Automata-Theoretic Verification

Logics for concurrency, 1996

The automata-theoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus, programs and specifications can be viewed as descriptions of languages over some alphabet. The automata-theoretic perspective considers the relationships between programs and their specifications as relationships between languages. By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis.

1997

We describe an automata-theoretic approach to the automated checking of truth and validity for temporal logics. The basic idea underlying this approach is that for any formula we can construct an alternating automaton that accepts precisely the models of the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees.

BRICS Report Series, 1995

One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient model-checking algorithms, and in the last few years these algorithms have been made applicable to the verification of real-time automata using the region-techniques of Alur and Dill. In this paper, we continue this transfer of existing techniques from the setting of finite (untimed) automata to that of timed automata. In particular, a timed logic L ν is put forward, which is sufficiently expressive that we for any timed automaton may construct a single characteristic L ν formula uniquely characterizing the automaton up to timed bisimilarity. Also, we prove decidability of the satisfiability problem for L ν with respect to given bounds on the number of clocks and constants of the timed automata to be constructed. None of these results have as yet been succesfully accounted for in the presence of time 1. * This work has been supported by the European Communities under CONCUR2, BRA 7166 † Basic Research in Computer Science, Centre of the Danish National Research Foundation. 1 An exception occurs in Alur's thesis [Alu91] in which a decidability result is presented for a linear timed logic called MITL.

2001

This paper presents a tutorial introduction to the construction of finite-automata on infinite words from linear-time temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is always equal to the worst-case upper bound. It then turns to the techniques that can be used to improve this algorithm in order to obtain the quite effective algorithms that are now in use.

2007

Increasing interest towards property based design calls for effective satisfiability procedures for expressive temporal logics, e.g. the IEEE standard Property Specification Language (PSL). In this paper, we propose a new approach to the satisfiability of PSL formulae; we follow recent approaches to decision procedures for Satisfiability Modulo Theory, typically applied to fragments of First Order Logic. The underlying intuition is to combine two interacting search mechanisms: on one side, we search for assignments that satisfy the Boolean abstraction of the problem; on the other, we invoke a solver for temporal satisfiability on the conjunction of temporal formulae corresponding to the assignment. Within this framework, we explore two directions. First, given the fixed polarity of each constraint in the theory solver, aggressive simplifications can be applied. Second, we analyze the idea of conflict reconstruction: whenever a satisfying assignment at the level of the Boolean abstraction results in a temporally unsatisfiable problem, we identify inconsistent subsets that can be used to rule out possibly many other assignments. We propose two methods to extract conflict sets on conjunctions of temporal formulae (one based on BDD-based Model Checking, and one based on SAT-based Simple Bounded Model Checking). We analyze the limits and the merits of the approach with a thorough experimental evaluation. a counterexample trace: the user is working at the level of requirements, and thus the inconsistency should be identified at the same level, e.g. as a subset of inconsistent requirements. Furthermore, this approach may have some limitations: in fact, techniques and tools for temporal logic model checking are focusing on complexity in the model, and even reductions on the temporal logic formula [ST03] are oriented to dominating the complexity in the model.

We investigate a SAT-based bounded model checking (BMC) method for MTL (metric temporal logic) that is interpreted over linear discrete infinite time models generated by discrete timed automata. In particular, we translate the existential model checking problem for MTL to the existential model checking problem for a variant of linear temporal logic (called HLTL), and we provide a SAT-based BMC technique for HLTL. We show how to implement the BMC technique for HLTL and discrete timed automata, and as a case study we apply the technique in the analysis of TGPP, a Timed Generic Pipeline Paradigm modelled by a network of discrete timed automata.

2001

Abstract. Model Checking has become one of the most powerful methods for automatic verification of software systems. But this technique is only directly applicable to small or medium size systems. For large systems, it suffers from the state explosion problem. One of the most promising ways to solve this problem is the use of Abstract Interpretation to construct simpler models of the system, where the interesting properties can be analyzed. In this paper, we present a theoretical language-independent framework to assist in the ...

Lecture Notes in Computer Science, 1997

This paper proposes an expressive extension to Propositional Linear Temporal Logic dealing with real time correctness properties and gives an automata-theoretic model checking algorithm for the extension. The algorithm has been implemented and applied to examples.

… Testing and Verification, 1995

We present a tableau-based algorithm for obtaining an automaton from a temporal logic formula. The algorithm is geared towards being used in model checking in an "on-the-fly" fashion, that is the automaton can be constructed simultaneously with, and guided by, the generation of the model. In particular, it is possible to detect that a property does not hold by only constructing part of the model and of the automaton. The algorithm can also be used to check the validity of a temporal logic assertion. Although the general problem is PSPACE-complete, experiments show that our algorithm performs quite well on the temporal formulas typically encountered in verification. While basing linear-time temporal logic model-checking upon a transformation to automata is not new, the details of how to do this efficiently, and in "on-the-fly" fashion have never been given.

Protocol Specification, Testing and Verification, Xiii: Proceedings of the IFIP TC6/WG6. 1. Thirteenth International Symposium on Protocol Specification, Testing and Verification, Liége, Belgium, 25-28 May, 1993, 1993

We present a new algorithm that can be used for solving the model−checking problem for linear−time temporal logic. This algorithm can be viewed as the combination of two existing algorithms plus a new state representation technique introduced in this paper. The new algorithm is simpler than the traditional algorithm of Tarjan to check for maximal strongly connected components in a directed graph which is the classical algorithm used for model−checking. It has the same time complexity as Tarjan's algorithm, but requires less memory. Our algorithm is also compatible with other important complexity management techniques, such as bit−state hashing and state space caching.