405 research outputs found
Extended Computation Tree Logic
We introduce a generic extension of the popular branching-time logic CTL
which refines the temporal until and release operators with formal languages.
For instance, a language may determine the moments along a path that an until
property may be fulfilled. We consider several classes of languages leading to
logics with different expressive power and complexity, whose importance is
motivated by their use in model checking, synthesis, abstract interpretation,
etc.
We show that even with context-free languages on the until operator the logic
still allows for polynomial time model-checking despite the significant
increase in expressive power. This makes the logic a promising candidate for
applications in verification.
In addition, we analyse the complexity of satisfiability and compare the
expressive power of these logics to CTL* and extensions of PDL
Temporal Logic with Recursion
We introduce extensions of the standard temporal logics CTL and LTL with a recursion operator that takes propositional arguments. Unlike other proposals for modal fixpoint logics of high expressive power, we obtain logics that retain some of the appealing pragmatic advantages of CTL and LTL, yet have expressive power beyond that of the modal ?-calculus or MSO. We advocate these logics by showing how the recursion operator can be used to express interesting non-regular properties. We also study decidability and complexity issues of the standard decision problems
Reasoning about LTL Synthesis over finite and infinite games
In the last few years, research formal methods for the analysis and the verification of properties of systems has increased greatly. A meaningful contribution in this area has been given by algorithmic methods developed in the context of synthesis. The basic idea is simple and appealing: instead of developing a system and verifying that it satisfies its specification, we look for an automated procedure that, given the specification returns a system that is correct by construction. Synthesis of reactive systems is one of the most popular variants of this problem, in which we want to synthesize a system characterized by an ongoing interaction with the environment. In this setting, large effort has been devoted to analyze specifications given as formulas of linear temporal logic, i.e., LTL synthesis.
Traditional approaches to LTL synthesis rely on transforming the LTL specification into parity deterministic automata, and then to parity games, for which a so-called winning region is computed. Computing such an automaton is, in the worst-case, double-exponential in the size of the LTL formula, and this becomes a computational bottleneck in using the synthesis process in practice.
The first part of this thesis is devoted to improve the solution of parity games as they are used in solving LTL synthesis, trying to give efficient techniques, in terms of running time and space consumption, for solving parity games. We start with the study and the implementation of an automata-theoretic technique to solve parity games. More precisely, we consider an algorithm introduced by Kupferman and Vardi that solves a parity game by solving the emptiness problem of a corresponding alternating parity automaton. Our empirical evaluation demonstrates that this algorithm outperforms other algorithms when the game has a small number of priorities relative to the size of the game. In many concrete applications, we do indeed end up with parity games
where the number of priorities is relatively small. This makes the new algorithm quite useful in practice.
We then provide a broad investigation of the symbolic approach for solving parity games. Specifically, we implement in a fresh tool, called SPGSolver, four symbolic algorithms to solve parity games and compare their performances to the corresponding explicit versions for different classes of games. By means of benchmarks, we show that for random games, even for constrained random games, explicit algorithms actually perform better than symbolic algorithms. The situation changes, however, for structured games, where symbolic algorithms seem to have the advantage. This suggests that when evaluating algorithms for parity-game solving, it would be useful to have real benchmarks and not only random benchmarks, as the common practice has been.
LTL synthesis has been largely investigated also in artificial intelligence, and specifically in
automated planning. Indeed, LTL synthesis corresponds to fully observable nondeterministic planning in which the domain is given compactly and the goal is an LTL formula, that in turn is related to two-player games with LTL goals. Finding a strategy for these games means to synthesize a plan for the planning problem. The last part of this thesis is then dedicated to investigate LTL synthesis under this different view. In particular, we study a generalized form of planning under partial observability, in which we have multiple, possibly infinitely many, planning domains with the same actions and observations, and goals expressed over observations, which are possibly temporally extended. By building on work on two-player games with imperfect information in the Formal Methods literature, we devise a general technique, generalizing the belief-state construction, to remove partial observability. This reduces the planning problem to a game of perfect information with a tight correspondence between plans and strategies. Then we instantiate the technique and solve some generalized planning problems
Synthesis of recursive state machines from libraries of game modules
2013 - 2014This thesis is focused on synthesis. In formal veri cation synthesis can be
referred to the controller synthesis and the system synthesis. This work
combines both this area of research.
First we focus on synthesizing modular controllers considering game on
recursive game graph with the requirement that the strategy for the protagonist
must be modular. A recursive game graph is composed of a set
of modules, whose vertices can be standard vertices or can correspond to
invocations of other modules and the standard and the set of vertices is
split into two sets each controlled by one of the players. A strategy is
modular if it is local to a module and is oblivious to previous module invocations,
and thus does not depend on the context of invocation. We study
for the rst time modular strategies with respect to winning conditions that
can be expressed languages of pushdown automata. We show that pushdown
modular games are undecidable in general, and become decidable for
visibly pushdown automata speci cations. We carefully characterize the
computational complexity of the considered decision problem. In particular,
we show that modular games with a universal B uchi or co-B uchi visibly
pushdown winning condition are Exptime-complete, and when the winning
condition is given as a CaRet or Nwtl temporal logic formula the
problem is 2Exptime-complete, and it remains 2Exptime-hard even for
simple fragments of these logics. As a further contribution, we present a
di erent synthesis algorithm that runs faster than known solutions for large
speci cations and many exits.
In the second part of this thesis, we introduce and solve a new componentbased
synthesis problem that subsumes the synthesis from libraries of recursive
components introduced by Lustig and Vardi with the modular synthesis
introduced by Alur et al. for recursive game graphs. We model the components
of our libraries as game modules of a recursive game graph with
unmapped boxes, and consider as correctness speci cation a target set of
vertices. To solve this problem, we give an exponential-time xed-point
algorithm that computes annotations for the vertices of the library components
by exploring them backwards. We show a matching lower-bound via a
direct reduction from linear-space alternating Turing machines, thus proving
Exptime-completeness. We also give a second algorithm that solves
this problem by annotating in a table the result of many local reachability
game queries on each game component. This algorithm is exponential only
in the number of the exits of the game components, and thus shows that
the problem is xed-parameter tractable.
Finally, we study a more general synthesis problem for component-based
pushdown systems, the modular synthesis from a library of components
(Lms). We model each component as a game graph with boxes as placeholders
for calls to components, as in the previous model, but now the
library is equipped also with a box-to-component map that is a partial function
from boxes to components. An instance of a component C is essentially
a copy of C along with a local strategy that resolves the nondeterminism of
pl 0. An RSM S synthesized from a library is a set of instances along with a
total function that maps each box in S to an instance of S and is consistent
with the box-to-component map of the library. We give a solution to the
Lms problem with winning conditions given as internal reachability objectives,
or as external deterministic nite automata (FA) and deterministic
visibly pushdown automata (VPA) (6). We show that the Lms problem is
Exptime-complete for any of the considered speci cations. [edited by Author]XIII n.s
Automata Column: The Complexity of Reachability in Vector Addition Systems
International audienceThe program of the 30th Symposium on Logic in Computer Science held in 2015 in Kyoto included two contributions on the computational complexity of the reachability problem for vector addition systems: Blondin, Finkel, Göller, Haase, and McKenzie [2015] attacked the problem by providing the first tight complexity bounds in the case of dimension 2 systems with states, while Leroux and Schmitz [2015] proved the first complexity upper bound in the general case. The purpose of this column is to present the main ideas behind these two results, and more generally survey the current state of affairs
Verification of Non-Regular Program Properties
Most temporal logics which have been introduced and studied in the past decades can be embedded into the modal mu-calculus. This is the case for e.g. PDL, CTL, CTL*, ECTL, LTL, etc. and entails that these logics cannot express non-regular program properties. In recent years, some novel approaches towards an increase in expressive power have been made: Fixpoint Logic with Chop enriches the mu-calculus with a sequential composition operator and thereby allows to characterise context-free processes. The Modal Iteration Calculus uses inflationary fixpoints to exceed the expressive power of the mu-calculus. Higher-Order Fixpoint Logic (HFL) incorporates a simply typed lambda-calculus into a setting with extremal fixpoint operators and even exceeds the expressive power of Fixpoint Logic with Chop. But also PDL has been equipped with context-free programs instead of regular ones.
In terms of expressivity there is a natural demand for richer frameworks since program property specifications are simply not limited to the regular sphere. Expressivity however usually comes at the price of an increased computational complexity of logic-related decision problems. For instance are the satisfiability problems for the above mentioned logics undecidable. We investigate in this work the model checking problem of three different logics which are capable of expressing non-regular program properties and aim at identifying fragments with feasible model checking complexity.
Firstly, we develop a generic method for determining the complexity of model checking PDL over arbitrary classes of programs and show that the border to undecidability runs between PDL over indexed languages and PDL over context-sensitive languages. It is however still in PTIME for PDL over linear indexed languages and in EXPTIME for PDL over indexed languages. We present concrete algorithms which allow implementations of model checkers for these two fragments.
We then introduce an extension of CTL in which the UNTIL- and RELEASE- operators are adorned with formal languages. These are interpreted over labeled paths and restrict the moments on such a path at which the operators are satisfied. The UNTIL-operator is for instance satisfied if some path prefix forms a word in the language it is adorned with (besides the usual requirement that until that moment some property has to hold and at that very moment some other property must hold). Again, we determine the computational complexities of the model checking problems for varying classes of allowed languages in either operator. It turns out that either enabling context-sensitive languages in the UNTIL or context-free languages in the RELEASE- operator renders the model checking problem undecidable while it is EXPTIME-complete for indexed languages in the UNTIL and visibly pushdown languages in the RELEASE- operator. PTIME-completeness is a result of allowing linear indexed languages in the UNTIL and deterministic context-free languages in the RELEASE. We do also give concrete model checking algorithms for several interesting fragments of these logics.
Finally, we turn our attention to the model checking problem of HFL which we have already studied in previous works. On finite state models it is k-EXPTIME-complete for HFL(k), the fragment of HFL obtained by restricting functions in the lambda-calculus to order k. Novel in this work is however the generalisation (from the first-order case to the case for functions of arbitrary order) of an idea to improve the best and average case behaviour of a model checking algorithm by using partial functions during the fixpoint iteration guided by the neededness of arguments. This is possible, because the semantics of a closed HFL formula is not a total function but the value of a function at some argument. Again, we give a concrete algorithm for such an improved model checker and argue that despite the very high model checking complexity this improvement is very useful in practice and gives feasible results for HFL with lower order fuctions, backed up by a statistical analysis of the number of needed arguments on a concrete example.
Furthermore, we show how HFL can be used as a tool for the development of algorithms. Its high expressivity allows to encode a wide variety of problems as instances of model checking already in the first-order fragment. The rather unintuitive -- yet very succinct -- problem encoding together with an analysis of the behaviour of the above sketched optimisation may give deep insights into the problem. We demonstrate this on the example of the universality problem for nondeterministic finite automata, where a slight variation of the optimised model checking algorithm yields one of the best known methods so far which was only discovered recently.
We do also investigate typical model-theoretic properties for each of these logics and compare them with respect to expressive power
Model checking infinite-state systems: generic and specific approaches
Model checking is a fully-automatic formal verification method that has been extremely
successful in validating and verifying safety-critical systems in the past three
decades. In the past fifteen years, there has been a lot of work in extending many
model checking algorithms over finite-state systems to finitely representable infinitestate
systems. Unlike in the case of finite systems, decidability can easily become a
problem in the case of infinite-state model checking.
In this thesis, we present generic and specific techniques that can be used to derive
decidability with near-optimal computational complexity for various model checking
problems over infinite-state systems. Generic techniques and specific techniques primarily
differ in the way in which a decidability result is derived. Generic techniques is
a âtop-downâ approach wherein we start with a Turing-powerful formalismfor infinitestate
systems (in the sense of being able to generate the computation graphs of Turing
machines up to isomorphisms), and then impose semantic restrictions whereby the
desired model checking problem becomes decidable. In other words, to show that a
subclass of the infinite-state systems that is generated by this formalism is decidable
with respect to the model checking problem under consideration, we will simply have
to prove that this subclass satisfies the semantic restriction. On the other hand, specific
techniques is a âbottom-upâ approach in the sense that we restrict to a non-Turing
powerful formalism of infinite-state systems at the outset. The main benefit of generic
techniques is that they can be used as algorithmic metatheorems, i.e., they can give
unified proofs of decidability of various model checking problems over infinite-state
systems. Specific techniques are more flexible in the sense they can be used to derive
decidability or optimal complexity when generic techniques fail.
In the first part of the thesis, we adopt word/tree automatic transition systems as
a generic formalism of infinite-state systems. Such formalisms can be used to generate
many interesting classes of infinite-state systems that have been considered in the
literature, e.g., the computation graphs of counter systems, Turing machines, pushdown
systems, prefix-recognizable systems, regular ground-tree rewrite systems, PAprocesses,
order-2 collapsible pushdown systems. Although the generality of these
formalisms make most interesting model checking problems (even safety) undecidable,
they are known to have nice closure and algorithmic properties. We use these
nice properties to obtain several algorithmic metatheorems over word/tree automatic
systems, e.g., for deriving decidability of various model checking problems including
recurrent reachability, and Linear Temporal Logic (LTL) with complex fairness constraints. These algorithmic metatheorems can be used to uniformly prove decidability
with optimal (or near-optimal) complexity of various model checking problems over
many classes of infinite-state systems that have been considered in the literature. In
fact, many of these decidability/complexity results were not previously known in the
literature.
In the second part of the thesis, we study various model checking problems over
subclasses of counter systems that were already known to be decidable. In particular,
we consider reversal-bounded counter systems (and their extensions with discrete
clocks), one-counter processes, and networks of one-counter processes. We shall derive
optimal complexity of various model checking problems including: model checking
LTL, EF-logic, and first-order logic with reachability relations (and restrictions
thereof). In most cases, we obtain a single/double exponential reduction in the previously
known upper bounds on the complexity of the problems
Verification of Automata with Storage Mechanisms
An important question in computer science is to ask, whether a given system conforms to a specification. Often this question is equivalent to ask whether a finite automaton with certain memory like a stack or queue can reach some given state. In this thesis we focus this reachability problem of automata having one or more lossy or reliable stacks or queues as their memory. Unfortunately, the reachability problem is undecidable or of high complexity in most of these cases. We circumvent this by several approximation methods. So we extend the exploration algorithm by Boigelot and Godefroid under-approximating the reachability problem of queue automata. We also study some automata having multiple stacks with a restricted behavior. These âasynchronous pushdown systemsâ have an efficiently decidable reachability problem. To show our results we first have to gain knowledge of several algebraic properties of the so-called transformation monoid of the studied storage mechanisms.An important research topic in computer science is the verification, i.e., the analysis of systems towards their correctness. This analysis consists of two parts: first we have to formalize the system and the desired properties. Afterwards we have to find algorithms to check whether the properties hold in the system. In many cases we can model the system as a finite automaton with a suitable storage mechanism, e.g., functional programs with recursive calls can be modeled as automata with a stack (or pushdown). Here, we consider automata with two variations of stacks and queues: 1. Partially lossy queues and stacks, which are allowed to forget some specified parts of their contents at any time. We are able to model unreliable systems with such memories. 2. Distributed queues and stacks, i.e., multiple such memories with a special synchronization in between. Often we can check the properties of our models by solving the reachability and recurrent reachability problems in our automata models. It is well-known that the decidability of these problems highly depends on the concrete data type of our automataâs memory. Both problems can be solved in polynomial time for automata with one stack. In contrast, these problems are undecidable if we attach a queue or at least two stacks to our automata. In some special cases we are still able to verify such systems. So, we will consider only special automata with multiple stacks - so-called asynchronous pushdown automata. These are multiple (local) automata each having one stack. Whenever these automata try to write something into at least one stack, we require a read action on these stacks right before these actions. We will see that the (recurrent) reachability problem is decidable for such asynchronous pushdown automata in polynomial time. We can also semi-decide the reachability problem of our queue automata by exploration of the configration space. To this end, we can join multiple consecutive transitions to so-called meta-transformations and simulate them at once. Here, we study meta-transformations alternating between writing words from a given regular language into the queues and reading words from another regular language from the queues. We will see that such metatransformations can be applied in polynomial time. To show this result we first study some algebraic properties of our stacks and queues.Ein wichtiges Forschungsthema in der Informatik ist die Verifikation, d.h., die Analyse von Systemen bezĂŒglich ihrer Korrektheit. Diese Analyse erfolgt in zwei Schritten: Zuerst mĂŒssen wir das System und die gewĂŒnschten Eigenschaften formalisieren. AnschlieĂend benötigen wir Algorithmen zum Testen, ob das System die Eigenschaften erfĂŒllt. Oftmals können wir das Systemals endlichen Automaten mit geeignetem Speichermechanismus modellieren, z.B. rekursive Programme sind im Wesentlichen Automaten mit einem Stack. Hier betrachten wir Automaten mit zwei Varianten von Stacks und Queues: 1. Partiell vergessliche Stacks und Queues, welche bestimmte Teile ihrer Inhalte jederzeit vergessen können. Diese können fĂŒr unzuverlĂ€ssige Systeme verwendet werden. 2. Verteilte Stacks und Queues, d.h., mehrere Stacks und Queues mit vordefinierter Synchronisierung. HĂ€ufig lassen sich die Eigenschaften unserer Modelle mithilfe des (wiederholten) Erreichbarkeitsproblems in unseren Automaten lösen. Dabei ist bekannt, dass die Entscheidbarkeit dieser Probleme oftmals stark vom konkreten Datentyp des Speichers abhĂ€ngt. Beide Probleme können fĂŒr Automaten mit einem Stack in Polynomialzeit gelöst werden. Sie sind jedoch unentscheidbar, wenn wir Automaten mit einer Queue oder zwei Stacks betrachten. In bestimmten SpezialfĂ€llen sind aber dennoch in der Lage diese Systeme zu verifizieren. So können wir beispielsweise bestimmte Automaten mit mehreren Stacks betrachten - so genannte Asynchrone Kellerautomaten. Diese bestehen aus mehreren (lokalen) Automaten mit jeweils einem Stack. Wann immer diese Automaten etwas in mind. einen Stack schreiben, mĂŒssen sie unmittelbar zuvor von diesen Stacks etwas lesen. Das (wiederholte) Erreichbarkeitsproblem ist in asynchronen Kellerautomaten in Polynomialzeit entscheidbar. Wir können zudem das Erreichbarkeitsproblem von Queueautomaten durch Exploration des Konfigurationsraums semi-entscheiden. Hierzu können wir mehrere aufeinanderfolgende Transitionen zu so genannten Meta-Transformationen zusammenfassen und diese in einem Schritt simulieren. Hier betrachten wir Meta-Transformationen, die zwischen dem Lesen und Schreiben von Wörtern aus zwei gegebenen regulĂ€ren Sprachen alternieren. Diese Meta-Transformationen können in Polynomialzeit ausgefĂŒhrt werden. FĂŒr dieses Ergebnis mĂŒssen wir jedoch zunĂ€chst verschiedene algebraische Eigenschaften der Queues betrachten
Temporal specifications with accumulative values
Recently, there has been an effort to add quantitative objectives to formal verification and synthesis. We introduce and investigate the extension of temporal logics with quantitative atomic assertions. At the heart of quantitative objectives lies the accumulation of values along a computation. It is often the accumulated sum, as with energy objectives, or the accumulated average, as with mean-payoff objectives. We investigate the extension of temporal logics with the prefix-accumulation assertions Sum(v) â„ c and Avg(v) â„ c, where v is a numeric (or Boolean) variable of the system, c is a constant rational number, and Sum(v) and Avg(v) denote the accumulated sum and average of the values of v from the beginning of the computation up to the current point in time. We also allow the path-accumulation assertions LimInfAvg(v) â„ c and LimSupAvg(v) â„ c, referring to the average value along an entire infinite computation. We study the border of decidability for such quantitative extensions of various temporal logics. In particular, we show that extending the fragment of CTL that has only the EX, EF, AX, and AG temporal modalities with both prefix-accumulation assertions, or extending LTL with both path-accumulation assertions, results in temporal logics whose model-checking problem is decidable. Moreover, the prefix-accumulation assertions may be generalized with "controlled accumulation," allowing, for example, to specify constraints on the average waiting time between a request and a grant. On the negative side, we show that this branching-time logic is, in a sense, the maximal logic with one or both of the prefix-accumulation assertions that permits a decidable model-checking procedure. Extending a temporal logic that has the EG or EU modalities, such as CTL or LTL, makes the problem undecidable
- âŠ