Emerson EA. Automated temporal reasoning about reactive systems. Logics for Concurrency: Structure versus Automata (Lecture Notes in Computer Science, vol. 1043), Moller F, Birtwistle G (eds.). Springer: Berlin, 1996; 41--101.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....modulo bisimulation equivalence, the finite synchronization trees [153] see also Sect. 7.1.3) used in the examples presented in [96] 2. 3 Hennessy Milner Logic Modal and temporal logics of reactive programs have found considerable use in the theory and practice of concurrency (see, e.g. [78, 179, 210]) One of the earliest and most influential connections between logics of reactive programs and behavioural relations was given by Hennessy and Milner [124] who introduced a multi modal logic and showed that it characterized bisimulation equivalence. We limit ourselves to briefly recalling the ....

A. Emerson, Automated temporal reasoning about reactive systems, in Moller and Birtwistle [164], pp. 41--101.

....calculus for PDL and extend it to deal with the converse operator, thus obtaining the first tableaux calculus for CPDL. The tableaux based technique we propose here combines in a natural way a number of intuitions and techniques that have been developed for validity satisfiability checking [9, 17, 20, 22, 27, 28] and model checking [3, 17, 25, 24] with prefixed tableaux [11, 13, 18] for modal logics. Indeed, the work in this paper confirms that the combination of model checking and theorem proving techniques, as witnessed also by the recent CAV conference [1] may be very fruitful also for purely ....

.... The models of a formula can be exponential in its size and therefore direct depth first search with backtracking at choice points may lead to a double exponential algorithm (although decidability for these logics is in EXPTIME) Tableaux approaches for PDLs (and expressive temporal logics) [20, 22, 9] or [17] Sec. 5.1 5.3] cope with these problems in two conceptual phases: 1. Construct an AND OR graph based on the Fisher Ladner closure which satisfies the constraints of a normal modal logic , where nodes with the same formulae are identified and nodes that are locally inconsistent are ....

[Article contains additional citation context not shown here]

A. Emerson. Automated temporal reasoning about reactive systems. In Moller and Birtwistle [19], pp. 41--101.

....in its size and therefore direct depth first search with backtracking at choice points may lead to a double exponential algorithm (although decidability for these logics is in EXPTIME) Tableaux approaches for PDLs and expressive temporal logics proposed by Pratt [145, 144] and resp. by Emerson [53] or Manna ; Pnueli [107] Sec. 5.15. 3] cope with these problems in two conceptual phases: 1. Construct an AND OR graph based on the Fischer Ladner closure which satisfies the constraints of a normal modal logic, where nodes with the 5.2. COMBINING DEDUCTION AND MODEL CHECKING 89 same formulae ....

....of an operator to link every eventuality of the form (PIA with the corresponding fulfilling node where A holds. This may lead to a cumbersome tableau 1One constructs an automaton that accepts the tree models of the formula and hence a formula is satisfiable iff the automaton accepts some models [53, 174, 175]. 2There axe incremental model checking techniques for temporal logics [16, 15, 107] and to many unnecessary relations between formulae. Moreover it does not completely address the issue of merging the two phases, because one needs to construct the transitive closure of and this can be done ....

A. Emerson. Automated temporal reasoning about reactive systems. In Moller and Birtwistle [130], pages 41-101.

....complexity. For the last two problems we make use of a second order variant of ltl. 1 INTRODUCTION Linear Temporal Logic (ltl) is a linear time temporal logic which has been widely used for specifying and verifying properties of dynamic systems, such as safety, liveness, fairness, etc. [26, 13, 39]. In this paper, we study reasoning about actions and planning in a setting where we have incomplete information on the dynamic system and our knowledge on it is represented in ltl. This means that we represent the behavior of the system as a set of sequences of situations, where transitions from ....

.... states [1] They subsume the usual goals expressing reachability of desired conditions, as well as generalized goals, such as don t disturb and re store requirements [41] More generally, they allow for expressing complex temporal properties typically used in the specification of processes [13, 39]. Planning for temporally extended goals has been studied in [1, 6, 2, 21] where complete information is assumed, and in [11] where the system is specified as a deterministic transition system, except for the initial situation, on which incomplete knowledge is assumed. Related kinds of goals, ....

[Article contains additional citation context not shown here]

E. A. Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, LNCS 1043, pp. 41--101. Springer, 1996.

....complexity. For the last two problems we make use of a second order variant of ltl. i 1 Introduction Linear Temporal Logic (ltl) is a linear time temporal logic which has been widely used for specifying and verifying properties of dynamic systems, such as safety, liveness, fairness, etc. [24, 13, 35]. In this paper, we study reasoning about actions and planning in a setting where we have incomplete information on the dynamic system and our knowledge on it is represented in ltl. This means that we represent the behavior of the system as a set of sequences of situations, where transitions from ....

.... states [1] They subsume the usual goals 1 expressing reachability of desired conditions, as well as generalized goals, such as don t disturb and restore requirements [36] More generally, they allow for expressing complex temporal properties typically used in the speci cation of processes [13, 35]. Planning for temporally extended goals has been studied in [1, 6, 2, 19] where complete information is assumed, and in [11] where the system is speci ed as a deterministic transition system, except for the initial situation, on which incomplete knowledge is assumed. Related kinds of goals, ....

[Article contains additional citation context not shown here]

E. A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science, pages 41-101. Springer-Verlag, 1996.

....Some of Existing Approaches. Two approaches to veri cation are widely used: one dealing with model checking mainly for temporal logics and another one based on theorem proving in predicate logics. The rst approach uses temporal or duration logics [Pnu77] Eme90] CHR91] MP92] Han94] Eme96] Var96] Hen98] Rab98b] as requirement speci cation language, and usually timed automata [AD94] LSVW96] ACHH93] ACH 95] or regular process algebras [Mil90] as algorithms speci cation languages. Model checking is supported by many implemented algorithms. However, this approach has ....

A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logic for Concurrency. Structure versus Automata, pages 41-101. Springer-Verlag, 1996. Series: \Lecture notes in Computer Science (Tutorial)", Vol. 1043.

....action game A = p; T ) is said to satisfy a temporal property OE if G(A) j= OE. We shall now investigate how this notion of satisfaction can be expressed (and verified) in a simple fashion, similar to the way in which = calculus is used to reason about temporal properties in event based systems [9]. 16 In this analysis, we will make use of the notion of the weakest temporal precondition operator of an action T with respect to certain temporal formulas. The intuition is that wtp(T; OE) is the weakest predicate (i.e. the largest set of states) p such that G(p; T ) satisfies OE: wtp(T; ....

E. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Bortwistle, editors, Logics for Concurrency: Structure versus Automata, volume 1043 of Lectures Notes in Computer Science. Springer--Verlag, 1996. 33

....results. Temporal reasoning. The evolution of a dynamic knowledge base could be subject to specifications [13] and corresponding forms of reasoning about this evolution could be provided for ensuring that the agent s behavior is appropriate, e.g. that some undesired status cannot be reached [64, 47]. Learning. Based on the history of the agent (sequence of changes in its knowledge base, or sequence of observations) some form of inductive learning could be implemented [134, 90, 55] We do not further address this topic in the rest of this paper. In the following sections, we will address ....

....have to be carefully defined, the target is to perform temporal reasoning over the evolution of the knowledge base, answering questions about the possibility of reaching some desired condition or violating some intended constraint. These reasoning capabilities naturally rely on temporal logics [64], and could take advantage of techniques and tools developed in the field of model checking [47] or planning [46, 45] Features allowing nondeterminism in the specifications, e.g. if the evolution depends on external events not known to the agent in advance or the language itself allows ....

E. Emerson. Automated Temporal Reasoning about Reactive Systems. In F. Moller and G. Birtwistle, editors, Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science (LNCS), pages 41--101. Springer Verlag, 1996.

....of temporal properties of contracts is reduced to traditional correctness properties of special fixpoint contracts. These fixpoint contracts are built much in the same way as corresponding specifications of temporal properties using = calculus, as is common, e.g. in connection with model checking [12]. However, in our framework these correctness properties can be verified using traditional invariant methods, with rules similar to those in traditional temporal reasoning systems [16] Our generalization to include agents, coalitions, and angelic nondeterminism is similar to independent recent ....

E. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Bortwistle, editors, Logics for Concurrency: Structure versus Automata, volume 1043 of Lectures Notes in Computer Science. Springer--Verlag, 1996.

....logics [Pnu77, Eme90] as requirement specification languages, and with timed automata [AD94] or regular process algebras [Mil90] as algorithms specification languages. Whatever impressive be the achievements of research on temporal logics and their applications to model checking (e.g. Eme90, Eme96, Var96, MP92] some of their evident shortcomings such as hardness of understanding the temporal logic formulas and not direct way of representing desired properties inhibit their wide practical applications and seem to be insurmountable. Lack of explicit time is among the shortcomings of ....

A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logic for Concurrency. Structure versus Automata, pages 41--101. Springer-Verlag, 1996. Series: "Lecture notes in Computer Science (Tutorial) ", Vol. 1043.

....to nondeterminism, such automata have also the means to represent conjunction, and consequently they resemble logical formulae more than ordinary automata do. In particular, the structure of alternating automata is very similar to formulae of mu calculus, to the extent that, quoting Emerson [26], mu calculus formulae are really representations of alternating finite state automata on infinite trees. An advantage of alternating automata over ordinary ones is that they are easy to complement by dualization. In the case of automata over trees, alternating automata also appear a more natural ....

Emerson, E. A.: Automated temporal reasoning about reactive systems, in Logics for Concurrency, Structure versus Automata, LNCS vol. 1043, Springer-Verlag, 1996, pp. 41-101 Bibliography 183

....: is a formula of TL(U)g [ fA : is a formula of TL(U)g. Many temporal logics were suggested as branching time specification formalisms (see [8, 4] by imposing some syntactical restrictions on CTL formulas. The lack of a yardstick was emphasized by Emerson in words very similar to the above [4, 5]: Hundreds perhaps thousands of papers developing the theory and application of temporal logic to reasoning about reactive systems were written. Dozens if not hundreds of systems of temporal logic have been investigated, both from the standpoint of basic theory and from the standpoint of ....

....Logics. Our results offer an explanation for the multiplicity of temporal logics over branching time and suggest some yardsticks by which to measure these logics. Two of the most important characteristics of a TL are (1) its expressive power and (2) the complexity of its model checking problem [5]. We examine two very natural fragments of MLO and prove that there is no temporal logic over finite basis which is expressively equivalent over trees to each of these fragments. On the other hand, we show that for every finite set of modalities M 1 ; M 2 ; M r , the complexity of model ....

[Article contains additional citation context not shown here]

E.A. Emerson (1996). Automated Temporal Reasoning about Reactive Systems. LNCS vol. 1043, pp. 41-101, Springer Verlag 1996.

....CCS, a well known process algebra (Milner (1989) From the specification a labelled transition system is built. Its desired properties can be expressed using the calculus (Kozen (1983) The calculus is a powerful logic which allows to describe various safety, liveness, and fairness properties (Emerson (1996)) It semantically subsumes the temporal logics CTL, CTL # , and LTL, for which e#ective translations into the calculus are known (Emerson and Lei (1986) The tableau based model checker proposed by Cleaveland (1990) is used to test whether these formulae are satisfied by the transition system. ....

E. A. Emerson. Automated Temporal Reasoning about Reactive Systems, volume 1043 of Lecture Notes in Computer Science, pages 41--101 Springer-Verlag Inc., New York, NY, USA, 1996.

....schema integration [9] semi structured data [8] are expressible in EXPtime complete Description Logics. The need is also true for logics very similar to Description Logics, such as Modal Logics [27, 24] Propositional Dynamic Logics [25, 47] Temporal Logics for Computer Aided Veri cation [73, 23], Hybrid Logics for Linguistics [6] Security Modal Logics [33, 2] Second, a number of recent experimental advances in description and modal logics theorem proving and satis ability checking have substantially broadened the meaning of tractability for practical purposes. Better algorithms, ....

Emerson, A. E. Automated temporal reasoning about reactive systems. vol. 1043 of Lecture Notes in Computer Science. Springer-Verlag, 1996, pp. 41-101.

....verification system is a tool that can be used to check that a system design meets its specification. Temporal logic can express the ordering of events in time without introducing time explicitly and has been shown to be suitable for the specification of correctness properties of reactive systems [10, 20, 24]. Specification languages have been developed which can be used to specify the interaction between the processes of a reactive system. From such a specification all possible behaviours of the system can be generated by starting from the initial state and using reachability analysis. The result is ....

E.A. Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency, volume 1043 of Lecture Notes in Computer Science, pages 41--92. Springer-- Verlag, 1996.

....the invariance of certain statements, etc. Among the various temporal and modal logics that have been proposed in the process algebra literature for verifying properties of concurrent systems [17, 28, 43] we focus on one of the most powerful logics of programs which is called modal mu calculus ([32, 33, 56, 57, 19]) Modal mucalculus is a logic of programs, which is strictly more expressive than logics like PDL, DeltaP DL, CTL and CTL . It has been proposed as a logic for expressing temporal properties of reactive and parallel processes in [54, 36, 9, 62, 12, 55] We refer to the excellent tutorial ....

....of atomic actions in the modalities, to standard modal mu calculus formulae, which allow only for single atomic actions in the modalities. The setting resulting from applying such transformations is a standard one for which various model checking techniques have been developed (see e.g. [19, 55]) Hence, by means of the transformations F and H, we can make use of such model checking techniques. The idea at the base of the transformations F and H is to reify transitions, i.e. to introduce a new state for each transition, so that the action formula is transformed into a formula on the new ....

[Article contains additional citation context not shown here]

E. A. Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, number 1043 in Lecture Notes in Computer Science, pages 41--101. Springer-Verlag, 1996.

....has the potentiality of meeting all the requirements above. Specifically, we define a variant of modal mu calculus [ 24 ] a logic of programs that subsumes both propositional dynamic logics, such as standard PDL and DeltaPDL [ 13 ] and branching time temporal logics such as CTL and CTL [ 9 ] Modal mucalculus is used in the verification of concurrent systems [ 12; 20 ] and for this task several automated model checking techniques and systems have been developed [ 24; 3; 19 ] We extend modal mu calculus with an autoepistemic modal operator in order to represent and reason about ....

....formulae on single states, while traversing the graph. 2 Logical formalism The technical background of our proposal is constituted by a logical formalism L that originates from a suitable integration of modal mu calculus and autoepistemic de scription logics (see respectively [ 24; 9 ] and [ 8 ] for an introduction to these formalisms) The basic elements of L are a finite set of actions Act , a countable set of propositions Prop, and a countable set of propositional variables Var . Formulae of the formalism are divided in two layers: ffl state description formulae: p : A ....

E. A. Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, number 1043 in Lecture Notes in Computer Science, pages 41--101. SpringerVerlag, 1996.

....the tree. It is known that, while the translation from branching temporal logic formulas to nondeterministic tree automata is exponential, the translation to alternating tree automata is linear [MSS88, EJ91] In fact, Emerson stated that calculus formulas are simply alternating tree automata [Eme94]. Muller et al. showed that this explains the exponential decidability of satisfiability for various branching temporal logics. We show here that this also explains the efficiency of model checking for those logics. The crucial observation is that for model checking, one does not need to solve the ....

....place in the standard algorithm for CTL model checking [CES86] Thus, the automata theoretic approach seems to capture the combinatorial essence of CTL model checking. 4. 2 Model Checking for the Calculus The intimate connection between the calculus and alternating automata has been noted in [EJ91, Eme94]. We show here that our automata theoretic approach provides a clean proof that model checking for the calculus is in NP co NP. The key steps in the proof are in showing that calculus formulas can be efficiently translated to amorphous alternating Rabin automata, and that the 1 letter ....

E.A. Emerson. Automated temporal reasoning about reactive systems. In VIII-th BANFF Higher Order Workshop, 1994. unpublished abstract of forthcoming talk.

....specified in CCS, a well known process algebra [Mil89] From the specification a labeled transition system is built. Its desired properties can be expressed using the calculus [Koz83] The calculus is a powerful logic which allows to describe various safety, liveness, and fairness properties [Eme96] It semantically subsumes the temporal logics CTL, CTL # , and LTL, for which e#ective translations into the calculus are known [EL86] A tableau based model checker is used to test whether these formulae are satisfied by the transition system. We use the algorithm proposed in [Cle90] which ....

E. A. Emerson. Automated Temporal Reasoning about Reactive Systems, volume 1043 of Lecture Notes in Computer Science, pages 41--?? Springer-Verlag Inc., New York, NY, USA, 1996.

....with temporal logics [Eme90] as requirement specification languages, and with timed automata [AD94] or regular process algebras [Mil90] as algorithms specification languages. Whatever impressive be the achievements of research on temporal logics and their applications to model checking (e.g. [Eme90, Eme96, MP92]) some of their evident shortcomings such as hardness of understanding of temporal logic formulas inhibit their wide practical applications. Lack of explicit time is among the shortcomings of temporal logics, and it is not easy to remedy them (see, e.g. Han94] not speaking that the initial ....

A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logic for Concurrency. Structure versus Automata, pages 41--101. Springer-Verlag, 1996. Series: "Lecture notes in Computer Science (Tutorial)", Vol. 1043.

....demand of the algorithm hence it is not shown sperately in the table. 6 Specification Logics Recall from Section 2 that in the model checking approach for verification the properties to be checked are expressed as logical formulas. Typical properties are safety, liveness and fairness properties [Eme96] A safety property denotes that some good property # always holds. Safety properties are important for critical systems. Liveness formulas describe that some property # will always have the possibility to hold sometime. For example, regardless which state a server reaches it should always ....

....complete O( M exp( # ) L k NP # co NP ( M # ) O(k) Table 3: Complexity of logics expressiveness can t be considered isolated from the complexity of the model checking problem. Intuitively, it is clear that more expressiveness leads to a higher complexity. Table 3 (taken from [Eme96] gives an overview of the complexity for the model checking problem for the logics described above. The underlying transition system is denoted by M and the property by #. We see that known model checking procedures for the full calculus are exponential in the size of the alternation depth. ....

[Article contains additional citation context not shown here]

E. A. Emerson. Automated Temporal Reasoning about Reactive Systems, pages 41--?? Volume 1043 of Lecture Notes in Computer Science

....Final in place a wide variety of dynamic properties can be expressed by relying on second order formulae expressing least and greatest fixpoint properties. In particular properties expressible by logics of programs, such as dynamic logics [KT90] mu calculus [Par70, Sti96] and temporal logics [Eme96] can be rephrased in our setting. Let us present some examples. 1. The formula: Q 1 (ffi 0 ; s 0 ) def = P;ffi;s [ ffi; s) 9ffi 0 ; s 0 )Trans(ffi; s; ffi 0 ; s 0 ) P (ffi 0 ; s 0 ) ffi 0 ; s 0 ) where ffi 0 ; s 0 are individual variables) defines a predicate Q 1 (ffi 0 ; s ....

E. A. Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, number 1043 in Lecture Notes in Computer Science, pages 41--101. Springer-Verlag, 1996.

.... De Giacomo and Lenzerini, 1997 ] where a correspondence was shown with a well known logic of programs, called modal mu calculus [ Kozen, 1983; Streett and Emerson, 1989 ] that has been recently investigated for expressing temporal properties of reactive and parallel processes [ Stirling, 1996; Emerson, 1996 ] ALCQ can be viewed as a well behaved fragment of first order logic with fixpoints (see e.g. Abiteboul et al. 1995 ] We make use of the standard first order notions of scope, bound and free occurrences of variables, closed formulae, etc. treating and as quantifiers. The primitive ....

....both the constraints and the theory, without loosing decidability. We observe also that, in our setting, if T is a complete theory, conformance can be reduced to model checking, which is polynomial (assuming the alternation of fixpoints in the constraints to be bounded by a constant, see e.g. Emerson, 1996 ] We are currently working on two aspects of cdl. First, we are developing a new technique which aims at avoiding the worst case exponential blowup in the ALCQ encoding of the schema. Second, we are considering conjunctive queries with regular expressions over cdl schemas, with the aim of ....

E. Allen Emerson. Automated temporal reasoning about reactive systems. In Faron Moller and Graham Birtwistle, editors, Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science, pages 41--101. Springer-Verlag, 1996.

.... nding errors in this way very diOEcult. It is easier to specify the properties we want the reachability graph to ful ll using some formalism and let the computer do the mechanical checking. There have been many ad hoc ways of de ning such properties in the past, but dioeerent temporal logics [13] seem to be getting wide acceptance. In temporal logic we use logical formulas to specify properties that some or all of the behaviors of the system must ful ll. The process of checking whether a formula is True in a speci ed state of the reachability graph is called model checking, and it can be ....

....further information to help the user to nd the cause of errors in the system. For example the tool can give a sequence of states leading to a state in which the speci ed invariant assertion doesn t hold. In this thesis we will use the branching time temporal logic CTL (Computation tree logic) [13] for specifying the properties of systems. We are interested in the algorithms that can be used in model checking CTL formulas. The branching time temporal logic CTL has very eOEcient model checking algorithms. The best algorithms have worst case running time linear both in the size of the ....

[Article contains additional citation context not shown here]

Emerson, E. A.:Automated Temporal Reasoning about Reactive Systems. In M#ller, F., Birtwistle, G. (eds.): Logics for Concurrency - Structure versus Automata, Lecture Notes in Computer Science 1043, Springer-Verlag, Berlin, 1996, pp. 41101.

....is the first, and we may conclude that one can decide effectively whether a regular language is definable in FO[S] logic. Buchi s Theorem 5.9 has been refined and extended in many ways. For example, a transfer from words to infinite Mazurkiewicz traces was achieved by Ebinger and Muscholl in [EM96]. In the sequel we discuss in a little more detail two logical systems which are applied in the verification of (nonterminating finitestate) programs, namely propositional temporal logic and monadic second order logic over timed words. Propositional temporal logic PTL is a version of first order ....

....this can be achieved in a time which is polynomial in the size (number of states) of P and exponential in the length of . For more details and for applications in practical verification tasks, the reader should consult specific surveys and monographs such as [Em90] McM93] CGL94] Kur94] [Em96], Var96] In practice, the verification of nonterminating systems requires to check more complex computation properties than simply a correct order of events or states in time, as expressible in PTL or MSO logic. Often, the specification of a program involves also conditions on admissible time ....

[Article contains additional citation context not shown here]

E.A. Emerson, Automated temporal reasoning about reactive systems, in: Logics for Concurrency: Structure versus Automata (F. Moller, G. Birtwistle, Eds.), Lecture Notes in Computer Science 1043, Springer-Verlag, Berlin 1996, pp. 41-101.

.... studied in (De Giacomo Lenzerini 1997) where a correspondence was shown with a well known logic of programs, called modal mu calculus (Kozen 1983; Streett Emerson 1989) that has been recently investigated for expressing temporal properties of reactive and parallel processes (Stirling 1996; Emerson 1996). ALCQ can be viewed as a well behaved fragment of first order logic with fixpoints (Park 1970; Abiteboul, Hull, Vianu 1995) We make use of the standard first order notions of scope, bound and free occurrences of variables, closed formulae, etc. treating and as quantifiers. The primitive ....

Emerson, E. A. 1996. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, volume 1043 of LNCS. Springer-Verlag. 41--101.

....between classes. We concentrate on the description logic ALCQ studied in [7] where a correspondence was shown with a well known logic of programs, called modal mu calculus [10,15] that has been recently investigated for expressing temporal properties of reactive and parallel processes [14,9]. ALCQ can be viewed as a well behaved fragment of first order logic with fixpoints (see e.g. 2] We make use of the standard first order notions of scope, bound and free occurrences of variables, closed formulae, etc. treating and as quantifiers. The primitive symbols in ALCQ are atomic ....

....both the constraints and the theory, without loosing decidability. We observe also that, in our setting, if T is a complete theory, conformance can be reduced to model checking, which is polynomial (assuming the alternation of fixpoints in the constraints to be bounded by a constant, see e.g. [9]) We are currently working on two aspects of cdl. First, we are developing a new technique which aims at avoiding the worst case exponential blowup in the ALCQ encoding of the schema. Second, we are considering conjunctive queries with regular expressions over cdl schemas, with the aim of ....

E. Allen Emerson. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, volume 1043 of LNCS, pages 41--101. Springer-Verlag, 1996.

....logics [Pnu77, Eme90] as requirement specification languages, and with timed automata [AD94] or regular process algebras [Mil90] as algorithms specification languages. Whatever impressive be the achievements of research on temporal logics and their applications to verification (e.g. Eme90, Eme96, Var96, MP92] some of their evident shortcomings such as hardness of understanding the temporal logic formulas and not direct way of representing desired properties inhibit their wide practical applications and seem to be insurmountable. Lack of explicit time is among the shortcomings of ....

A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logic for Concurrency. Structure versus Automata, pages 41-- 101. Springer-Verlag, 1996. Series: "Lecture notes in Computer Science (Tutorial)", Vol. 1043.

....an AMA A recognizing [ P (V) From now on we drop the indices and write just [ We start by considering the case where all the oe subformulas of are formulas. We construct an APDS AP which is, roughly speaking, the product of P and the alternating automaton corresponding to [Eme96] we then reduce the problem of computing [ to computing the value of pre AP for a certain regular set of configurations. Intuitively, a configuration h[p; OE] wi belongs to this set if OE is a basic formula of the form , or X, for X free in OE, and the configuration hp; wi of P ....

E.A. Emerson. Automated Temporal Reasoning about Reactive Systems. In Logics for Concurrency. LNCS 1043, 1996.

....of the tree. It is known that while the translation from branching temporal logic formulas to nondeterministic tree automata is exponential, the translation to alternating tree automata is linear [MSS88, EJ91] In fact, Emerson stated that calculus formulas are simply alternating tree automata [Eme96]. In [MSS88] Muller et al. showed that this explains the exponential decidability of satisfiability for various branching temporal logics. We show here that this also explains the efficiency of model checking for those logics. The crucial observation is that for model checking, one does not need ....

.... calculus model checking [CES86, Cle93] Thus, the automata theoretic approach seems to capture the combinatorial essence of branching time model checking. 4. 2 Model Checking for the Calculus The intimate connection between the calculus and alternating automata has been noted in [Jut90, EJ91, BC96b, Eme96]. We show here that our automata theoretic approach provides a clean proof that model checking for the calculus is in NP co NP. The key steps in the proof are showing that calculus formulas can be efficiently translated to alternating Rabin automata, and that the 1 letter nonemptiness problem ....

E.A. Emerson. Automated temporal reasoning about reactive systems. In VIII-th BANFF Higher Order Workshop, volume 1043 of Lecture Notes in Computer Science, pages 41--101, 1996.

....calculus for PDL and extend it to deal with the converse operator, thus obtaining the first tableaux calculus for CPDL. The tableaux based technique we propose here combines in a natural way a number of intuitions and techniques that have been developed for validity satisfiability checking [9, 17, 20, 22, 27, 28] and model checking [3, 17, 25, 24] with prefixed tableaux [11, 13, 18] for modal logics. Indeed, the work in this paper confirms that the combination of model checking and theorem proving techniques, as witnessed also by the recent CAV conference [1] may be very fruitful also for purely ....

.... The models of a formula can be exponential in its size and therefore direct depth first search with backtracking at choice points may lead to a double exponential algorithm (although decidability for these logics is in EXPTIME) Tableaux approaches for PDLs (and expressive temporal logics) [20, 22, 9] or [17] Sec. 5.1 5.3] cope with these problems in two conceptual phases: 1. Construct an AND OR graph based on the Fisher Ladner closure which satisfies the constraints of a normal modal logic , where nodes with the same formulae are identified and nodes that are locally inconsistent are ....

[Article contains additional citation context not shown here]

A. Emerson. Automated temporal reasoning about reactive systems. In Moller and Birtwistle [19], pp. 41--101.

....an AMA A recognizing [ P (V) From now on we drop the indices and write just [ We start by considering the case where all the oe subformulas of are formulas. We construct an APDS AP which is, roughly speaking, the product of P and the alternating automaton corresponding to [14]; we then reduce the problem of computing [ to computing the value of pre AP for a certain regular set of configurations. Intuitively, a configuration h[p; OE] wi belongs to this set if OE is a basic formula of the form , or X , for X free in OE, and the configuration hp; wi of P ....

E.A. Emerson. Automated Temporal Reasoning about Reactive Systems. In Logics for Concurrency. LNCS 1043, 1996.

.... is a variant of modal mu calculus (Kozen 1983; Streett Emerson 1989; Stirling 1996) a logic of programs that subsumes both propositional dynamic logics such as standard PDL, PDL enhanced with repeat constructs (Kozen Tiuryn 1990) and branching time temporal logics such as CTL and CTL (Emerson 1996). Modal mu calculus is used in the verification of concurrent systems (Hoare 1985; Hennessy 1988; Milner 1989; Baeten Weijland 1990) and for this task several automated model checking techniques and systems have been developed (Clarke, Emerson, Sistla 1986; Emerson Lei 1986; Winskel 1989; ....

....Finally, we briefly discuss the formalization of sensing actions. Logical formalism The technical background of our proposal is constituted by a logical formalism L that originates from a suitable integration of modal mu calculus and epistemic decription logics (see (Kozen 1983; Stirling 1996; Emerson 1996) and (Donini et al. 1992; 1994; Donini, Nardi, Rosati 1997; De Giacomo et al. 1996) respectively for an introduction to these formalisms) The basic elements of L are a finite set of actions Act , a countable set of propositions Prop , and a countable set of propositional variables Var . ....

Emerson, E. A. 1996. Automated temporal reasoning about reactive systems. In Logics for Concurrency: Structure versus Automata, number 1043 in Lecture Notes in Computer Science. Springer-Verlag. 41--101.

....for the existence of such a path is tantamount to checking for the existence of a directed acyclic graph (DAG) rooted at V which contains only one successor for each OR node and whose leaves are labeled with 0 . Using standard graph theoretic techniques we can check this in linear time [Em95]. Finally we note that even though the eventualities of the AND Nodes can be fulfilled there is as yet no guarantee that any particular path through the tableaux will fulfill them. Therefore, we view the tableaux as a Buchi automata whose acceptance condition will guarantee that any eventuality ....

Emerson, E. A., Automated Temporal Reasoning about Reactive Systems. In Logics for Concurrency, Faron Moller and Graham Birtwistle, Eds., Springer Verlag, Berlin, 1996, pp. 41-101.

No context found.

Emerson, E. A., Automated Temporal Reasoning about Reactive Systems. In Logics for Concurrency, Faron Moller and Graham Birtwistle, Eds., Springer Verlag, Berlin, 1996, pp. 41-101.

No context found.

Emerson EA. Automated temporal reasoning about reactive systems. Logics for Concurrency: Structure versus Automata (Lecture Notes in Computer Science, vol. 1043), Moller F, Birtwistle G (eds.). Springer: Berlin, 1996; 41--101.

No context found.

E.A. Emerson. Automated Temporal Reasoning about Reactive Systems. In Logics for Concurrency. LNCS 1043, 1996.

No context found.

E. A. Emerson. Automated Temporal Reasoning about Reactive Systems, volume 1043 of LNCS, pages 41--101. Springer, New York, NY, USA, 1996.

No context found.

Emerson, E. A.: Automated Temporal Reasoning about Reactive Systems. In M#ller, F., Birtwistle, G. (eds): Logics for Concurrency - Structure versus Automata, Lecture Notes in Computer Science 1043, Springer-Verlag, Berlin, 1996, pp. 41101.

No context found.

A. Emerson. Automated temporal reasoning about reactive systems. In F. Moller and G. Birtwistle, editors, Logic for Concurrency. Structure versus Automata, pages 41-- 101. Springer-Verlag, 1996. Series: "Lecture notes in Computer Science (Tutorial)", Vol. 1043. 23

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC