Symmetry in temporal logic model checking

Temporal logic model checking involves checking the state-space of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the state-space. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature

Interval vs. Point Temporal Logic Model Checking: an Expressiveness Comparison

Model checking is a powerful method widely explored in formal verification to check the (state-transition) model of a system against desired properties of its behaviour. Classically, properties are expressed by formulas of a temporal logic, such as LTL, CTL, and CTL*. These logics are "point-wise" interpreted, as they describe how the system evolves state-by-state. On the contrary, Halpern and Shoham\u27s interval temporal logic (HS) is "interval-wise" interpreted, thus allowing one to naturally express properties of computation stretches, spanning a sequence of states, or properties involving temporal aggregations, which are inherently "interval-based". In this paper, we study the expressiveness of HS in model checking, in comparison with that of the standard logics LTL, CTL, and CTL*. To this end, we consider HS endowed with three semantic variants: the state-based semantics, introduced by Montanari et al., which allows branching in the past and in the future, the linear-past semantics, allowing branching only in the future, and the linear semantics, disallowing branching. These variants are compared, as for their expressiveness, among themselves and to standard temporal logics, getting a complete picture. In particular, HS with linear (resp., linear-past) semantics is proved to be equivalent to LTL (resp., finitary CTL*)

Interval vs. Point Temporal Logic Model Checking: an Expressiveness Comparison

In recent years, model checking with interval temporal logics is emerging as a viable alternative to model checking with standard point-based temporal logics, such as LTL, CTL, CTL*, and the like. The behavior of the system is modeled by means of (finite) Kripke structures, as usual. However, while temporal logics which are interpreted \u201cpoint-wise\u201d describe how the system evolves state-by-state, and predicate properties of system states, those which are interpreted \u201cinterval-wise\u201d express properties of computation stretches, spanning a sequence of states. A proposition letter is assumed to hold over a computation stretch (interval) if and only if it holds over each component state (homogeneity assumption). A natural question arises: is there any advantage in replacing points by intervals as the primary temporal entities, or is it just a matter of taste? In this article, we study the expressiveness of Halpern and Shoham\u2019s interval temporal logic (HS) in model checking, in comparison with those of LTL, CTL, and CTL*. To this end, we consider three semantic variants of HS: the state-based one, introduced by Montanari et al. in [30, 34], that allows time to branch both in the past and in the future, the computation-tree-based one, that allows time to branch in the future only, and the trace-based variant, that disallows time to branch. These variants are compared among themselves and to the aforementioned standard logics, getting a complete picture. In particular, we show that HS with trace-based semantics is equivalent to LTL (but at least exponentially more succinct), HS with computation-tree-based semantics is equivalent to finitary CTL*, and HS with state-based semantics is incomparable with all of them (LTL, CTL, and CTL*)

Evaluation of Temporal Datasets via Interval Temporal Logic Model Checking

The problem of {em temporal dataset evaluation} consists in establishing to what extent a set of temporal data (histories) complies with a given temporal condition. It presents a strong resemblance with the problem of model checking enhanced with the ability of emph{rating} the compliance degree of a model against a formula. In this paper, we solve the temporal dataset evaluation problem by suitably combining the outcomes of model checking an interval temporal logic formula against sets of histories (finite interval models), possibly taking into account domain-dependent measures/criteria, like, for instance, sensitivity, specificity, and accuracy. From a technical point of view, the main contribution of the paper is a (deterministic) polynomial time algorithm for interval temporal logic model checking over finite interval models. To the best of our knowledge, this is the first application of a (truly) interval temporal logic model checking in the area of temporal databases and data mining rather than in the formal verification setting

Interval temporal logic model checking based on track bisimilarity and prefix sampling

Since the late 80s, LTL and CTL model checking have been extensively applied in various areas of computer science and AI. Even thoughtheyprovedthemselvestobe quitesuccessfulin manyapplication domains,therearesomerelevanttemporalconditionswhichareinherently “interval based” (this is the case, for instance, with telic statements like “theastronautmustwalkhomeinanhour”andtemporalaggregationslike “the average speed of the rover cannot exceed the established threshold”) and thus cannot be properly modelled by point-based temporal logics. In general, to check interval properties of the behavior of a system, one needs to collect information about states into behavior stretches, which amounts to interpreting each finite sequence of states as an interval and to suitably defining its labelling on the basis of the labelling of the states that compose it. In orderto deal with these properties,a model checking framework based on Halpern and Shoham’s interval temporal logic (HS for short) and its fragments has been recently proposed and systematically investigated in the literature. In this paper, we give an original proof of EXPSPACE membership of the model checking problem for the HS fragment AAbarBBbarE (resp.,AAbarEBEbar)ofAllen’sintervalrelationsmeets,met-by,started-by (resp., finished-by),starts,andfinishes. The proofexploits track bisimilarity and prefix sampling, and it turns out to be much simpler than the previously known one. In addition, it improves some upper bounds

Interval Temporal Logic Model Checking Based on Track Bisimilarity and Prefix Sampling

Since the late 80s, LTL and CTL model checking have been extensively applied in various areas of computer science and AI. Even though they proved themselves to be quite successful in many application domains, there are some relevant temporal conditions which are inher- ently \interval based" (this is the case, for instance, with telic statements like \the astronaut must walk home in an hour" and temporal aggrega- tions like \the average speed of the rover cannot exceed the established threshold") and thus cannot be properly modelled by point-based tem- poral logics. In general, to check interval properties of the behavior of a system, one needs to collect information about states into behavior stretches, which amounts to interpreting each nite sequence of states as an interval and to suitably dening its labelling on the basis of the labelling of the states that compose it. In order to deal with these properties, a model checking framework based on Halpern and Shoham's interval temporal logic (HS for short) and its fragments has been recently proposed and systematically investigated in the literature. In this paper, we give an original proof of EXPSPACE membership of the model checking problem for the HS fragment AABBE (resp., AAEBE) of Allen's interval relations meets, met-by, started-by (resp., nished-by), starts, and nishes. The proof exploits track bisimi- larity and prex sampling, and it turns out to be much simpler than the previously known one. In addition, it improves some upper bounds

Temporal Logic Model Checking as Automated Theorem Proving

Model checking is an automatic technique for the verification of temporal properties of a system. In this technique, a system is represented as a labelled graph and the specification as a temporal logic formula. The core of temporal logic model checking is the reachability problem, which is not expressible in first-order logic (FOL); as a result, model checking of finite/infinite state systems without the use of iteration or abstraction is considered beyond the realm of automated FOL theorem provers. In this thesis, we focus on formulating the temporal logic model checking problem as a FOL theorem proving problem and use automated tools, such as SAT/SMT solvers to directly model check a system without the need for a fixed-point calculation or abstraction. We present CTL-Live: a fragment of computational tree logic whose model checking for (infinite) Kripke structures is reducible to FOL validity checking. CTL-Live includes the CTL connectives that are often used to express liveness properties. We also derive decidability results about CTL-Live model checking by examining decidable subsets of FOL. We evaluate our reduction technique for CTL-Live model checking. Our case studies show that state-of-the-art SMT solvers are capable of verifying CTL-Live properties of infinite systems; moreover, the verification of an infinite state model can sometimes complete more quickly than verifying a finite version of the model. We prove the maximality of CTL-Live: we show that CTL-Live is the largest fragment of CTL whose model checking is reducible to FOL validity checking. The maximality of CTL-Live implies that model checking safety properties requires a logic more expressive than FOL; as a result, we examine FOL plus transitive closure (FOLTC). We can reduce model checking of a more expressive fragment of CTL, which we call CTL\EG, to validity checking in FOLTC. CTL\EG is more expressive than CTL-Live and yet less expressive than CTL. By adding a finiteness restriction, we can reduce model checking of all of CTL with fairness constraints (CTLFC) formulas to validity checking in FOLTC. The finiteness restriction requires that the system under-study must have a finite number of states, but it does not require this number to be known. Reduction of CTLFC to FOLTC allows us to use the Alloy Analyzer for model checking. Our case studies show that the Alloy Analyzer can analyze CTLFC formulas up to the same scopes that Alloy models are analyzed

Efficient Symmetry Reduction and the Use of State Symmetries for Symbolic Model Checking

One technique to reduce the state-space explosion problem in temporal logic model checking is symmetry reduction. The combination of symmetry reduction and symbolic model checking by using BDDs suffered a long time from the prohibitively large BDD for the orbit relation. Dynamic symmetry reduction calculates representatives of equivalence classes of states dynamically and thus avoids the construction of the orbit relation. In this paper, we present a new efficient model checking algorithm based on dynamic symmetry reduction. Our experiments show that the algorithm is very fast and allows the verification of larger systems. We additionally implemented the use of state symmetries for symbolic symmetry reduction. To our knowledge we are the first who investigated state symmetries in combination with BDD based symbolic model checking

Interval temporal logic model checking: The border between good and bad HS fragments

The model checking problem has thoroughly been explored in the context of standard point-based temporal logics, such as LTL, CTL, and CTL 17, whereas model checking for interval temporal logics has been brought to the attention only very recently. In this paper, we prove that the model checking problem for the logic of Allen\u2019s relations started-by and finished-by is highly intractable, as it can be proved to be EXPSPACE-hard. Such a lower bound immediately propagates to the full Halpern and Shoham\u2019s modal logic of time intervals (HS). In contrast, we show that other noteworthy HS fragments, namely, Propositional Neighbourhood Logic extended with modalities for the Allen relation starts (resp., finishes) and its inverse started-by (resp., finished-by), turn out to have\u2014maybe unexpectedly\u2014the same complexity as LTL (i.e., they are PSPACE-complete), thus joining the group of other already studied, well-behaved albeit less expressive, HS fragments

An in-depth investigation of interval temporal logic model checking with regular expressions

In the last years, the model checking (MC) problem for interval temporal logic (ITL) has received an increasing attention as a viable alternative to the traditional (point-based) temporal logic MC, which can be recovered as a special case. Most results have been obtained by imposing suitable restrictions on interval labeling. In this paper, we overcome such limitations by using regular expressions to define the behavior of proposition letters over intervals in terms of the component states. We first prove that MC for Halpern and Shoham’s ITL (HS), extended with regular expressions, is decidable. Then, we show that formulas of a large class of HS fragments, namely, all fragments featuring (a subset of) HS modalities for Allen’s relations meets, met-by, starts, and started-by, can be model checked in polynomial working space (MC for all these fragments turns out to be PSPACE-complete)