Verification of Open Systems

  • Orna Kupferman
  • Moshe Y. Vardi
Chapter

Summary

In order to check whether an open system satisfies a desired property, we need to check the behavior of the system with respect to an arbitrary environment. In the most general setting, the environment is another open system. Given an open system M and a property ψ, we say that M robustly satisfies ψ iff for every open system M′, which serves as an environment to M, the composition M∥M′ satisfies ψ. The problem of robust model checking is then to decide, given M and ψ, whether M robustly satisfies ψ. In essence, robust model checking focuses on reasoning algorithmically about interaction. In this work we study the robust-model-checking problem. We consider systems modeled by nondeterministic Moore machines, and properties specified by branching temporal logic (for linear temporal logic, robust satisfaction coincides with usual satisfaction). We show that the complexity of the problem is EXPTIME-complete for CTL and the μ-calculus, and is 2EXPTIME-complete for CTL*. Thus, from a complexity-theoretic perspective, robust satisfaction behaves like satisfiability, rather than like model checking.

Keywords

Model Check Temporal Logic Computation Tree Linear Temporal Logic Tree Automaton 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi and L. Lamport. Composing specifications. ACM Transactions on Programming Languages and Systems, 15(1):73–132, 1993.CrossRefGoogle Scholar
  2. 2.
    R. Alur, T.A. Henzinger, and O. Kupferman. Alternating-time temporal logic. Journal of the ACM, 49(5):672–713, September 2002.MathSciNetCrossRefGoogle Scholar
  3. 3.
    M. Antoniotti. Synthesis and verification of discrete controllers for robotics and manufacturing devices with temporal logic and the Control-D system. PhD thesis, New York University, New York, 1995.Google Scholar
  4. 4.
    E.M. Clarke and E.A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proc. Workshop on Logic of Programs, volume 131 of Lecture Notes in Computer Science, pages 52–71. Springer-Verlag, 1981.MathSciNetGoogle Scholar
  5. 5.
    E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244–263, January 1986.MATHCrossRefGoogle Scholar
  6. 6.
    E.M. Clarke, O. Grumberg, and M.C. Browne. Reasoning about networks with many identical finite-state processes. In Proc. 5th ACM Symp. on Principles of Distributed Computing, pages 240–248, Calgary, Alberta, August 1986.Google Scholar
  7. 7.
    D.L. Dill. Trace theory for automatic hierarchical verification of speed independent circuits. MIT Press, 1989.Google Scholar
  8. 8.
    E.A. Emerson. Temporal and modal logic. In J. Van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B, chapter 16, pages 997–1072. Elsevier, MIT Press, 1990.Google Scholar
  9. 9.
    E.A. Emerson and J.Y. Halpern. Sometimes and not never revisited: On branching versus linear time. Journal of the ACM, 33(1):151–178, 1986.MATHMathSciNetCrossRefGoogle Scholar
  10. 10.
    E.A. Emerson and C. Jutla. On simultaneously determinizing and complementing ω-automata. In Proc. 4th IEEE Symp. on Logic in Computer Science, pages 333–342, 1989.Google Scholar
  11. 11.
    E.A. Emerson and C. Jutla. Tree automata, μ-calculus and determinacy. In Proc. 32nd IEEE Symp. on Foundations of Computer Science, pages 368–377, San Juan, October 1991.Google Scholar
  12. 12.
    E.A. Emerson and C.-L. Lei. Modalities for model checking: Branching time logic strikes back. In Proc. 20th ACM Symp. on Principles of Programming Languages, pages 84–96, New Orleans, January 1985.Google Scholar
  13. 13.
    E.A. Emerson and C.-L. Lei. Temporal model checking under generalized fairness constraints. In Proc. 18th Hawaii International Conference on System Sciences, North Holywood, 1985. Western Periodicals Company.Google Scholar
  14. 14.
    E.A. Emerson and A. P. Sistla. Deciding branching time logic. In Proc. 16th ACM Symp. on Theory of Computing, Washington, April 1984.Google Scholar
  15. 15.
    M.J. Fischer and L.D. Zuck. Reasoning about uncertainty in fault-tolerant distributed systems. In M. Joseph, editor, Proc. Symp. on Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 331 of Lecture Notes in Computer Science, pages 142–158. Springer-Verlag, 1988.Google Scholar
  16. 16.
    R. Gawlick, R. Segala, J. Sogaard-Andersen, and N. Lynch. Liveness in timed and untimed systems. In Automata, Languages, and Programming, Proc. 21st ICALP, volume 820 of Lecture Notes in Computer Science, pages 166–177. Springer-Verlag, 1994.MathSciNetGoogle Scholar
  17. 17.
    E. Graedel and I. Walukiewicz. Guarded fixed point logic. In Proc. 14th Symp. on Logic in Computer Science, July 1999.Google Scholar
  18. 18.
    O. Grumberg and D.E. Long. Model checking and modular verification. In Proc. 2nd Conference on Concurrency Theory, volume 527 of Lecture Notes in Computer Science, pages 250–265. Springer-Verlag, 1991.MathSciNetGoogle Scholar
  19. 19.
    O. Grumberg and D.E. Long. Model checking and modular verification. ACM Trans. on Programming Languages and Systems, 16(3):843–871, 1994.CrossRefGoogle Scholar
  20. 20.
    J.Y. Halpern and R. Fagin. Modelling knowladge and action in distributed systems. Distributed Computing, 3(4):159–179, 1989.MATHCrossRefGoogle Scholar
  21. 21.
    D. Harel, O. Kupferman, and M.Y. Vardi. On the complexity of verifying concurrent transition systems. In Proc. 8th Conference on Concurrency Theory, volume 1243 of Lecture Notes in Computer Science, pages 258–272, Warsaw, July 1997. Springer-Verlag.MathSciNetGoogle Scholar
  22. 22.
    D. Harel and A. Pnueli. On the development of reactive systems. In K. Apt, editor, Logics and Models of Concurrent Systems, volume F-13 of NATO Advanced Summer Institutes, pages 477–498. Springer-Verlag, 1985.Google Scholar
  23. 23.
    T.A. Henzinger, O. Kupferman, and S. Qadeer. From pre-historic to postmodern symbolic model checking. In Computer Aided Verification, Proc. 10th International Conference, volume 1427 of Lecture Notes in Computer Science. Springer-Verlag, 1998.Google Scholar
  24. 24.
    C.A.R. Hoare. Communicating Sequential Processes. Prentice-Hall, 1985.Google Scholar
  25. 25.
    B. Jonsson and Y.-K. Tsay. Assumption/guarantee specifications in linear-time temporal logic. In P.D. Mosses, M. Nielsen, and M.I. Schwartzbach, editors, TAPSOFT’ 95: Theory and Practice of Software Development, volume 915 of Lecture Notes in Computer Science, pages 262–276, Aarhus, Denmark, May 1995. Springer-Verlag.Google Scholar
  26. 26.
    D. Kozen. Results on the propositional μ-calculus. Theoretical Computer Science, 27:333–354, 1983.MATHMathSciNetCrossRefGoogle Scholar
  27. 27.
    O. Kupferman, P. Madhusudan, P.S. Thiagarajan, and M.Y. Vardi. Open systems in reactive environments: Control and synthesis. In Proc. 11th International Conference on Concurrency Theory, volume 1877 of Lecture Notes in Computer Science, pages 92–107. Springer-Verlag, 2000.MATHMathSciNetGoogle Scholar
  28. 28.
    O. Kupferman and M.Y. Vardi. On the complexity of branching modular model checking. In Proc. 6th Conference on Concurrency Theory, volume 962 of Lecture Notes in Computer Science, pages 408–422, Philadelphia, August 1995. Springer-Verlag.Google Scholar
  29. 29.
    O. Kupferman and M.Y. Vardi. Module checking. In Computer Aided Verification, Proc. 8th International Conference, volume 1102 of Lecture Notes in Computer Science, pages 75–86. Springer-Verlag, 1996.Google Scholar
  30. 30.
    O. Kupferman and M.Y. Vardi. Module checking revisited. In Computer Aided Verification, Proc. 9th International Conference, volume 1254 of Lecture Notes in Computer Science, pages 36–47. Springer-Verlag, 1997.Google Scholar
  31. 31.
    O. Kupferman and M.Y. Vardi. Weak alternating automata and tree automata emptiness. In Proc. 30th ACM Symp. on Theory of Computing, pages 224–233, Dallas, 1998.Google Scholar
  32. 32.
    O. Kupferman and M.Y. Vardi. Robust satisfaction. In Proc. 10th Conference on Concurrency Theory, volume 1664 of Lecture Notes in Computer Science, pages 383–398. Springer-Verlag, August 1999.MATHMathSciNetGoogle Scholar
  33. 33.
    O. Kupferman, M.Y. Vardi, and P. Wolper. An automata-theoretic approach to branching-time model checking. Journal of the ACM, 47(2):312–360, March 2000.MathSciNetCrossRefGoogle Scholar
  34. 34.
    O. Kupferman, M.Y. Vardi, and P. Wolper. Module checking. Information and Computation, 164:322–344, 2001.MATHMathSciNetCrossRefGoogle Scholar
  35. 35.
    L. Lamport. Sometimes is sometimes “not never”-on the temporal logic of programs. In Proc. 7th ACM Symp. on Principles of Programming Languages, pages 174–185, January 1980.Google Scholar
  36. 36.
    Z. Manna and A. Pnueli. Temporal specification and verification of reactive modules. Technical report, Weizmann Institute, 1992.Google Scholar
  37. 37.
    A.K. McIver and C. Morgan. Demonic, angelic and unbounded probabilistic choices in sequential programs. Acta Informatica, 37(4–5):329–354, 2001.MATHMathSciNetCrossRefGoogle Scholar
  38. 38.
    R. Milner. An algebraic definition of simulation between programs. In Proc. 2nd International Joint Conference on Artificial Intelligence, pages 481–489. British Computer Society, September 1971.Google Scholar
  39. 39.
    D.E. Muller and P.E. Schupp. Alternating automata on infinite trees. Theoretical Computer Science, 54:267–276, 1987.MATHMathSciNetCrossRefGoogle Scholar
  40. 40.
    D.E. Muller and P.E. Schupp. Simulating alternating tree automata by nondeterministic automata: New results and new proofs of theorems of Rabin, Mc-Naughton and Safra. Theoretical Computer Science, 141:69–107, 1995.MATHMathSciNetCrossRefGoogle Scholar
  41. 41.
    A. Pnueli. In transition from global to modular temporal reasoning about programs. In K. Apt, editor, Logics and Models of Concurrent Systems, volume F-13 of NATO Advanced Summer Institutes, pages 123–144. Springer-Verlag, 1985.Google Scholar
  42. 42.
    A. Pnueli and R. Rosner. On the synthesis of a reactive module. In Proc. 16th ACM Symp. on Principles of Programming Languages, pages 179–190, Austin, January 1989.Google Scholar
  43. 43.
    J.P. Queille and J. Sifakis. Specification and verification of concurrent systems in Cesar. In Proc. 5th International Symp. on Programming, volume 137 of Lecture Notes in Computer Science, pages 337–351. Springer-Verlag, 1981.MathSciNetGoogle Scholar
  44. 44.
    M.O. Rabin. Weakly definable relations and special automata. In Proc. Symp. Math. Logic and Foundations of Set Theory, pages 1–23. North Holland, 1970.Google Scholar
  45. 45.
    P.J.G. Ramadge and W.M. Wonham. The control of discrete event systems. IEEE Transactions on Control Theory, 77:81–98, 1989.Google Scholar
  46. 46.
    R.S. Streett and E.A. Emerson. An automata theoretic decision procedure for the propositional gm-calculus. Information and Computation, 81(3):249–264, 1989.MATHMathSciNetCrossRefGoogle Scholar
  47. 47.
    J.W. Thatcher. Tree automata: an informal survey. In A.V. Aho, editor, Currents in the theory of computing, pages 143–172. Prentice-Hall, Englewood Cliffs, 1973.Google Scholar
  48. 48.
    M.Y. Vardi and P. Wolper. Automata-theoretic techniques for modal logics of programs. Journal of Computer and System Science, 32(2):182–221, April 1986.MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Orna Kupferman
    • 1
  • Moshe Y. Vardi
    • 2
  1. 1.Hebrew UniversityJerusalemIsrael
  2. 2.Rice UniversityHoustonUSA

Personalised recommendations