235 research outputs found
New results on pushdown module checking with imperfect information
Model checking of open pushdown systems (OPD) w.r.t. standard branching
temporal logics (pushdown module checking or PMC) has been recently
investigated in the literature, both in the context of environments with
perfect and imperfect information about the system (in the last case, the
environment has only a partial view of the system's control states and stack
content). For standard CTL, PMC with imperfect information is known to be
undecidable. If the stack content is assumed to be visible, then the problem is
decidable and 2EXPTIME-complete (matching the complexity of PMC with perfect
information against CTL). The decidability status of PMC with imperfect
information against CTL restricted to the case where the depth of the stack
content is visible is open. In this paper, we show that with this restriction,
PMC with imperfect information against CTL remains undecidable. On the other
hand, we individuate an interesting subclass of OPDS with visible stack content
depth such that PMC with imperfect information against the existential fragment
of CTL is decidable and in 2EXPTIME. Moreover, we show that the program
complexity of PMC with imperfect information and visible stack content against
CTL is 2EXPTIME-complete (hence, exponentially harder than the program
complexity of PMC with perfect information, which is known to be
EXPTIME-complete).Comment: In Proceedings GandALF 2011, arXiv:1106.081
Rich Counter-Examples for Temporal-Epistemic Logic Model Checking
Model checking verifies that a model of a system satisfies a given property,
and otherwise produces a counter-example explaining the violation. The verified
properties are formally expressed in temporal logics. Some temporal logics,
such as CTL, are branching: they allow to express facts about the whole
computation tree of the model, rather than on each single linear computation.
This branching aspect is even more critical when dealing with multi-modal
logics, i.e. logics expressing facts about systems with several transition
relations. A prominent example is CTLK, a logic that reasons about temporal and
epistemic properties of multi-agent systems. In general, model checkers produce
linear counter-examples for failed properties, composed of a single computation
path of the model. But some branching properties are only poorly and partially
explained by a linear counter-example.
This paper proposes richer counter-example structures called tree-like
annotated counter-examples (TLACEs), for properties in Action-Restricted CTL
(ARCTL), an extension of CTL quantifying paths restricted in terms of actions
labeling transitions of the model. These counter-examples have a branching
structure that supports more complete description of property violations.
Elements of these counter-examples are annotated with parts of the property to
give a better understanding of their structure. Visualization and browsing of
these richer counter-examples become a critical issue, as the number of
branches and states can grow exponentially for deeply-nested properties.
This paper formally defines the structure of TLACEs, characterizes adequate
counter-examples w.r.t. models and failed properties, and gives a generation
algorithm for ARCTL properties. It also illustrates the approach with examples
in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been
implemented, first by extending the NuSMV model checker to generate and export
branching counter-examples, secondly by providing an interactive graphical
interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422
Formal Description and Analysis of a Bounded Retransmission Protocol
This paper reports about the formal specification and verification of a Bounded Retransmission Protocol (BRP) used by Philips in one of its products. We started with the descriptions of the BRP service (i.e., external behaviour) and protocol written in the mu-CRL language by Groote and van de Pol. After translating them in the LOTOS language, we performed verifications by model-checking using the CADP (CAESAR/ALDEBARAN) toolbox. The models of the LOTOS descriptions were generated using the CAESAR compiler (by putting bounds on the data domains) and checked to be branching equivalent using the ALDEBARAN tool. Alternately, we formulated in the ACTL temporal logic a set of safety and liveness properties for the BRP protocol and checked them on the corresponding model using our XTL generic model-checker
Logic and model checking for hidden Markov models
The branching-time temporal logic PCTL* has been introduced to specify quantitative properties over probability systems, such as discrete-time Markov chains. Until now, however, no logics have been defined to specify properties over hidden Markov models (HMMs). In HMMs the states are hidden, and the hidden processes produce a sequence of observations. In this paper we extend the logic PCTL* to POCTL*. With our logic one can state properties such as "there is at least a 90 percent probability that the model produces a given sequence of observations" over HMMs. Subsequently, we give model checking algorithms for POCTL* over HMMs
Generalized Strong Preservation by Abstract Interpretation
Standard abstract model checking relies on abstract Kripke structures which
approximate concrete models by gluing together indistinguishable states, namely
by a partition of the concrete state space. Strong preservation for a
specification language L encodes the equivalence of concrete and abstract model
checking of formulas in L. We show how abstract interpretation can be used to
design abstract models that are more general than abstract Kripke structures.
Accordingly, strong preservation is generalized to abstract
interpretation-based models and precisely related to the concept of
completeness in abstract interpretation. The problem of minimally refining an
abstract model in order to make it strongly preserving for some language L can
be formulated as a minimal domain refinement in abstract interpretation in
order to get completeness w.r.t. the logical/temporal operators of L. It turns
out that this refined strongly preserving abstract model always exists and can
be characterized as a greatest fixed point. As a consequence, some well-known
behavioural equivalences, like bisimulation, simulation and stuttering, and
their corresponding partition refinement algorithms can be elegantly
characterized in abstract interpretation as completeness properties and
refinements
- …