - 1994 |

238 | Specification and verification of concurrent systems in CESAR - Queille, Sifakis - 1982 |

236 | Checking that finite state concurrent programs satisfy their linear specification - Lichtenstein, Pnueli - 1985 |

148 | Efficient algorithms for model checking pushdown systems - Esparza, Hansel, et al. |

147 | The complexity of tree automata and logic of programs - Emerson, Jutla - 1988 |

143 | A user guide to HyTech - Henzinger, Ho, et al. - 1995 |

138 |
The glory of the past
- Lichtenstein, Pnueli, et al.
- 1985
(Show Context)
Citation Context ...ifications with backwards modalities. While forward modalities express weakest precondition, backward modalities express strongest postcondition, and they are very useful for reasoning about the past =-=[LPZ85]-=-. In order to adjust graph automata to backward reasoning, we add to � §�¨�����¨������ the “directions” £¥� � � and � � � � . This enables the graph automata to move to � -predecessors of the current ... |

129 | Reasoning about the past with two-way automata
- Vardi
- 1998
(Show Context)
Citation Context ...at various problems related to the analysis of such systems can be reduced to the emptiness problem for alternating two-way tree automata, which was recently shown to be decidable in exponential time =-=[Var98]-=-. We first show how the automata-theoretic framework can be used to solve thes- calculus model-checking problem with respect to context-free and prefix-recognizable systems. While our framework does n... |

121 |
The theory of ends, pushdown automata, and secondorder logic
- Muller, Schupp
- 1985
(Show Context)
Citation Context ...bounded, amount of information, e.g., a pushdown store. The origin of this thrust is the important result by Müller and Schupp that the monadic second-order theory of context-free graphs is decidable =-=[MS85]-=-. As the complexity involved in that decidability result is nonelementary, researchers sought decidability results of elementary complexity. This © Supported in part by NSF grant CCR-9700061, and by a... |

116 | Decidability of Second Order Theories and Automata - Rabin - 1969 |

114 | A direct symbolic approach to model checking pushdown systems - Finkel, Willems, et al. - 1997 |

113 | A partial approach to model checking - Godefroid, Wolper - 1994 |

95 | On infinite transition graphs having a decidable monadic theory
- Caucal
(Show Context)
Citation Context ...went on to extend this result to thes-calculus, on one hand, and to more general graphs on the other hand, such as pushdown graphs [BS99a,Wal96], regular graphs [BQ96], and prefix-recognizable graphs =-=[Cau96]-=-. The most powerful result so far is an exponential-time algorithm by Burkart for model checking formulas of thes-calculus with respect to prefix-recognizable graphs [Bur97b]. See also [BCMS00,BE96,BE... |

87 |
Alternating Automata on Infinite Trees
- Muller, Schupp
- 1987
(Show Context)
Citation Context ...xt, we call £�� ¦���� a labeled tree. We say that an ������� ����������������� � � have . Alternating automata on infinite trees generalize nondeterministic tree automata and were first introduced in =-=[MS87]-=-. Here we describe alternating two-way tree automata. For a finite set ¡ ¨ � ¡ � ¢ , let be the set of positive Boolean formulas over ¡ (i.e., boolean formulas built from elements in ¡ � � §©¨���� £ �... |

78 | Model checking for context-free processes
- Burkart, Steffen
(Show Context)
Citation Context ...m the Intel Corporation.sstarted with Burkart and Steffen, who developed an exponential-time algorithm for model-checking formulas in the alternation-frees-calculus with respect to contextfree graphs =-=[BS92]-=-. Researchers then went on to extend this result to thes-calculus, on one hand, and to more general graphs on the other hand, such as pushdown graphs [BS99a,Wal96], regular graphs [BQ96], and prefix-r... |

76 | Computer Aided Verification of Coordinating Processes - Kurshan - 1994 |

73 | Reasoning about infinite computation paths - Wolper, Vardi, et al. - 1983 |

70 | Modular model checking
- Kupferman, Vardi
- 1998
(Show Context)
Citation Context ...for reasoning about finitestate systems has proven to be very versatile. Automata are the key to techniques such as on-the-fly verification [GPVW95], and they are useful also for modular verification =-=[KV98]-=-, partial-order verification [GW94,WW96], verification of real-time and hybrid systems [HKV96,DW99], and verification of open systems [AHK97,KV99]. Many decision and synthesis problems have automata-b... |

64 |
On model-checking for fragments of -calculus
- Emerson, Jutla, et al.
- 1993
(Show Context)
Citation Context ...an equivalent nondeterministic one-way parity tree automaton whose number of states is exponential in and whose index is linear in [Var98], and we can check the nonemptiness of in time exponential in =-=[EJS93]-=-. 2.4 Alternating automata on labeled transition graphs Consider as£¥¤§¦©¨�����¦���¦©� � labeled transition ¨���� graph . For the set of ¡ � actions, let � � ����¦�£����©� � §�¨�����¨������ ¡ ����� � ... |

40 | The regular viewpoint on PAprocesses
- Schnoebelen
(Show Context)
Citation Context ...can be used to compute successors and predecessors of regular state sets, and can be viewed as the automata-theoretic approach to the algorithms in [BEM97]. This observation is related to the work in =-=[LS98]-=-, where bottom-up automata on finite trees are used in order to recognize sets of terms in Process Algebra. Given a term £ , [LS98] shows that it is possible to define �¡s§�� � �¦£�� as the solution o... |

38 | More infinite results - Burkart, Esparza - 1997 |

35 | CTL + is exponentially more succinct than CTL - Wilke - 1999 |

33 | Methodology and system for practical formal verification of reactive hardware - Beer, Ben-David, et al. |

29 | Composition, decomposition and model checking of pushdown processes - Burkart, Steffen - 1995 |

29 |
Tree automata, �- calculus and de-terminacy
- Emerson, Jutla
- 1991
(Show Context)
Citation Context ... the input tree, as ��¡�� whenever , we require ��� ¡ � that . A £�����¦���� run is accepting if all its infinite paths satisfy the acceptance condition. We consider here parity acceptance conditions =-=[EJ91]-=-. A parity condition over a state � set is a finite ��¡ ���s¦©� ¡ ¦ �©� �©¦©����� sequence of subsets � of , �s��� ¡ � where ������� �©� ¡�� � ��¦©��� £�� � ��������� � ��� � � ��� ��� ����� � ��� � �... |

23 | Uppaal: Status & developments - Larsen, Pettersson, et al. - 1997 |

18 | Synthesis with incomplete informatio - Kupferman, Vardi - 1997 |

17 | Partial-order methods for model checking: From linear time to branching time - Willems, Wolper - 1996 |

16 | temporal logics - Automata - 1985 |

16 |
Automata for the modal é - calculus and related results
- Janin, Walukiewicz
- 1995
(Show Context)
Citation Context ... graphs Consider as£¥¤§¦©¨�����¦���¦©� � labeled transition ¨���� graph . For the set of ¡ � actions, let � � ����¦�£����©� � §�¨�����¨������ ¡ ����� � � ��������� graphs (graph automaton, for short) =-=[JW95]-=- . An alternating automaton on labeled transition 2 ¡ ¢ � £�¨����©¦©��¦���¦©����¦©� is a tuple , where §©¨�����¨�������� ��� is the transition function. Intuitively, when ¢ is in state � ��� and it re... |

15 | Automatic verification of sequential infinitestate processes - Burkart - 1991 |

15 | A space-efficient on-the-fly algorithm for real-time model checking - Henzinger, Kupferman, et al. - 1996 |

13 | More infinite results - Esparza - 1996 |

12 |
On completeness of the -calculus
- Walukiewicz
- 1993
(Show Context)
Citation Context ...���� ������� � � , where and ¡ . ¢ is the index of Together with Theorem 2, we can conclude with an EXPTIME bound also for the model-checking problem ofs-calculus formulas matching the lower bound in =-=[Wal96]-=-. Note that the fact the same complexity bound holds for both context-free and prefixrecognizable rewrite systems stems from the different definition of � ��� in the two cases. 5 Extensions The automa... |

9 | Model checking of infinite graphs defined by graph grammers
- Burkart, Quemener
- 1996
(Show Context)
Citation Context ...xtfree graphs [BS92]. Researchers then went on to extend this result to thes-calculus, on one hand, and to more general graphs on the other hand, such as pushdown graphs [BS99a,Wal96], regular graphs =-=[BQ96]-=-, and prefix-recognizable graphs [Cau96]. The most powerful result so far is an exponential-time algorithm by Burkart for model checking formulas of thes-calculus with respect to prefix-recognizable g... |

8 | Timed alternating tree automata: the automata-theoretic solution to the TCTL model checking problem - Dickhfer, Wilke - 1999 |

7 |
Model checking rationally restricted right closures of recognizable graphs
- Burkart
- 1997
(Show Context)
Citation Context ...prefix-recognizable graphs [Cau96]. The most powerful result so far is an exponential-time algorithm by Burkart for model checking formulas of thes-calculus with respect to prefix-recognizable graphs =-=[Bur97b]-=-. See also [BCMS00,BE96,BEM97,BS99b,Bur97a,FWW97]. In this paper we develop an automata-theoretic framework for reasoning about infinite-state sequential systems. The automata-theoretic approach uses ... |

6 | Robust Satisfaction - Kupferman, Vardi - 1999 |

5 | Verification on infinite structures. Unpublished manuscript - Burkart, Caucal, et al. - 2000 |