Showing papers by "Jean-François Raskin published in 2011"

Faster algorithms for mean-payoff games

Abstract: In this paper, we study algorithmic problems for quantitative models that are motivated by the applications in modeling embedded systems. We consider two-player games played on a weighted graph with mean-payoff objective and with energy constraints. We present a new pseudopolynomial algorithm for solving such games, improving the best known worst-case complexity for pseudopolynomial mean-payoff algorithms. Our algorithm can also be combined with the procedure by Andersson and Vorobyov to obtain a randomized algorithm with currently the best expected time complexity. The proposed solution relies on a simple fixpoint iteration to solve the log-space equivalent problem of deciding the winner of energy games. Our results imply also that energy games and mean-payoff games can be reduced to safety games in pseudopolynomial time.

Antichains and compositional algorithms for LTL synthesis

Abstract: In this paper, we present new monolithic and compositional algorithms to solve the LTL realizability problem. Those new algorithms are based on a reduction of the LTL realizability problem to a game whose winning condition is defined by a universal automaton on infinite words with a k-co-Buchi acceptance condition. This acceptance condition asks that runs visit at most k accepting states, so it implicitly defines a safety game. To obtain efficient algorithms from this construction, we need several additional ingredients. First, we study the structure of the underlying automata constructions, and we show that there exists a partial order that structures the state space of the underlying safety game. This partial order can be used to define an efficient antichain algorithm. Second, we show that the algorithm can be implemented in an incremental way by considering increasing values of k in the acceptance condition. Finally, we show that for large LTL formulas that are written as conjunctions of smaller formulas, we can solve the problem compositionally by first computing winning strategies for each conjunct that appears in the large formula. We report on the behavior of those algorithms on several benchmarks. We show that the compositional algorithms are able to handle LTL formulas that are several pages long.

Quantitative Languages Defined by Functional Automata

Abstract: A weighted automaton is functional if any two accepting runs on the same finite word have the same value. In this paper, we investigate functional weighted automata for four different measures: the sum, the mean, the discounted sum of weights along edges and the ratio between rewards and costs. On the positive side, we show that functionality is decidable for the four measures. Furthermore, the existential and universal threshold problems, the language inclusion problem and the equivalence problem are all decidable when the weighted automata are functional. On the negative side, we also study the quantitative extension of the realizability problem and show that it is undecidable for sum, mean and ratio. We finally show how to decide whether the language associated with a given functional automaton can be defined with a deterministic one, for sum, mean and discounted sum. The results on functionality and determinizability are expressed for the more general class of functional group automata. This allows one to formulate within the same framework new results related to discounted sum automata and known results on sum and mean automata. Ratio automata do not fit within this general scheme and different techniques are required to decide functionality.

On Reachability for Hybrid Automata over Bounded Time

Abstract: This paper investigates the time-bounded version of the reachability problem for hybrid automata. This problem asks whether a given hybrid automaton can reach a given target location within T time units, where T is a constant rational value. We show that, in contrast to the classical (unbounded) reachability problem, the timed-bounded version is decidable for rectangular hybrid automata provided only non-negative rates are allowed. This class of systems is of practical interest and subsumes, among others, the class of stopwatch automata. We also show that the problem becomes undecidable if either diagonal constraints or both negative and positive rates are allowed.

On reachability for hybrid automata over bounded time

Abstract: This paper investigates the time-bounded version of the reachability problem for hybrid automata. This problem asks whether a given hybrid automaton can reach a given target location within T time units, where T is a constant rational value. We show that, in contrast to the classical (unbounded) reachability problem, the timed-bounded version is decidable for rectangular hybrid automata provided only non-negative rates are allowed. This class of systems is of practical interest and subsumes, among others, the class of stopwatch automata. We also show that the problem becomes undecidable if either diagonal constraints or both negative and positive rates are allowed.

Antichain-based QBF solving

Abstract: We consider the problem of QBF solving viewed as a reachability problem in an exponential And-Or graph. Antichain-based algorithms for reachability analysis in large graphs exploit certain subsumption relations to leverage the inherent structure of the explored graph in order to reduce the effect of state explosion, with high performance in practice. In this paper, we propose simple notions of subsumption induced by the structural properties of the And-Or graphs for QBF solving. Subsumption is used to reduce the size of the search tree, and to define compact representations of certificates (in the form of antichains) both for positive and negative instances of QBF. We show that efficient exploration of the reduced search tree essentially relies on solving variants of Max-SAT and Min-SAT. Preliminary stand-alone experiments of this algorithm show that the antichain-based approach is promising.

New algorithms and data structures for the emptiness problem of alternating automata

Abstract: This work studies new algorithms and data structures that are useful in the context of program verification. As computers have become more and more ubiquitous in our modern societies, an increasingly large number of computer-based systems are considered safety-critical. Such systems are characterized by the fact that a failure or a bug (computer error in the computing jargon) could potentially cause large damage, whether in loss of life, environmental damage, or economic damage. For safety-critical systems, the industrial software engineering community increasingly calls for using techniques which provide some formal assurance that a certain piece of software is correct.One of the most successful program verification techniques is model checking, in which programs are typically abstracted by a finite-state machine. After this abstraction step, properties (typically in the form of some temporal logic formula) can be checked against the finite-state abstraction, with the help of automated tools. Alternating automata play an important role in this context, since many temporal logics on words and trees can be efficiently translated into those automata. This property allows for the reduction of model checking to automata-theoretic questions and is called the automata-theoretic approach to model checking. In this work, we provide three novel approaches for the analysis (emptiness checking) of alternating automata over finite and infinite words. First, we build on the successful framework of antichains to devise new algorithms for LTL satisfiability and model checking, using alternating automata. These algorithms combine antichains with reduced ordered binary decision diagrams in order to handle the exponentially large alphabets of the automata generated by the LTL translation. Second, we develop new abstraction and refinement algorithms for alternating automata, which combine the use of antichains with abstract interpretation, in order to handle ever larger instances of alternating automata. Finally, we define a new symbolic data structure, coined lattice-valued binary decision diagrams that is particularly well-suited for the encoding of transition functions of alternating automata over symbolic alphabets. All of these works are supported with empirical evaluations that confirm the practical usefulness of our approaches. / Ce travail traite de l'etude de nouveaux algorithmes et structures de donnees dont l'usage est destine a la verification de programmes. Les ordinateurs sont de plus en plus presents dans notre vie quotidienne et, de plus en plus souvent, ils se voient confies des tâches de nature critique pour la securite. Ces systemes sont caracterises par le fait qu'une panne ou un bug (erreur en jargon informatique) peut avoir des effets potentiellement desastreux, que ce soit en pertes humaines, degâts environnementaux, ou economiques. Pour ces systemes critiques, les concepteurs de systemes industriels pronent de plus en plus l'usage de techniques permettant d'obtenir une assurance formelle de correction.Une des techniques de verification de programmes les plus utilisees est le model checking, avec laquelle les programmes sont typiquement abstraits par une machine a etats finis. Apres cette phase d'abstraction, des proprietes (typiquement sous la forme d'une formule de logique temporelle) peuvent etres verifiees sur l'abstraction a espace d'etats fini, a l'aide d'outils de verification automatises. Les automates alternants jouent un role important dans ce contexte, principalement parce que plusieurs logiques temporelle peuvent etres traduites efficacement vers ces automates. Cette caracteristique des automates alternants permet de reduire le model checking des logiques temporelles a des questions sur les automates, ce qui est appele l'approche par automates du model checking. Dans ce travail, nous etudions trois nouvelles approches pour l'analyse (le test du vide) desautomates alternants sur mots finis et infinis. Premierement, nous appliquons l'approche par antichaines (utilisee precedemment avec succes pour l'analyse d'automates) pour obtenir de nouveaux algorithmes pour les problemes de satisfaisabilite et du model checking de la logique temporelle lineaire, via les automates alternants.Ces algorithmes combinent l'approche par antichaines avec l'usage des ROBDD, dans le but de gerer efficacement la combinatoire induite par la taille exponentielle des alphabets d'automates generes a partir de LTL. Deuxiemement, nous developpons de nouveaux algorithmes d'abstraction et raffinement pour les automates alternants, combinant l'usage des antichaines et de l'interpretation abstraite, dans le but de pouvoir traiter efficacement des automates de grande taille. Enfin, nous definissons une nouvelle structure de donnees, appelee LVBDD (Lattice-Valued Binary Decision Diagrams), qui permet un encodage efficace des fonctions de transition des automates alternants sur alphabets symboliques. Tous ces travaux ont fait l'objet d'implementations et ont ete valides experimentalement.

Event clock automata: from theory to practice

Abstract: Event clock automata (ECA) are a model for timed languages that has been introduced by Alur, Fix and Henzinger as an alternative to timed automata, with better theoretical properties (for instance, ECA are determinizable while timed automata are not). In this paper, we revisit and extend the theory of ECA. We first prove that no finite time abstract language equivalence exists for ECA, thereby disproving a claim in the original work on ECA. This means in particular that regions do not form a time abstract bisimulation. Nevertheless, we show that regions can still be used to build a finite automaton recognizing the untimed language of an ECA. Then, we extend the classical notions of zones and DBMs to let them handle event clocks instead of plain clocks (as in timed automata) by introducing event zones and Event DBMs (EDBMs). We discuss algorithms to handle event zones represented as EDBMs, as well as (semi-) algorithms based on EDBMs to decide language emptiness of ECA.

On reachability for hybrid automata over bounded time

Abstract: This paper investigates the time-bounded version of the reachability problem for hybrid automata. This problem asks whether a given hybrid automaton can reach a given target location within T time units, where T is a constant rational value. We show that, in contrast to the classical (unbounded) reachability problem, the timed-bounded version is decidable for rectangular hybrid automata provided only non-negative rates are allowed. This class of systems is of practical interest and subsumes, among others, the class of stopwatch automata. We also show that the problem becomes undecidable if either diagonal constraints or both negative and positive rates are allowed.

Event-Clock Automata: From Theory to Practice

Abstract: Event clock automata (ECA) are a model for timed languages that has been introduced by Alur, Fix and Henzinger as an alternative to timed automata, with better theoretical properties (for instance, ECA are determinizable while timed automata are not). In this paper, we revisit and extend the theory of ECA. We first prove that no finite time abstract language equivalence exists for ECA, thereby disproving a claim in the original work on ECA. This means in particular that regions do not form a time abstract bisimulation. Nevertheless, we show that regions can still be used to build a finite automaton recognizing the untimed language of an ECA. Then, we extend the classical notions of zones and DBMs to let them handle event clocks instead of plain clocks (as in timed automata) by introducing event zones and Event DBMs (EDBMs). We discuss algorithms to handle event zones represented as EDBMs, as well as (semi-) algorithms based on EDBMs to decide language emptiness of ECA.

Reachability problems for hybrid automata

Abstract: The reachability problem for hybrid automata is undecidable, even for linear hybrid automata. This negative result has triggered several research lines, leading among others to: - the definition of subclasses of hybrid automata with a decidable reachability problem; - the definition of semi-algorithms that are useful in practice to attack the reachability problem; - the definition of variants of the reachability problem that are decidable for larger classes of hybrid automata. In this talk, we summarize classical and more recent results about those three research lines.

Quantitative System Validation in Model Driven Design

Abstract: The European STREP project Quasimodo develops theory, techniques and tool components for handling quantitative constraints in model-driven development of real-time embedded systems, covering in particular real-time, hybrid and stochastic aspects. This tutorial highlights the advances made, focussing on real industrial case studies tackled.

Reachability Problems for Hybrid Automata

Abstract: The reachability problem for hybrid automata is undecidable, even for linear hybrid automata. This negative result has triggered several research lines, leading among others to: - the definition of subclasses of hybrid automata with a decidable reachability problem; - the definition of semi-algorithms that are useful in practice to attack the reachability problem; - the definition of variants of the reachability problem that are decidable for larger classes of hybrid automata. In this talk, we summarize classical and more recent results about those three research lines.