Results 1  10
of
256
On the Verification of Broadcast Protocols
 In Proc. 14th Annual Symp. on Logic in Computer Science (LICS'99
, 1999
"... We analyze the modelchecking problems for safety and liveness properties in parameterized broadcast protocols, a model introduced in [5]. We show that the procedure suggested in [5] for safety properties may not terminate, whereas termination is guaranteed for the procedure of [1] based on upward c ..."
Abstract

Cited by 93 (16 self)
 Add to MetaCart
(Show Context)
We analyze the modelchecking problems for safety and liveness properties in parameterized broadcast protocols, a model introduced in [5]. We show that the procedure suggested in [5] for safety properties may not terminate, whereas termination is guaranteed for the procedure of [1] based on upward closed sets. We show that the modelchecking problem for liveness properties is undecidable. In fact, even the problem of deciding if a broadcast protocol may exhibit an infinite behavior is undecidable.
Automatic Verification of Parameterized Cache Coherence Protocols
, 2000
"... We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets ..."
Abstract

Cited by 89 (6 self)
 Add to MetaCart
We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets of global states of a multiprocessor system with many identical caches. In preliminary experiments using symbolic model checkers for infinitestate systems based on real arithmetics (HyTech [HHW97] and DMC [DP99]) we have automatically verified safety properties for parameterized versions of widely implemented writeinvalidate and writeupdate cache coherence policies like the Mesi, Berkeley, Illinois, Firey and Dragon protocols [Han93]. With this application, we show that symbolic model checking tools originally designed for hybrid and concurrent systems can be applied successfully to a new class of infinitestate systems of practical interest.
On the decidability of metric temporal logic
 In Proc. LICS
, 2005
"... Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whether all w ..."
Abstract

Cited by 68 (11 self)
 Add to MetaCart
(Show Context)
Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whether all words accepted by a given AlurDill timed automaton satisfy a given MTL formula. We show that this problem is decidable over finite words. Over infinite words, we show that model checking the safety fragment of MTL—which includes invariance and timebounded response properties—is also decidable. These results are quite surprising in that they contradict various claims to the contrary that have appeared in the literature. The question of the decidability of MTL over infinite words remains open. 1.
A classification of symbolic transition systems
 ACM TRANSACTIONS ON COMPUTATIONAL LOGIC
, 2005
"... We define five increasingly comprehensive classes of infinitestate systems, called STS1STS5, whose state spaces have finitary structure. For four of these classes, we provide examples from hybrid systems.STS1 These are the systems with finite bisimilarity quotients. They can be analyzed symbolica ..."
Abstract

Cited by 54 (6 self)
 Add to MetaCart
We define five increasingly comprehensive classes of infinitestate systems, called STS1STS5, whose state spaces have finitary structure. For four of these classes, we provide examples from hybrid systems.STS1 These are the systems with finite bisimilarity quotients. They can be analyzed symbolically by iteratively applying predecessor and Boolean operations on state sets, starting from a finite number of observable state sets. Any such iteration is guaranteed to terminate in that only a finite number of state sets can be generated. This enables model checking of the μcalculus.STS2 These are the systems with finite similarity quotients. They can be analyzed symbolically by iterating the predecessor and positive Boolean operations. This enables model checking of the existential and universal fragments of the μcalculus.STS3 These are the systems with finite traceequivalence quotients. They can be analyzed symbolically by iterating the predecessor operation and a restricted form of positive Boolean operations (intersection is restricted to intersection with observables). This enables model checking of all ωregular properties, including linear temporal logic.STS4 These are the systems with finite distanceequivalence quotients (two states are equivalent if for every distance d, the same observables can be reached in d transitions). The systems in this class can be analyzed symbolically by iterating the predecessor operation and terminating when no new state sets are generated. This enables model checking of the existential conjunctionfree and universal disjunctionfree fragments of the μcalculus.STS5 These are the systems with finite boundedreachability quotients (two states are equivalent if for every distance d, the same observables can be reached in d or fewer transitions). The systems in this class can be analyzed symbolically by iterating the predecessor operation and terminating when no new states are encountered (this is a weaker termination condition than above). This enables model checking of reachability properties.
Alternating Timed Automata
 IN FOSSACS’05, VOLUME 3441 OF LNCS
, 2005
"... A notion of alternating timed automata is proposed. It is shown that such automata with only one clock have decidable emptiness problem over finite words. This gives a new class of timed languages which is closed under boolean operations and which has an effective presentation. We prove that the co ..."
Abstract

Cited by 44 (4 self)
 Add to MetaCart
(Show Context)
A notion of alternating timed automata is proposed. It is shown that such automata with only one clock have decidable emptiness problem over finite words. This gives a new class of timed languages which is closed under boolean operations and which has an effective presentation. We prove that the complexity of the emptiness problem for alternating timed automata with one clock is nonprimitive recursive. The proof gives also the same lower bound for the universality problem for nondeterministic timed automata with one clock. We investigate extension of the model with epsilontransitions and prove that emptiness is undecidable. Over infinite words, we show undecidability of the universality problem.
As Cheap as Possible: Efficient CostOptimal Reachability for Priced Timed Automata
, 2001
"... In this paper we present an algorithm for efficiently computing optimal cost of reaching a goal state in the model of Linearly Priced Timed Automata (LPTA). In recent papers, this problem have been shown to be computable using a priced extention of the traditional notion of regions for timed automat ..."
Abstract

Cited by 40 (11 self)
 Add to MetaCart
In this paper we present an algorithm for efficiently computing optimal cost of reaching a goal state in the model of Linearly Priced Timed Automata (LPTA). In recent papers, this problem have been shown to be computable using a priced extention of the traditional notion of regions for timed automata. However, for efficiency it is imperative that the computation is based on socalled zones (i.e. convex set of clock valuations) rather than regions. The central contribution of this paper is a priced extension of zones. This, together with a notion of facets of a zone, allows the entire machinery for symbolic reachability in terms of zones to be lifted to costoptimal reachability using priced zones. We report on experiments with a costoptimizing extension of Uppaal on a number of examples, including a range of aircraft landing problems.
On the decidability and complexity of metric temporal logic over finite words
 Logical Methods in Computer Science
, 2007
"... Abstract. Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whethe ..."
Abstract

Cited by 38 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Metric Temporal Logic (MTL) is a prominent specification formalism for realtime systems. In this paper, we show that the satisfiability problem for MTL over finite timed words is decidable, with nonprimitive recursive complexity. We also consider the modelchecking problem for MTL: whether all words accepted by a given AlurDill timed automaton satisfy a given MTL formula. We show that this problem is decidable over finite words. Over infinite words, we show that model checking the safety fragment of MTL— which includes invariance and timebounded response properties—is also decidable. These results are quite surprising in that they contradict various claims to the contrary that have appeared in the literature. 1.
Expand, Enlarge and Check: New algorithms for the coverability problem of WSTS
 J. Comput. Syst. Sci
, 2006
"... Abstract. In this paper, we present a general algorithmic schema called \Expand, Enlarge and Check " from which new ecient algorithms for the coverability problem of WSTS can be constructed. We show here that our schema allows us to dene forward algorithms that decide the coverability problem f ..."
Abstract

Cited by 38 (6 self)
 Add to MetaCart
Abstract. In this paper, we present a general algorithmic schema called \Expand, Enlarge and Check " from which new ecient algorithms for the coverability problem of WSTS can be constructed. We show here that our schema allows us to dene forward algorithms that decide the coverability problem for several classes of systems for which the Karp and Miller procedure cannot be generalized, and for which no complete forward algorithms were known. Our results have important applications for the veri cation of parameterized systems and communication protocols. 1
On the language inclusion problem for timed automata: Closing a decidability gap
 in Proc. LICS’04. IEEE
"... We consider the language inclusion problem for timed automata: given two timed automata A and B, are all the timed traces accepted by B also accepted by A? While this problem is known to be undecidable, we show here that it becomes decidable if A is restricted to having at most one clock. This is so ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
(Show Context)
We consider the language inclusion problem for timed automata: given two timed automata A and B, are all the timed traces accepted by B also accepted by A? While this problem is known to be undecidable, we show here that it becomes decidable if A is restricted to having at most one clock. This is somewhat surprising, since it is wellknown that there exist timed automata with a single clock that cannot be complemented. The crux of our proof consists in reducing the language inclusion problem to a reachability question on an infinite graph; we then construct a suitable wellquasiorder on the nodes of this graph, which ensures the termination of our search algorithm. We also show that the language inclusion problem is decidable if the only constant appearing among the clock constraints of A is zero. Moreover, these two cases are essentially the only decidable instances of language inclusion, in terms of restricting the various resources of timed automata. 1.
Symbolic Reachability Analysis Using Narrowing and its Application to Verification of Cryptographic Protocols
 Journal of HigherOrder and Symbolic Computation
, 2004
"... Narrowing was introduced, and has traditionally been used, to solve equations in initial and free algebras modulo a set of equations E. This paper proposes a generalization of narrowing which can be used to solve reachability goals in initial and free models of a rewrite theory R. We show that narro ..."
Abstract

Cited by 34 (12 self)
 Add to MetaCart
(Show Context)
Narrowing was introduced, and has traditionally been used, to solve equations in initial and free algebras modulo a set of equations E. This paper proposes a generalization of narrowing which can be used to solve reachability goals in initial and free models of a rewrite theory R. We show that narrowing is sound and weakly complete (i.e., complete for normalized solutions) under reasonable executability assumptions about R. We also show that in general narrowing is not strongly complete, that is, not complete when some solutions can be further rewritten by R. We then identify several large classes of rewrite theories, covering many practical applications, for which narrowing is strongly complete. Finally, we illustrate an application of narrowing to analysis of cryptographic protocols.