Asynchronous Games over Tree Architectures

We consider the task of controlling in a distributed way a Zielonka asynchronous automaton. Every process of a controller has access to its causal past to determine the next set of actions it proposes to play. An action can be played only if every process controlling this action proposes to play it. We consider reachability objectives: every process should reach its set of final states. We show that this control problem is decidable for tree architectures, where every process can communicate with its parent, its children, and with the environment. The complexity of our algorithm is l-fold exponential with l being the height of the tree representing the architecture. We show that this is unavoidable by showing that even for three processes the problem is EXPTIME-complete, and that it is non-elementary in general

Computing Approximating Automata for a Class of Linear Hybrid Systems

Approximating automata are finite-state representations of the sequential inputoutput behaviors of hybrid systems characterized by threshold events that trigger discrete changes in the continuous dynamic equations. Procedures proposed for constructing approximating automata require forward and backward mappings of sets of continuous state trajectories -- mappings which are not available for arbitrary continuous dynamics. This paper develops the foundations for constructing approximating automata automatically for hybrid systems in which the continuous dynamics are defined by convex polytopes in the vector space of the derivatives of the continuous state trajectories. The computations are illustrated for a simple example which also demonstrates the use of approximating automata to solve verification problems that may be intractable using fixed-point computations for linear hybrid automata. 1 Introduction This paper concerns the generation of purely discrete models (finite automata) for..

Faster model checking for open systems

We investigate O_{R_E}X, a temporal logic for specifying open systems. Path properties in O_{R_E}X are expressed using ε-regular expressions, while similar logics for open systems, such as ATL* of Alur et al., use LTL for this purpose. Our results indicate that this distinction is an important one. In particular, we show that O_{R_E}X has a more efficient model-checking procedure than ATL*, even though it is strictly more expressive. To this end, we present a single-exponential model-checking algorithm for O_{R_E}X; the model-checking problem for ATL* in contrast is provably double-exponential

Detecting Errors Before Reaching Them

Any formal method or tool is almost certainly more often applied in situations where the outcome is failure (a counterexample) rather than success (a correctness proof). We present a method for symbolic model checking that can lead to significant time and memory savings for model-checking runs that fail, while occurring only a small overhead for model-checking runs that succeed. Our method discovers an error as soon as it cannot be prevented, which can be long before it actually occurs; for example, the violation of an invariant may become unpreventable many transitions before the invariant is violated