124 research outputs found
From Quantified CTL to QBF
QCTL extends the temporal logic CTL with quantifications over atomic propositions. This extension is known to be very expressive: QCTL allows us to express complex properties over Kripke structures (it is as expressive as MSO). Several semantics exist for the quantifications: here, we work with the structure semantics, where the extra propositions label the Kripke structure (and not its execution tree), and the model-checking problem is known to be PSPACE-complete in this framework. We propose a model-checking algorithm for QCTL based on a reduction to QBF. We consider several reduction strategies, and we compare them with a prototype (based on the SMT-solver Z3) on several examples
A Team Based Variant of CTL
We introduce two variants of computation tree logic CTL based on team
semantics: an asynchronous one and a synchronous one. For both variants we
investigate the computational complexity of the satisfiability as well as the
model checking problem. The satisfiability problem is shown to be
EXPTIME-complete. Here it does not matter which of the two semantics are
considered. For model checking we prove a PSPACE-completeness for the
synchronous case, and show P-completeness for the asynchronous case.
Furthermore we prove several interesting fundamental properties of both
semantics.Comment: TIME 2015 conference version, modified title and motiviatio
Branching-time model checking of one-counter processes
One-counter processes (OCPs) are pushdown processes which operate only on a
unary stack alphabet. We study the computational complexity of model checking
computation tree logic (CTL) over OCPs. A PSPACE upper bound is inherited from
the modal mu-calculus for this problem. First, we analyze the periodic
behaviour of CTL over OCPs and derive a model checking algorithm whose running
time is exponential only in the number of control locations and a syntactic
notion of the formula that we call leftward until depth. Thus, model checking
fixed OCPs against CTL formulas with a fixed leftward until depth is in P. This
generalizes a result of the first author, Mayr, and To for the expression
complexity of CTL's fragment EF. Second, we prove that already over some fixed
OCP, CTL model checking is PSPACE-hard. Third, we show that there already
exists a fixed CTL formula for which model checking of OCPs is PSPACE-hard. To
obtain the latter result, we employ two results from complexity theory: (i)
Converting a natural number in Chinese remainder presentation into binary
presentation is in logspace-uniform NC^1 and (ii) PSPACE is AC^0-serializable.
We demonstrate that our approach can be used to obtain further results. We show
that model-checking CTL's fragment EF over OCPs is hard for P^NP, thus
establishing a matching lower bound and answering an open question of the first
author, Mayr, and To. We moreover show that the following problem is hard for
PSPACE: Given a one-counter Markov decision process, a set of target states
with counter value zero each, and an initial state, to decide whether the
probability that the initial state will eventually reach one of the target
states is arbitrarily close to 1. This improves a previously known lower bound
for every level of the Boolean hierarchy by Brazdil et al
Synthesis of a simple self-stabilizing system
With the increasing importance of distributed systems as a computing
paradigm, a systematic approach to their design is needed. Although the area of
formal verification has made enormous advances towards this goal, the resulting
functionalities are limited to detecting problems in a particular design. By
means of a classical example, we illustrate a simple template-based approach to
computer-aided design of distributed systems based on leveraging the well-known
technique of bounded model checking to the synthesis setting.Comment: In Proceedings SYNT 2014, arXiv:1407.493
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
MGHyper: Checking Satisfiability of HyperLTL Formulas Beyond the Fragment
Hyperproperties are properties that refer to multiple computation traces.
This includes many information-flow security policies, such as observational
determinism, (generalized) noninterference, and noninference, and other system
properties like symmetry or Hamming distances between in error-resistant codes.
We introduce MGHyper, a tool for automatic satisfiability checking and model
generation for hyperproperties expressed in HyperLTL. Unlike previous
satisfiability checkers, MGHyper is not limited to the decidable fragment of HyperLTL, but provides a semi-decisionprocedure for the
full logic. An important application of MGHyper is to automatically check
equivalences between different hyperproperties (and different formalizations of
the same hyperproperty) and to build counterexamples that disprove a certain
claimed implication. We describe the semi-decisionprocedure implemented in
MGHyper and report on experimental results obtained both with typical
hyperproperties from the literature and with randomly generated HyperLTL
formulas
- …