We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.

This paper presents for the first time the semantic foundations of CLP in a self-contained and complete package. The main contributions are threefold. First, we extend the original conference paper by presenting definitions and basic semantic constructs from first principles, giving new and complete proofs for the main lemmas. Importantly, we clarify which theorems depend on conditions such as solution compactness, satisfaction completeness and independence of constraints. Second, we generalize the original results to allow for incompleteness of the constraint solver. This is important since almost all CLP systems use an incomplete solver. Third, we give conditions on the (possibly incomplete) solver which ensure that the operational semantics is confluent, that is, has independence of literal scheduling.

We represent properties of actions in a logic programming language that uses both classical negation and negation as failure. The method is applicable to temporal projection problems with incomplete information, as well as to reasoning about the past. It is proved to be sound relative to a semantics of action based on states and transition functions. 1 Introduction This paper extends the work of Eshghi and Kowalski [6], Evans [7] and Apt and Bezem [1] on representing properties of actions in logic programming languages with negation as failure. Our goal is to overcome some of the limitations of the earlier work. The existing formalizations of action in logic programming are adequate for only the simplest kind of temporal reasoning---"temporal projection." In a temporal projection problem, we are given a description of the initial state of the world, and use properties of actions to determine what the world will look like after a series of actions is performed. Moreover, the existing ...

Bilattices, due to M. Ginsberg, are a family of truth value spaces that allow elegantly for missing or conflicting information. The simplest example is Belnap's four-valued logic, based on classical two-valued logic. Among other examples are those based on finite many-valued logics, and on probabilistic valued logic. A fixed point semantics is developed for logic programming, allowing any bilattice as the space of truth values. The mathematics is little more complex than in the classical two-valued setting, but the result provides a natural semantics for distributed logic programs, including those involving confidence factors. The classical two-valued and the Kripke/Kleene three-valued semantics become special cases, since the logics involved are natural sublogics of Belnap's logic, the logic given by the simplest bilattice. 1 Introduction Often useful information is spread over a number of sites ("Does anybody know, did Willie wear a hat when he left this morning?") that can be speci...

In many cases, a logic program can be divided into two parts, so that one of them, the \bottom " part, does not refer to the predicates de ned in the \top " part. The \bottom " rules can be used then for the evaluation of the predicates that they de ne, and the computed values can be used to simplify the \top " de nitions. We discuss this idea of splitting a program in the context of the answer set semantics. The main theorem shows how computing the answer sets for a program can be simpli ed when the program is split into parts. The programs covered by the theorem may use both negation as failure and classical negation, and their rules may have disjunctive heads. The usefulness of the concept of splitting for the investigation of answer sets is illustrated by several applications. First, we show that a conservative extension theorem by Gelfond and Przymusinska and a theorem on the closed world assumption by Gelfond and Lifschitz are easy consequences of the splitting theorem. Second, (locally) strati ed programs are shown to have a simple characterization in terms of splitting. The existence and uniqueness of an answer set for such a program can be easily derived from this characterization. Third, we relate the idea of splitting to the notion of order-consistency. 1

As an alternative to planning, an approach to high-level agent control based on concurrent program execution is considered. The language includes facilities for prioritizing the concurrent execution, interrupting the execution when certain conditions become true, and dealing with exogenous actions. The language di ers from other procedural formalisms for concurrency in that the initial state can be incompletely speci ed and the primitive actions can be user-de ned by axioms in the situation calculus. In a companion paper, a formal de nition in the situation calculus of such a programming language is presented and illustrated with detailed examples. In this paper, the mathematical properties of the programming language are explored. 1

Temporal logic model checking is an automatic technique for verifying finite-state concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a state-transition graph. An efficient search procedure is used to determine whether or not the state-transition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and

We investigate whether the π-calculus is able to serve as a good foundation for the design and implementation of a strongly-typed concurrent programming language. The first half of the dissertation examines whether the π-calculus supports a simple type system which is flexible enough to provide a suitable foundation for the type system of a concurrent programming language. The second half of the dissertation considers how to implement the π-calculus efficiently, starting with an abstract machine for π-calculus and finally presenting a compilation of π-calculus to C. We start the dissertation by presenting a simple, structural type system for π-calculus, and then, after proving the soundness of our type system, show how to infer principal types for π-terms. This simple type system can be extended to include useful type-theoretic constructions such as recursive types and higherorder polymorphism. Higher-order polymorphism is important, since it gives us the ability to implement abstract datatypes in a type-safe manner, thereby providing a greater degree of modularity for π-calculus programs. The functional computational paradigm plays an important part in many programming languages. It is well-known that the π-calculus can encode functional computation. We go further and show that the type structure of λ-terms is preserved by such encodings, in the sense that we can relate the type of a λ-term to the type of its encoding in the π-calculus. This means that a π-calculus programming language can genuinely support typed functional programming as a special case. An efficient implementation of π-calculus is necessary if we wish to consider π-calculus as an operational foundation for concurrent programming. We first give a simple abstract machine for π-calculus and prove it correct. We then show how this abstract machine inspires a simple, but efficient, compilation of π-calculus to C (which now forms the basis of the Pict programming language implementation).

This paper describes a procedure, based around the construction of tableau proofs, for determining whether finite-state systems enjoy properties formulated in the propositional mu-calculus. It presents a tableau-based proof system for the logic and proves it sound and complete, and it discusses techniques for the efficient construction of proofs that states enjoy properties expressed in the logic. The approach is the basis of an ongoing implementation of a model checker in the Concurrency Workbench, an automated tool for the analysis of concurrent systems. 1 Introduction One area of program verification that has proven amenable to automation involves the analysis of finite-state processes. While computer systems in general are not finite-state, many interesting ones, including a variety of communication protocols and hardware systems, are, and their finitary nature enables the development and implementation of decision procedures that test for various properties. Model checking has p...

The paper describes an extension of well-founded semantics for logic programs with two types of negation. In this extension information about preferences between rules can be expressed in the logical language and derived dynamically. This is achieved by using a reserved predicate symbol and a naming technique. Conflicts among rules are resolved whenever possible on the basis of derived preference information. The well-founded conclusions of prioritized logic programs can be computed in polynomial time. A legal reasoning example illustrates the usefulness of the approach. 1. Introduction: Why Dynamic Preferences are Needed Preferences among defaults play a crucial role in nonmonotonic reasoning. One source of preferences that has been studied intensively is specificity (Poole, 1985; Touretzky, 1986; Touretzky, Thomason, & Horty, 1991). In case of a conflict between defaults we tend to prefer the more specific one since this default provides more reliable information. E.g., if we know t...