Geometric Model Checking of Continuous Space

Topological Spatial Model Checking is a recent paradigm where model checking techniques are developed for the topological interpretation of Modal Logic. The Spatial Logic of Closure Spaces, SLCS, extends Modal Logic with reachability connectives that, in turn, can be used for expressing interesting spatial properties, such as "being near to" or "being surrounded by". SLCS constitutes the kernel of a solid logical framework for reasoning about discrete space, such as graphs and digital images, interpreted as quasi discrete closure spaces. Following a recently developed geometric semantics of Modal Logic, we propose an interpretation of SLCS in continuous space, admitting a geometric spatial model checking procedure, by resorting to models based on polyhedra. Such representations of space are increasingly relevant in many domains of application, due to recent developments of 3D scanning and visualisation techniques that exploit mesh processing. We introduce PolyLogicA, a geometric spatial model checker for SLCS formulas on polyhedra and demonstrate feasibility of our approach on two 3D polyhedral models of realistic size. Finally, we introduce a geometric definition of bisimilarity, proving that it characterises logical equivalence

Model Checking Spatial Logics for Closure Spaces

Spatial aspects of computation are becoming increasingly relevant in Computer Science, especially in the field of collective adaptive systems and when dealing with systems distributed in physical space. Traditional formal verification techniques are well suited to analyse the temporal evolution of programs; however, properties of space are typically not taken into account explicitly. We present a topology-based approach to formal verification of spatial properties depending upon physical space. We define an appropriate logic, stemming from the tradition of topological interpretations of modal logics, dating back to earlier logicians such as Tarski, where modalities describe neighbourhood. We lift the topological definitions to the more general setting of closure spaces, also encompassing discrete, graph-based structures. We extend the framework with a spatial surrounded operator, a propagation operator and with some collective operators. The latter are interpreted over arbitrary sets of points instead of individual points in space. We define efficient model checking procedures, both for the individual and the collective spatial fragments of the logic and provide a proof-of-concept tool

Spatio-Temporal Model Checking: Explicit and Abstraction-Based Methods

Model checking is a method for formally verifying finite-state concurrent systems, conceived by Edmund M. Clarke and E. Allen Emerson to solve the Concurrent Program Verification problem and then further developed by several authors in the past years. Currently the method is widely applied to develop verification tools both for software and hardware debugging. The main idea behind this method is to describe a system by means of an appropriate logic and to develop efficient algorithms in order to test the truth of a formula (in case of truth-value semantics) or to find which entities in the model entail a formula (in case of a set-satisfaction semantics). In the literature, the most used logics are temporal ones such as CTL (Computation Tree Logic) and mu-calculus. These logics allow to describe several interesting properties of a model such as reachability and safety, while retaining a low complexity to check which entities satisfy the property. Roughly, the model checking procedure follows this schema: by traversing the syntax tree of a formula $\phi$ from the leaves to the root, the procedure can recursively compute the semantics of each subformula, thus obtaining the semantics of $\phi$. This is the case of CTL formulas, whose semantics is computable in linear-time over the structure of the formula. For some logics this traverse has to be repeated several times, as in the case of mu-calculus because of its fixed-point operators, which are usually computed by a recursive procedure. In this case the complexity of the procedure becomes exponential in the number of nested fixed-point operators, although maintaining a linear complexity in the size of the system. But what is the usual size of a system analyzed with this method? Since usually model checkers are implemented to test hardware or to study configurations of a certain system, the model checkers have to deal with really large systems, even with more than 10^20 states. So in some cases a linear-time complexity is not enough. As the procedure needs to have linear-time complexity to be correct (in the case of a satisfaction-set semantics) it cannot be improved in the general case, but several techniques and heuristics have been developed to achieve a consistent speed up when considering particular classes of models. Two important examples are symbolic model checking and abstraction techniques. Symbolic model checking is a technique developed by McMillan to study large models by eliminating ``redundant information'' in the description of the subsets using OBDDs (ordered binary decision diagrams). This method proves to be really efficient, especially when the model considered is obtained by a parallel product of systems, as in the original problem studied by Clarke and Emerson. On the other hand, abstraction techniques work by building an approximation of the model called abstraction and by analyzing it to obtain information on how to perform the model checking procedure. This is the case of CEGAR (counter example guided abstraction refinement), a procedure developed in 2003 and now the basis of a large number of abstraction techniques. The main idea of CEGAR is to build an abstraction that is also a simulation of the original model, use it to compute the semantics of a formula and then, if needed, adjust the abstraction obtaining a finer approximation of the original model. Both those techniques are broadly applied and achieve a significant speed up when compared with the classic procedures. This show us that developing ad hoc algorithms to solve specific problems is a winning strategy in model checking, and also that the priority when searching for an efficient algorithm is to reduce the size of the model. An interesting case studied in literature is that of systems describing space. A spatial model is a formal description of a geometrical entity (such as a topological space, a metric space, and so on) by means of a logic, that we will refer to with the evocative name spatial logic. As the concept of spatial model is so generic, several formalizations are considered in literature, and for each of them several logics are studied. The model checking problem for these logics assume a different flavor, as the algorithms now have to take into account the spatial structure of the model to be efficient. An example of spatial logic currently under study and analyzed in this document is SLCS, the spatial logic of closure spaces. This is a modal logic created in 2014 to describe properties of a system using closure spaces, a generalization of topological spaces. The logic can express some fundemantal spatial properties of a system, such as reachability, safety and proximity, while retaining decidability and linear-time complexity for the model checking procedure. A generalization both of the concept of spatial logic and of temporal logic is that of spatio-temporal logic. The aim of a spatio-temporal logic is to describe formally the properties of a spatio-temporal model (i.e., the formal description of a spatial system that changes over time). These logics are usually much more expressive than the previous ones, as they permit to intertwin spatial and temporal properties. On the other hand, defining an interesting spatio-temporal logic for which the MCP is decidable and has a low complexity is not easy. In 2015 a spatio-temporal generalization of the logic SLCS was presented, namely STLCS, the spatio-temporal logic of closure spaces. This logic was developed to describe the movement over time of several agents inside a spatial model and was succesfully applied to verify properties of some real-life systems such as New York bike sharing. The author of this document collaborated to implement a prototype model checker for STLCS used for the analysis above mentioned. The aim of this document is to introduce the basic concepts to understand the theory described above (i.e., model checking, speed-up techniques and spatio-temporal model checking) and to adapt symbolic model checking and CEGAR to solve the SLCS model checking problem. In particular, a nouvelle abstraction algorithm is developed to speed-up the procedure if the spatial model presents a strong hierarchical structure

On Formal Methods for Collective Adaptive System Engineering. {Scalable Approximated, Spatial} Analysis Techniques. Extended Abstract

In this extended abstract a view on the role of Formal Methods in System Engineering is briefly presented. Then two examples of useful analysis techniques based on solid mathematical theories are discussed as well as the software tools which have been built for supporting such techniques. The first technique is Scalable Approximated Population DTMC Model-checking. The second one is Spatial Model-checking for Closure Spaces. Both techniques have been developed in the context of the EU funded project QUANTICOL.Comment: In Proceedings FORECAST 2016, arXiv:1607.0200

Specifying and Verifying Properties of Space - Extended Version

The interplay between process behaviour and spatial aspects of computation has become more and more relevant in Computer Science, especially in the field of collective adaptive systems, but also, more generally, when dealing with systems distributed in physical space. Traditional verification techniques are well suited to analyse the temporal evolution of programs; properties of space are typically not explicitly taken into account. We propose a methodology to verify properties depending upon physical space. We define an appropriate logic, stemming from the tradition of topological interpretations of modal logics, dating back to earlier logicians such as Tarski, where modalities describe neighbourhood. We lift the topological definitions to a more general setting, also encompassing discrete, graph-based structures. We further extend the framework with a spatial until operator, and define an efficient model checking procedure, implemented in a proof-of-concept tool.Comment: Presented at "Theoretical Computer Science" 2014, Rom

Combining Spatial and Temporal Logics: Expressiveness vs. Complexity

In this paper, we construct and investigate a hierarchy of spatio-temporal formalisms that result from various combinations of propositional spatial and temporal logics such as the propositional temporal logic PTL, the spatial logics RCC-8, BRCC-8, S4u and their fragments. The obtained results give a clear picture of the trade-off between expressiveness and computational realisability within the hierarchy. We demonstrate how different combining principles as well as spatial and temporal primitives can produce NP-, PSPACE-, EXPSPACE-, 2EXPSPACE-complete, and even undecidable spatio-temporal logics out of components that are at most NP- or PSPACE-complete

A decidable weakening of Compass Logic based on cone-shaped cardinal directions

We introduce a modal logic, called Cone Logic, whose formulas describe properties of points in the plane and spatial relationships between them. Points are labelled by proposition letters and spatial relations are induced by the four cone-shaped cardinal directions. Cone Logic can be seen as a weakening of Venema's Compass Logic. We prove that, unlike Compass Logic and other projection-based spatial logics, its satisfiability problem is decidable (precisely, PSPACE-complete). We also show that it is expressive enough to capture meaningful interval temporal logics - in particular, the interval temporal logic of Allen's relations "Begins", "During", and "Later", and their transposes