Results 1  10
of
13
Pushdown Module Checking with Imperfect Information
, 2012
"... The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems ( ..."
Abstract

Cited by 23 (14 self)
 Add to MetaCart
The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems (pushdown module checking). In this paper, we extend pushdown module checking to the imperfect information setting; i.e., to the case where the environment has only a partial view of the system’s control states and pushdown store content. We study the complexity of this problem with respect to the branchingtime temporal logics CTL, CTL ∗ and the propositional µcalculus. We show that pushdown module checking, which is by itself harder than pushdown model checking, becomes undecidable when the environment has imperfect information.
Reasoning About Strategies: On the ModelChecking Problem
, 2011
"... In open systems veri cation, to formally check for reliability, one needs an appropriate formalism to model the interaction between agents and express the correctness of the system no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ..."
Abstract

Cited by 19 (15 self)
 Add to MetaCart
In open systems veri cation, to formally check for reliability, one needs an appropriate formalism to model the interaction between agents and express the correctness of the system no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ability, in the setting of multiagent games, such as Atl, Atl ∗ , and the like. Recently, Chatterjee, Henzinger, and Piterman introduced Strategy Logic, which we denote here by CHPSl, with the aim of getting a powerful framework for reasoning explicitly about strategies. CHPSl is obtained by using rstorder quanti cations over strategies and has been investigated in the very speci c setting of twoagents turnedbased games, where a nonelementary modelchecking algorithm has been provided. While CHPSl is a very expressive logic, we claim that it does not fully capture the strategic aspects of multiagent systems. In this paper, we introduce and study a more general strategy logic, denoted Sl, for reasoning about strategies in multiagent concurrent games. We prove that Sl includes CHPSl, while maintaining a decidable modelchecking problem. In particular, the algorithm we propose is computationally not harder than the best one known for CHPSl. Moreover, we prove that such a problem for Sl is NonElementarySpacehard. This negative result has spurred us to investigate here syntactic fragments of Sl, strictly subsuming Atl ∗ , with the hope of obtaining an elementary modelchecking problem. Among the others, we study the
Relentful Strategic Reasoning in AlternatingTime Temporal Logic
, 2012
"... Temporal logics are a well investigated formalism for the specification, verification, and synthesis of reactive systems. Within this family, AlternatingTime Temporal Logic (ATL ∗ , for short) has been introduced as a useful generalization of classical linear and branchingtime temporal logics, by ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
Temporal logics are a well investigated formalism for the specification, verification, and synthesis of reactive systems. Within this family, AlternatingTime Temporal Logic (ATL ∗ , for short) has been introduced as a useful generalization of classical linear and branchingtime temporal logics, by allowing temporal operators to be indexed by coalitions of agents. Classically, temporal logics are memoryless: once a path in the computation tree is quantified at a given node, the computation that has led to that node is forgotten. Recently, mCTL ∗ has been defined as a memoryful variant of CTL ∗ , where path quantification is memoryful. In the context of multiagent planning, memoryful quantification enables agents to “relent ” and change their goals and strategies depending on their history. In this paper, we define mATL ∗ , a memoryful extension of ATL ∗ , in which a formula is satisfied at a certain node of a path by taking into account both the future and the past. We study the expressive power of mATL ∗, its succinctness, as well as related decision problems. We also investigate the relationship between memoryful quantification and past modalities and show their equivalence. We show that both the memoryful and the past extensions come without any computational price; indeed, we prove that both the satisfiability and the modelchecking problems are 2EXPTIMECOMPLETE, as they are for ATL ∗.
Graded Computation Tree Logic with Binary Coding
 In EACSL Annual Conference on Computer Science Logic’10. LNCS 6247
, 2010
"... Abstract. Graded path quantifiers have been recently introduced and investigated as a useful framework for generalizing standard existential and universal path quantifiers in the branchingtime temporal logic CTL (GCTL), in such a way that they can express statements about a minimal and conservative ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Graded path quantifiers have been recently introduced and investigated as a useful framework for generalizing standard existential and universal path quantifiers in the branchingtime temporal logic CTL (GCTL), in such a way that they can express statements about a minimal and conservative number of accessible paths. These quantifiers naturally extend to paths the concept of graded world modalities, which has been deeply investigated for the µCALCULUS (GµCALCULUS) where it allows to express statements about a given number of immediately accessible worlds. As for the “nongraded ” case, it has been shown that the satisfiability problem for GCTL and the GµCALCULUS coincides and, in particular, it remains solvable in EXPTIME. However, GCTL has been only investigated w.r.t. graded numbers coded in unary, while GµCALCULUS uses for this a binary coding, and it was left open the problem to decide whether the same result may or may not hold for binary GCTL. In this paper, by exploiting an automata theoreticapproach, which involves a model of alternating automata with satellites, we answer positively to this question. We further investigate the succinctness of binary GCTL and show that it is at least exponentially more succinct than GµCALCULUS. 1
GradedCTL: Satisfiability and Symbolic Model Checking
 In ICFEM’10, LNCS 5885
, 2009
"... Abstract. In this paper we continue the study of a strict extension of the Computation Tree Logic, called gradedCTL, recently introduced by the same authors. This new logic augments the standard quantifiers with graded modalities, being able thus to express “There exist at least k ” or “For all but ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper we continue the study of a strict extension of the Computation Tree Logic, called gradedCTL, recently introduced by the same authors. This new logic augments the standard quantifiers with graded modalities, being able thus to express “There exist at least k ” or “For all but k ” futures, for some constant k. One can thus describe properties useful in system design, which cannot be expressed with CTL, like a sort of redundant liveness property asking whether there is more than one path satisfying that “something good eventually happens”, making thus the system more tolerant to possible faults. GradedCTL formulas can also be used to determine whether there are more than a given number of bad behaviors of a system: this, in the modelchecking framework, means that one can verify the existence of a userdefined number of counterexamples for a given specification and generate them, in a unique run of the modelchecker. Here we show both theoretical and applicative contributions. On the
Games with additional winning strategies.
 In CILC’15, CEUR Workshop Proceedings,
, 2015
"... Abstract. In game theory, deciding whether a designed player wins a game corresponds to check whether he has a winning strategy. There are situations in which it is important to know whether some extra winning strategy also exists. In this paper we investigate this question over twoplayer finite g ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. In game theory, deciding whether a designed player wins a game corresponds to check whether he has a winning strategy. There are situations in which it is important to know whether some extra winning strategy also exists. In this paper we investigate this question over twoplayer finite games, under the reachability objective. We provide an automatabased technique that, given such a game, it allows to decide in linear time whether the game admits more than a winning strategy. We discuss along the paper some case studies and use them to show how to apply our solution methodology.
BranchingTime Temporal Logics with Minimal Model Quantifiers
, 2009
"... Abstract. Temporal logics are a well investigated formalism for the specification and verification of reactive systems. Using formal verification techniques, we can ensure the correctness of a system with respect to its desired behavior (specification), by verifying whether a model of the system sat ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Temporal logics are a well investigated formalism for the specification and verification of reactive systems. Using formal verification techniques, we can ensure the correctness of a system with respect to its desired behavior (specification), by verifying whether a model of the system satisfies a temporal logic formula modeling the specification. From a practical point of view, a very challenging issue in using temporal logic in formal verification is to come out with techniques that automatically allow to select small critical parts of the system to be successively verified. Another challenging issue is to extend the expressiveness of classical temporal logics, in order to model more complex specifications. In this paper, we address both issues by extending the classical branchingtime temporal logic CTL ∗ with minimal model quantifiers (MCTL ∗). These quantifiers allow to extract, from a model, minimal submodels on which we check the specification (also given by an MCTL ∗ formula). We show that MCTL ∗ is strictly more expressive than CTL ∗. Nevertheless, we prove that the model checking problem for MCTL ∗ remains decidable and in particular in PSPACE. Moreover, differently from CTL ∗ , we show that MCTL ∗ does not have the tree model property, is not bisimulationinvariant and is sensible to unwinding. As far as the satisfiability concerns, we prove that MCTL ∗ is highly undecidable. We further investigate the model checking and satisfiability problems for MCTL ∗ sublogics, such as MPML, MCTL, and MCTL +, for which we obtain interesting results. Among the others, we show that MPML retains the finite model property and the decidability of the satisfiability problem.
On the Counting of Strategies
"... Abstract—In game theory, a classic qualitative question is to check whether a designated set of players has a winning strategy. In several safetycritical applications, however, it is important to ensure that some redundant strategies also exist, to be possibly used in case of some fault. In this pa ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract—In game theory, a classic qualitative question is to check whether a designated set of players has a winning strategy. In several safetycritical applications, however, it is important to ensure that some redundant strategies also exist, to be possibly used in case of some fault. In this paper, we introduce Graded Strategy Logic (GSL), an extension of Strategy Logic (SL) with graded quantifiers. SL is a powerful formalism that allows to describe useful game concepts in multiagent settings by explicitly quantifying over strategies treated as firstorder citizens. In GSL, by means of the existential construct 〈〈x ≥ g〉〉ϕ one can enforce that there exist at least g strategies satisfying ϕ. Dually, via the universal construct [[x< g]]ϕ one can ensure that all but less than g strategies satisfy ϕ. As different strategies may induce the same outcome, although looking different, they need to be counted as one. While this interpretation is natural, it heavily complicates the definition and thus the reasoning about GSL. In order to accomplish this specific way of counting, we formally introduce a suitable equivalence relation over profiles based on the strategic behavior they induce. To give evidence of GSL usability, we investigate basic questions of one of its vanilla fragment, namely GSL[1G]. In particular, we report on positive results about the determinacy of games and the related modelchecking problem, which we show to be PTIMECOMPLETE. I.
The Pushdown Module Checking Saga
"... A main distinction in system modeling is between closed systems, whose behavior is totally determined by the program, and open systems, which are systems where the program interacts with an external environment [HP85, Hoa85]. In order to check whether a closed system satisfies a required property, w ..."
Abstract
 Add to MetaCart
A main distinction in system modeling is between closed systems, whose behavior is totally determined by the program, and open systems, which are systems where the program interacts with an external environment [HP85, Hoa85]. In order to check whether a closed system satisfies a required property, we translate the system into a formal model (such as a transition system), specify the property with a temporallogic formula (such as CTL [CE81], CTL ∗ [EH86], and µcalculus [Koz83]), and check formally that the model satisfies the formula. This process is called model checking ([CE81, QS81]). Checking whether an open system satisfies a required temporal logic formula is much harder, as one has to consider the interaction of the system with all possible environments. In this paper, we consider open systems which are modeled in the framework introduced by Kupferman, Vardi, and Wolper. Concretely, in [KV96, KVW01], an open finitestate system is described by an extended transition system called a module, whose set of states is partitioned into system states (where the system makes a transition) and environment states (where the environment makes a