Alternating-time temporal logic. (2002)

by R Alur, T A Henzinger, O Kupferman
Venue:J. ACM
Add To MetaCart
Results 1 - 10 of 620

An Automata-Theoretic Approach to Branching-Time Model Checking

by Orna Kupferman, Moshe Y. Vardi, Pierre Wolper - JOURNAL OF THE ACM , 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing linear-time model-checking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automata-theoretic techniques ..."
Abstract - Cited by 354 (66 self) - Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing linear-time model-checking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automata-theoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for model-checking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of non-automata-theoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automata-theoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal model-checking algorithms. Moreover, the simple combinatorial structure that emerges from the a...

MOCHA: Modularity in Model Checking

by Rajeev Alur, Thomas A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, S. Tasiran , 1998
"... ..."
Abstract - Cited by 186 (20 self) - Add to MetaCart
Abstract not found
(Show Context)

Alternating refinement relations

by Rajeev Alur, Thomas A. Henzinger, Orna Kupferman, Moshe Y. Vardi - In Proceedings of the Ninth International Conference on Concurrency Theory (CONCUR’98), volume 1466 of LNCS , 1998
"... Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the syste ..."
Abstract - Cited by 166 (20 self) - Add to MetaCart
Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the system (which may involve some or all components), in alternating transition systems, each transition corresponds to a possible move in a game between the components. In this paper, we study refinement relations between alternating transition systems, such as “Does the implementation refine the set £ of specification components without constraining the components not in £? ” In particular, we generalize the definitions of the simulation and trace containment preorders from labeled transition systems to alternating transition systems. The generalizations are called alternating simulation and alternating trace containment. Unlike existing refinement relations, they allow the refinement of individual components within the context of a composite system description. We show that, like ordinary simulation, alternating simulation can be checked in polynomial time using a fixpoint computation algorithm. While ordinary trace containment is PSPACE-complete, we establish alternating trace containment to be EXPTIME-complete. Finally, we present logical characterizations for the two preorders in terms of ATL, a temporal logic capable of referring to games between system components. 1
(Show Context)

Interface Theories for Component-based Design

by Luca De Alfaro, Thomas A. Henzinger , 2001
"... We classify component-based models of computation into component models and interface models. A component model specifies for each component how the component behaves in an arbitrary environment; an interface model specifies for each component what the component expects from the environment. ..."
Abstract - Cited by 154 (20 self) - Add to MetaCart
We classify component-based models of computation into component models and interface models. A component model specifies for each component how the component behaves in an arbitrary environment; an interface model specifies for each component what the component expects from the environment.
(Show Context)

Synthesis of interface specifications for Java classes

by Rajeev Alur, P. Madhusudan, Wonhong Nam - In POPL , 2005
"... While a typical software component has a clearly specified (static) interface in terms of the methods and the input/output types they support, information about the correct sequencing of method calls the client must invoke is usually undocumented. In this paper, we propose a novel solution for autom ..."
Abstract - Cited by 142 (9 self) - Add to MetaCart
While a typical software component has a clearly specified (static) interface in terms of the methods and the input/output types they support, information about the correct sequencing of method calls the client must invoke is usually undocumented. In this paper, we propose a novel solution for automatically extracting such temporal specifications for Java classes. Given a Java class, and a safety property such as “the exception E should not be raised”, the corresponding (dynamic) interface is the most general way of invoking the methods in the class so that the safety property is not violated. Our synthesis method first constructs a symbolic representation of the finite state-transition system obtained from the class using predicate abstraction. Constructing the interface then corresponds to solving a partial-information two-player game on this symbolic graph. We present a sound approach to solve this computationally-hard problem approximately using algorithms for learning finite automata and symbolic model checking for branching-time logics. We describe an implementation of the proposed techniques in the tool JIST — Java Interface Synthesis Tool—and demonstrate that the tool can construct interfaces accurately and efficiently for sample Java2SDK library classes.
(Show Context)

Learning assumptions for compositional verification

by Jamieson M. Cobleigh, Dimitra Giannakopoulou, Corina S. Păsăreanu , 2003
"... Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assume-guarantee style. However, the application of this t ..."
Abstract - Cited by 140 (20 self) - Add to MetaCart
Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assume-guarantee style. However, the application of this technique is difficult because it involves non-trivial human input. This paper presents a novel framework for performing assume-guarantee reasoning in an incremental and fully automated fashion. To check a component against a property, our approach generates assumptions that the environment needs to satisfy for the property to hold. These assumptions are then discharged on the rest of the system. Assumptions are computed by a learning algorithm. They are initially approximate, but become gradually more precise by means of counterexamples obtained by model checking the component and its environment, alternately. This iterative process may at any stage conclude that the property is either true or false in the system. We have implemented our approach in the LTSA tool and applied it to a NASA system.

Logics for Hybrid Systems

by J. M. Davoren, Anil Nerode - Proceedings of the IEEE , 2000
"... This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems ..."
Abstract - Cited by 137 (12 self) - Add to MetaCart
This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems
(Show Context)

A game theoretic approach to controller design for hybrid systems

by Claire J. Tomlin, John Lygeros, S. Shankar Sastry - Proceedings of the IEEE , 2000
"... We present a method to design controllers for safety specifications in hybrid systems. The hybrid system combines discrete event dynamics with nonlinear continuous dynamics: the discrete event dynamics model linguistic and qualitative information and naturally accommodate mode switching logic, and t ..."
Abstract - Cited by 126 (33 self) - Add to MetaCart
We present a method to design controllers for safety specifications in hybrid systems. The hybrid system combines discrete event dynamics with nonlinear continuous dynamics: the discrete event dynamics model linguistic and qualitative information and naturally accommodate mode switching logic, and the continuous dynamics model the physical processes themselves, such as the continuous response of an aircraft to the forces of aileron and throttle. Input variables model both continuous and discrete control and disturbance parameters. We translate safety specifications into restrictions on the system’s reachable sets of states. Then, using analysis based on optimal control and game theory for automata and continuous dynamical systems, we derive Hamilton–Jacobi equations whose solutions describe the boundaries of reachable sets. These equations are the heart of our general controller synthesis technique for hybrid systems, in which we calculate feedback control laws for
(Show Context)

Assumption generation for software component verification

by Dimitra Giannakopoulou, Corina S. Păsăreanu, Howard Barringer - In ASE’02: Automated Software Engineering , 2002
"... Model checking is an automated technique that can be used to determine whether a system satisfies certain required properties. The typical approach to verifying properties of software components is to check them for all possible environments. In reality, however, a component is only required to sati ..."
Abstract - Cited by 100 (13 self) - Add to MetaCart
Model checking is an automated technique that can be used to determine whether a system satisfies certain required properties. The typical approach to verifying properties of software components is to check them for all possible environments. In reality, however, a component is only required to satisfy properties in specific environments. Unless these environments are formally characterized and used during verification (assume-guarantee paradigm), the results returned by verification can be overly pessimistic. This work defines a framework that brings a new dimension to model checking of software components. When checking a component against a property, our model checking algorithms return one of the following three results: the component satisfies a property for any environment; the component violates the property for any environment; or finally, our algorithms generate an assumption that characterizes exactly those environments in which the component satisfies its required property. Our approach has been implemented in the LTSA tool and has been applied to the analysis of a NASA application. 1.
(Show Context)

Cooperation, Knowledge, and Time: Alternating-time Temporal Epistemic Logic and its Applications

by Wiebe van der Hoek, Michael Wooldridge - Copyright 2004 ACM , 2003
"... Branching-time temporal logics have proved to be an extraordinarily successful tool in the formal specification and verification of distributed systems. Much of their success stems from the tractability of the model checking problem for the branching time logic ctl, which has made it possible to imp ..."
Abstract - Cited by 89 (8 self) - Add to MetaCart
Branching-time temporal logics have proved to be an extraordinarily successful tool in the formal specification and verification of distributed systems. Much of their success stems from the tractability of the model checking problem for the branching time logic ctl, which has made it possible to implement tools that allow designers to automatically verify that systems satisfy requirements expressed in ctl. Recently, ctl was generalised by Alur, Henzinger, and Kupferman in a logic known as "Alternating-time Temporal Logic" (atl). The key insight in atl is that the path quantifiers of ctl could be replaced by "cooperation modalities", of the form where # is a set of agents. The intended interpretation of an atl formula is that the agents # can cooperate to ensure that # holds (equivalently, that # have a winning strategy for #). In this paper, we extend atl with knowledge modalities, of the kind made popular in the work of Fagin, Halpern, Moses, Vardi and colleagues. Combining these knowledge modalities with atl, it becomes possible to express such properties as "group # can cooperate to bring about # i# it is common knowledge in # that #". The resulting logic --- Alternating-time Temporal Epistemic Logic (atel) --- shares the tractability of model checking with its atl parent, and is a succinct and expressive language for reasoning about game-like multiagent systems.