3,023 research outputs found
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
Incompleteness of States w.r.t. Traces in Model Checking
Cousot and Cousot introduced and studied a general past/future-time
specification language, called mu*-calculus, featuring a natural time-symmetric
trace-based semantics. The standard state-based semantics of the mu*-calculus
is an abstract interpretation of its trace-based semantics, which turns out to
be incomplete (i.e., trace-incomplete), even for finite systems. As a
consequence, standard state-based model checking of the mu*-calculus is
incomplete w.r.t. trace-based model checking. This paper shows that any
refinement or abstraction of the domain of sets of states induces a
corresponding semantics which is still trace-incomplete for any propositional
fragment of the mu*-calculus. This derives from a number of results, one for
each incomplete logical/temporal connective of the mu*-calculus, that
characterize the structure of models, i.e. transition systems, whose
corresponding state-based semantics of the mu*-calculus is trace-complete
Finite-State Abstractions for Probabilistic Computation Tree Logic
Probabilistic Computation Tree Logic (PCTL) is the established temporal
logic for probabilistic verification of discrete-time Markov chains. Probabilistic
model checking is a technique that verifies or refutes whether a property
specified in this logic holds in a Markov chain. But Markov chains are often
infinite or too large for this technique to apply. A standard solution to
this problem is to convert the Markov chain to an abstract model and to
model check that abstract model. The problem this thesis therefore studies
is whether or when such finite abstractions of Markov chains for model
checking PCTL exist.
This thesis makes the following contributions. We identify a sizeable fragment
of PCTL for which 3-valued Markov chains can serve as finite abstractions;
this fragment is maximal for those abstractions and subsumes many
practically relevant specifications including, e.g., reachability. We also develop
game-theoretic foundations for the semantics of PCTL over Markov
chains by capturing the standard PCTL semantics via a two-player games.
These games, finally, inspire a notion of p-automata, which accept entire
Markov chains. We show that p-automata subsume PCTL and Markov
chains; that their languages of Markov chains have pleasant closure properties;
and that the complexity of deciding acceptance matches that of probabilistic
model checking for p-automata representing PCTL formulae. In addition,
we offer a simulation between p-automata that under-approximates
language containment. These results then allow us to show that p-automata
comprise a solution to the problem studied in this thesis
Expressiveness and Completeness in Abstraction
We study two notions of expressiveness, which have appeared in abstraction
theory for model checking, and find them incomparable in general. In
particular, we show that according to the most widely used notion, the class of
Kripke Modal Transition Systems is strictly less expressive than the class of
Generalised Kripke Modal Transition Systems (a generalised variant of Kripke
Modal Transition Systems equipped with hypertransitions). Furthermore, we
investigate the ability of an abstraction framework to prove a formula with a
finite abstract model, a property known as completeness. We address the issue
of completeness from a general perspective: the way it depends on certain
abstraction parameters, as well as its relationship with expressiveness.Comment: In Proceedings EXPRESS/SOS 2012, arXiv:1208.244
Labelled transition systems as a Stone space
A fully abstract and universal domain model for modal transition systems and
refinement is shown to be a maximal-points space model for the bisimulation
quotient of labelled transition systems over a finite set of events. In this
domain model we prove that this quotient is a Stone space whose compact,
zero-dimensional, and ultra-metrizable Hausdorff topology measures the degree
of bisimilarity such that image-finite labelled transition systems are dense.
Using this compactness we show that the set of labelled transition systems that
refine a modal transition system, its ''set of implementations'', is compact
and derive a compactness theorem for Hennessy-Milner logic on such
implementation sets. These results extend to systems that also have partially
specified state propositions, unify existing denotational, operational, and
metric semantics on partial processes, render robust consistency measures for
modal transition systems, and yield an abstract interpretation of compact sets
of labelled transition systems as Scott-closed sets of modal transition
systems.Comment: Changes since v2: Metadata updat
Verification of Agent-Based Artifact Systems
Artifact systems are a novel paradigm for specifying and implementing
business processes described in terms of interacting modules called artifacts.
Artifacts consist of data and lifecycles, accounting respectively for the
relational structure of the artifacts' states and their possible evolutions
over time. In this paper we put forward artifact-centric multi-agent systems, a
novel formalisation of artifact systems in the context of multi-agent systems
operating on them. Differently from the usual process-based models of services,
the semantics we give explicitly accounts for the data structures on which
artifact systems are defined. We study the model checking problem for
artifact-centric multi-agent systems against specifications written in a
quantified version of temporal-epistemic logic expressing the knowledge of the
agents in the exchange. We begin by noting that the problem is undecidable in
general. We then identify two noteworthy restrictions, one syntactical and one
semantical, that enable us to find bisimilar finite abstractions and therefore
reduce the model checking problem to the instance on finite models. Under these
assumptions we show that the model checking problem for these systems is
EXPSPACE-complete. We then introduce artifact-centric programs, compact and
declarative representations of the programs governing both the artifact system
and the agents. We show that, while these in principle generate infinite-state
systems, under natural conditions their verification problem can be solved on
finite abstractions that can be effectively computed from the programs. Finally
we exemplify the theoretical results of the paper through a mainstream
procurement scenario from the artifact systems literature
On the Complexity of ATL and ATL* Module Checking
Module checking has been introduced in late 1990s to verify open systems,
i.e., systems whose behavior depends on the continuous interaction with the
environment. Classically, module checking has been investigated with respect to
specifications given as CTL and CTL* formulas. Recently, it has been shown that
CTL (resp., CTL*) module checking offers a distinctly different perspective
from the better-known problem of ATL (resp., ATL*) model checking. In
particular, ATL (resp., ATL*) module checking strictly enhances the
expressiveness of both CTL (resp., CTL*) module checking and ATL (resp. ATL*)
model checking. In this paper, we provide asymptotically optimal bounds on the
computational cost of module checking against ATL and ATL*, whose upper bounds
are based on an automata-theoretic approach. We show that module-checking for
ATL is EXPTIME-complete, which is the same complexity of module checking
against CTL. On the other hand, ATL* module checking turns out to be
3EXPTIME-complete, hence exponentially harder than CTL* module checking.Comment: In Proceedings GandALF 2017, arXiv:1709.0176
- …