Robust Vacuity for Branching Temporal Logic
TL;DR: In most practical applications, bisimulation vacuity provides both the desired theoretical properties and is tractable computationally, and is a proper and nontrivial extension of both syntactic and trace vacuity.
Abstract: There is a growing interest in techniques for detecting whether a logic specification is satisfied too easily, or vacuously. For example, the specification “every request is eventually followed by an acknowledgment” is satisfied vacuously by a system that never generates any requests. Vacuous satisfaction misleads users of model-checking into thinking that a system is correct. It is a serious problem in practice.There are several existing definitions of vacuity. Originally, Beer et al. [1997] formalized vacuity as insensitivity to syntactic perturbation (syntactic vacuity). This formulation captures the intuition of “vacuity” when applied to a single occurrence of a subformula. Armoni et al. argued that vacuity must be robust; not affected by semantically invariant changes, such as extending a model with additional atomic propositions. They show that syntactic vacuity is not robust for subformulas of linear temporal logic, and propose an alternative definition; trace vacuity.In this article, we continue this line of research. We show that trace vacuity is not robust for branching time logic. We further refine the notion of vacuity so that it applies uniformly to linear and branching time logic and does not suffer from the common pitfalls of prior definitions. Our new definition, bisimulation vacuity, is a proper and nontrivial extension of both syntactic and trace vacuity. We discuss the complexity of detecting bisimulation vacuity, and identify several practically-relevant subsets of CTL* for which vacuity detection problem is reducible to model-checking. We believe that in most practical applications, bisimulation vacuity provides both the desired theoretical properties and is tractable computationally.
Citations
More filters
01 Jan 2018
TL;DR: This chapter presents the foundations of Probabilistic model checking, focusing on finite-state Markov decision processes as models and quantitative properties expressed in probabilistic temporal logic, and summarizes the main model-checking algorithms for both PCTL and LTL.
Abstract: The model-checking approach was originally formulated for verifying qualitative properties of systems, for example safety and liveness (see Chap. 2), and subsequently extended to also handle quantitative features, such as real time (see Chap. 29), continuous flows (see Chap. 30), as well as stochastic phenomena, where system evolution is governed by a given probability distribution. Probabilistic model checking aims to establish the correctness of probabilistic system models against quantitative probabilistic specifications, such as those capable of expressing, for example, the probability of an unsafe event occurring, expected time to termination, or expected power consumption in the start-up phase. In this chapter, we present the foundations of probabilistic model checking, focusing on finite-state Markov decision processes as models and quantitative properties expressed in probabilistic temporal logic. Markov decision processes can be thought of as a probabilistic variant of labelled transition systems in the following sense: transitions are labelled with actions, which can be chosen nondeterministically, and successor states for the chosen action are specified by means of discrete probabilistic distributions, thus specifying the probability of transiting to each successor state. To reason about expectations, we additionally annotate Markov decision processes with quantitative costs, which are incurred upon taking the selected action from a given state. Quantitative properties are expressed as formulas of the probabilistic computation tree logic (PCTL) or using linear temporal logic (LTL). We summarise the main model-checking algorithms for both PCTL and LTL, and illustrate their working through examples. The chapter ends with a brief overview of extensions to more expressive models and temporal logics, existing probabilistic model-checking tool support, and main application domains.
72 citations
18 Sep 2013
TL;DR: Ontology-based data access generalizes query answering in relational databases and allows to query a database by using the language of an ontology, abstracting from the actual relations of the database.
Abstract: Ontology-based data access (OBDA) generalizes query answering in relational databases. It allows to query a database by using the language of an ontology, abstracting from the actual relations of the database. For ontologies formulated in Description Logics of the DL-Lite family, OBDA can be realized by rewriting the query into a classical first-order query, e.g. an SQL query, by compiling the information of the ontology into the query. The query is then answered using classical database techniques.
52 citations
17 Jul 2016
TL;DR: Advancement of AI-enhanced control in autonomous systems stands on the shoulders of formal methods, which make possible the rigorous safety analysis autonomous systems require.
Abstract: Advancement of AI-enhanced control in autonomous systems stands on the shoulders of formal methods, which make possible the rigorous safety analysis autonomous systems require. An aircraft cannot operate autonomously unless it has design-time reasoning to ensure correct operation of the autopilot and runtime reasoning to ensure system health management, or the ability to detect and respond to off-nominal situations. Formal methods are highly dependent on the specifications over which they reason; there is no escaping the “garbage in, garbage out” reality. Specification is difficult, unglamorous, and arguably the biggest bottleneck facing verification and validation of aerospace, and other, autonomous systems.
46 citations
Cites methods from "Robust Vacuity for Branching Tempor..."
...VARED [5] integrates an updated algorithm for vacuity checking [23] into an end-to-end toolchain for requirements analysis....
[...]
01 Nov 2016
TL;DR: In this article, the authors present an algorithm to compute the em inductive validity core (IVC) within a model necessary for inductive proofs of safety properties for sequential systems, based on the UNSAT core support built into current SMT solvers and a novel encoding of the inductive problem.
Abstract: Symbolic model checkers can construct proofs of properties over very complex models. However, the results reported by the tool when a proof succeeds do not generally provide much insight to the user. It is often useful for users to have traceability information related to the proof: which portions of the model were necessary to construct it. This traceability information can be used to diagnose a variety of modeling problems such as overconstrained axioms and underconstrained properties, and can also be used to measure completeness of a set of requirements over a model. In this paper, we present a new algorithm to efficiently compute the em inductive validity core (IVC) within a model necessary for inductive proofs of safety properties for sequential systems. The algorithm is based on the UNSAT core support built into current SMT solvers and a novel encoding of the inductive problem to try to generate a minimal inductive validity core. We prove our algorithm is correct, and describe its implementation in the JKind model checker for Lustre models. We then present an experiment in which we benchmark the algorithm in terms of speed, diversity of produced cores, and minimality, with promising results.
36 citations
TL;DR: This work studies the expressiveness of CTL with quantification over atomic propositions, shows in particular that QCTL coincides with Monadic Second-Order Logic for both semantics and characterises the complexity of its model-checking and satisfiability problems.
Abstract: While it was defined long ago, the extension of CTL with quantification over
atomic propositions has never been studied extensively. Considering two
different semantics (depending whether propositional quantification refers to
the Kripke structure or to its unwinding tree), we study its expressiveness
(showing in particular that QCTL coincides with Monadic Second-Order Logic for
both semantics) and characterise the complexity of its model-checking and
satisfiability problems, depending on the number of nested propositional
quantifiers (showing that the structure semantics populates the polynomial
hierarchy while the tree semantics populates the exponential hierarchy).
31 citations
References
More filters
[...]
01 Sep 1996
TL;DR: Model checking tools, created by both academic and industrial teams, have resulted in an entirely novel approach to verification and test case generation that often enables engineers in the electronics industry to design complex systems with considerable assurance regarding the correctness of their initial designs.
Abstract: Turing Lecture from the winners of the 2007 ACM A.M. Turing Award. In 1981, Edmund M. Clarke and E. Allen Emerson, working in the USA, and Joseph Sifakis working independently in France, authored seminal papers that founded what has become the highly successful field of model checking. This verification technology provides an algorithmic means of determining whether an abstract model---representing, for example, a hardware or software design---satisfies a formal specification expressed as a temporal logic (TL) formula. Moreover, if the property does not hold, the method identifies a counterexample execution that shows the source of the problem. The progression of model checking to the point where it can be successfully used for complex systems has required the development of sophisticated means of coping with what is known as the state explosion problem. Great strides have been made on this problem over the past 28 years by what is now a very large international research community. As a result many major hardware and software companies are beginning to use model checking in practice. Examples of its use include the verification of VLSI circuits, communication protocols, software device drivers, real-time embedded systems, and security algorithms. The work of Clarke, Emerson, and Sifakis continues to be central to the success of this research area. Their work over the years has led to the creation of new logics for specification, new verification algorithms, and surprising theoretical results. Model checking tools, created by both academic and industrial teams, have resulted in an entirely novel approach to verification and test case generation. This approach, for example, often enables engineers in the electronics industry to design complex systems with considerable assurance regarding the correctness of their initial designs. Model checking promises to have an even greater impact on the hardware and software industries in the future. ---Moshe Y. Vardi, Editor-in-Chief
7,392 citations
30 Sep 1977
TL;DR: A unified approach to program verification is suggested, which applies to both sequential and parallel programs, and the main proof method is that of temporal reasoning in which the time dependence of events is the basic concept.
Abstract: A unified approach to program verification is suggested, which applies to both sequential and parallel programs. The main proof method suggested is that of temporal reasoning in which the time dependence of events is the basic concept. Two formal systems are presented for providing a basis for temporal reasoning. One forms a formalization of the method of intermittent assertions, while the other is an adaptation of the tense logic system Kb, and is particularly suitable for reasoning about concurrent programs.
5,174 citations
"Robust Vacuity for Branching Tempor..." refers background in this paper
...AG( pUq) is an LTL formula, and AGA[ pUq] is a CTL formula....
[...]
...Let . be a path formula (i.e., expressed in LTL), and x be an atomic proposition occurring in .....
[...]
...Interpreted in LTL+P, P5 is no longer syntactically q-vacuous....
[...]
...Exploiting resolution proofs to speed up LTL vacuity detection for BMC. Int....
[...]
...Assume that P5 is interpreted in LTL....
[...]
Book•
[...]
4,478 citations
Book•
19 Dec 1990
TL;DR: The Handbook of Theoretical Computer Science provides professionals and students with a comprehensive overview of the main results and developments in this rapidly evolving field.
Abstract: "Of all the books I have covered in the Forum to date, this set is the most unique and possibly the most useful to the SIGACT community, in support both of teaching and research.... The books can be used by anyone wanting simply to gain an understanding of one of these areas, or by someone desiring to be in research in a topic, or by instructors wishing to find timely information on a subject they are teaching outside their major areas of expertise." -- Rocky Ross, "SIGACT News" "This is a reference which has a place in every computer science library." -- Raymond Lauzzana, "Languages of Design" The Handbook of Theoretical Computer Science provides professionals and students with a comprehensive overview of the main results and developments in this rapidly evolving field. Volume A covers models of computation, complexity theory, data structures, and efficient computation in many recognized subdisciplines of theoretical computer science. Volume B takes up the theory of automata and rewriting systems, the foundations of modern programming languages, and logics for program specification and verification, and presents several studies on the theoretic modeling of advanced information processing. The two volumes contain thirty-seven chapters, with extensive chapter references and individual tables of contents for each chapter. There are 5,387 entry subject indexes that include notational symbols, and a list of contributors and affiliations in each volume.
3,089 citations
02 Jan 1991
TL;DR: In this article, a multiaxis classification of temporal and modal logic is presented, and the formal syntax and semantics for two representative systems of propositional branching-time temporal logics are described.
Abstract: Publisher Summary This chapter discusses temporal and modal logic. The chapter describes a multiaxis classification of systems of temporal logic. The chapter describes the framework of linear temporal logic. In both its propositional and first-order forms, linear temporal logic has been widely employed in the specification and verification of programs. The chapter describes the competing framework of branching temporal logic, which has seen wide use. It also explains how temporal logic structures can be used to model concurrent programs using non-determinism and fairness. The chapter also discusses other modal and temporal logics in computer science. The chapter describes the formal syntax and semantics of Propositional Linear Temporal Logic (PLTL). The chapter also describes the formal syntax and semantics for two representative systems of propositional branching-time temporal logics.
2,871 citations