Two Variable vs. Linear Temporal Logic in Model Checking and Games

Model checking linear-time properties expressed in first-order logic has non-elementary complexity, and thus various restricted logical languages are employed. In this paper we consider two such restricted specification logics, linear temporal logic (LTL) and two-variable first-order logic (FO2). LTL is more expressive but FO2 can be more succinct, and hence it is not clear which should be easier to verify. We take a comprehensive look at the issue, giving a comparison of verification problems for FO2, LTL, and various sublogics thereof across a wide range of models. In particular, we look at unary temporal logic (UTL), a subset of LTL that is expressively equivalent to FO2; we also consider the stutter-free fragment of FO2, obtained by omitting the successor relation, and the expressively equivalent fragment of UTL, obtained by omitting the next and previous connectives. We give three logic-to-automata translations which can be used to give upper bounds for FO2 and UTL and various sublogics. We apply these to get new bounds for both non-deterministic systems (hierarchical and recursive state machines, games) and for probabilistic systems (Markov chains, recursive Markov chains, and Markov decision processes). We couple these with matching lower-bound arguments. Next, we look at combining FO2 verification techniques with those for LTL. We present here a language that subsumes both FO2 and LTL, and inherits the model checking properties of both languages. Our results give both a unified approach to understanding the behaviour of FO2 and LTL, along with a nearly comprehensive picture of the complexity of verification for these logics and their sublogics.Comment: 37 pages, to be published in Logical Methods in Computer Science journal, includes material presented in Concur 2011 and QEST 2012 extended abstract

A theory of normed simulations

In existing simulation proof techniques, a single step in a lower-level specification may be simulated by an extended execution fragment in a higher-level one. As a result, it is cumbersome to mechanize these techniques using general purpose theorem provers. Moreover, it is undecidable whether a given relation is a simulation, even if tautology checking is decidable for the underlying specification logic. This paper introduces various types of normed simulations. In a normed simulation, each step in a lower-level specification can be simulated by at most one step in the higher-level one, for any related pair of states. In earlier work we demonstrated that normed simulations are quite useful as a vehicle for the formalization of refinement proofs via theorem provers. Here we show that normed simulations also have pleasant theoretical properties: (1) under some reasonable assumptions, it is decidable whether a given relation is a normed forward simulation, provided tautology checking is decidable for the underlying logic; (2) at the semantic level, normed forward and backward simulations together form a complete proof method for establishing behavior inclusion, provided that the higher-level specification has finite invisible nondeterminism.Comment: 31 pages, 10figure

Robust Model-Checking of Linear-Time Properties in Timed Automata

International audienceFormal verification of timed systems is well understood, but their \emphimplementation is still challenging. Recent works by Raskin \emphet al. have brought out a model of parameterized timed automata that can be used to prove \emphimplementability of timed systems for safety properties. We define here a more general notion of robust model-checking for linear-time properties, which consists in verifying whether a property still holds even if the transitions are slightly delayed or expedited. We provide PSPACE algorithms for the robust model-checking of Büchi-like and LTL properties. We also verify bounded-response-time properties

Automatic Generation of Invariants for Circular Derivations in {SUP(LA)} 1

The hierarchic combination of linear arithmetic and firstorder logic with free function symbols, FOL(LA), results in a strictly more expressive logic than its two parts. The SUP(LA) calculus can be turned into a decision procedure for interesting fragments of FOL(LA). For example, reachability problems for timed automata can be decided by SUP(LA) using an appropriate translation into FOL(LA). In this paper, we extend the SUP(LA) calculus with an additional inference rule, automatically generating inductive invariants from partial SUP(LA) derivations. The rule enables decidability of more expressive fragments, including reachability for timed automata with unbounded integer variables. We have implemented the rule in the SPASS(LA) theorem prover with promising results, showing that it can considerably speed up proof search and enable termination of saturation for practically relevant problems

Model Checking CTL is Almost Always Inherently Sequential

The model checking problem for CTL is known to be P-complete (Clarke, Emerson, and Sistla (1986), see Schnoebelen (2002)). We consider fragments of CTL obtained by restricting the use of temporal modalities or the use of negations---restrictions already studied for LTL by Sistla and Clarke (1985) and Markey (2004). For all these fragments, except for the trivial case without any temporal operator, we systematically prove model checking to be either inherently sequential (P-complete) or very efficiently parallelizable (LOGCFL-complete). For most fragments, however, model checking for CTL is already P-complete. Hence our results indicate that, in cases where the combined complexity is of relevance, approaching CTL model checking by parallelism cannot be expected to result in any significant speedup. We also completely determine the complexity of the model checking problem for all fragments of the extensions ECTL, CTL+, and ECTL+

Symmetry in temporal logic model checking

Temporal logic model checking involves checking the state-space of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the state-space. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature

A multilevel intervention to increase physical activity and improve healthy eating and physical literacy among young children (ages 3-5) attending early childcare centres: the Healthy Start-Départ Santé cluster randomised controlled trial study protocol

Abstract: Background: Childhood obesity is a growing concern for public health. Given a majority of children in many countries spend approximately 30 h per week in early childcare centers, this environment represents a promising setting for implementing strategies to foster healthy behaviours for preventing and controlling childhood obesity. Healthy Start-Départ Santé was designed to promote physical activity, physical literacy, and healthy eating among preschoolers. The objectives of this study are to assess the effectiveness of the Healthy Start-Départ Santé intervention in improving physical activity levels, physical literacy, and healthy eating among preschoolers attending early childcare centers. Methods/Design: This study follows a cluster randomized controlled trial design in which the childcare centers are randomly assigned to receive the intervention or serve as usual care controls. The Healthy Start-Départ Santé intervention is comprised of interlinked components aiming to enable families and educators to integrate physical activity and healthy eating in the daily lives of young children by influencing factors at the intrapersonal, interpersonal, organizational, community, physical environment and policy levels. The intervention period, spanning 6-8 months, is preceded and followed by data collections. Participants are recruited from 61 childcare centers in two Canadian provinces, New Brunswick and Saskatchewan. Centers eligible for this study have to prepare and provide meals for lunch and have at least 20 children between the ages of 3 and 5. Centers are excluded if they have previously received a physical activity or nutrition promoting intervention. Eligible centers are stratified by province, geographical location (urban or rural) and language (English or French), then recruited and randomized using a one to one protocol for each stratum. Data collection is ongoing. The primary study outcomes are assessed using accelerometers (physical activity levels), the Test of Gross Motor Development-II (physical literacy), and digital photography-assisted weighted plate waste (food intake). Discussion: The multifaceted approach of Healthy Start-Départ Santé positions it well to improve the physical literacy and both dietary and physical activity behaviors of children attending early childcare centers. The results of this study will be of relevance given the overwhelming prevalence of overweight and obesity in children worldwide. Trial registration: NCT02375490 (ClinicalTrials.gov registry)