105 research outputs found
Why Liveness for Timed Automata Is Hard, and What We Can Do About It
The liveness problem for timed automata asks if a given automaton has a run passing infinitely often through an accepting state. We show that unless P=NP, the liveness problem is more difficult than the reachability problem; more precisely, we exhibit a family of automata for which solving the reachability problem with the standard algorithm is in P but solving the liveness problem is NP-hard. This leads us to revisit the algorithmics for the liveness problem. We propose a notion of a witness for the fact that a timed automaton violates a liveness property. We give an algorithm for computing such a witness and compare it with the existing solutions
On interval logics and stopwatches in model-checking real-time systems
Treballs Finals del Mà ster de Lògica Pura i Aplicada, Facultat de Filosofia, Universitat de Barcelona. Curs: 2021-2022. Tutor: Joost Johannes Joosten i Moritz MüllerOur thesis focuses on the model-checking problem, which is at the heart of both
formal verification of software and algorithmic law. In general, this computational
problem consists of deciding whether a given structure fulfills a given
property expressed by a sentence in a logic1. These structures and logics can
take many forms.
We speak of algorithmic law whenever the application of that particular law
is intended to be performed by a computer on a data set representing a real
case. In the field of algorithmic law one needs an algorithm to decide whether
a particular real case is legal or not. For a model-checking approach, the law
is formalized by a sentence in some logic, whereas a case is viewed as a word
structure.
In the field of formal verification of software, whose goal is to test whether a
program works correctly, the verification task is naturally formalized as a modelchecking
problem by associating a structure to every program, and a sentence
in a suitable logic to every desired property of the program [4].
The model-checking framework often allows to transform a complex and
informal question into the formally precise computational problem of whether
K ⊨ φ, where the input K is in some class of structures K and the input φ
is in some language L. As a result, it is of practical interest in many realworld
applications, providing both simple procedures and mathematical proofs
of correctness. Thus, the computational complexity of the mentioned problem
is of central importance.
In our thesis, we discuss different formalisms as inputs of the model-checking
problem to analyze their complexity. In particular, the model-checking problem
of linear-temporal properties is studied, both in the presence of discrete and
continuous time, with an automata-theoretic approach. The strategy in this
setting is to reduce questions about models and sentences, to questions about
automata, and then provide an answer using standard decision procedures for
automata
Timed-Automata-Based Verification of MITL over Signals
It has been argued that the most suitable semantic model for real-time formalisms is the non-negative real line (signals), i.e. the continuous semantics, which naturally captures the continuous evolution of system states. Existing tools like UPPAAL are, however, based on omega-sequences with timestamps (timed words), i.e. the pointwise semantics. Furthermore, the support for logic formalisms is very limited in these tools. In this article, we amend these issues by a compositional translation from Metric Temporal Interval Logic (MITL) to signal automata. Combined with an emptiness-preserving encoding of signal automata into timed automata, we obtain a practical automata-based approach to MITL model-checking over signals. We implement the translation in our tool MightyL and report on case studies using LTSmin as the back-end
Zone-based verification of timed automata: extrapolations, simulations and what next?
Timed automata have been introduced by Rajeev Alur and David Dill in the
early 90's. In the last decades, timed automata have become the de facto model
for the verification of real-time systems. Algorithms for timed automata are
based on the traversal of their state-space using zones as a symbolic
representation. Since the state-space is infinite, termination relies on finite
abstractions that yield a finite representation of the reachable states.
The first solution to get finite abstractions was based on extrapolations of
zones, and has been implemented in the industry-strength tool Uppaal. A
different approach based on simulations between zones has emerged in the last
ten years, and has been implemented in the fully open source tool TChecker. The
simulation-based approach has led to new efficient algorithms for reachability
and liveness in timed automata, and has also been extended to richer models
like weighted timed automata, and timed automata with diagonal constraints and
updates.
In this article, we survey the extrapolation and simulation techniques, and
discuss some open challenges for the future.Comment: Invited contribution at FORMATS'2
Structural Reductions and Stutter Sensitive Properties
Verification of properties expressed as -regular languages such as
LTL can benefit hugely from stutter insensitivity, using a diverse set of
reduction strategies. However properties that are not stutter invariant, for
instance due to the use of the neXt operator of LTL or to some form of counting
in the logic, are not covered by these techniques in general. We propose in
this paper to study a weaker property than stutter insensitivity. In a stutter
insensitive language both adding and removing stutter to a word does not change
its acceptance, any stuttering can be abstracted away; by decomposing this
equivalence relation into two implications we obtain weaker conditions. We
define a shortening insensitive language where any word that stutters less than
a word in the language must also belong to the language. A lengthening
insensitive language has the dual property. A semi-decision procedure is then
introduced to reliably prove shortening insensitive properties or deny
lengthening insensitive properties while working with a \emph{reduction} of a
system. A reduction has the property that it can only shorten runs. Lipton's
transaction reductions or Petri net agglomerations are examples of eligible
structural reduction strategies. We also present an approach that can reason
using a partition of a property language into its stutter insensitive,
shortening insensitive, lengthening insensitive and length sensitive parts to
still use structural reductions even when working with arbitrary properties. An
implementation and experimental evidence is provided showing most non-random
properties sensitive to stutter are actually shortening or lengthening
insensitive.Comment: 24 pages, extended version of FORTE'22 paper "LTL under reductions
with weaker conditions than stutter invariance" arXiv:2111.0334
Constraint LTL Satisfiability Checking without Automata
This paper introduces a novel technique to decide the satisfiability of
formulae written in the language of Linear Temporal Logic with Both future and
past operators and atomic formulae belonging to constraint system D (CLTLB(D)
for short). The technique is based on the concept of bounded satisfiability,
and hinges on an encoding of CLTLB(D) formulae into QF-EUD, the theory of
quantifier-free equality and uninterpreted functions combined with D. Similarly
to standard LTL, where bounded model-checking and SAT-solvers can be used as an
alternative to automata-theoretic approaches to model-checking, our approach
allows users to solve the satisfiability problem for CLTLB(D) formulae through
SMT-solving techniques, rather than by checking the emptiness of the language
of a suitable automaton A_{\phi}. The technique is effective, and it has been
implemented in our Zot formal verification tool.Comment: 39 page
- …