Uniform satisfiability in PSPACE for local temporal logics over Mazurkiewicz traces

We study the complexity of temporal logics over concurrent systems that can be described by Mazurkiewicz traces. We develop a general method to prove that the uniform satisfiability problem of local temporal logics is in PSPACE. We also demonstrate that this method applies to all known local temporal logics

Second-Order Hyperproperties

We introduce Hyper$^2$LTL, a temporal logic for the specification of hyperproperties that allows for second-order quantification over sets of traces. Unlike first-order temporal logics for hyperproperties, such as HyperLTL, Hyper$^2$LTL can express complex epistemic properties like common knowledge, Mazurkiewicz trace theory, and asynchronous hyperproperties. The model checking problem of Hyper$^2$LTL is, in general, undecidable. For the expressive fragment where second-order quantification is restricted to smallest and largest sets, we present an approximate model-checking algorithm that computes increasingly precise under- and overapproximations of the quantified sets, based on fixpoint iteration and automata learning. We report on encouraging experimental results with our model-checking algorithm, which we implemented in the tool~\texttt{HySO}

Visibly Linear Dynamic Logic

We introduce Visibly Linear Dynamic Logic (VLDL), which extends Linear Temporal Logic (LTL) by temporal operators that are guarded by visibly pushdown languages over finite words. In VLDL one can, e.g., express that a function resets a variable to its original value after its execution, even in the presence of an unbounded number of intermediate recursive calls. We prove that VLDL describes exactly the $\omega$-visibly pushdown languages. Thus it is strictly more expressive than LTL and able to express recursive properties of programs with unbounded call stacks. The main technical contribution of this work is a translation of VLDL into $\omega$-visibly pushdown automata of exponential size via one-way alternating jumping automata. This translation yields exponential-time algorithms for satisfiability, validity, and model checking. We also show that visibly pushdown games with VLDL winning conditions are solvable in triply-exponential time. We prove all these problems to be complete for their respective complexity classes.Comment: 25 Page

Propositional Dynamic Logic for Message-Passing Systems

We examine a bidirectional propositional dynamic logic (PDL) for finite and infinite message sequence charts (MSCs) extending LTL and TLC-. By this kind of multi-modal logic we can express properties both in the entire future and in the past of an event. Path expressions strengthen the classical until operator of temporal logic. For every formula defining an MSC language, we construct a communicating finite-state machine (CFM) accepting the same language. The CFM obtained has size exponential in the size of the formula. This synthesis problem is solved in full generality, i.e., also for MSCs with unbounded channels. The model checking problem for CFMs and HMSCs turns out to be in PSPACE for existentially bounded MSCs. Finally, we show that, for PDL with intersection, the semantics of a formula cannot be captured by a CFM anymore

Propositional Dynamic Logic with Converse and Repeat for Message-Passing Systems

The model checking problem for propositional dynamic logic (PDL) over message sequence charts (MSCs) and communicating finite state machines (CFMs) asks, given a channel bound $B$, a PDL formula $\varphi$ and a CFM $\mathcal{C}$, whether every existentially $B$-bounded MSC $M$ accepted by $\mathcal{C}$ satisfies $\varphi$. Recently, it was shown that this problem is PSPACE-complete. In the present work, we consider CRPDL over MSCs which is PDL equipped with the operators converse and repeat. The former enables one to walk back and forth within an MSC using a single path expression whereas the latter allows to express that a path expression can be repeated infinitely often. To solve the model checking problem for this logic, we define message sequence chart automata (MSCAs) which are multi-way alternating parity automata walking on MSCs. By exploiting a new concept called concatenation states, we are able to inductively construct, for every CRPDL formula $\varphi$, an MSCA precisely accepting the set of models of $\varphi$. As a result, we obtain that the model checking problem for CRPDL and CFMs is still in PSPACE

Second-Order Hyperproperties

We introduce Hyper^2LTL, a temporal logic for the specification of hyperproperties that allows for second-order quantification over sets of traces. Unlike first-order temporal logics for hyperproperties, such as HyperLTL, Hyper^2LTL can express complex epistemic properties like common knowledge, Mazurkiewicz trace theory, and asynchronous hyperproperties. The model checking problem of Hyper^2LTL is, in general, undecidable. For the expressive fragment where second-order quantification is restricted to smallest and largest sets, we present an approximate model-checking algorithm that computes increasingly precise under- and overapproximations of the quantified sets, based on fixpoint iteration and automata learning. We report on encouraging experimental results with our model-checking algorithm, which we implemented in the tool HySO

Automata and Logics for Concurrent Systems: Realizability and Verification

Automata are a popular tool to make computer systems accessible to formal methods. While classical finite automata are suitable to model sequential boolean programs, models of concurrent systems involve several interacting processes and extend finite-state machines in various respects. This habilitation thesis surveys several such extensions, including pushdown automata with multiple stacks, communicating automata with fixed, parameterized, or dynamic communication topology, and automata running on words over infinite alphabets. We focus on two major questions of classical automata theory, namely realizability (asking whether a specification has an automata counterpart) and model checking (asking whether a given automaton satisfies its specification)

Model Checking Communicating Processes: Run Graphs, Graph Grammars, and MSO

The formal model of recursive communicating processes (RCPS) is important in practice but does not allows to derive decidability results for model checking questions easily. We focus a partial order representation of RCPS’s execution by graphs—so called run graphs, and suggest an underapproximative verification approach based on a bounded-treewidth requirement. This allows to directly derive positive decidability results for MSO model checking (seen as partial order logic on run graphs) based on a context-freeness argument for restricted classes run graph

The expressive power of simple logical fragments over traces

We compare the expressive power of some first-order fragments and of two simple temporal logics over Mazurkiewicz traces. Over words, most of these fragments have the same expressive power whereas over traces we show that the ability of formulating concurrency increases the expressive power. We also show that over so-called dependence structures it is impossible to formulate concurrency with the first-order fragments under consideration. Although the first-order fragments $\Delta_n[<]$ and $FO^2[<]$ over partial orders both can express concurrency of two actions, we show that in general they are incomparable over traces. For $FO^2[<]$ we give a characterization in terms of temporal logic by allowing an operator for parallelism