Yongwang Zhao,Dianfu Ma,Jing Li,Zhuqing Li

DOI: https://doi.org/10.1109/EASe.2011.13

2011-01-01

Abstract:Increasingly, software needs to dynamically adapt its structure and behavior at runtime in response to changing conditions in the supporting computing, network infrastructure, and in the surrounding physical environments. By high complexity, adaptive programs are generally difficult to specify, verify, and validate. Assurance of high dependability of these programs is a great challenge. Efficiently and precisely specifying requirements and flexible model checking for adaptation are the key issues for developing dependably adaptive software. This paper introduces a formal model for adaptive programs which have different behavioral modes. We consider that adaptive programs have two behavioral level, functional behavior and adaptation. State machine is used to describe functional behavior in different modes and mode automata is proposed for adaptations. Specifications of adaptive programs are classified into three categories, local, adaptation and global properties from their different scope of dynamic adaptation. To specify and verify specifications on our model, We propose the Mode-extended Linear Temporal Logic (mLTL) and its model checking approach. mLTL extends Linear Temporal Logic (LTL) by adding mode related element and enables describing properties on different modes. Our formal model and mLTL formulae are translated to SMV language and verified in NuSMV model checker.

Muhammad Syifa'ul Mufid,Andrea Micheli,Alessandro Abate,Alessandro Cimatti

2023-08-21

Abstract:Max-Plus Linear (MPL) systems are an algebraic formalism with practical applications in transportation networks, manufacturing and biological systems. In this paper, we investigate the problem of automatically analyzing the properties of MPL, taking into account both structural properties such as transient and cyclicity, and the open problem of user-defined temporal properties. We propose Time-Difference LTL (TDLTL), a logic that encompasses the delays between the discrete time events governed by an MPL system, and characterize the problem of model checking TDLTL over MPL. We first consider a framework based on the verification of infinite-state transition systems, and propose an approach based on an encoding into model checking. Then, we leverage the specific features of MPL systems to devise a highly optimized, combinational approach based on Satisfiability Modulo Theory (SMT). We experimentally evaluate the features of the proposed approaches on a large set of benchmarks. The results show that the proposed approach substantially outperforms the state of the art competitors in expressiveness and effectiveness, and demonstrate the superiority of the combinational approach over the reduction to model checking.

Formal Languages and Automata Theory

Yuanrui Zhang,Frederic Mallet,Min Zhang,Zhiming Liu

DOI: https://doi.org/10.1145/3670794

2024-01-01

Formal Aspects of Computing

Abstract:The polychronous or multi-clock paradigm is adequate to model large distributed systems where achieving a full timed synchronization is not only very costly, but also often not necessary. It concerns systems made of a set of components with loose synchronization constraints. We study an approach where those components are orchestrated using logical clocks , made popular by L. Lamport and synchronous languages. The temporal and causal specification of those systems is built by defining a set of clock relations that would constrain the instant when clocks can tick or must not tick, thus defining families of valid schedules . In this paper, we propose a specification language, called LTL c / CCSL , for specifying temporal properties of multi-clock systems. While traditional temporal logics (LTL, MTL, CTL*), whether linear or branching, rely on a global step, our language, LTL c / CCSL , builds a partial order on logical clocks, thus allowing both a hierarchical approach based on refinement of clock hierarchies, and compositionality as what happens in one clock domain may remain largely independent of what may happen in other domains. This good property helps preserve the properties without requiring to perform the proofs again. An LTL c / CCSL specification consists of a clock temporal logic LTL c , accompanied with a clock calculus called CCSL for specifying clock relations. We build the syntax and semantics of LTL c and link its semantics with CCSL. After that we mainly focus on the verification aspect of LTL c / CCSL specifications using model checking technique. We show how LTL c / CCSL can be used for specifying multi-clock systems with an example.

Jianwen Li,Moshe Y. Vardi,Kristin Y. Rozier

DOI: https://doi.org/10.1016/j.ic.2022.104923

IF: 1.24

2022-01-01

Information and Computation

Abstract:Mission-time Linear Temporal Logic ( LTL ), abbreviated as MLTL , is a bounded variant of Metric Temporal Logic ( MTL ) over naturals designed to generically specify requirements for mission-based system operation common to aircraft, spacecraft, vehicles, and robots. Despite the utility of MLTL as a specification logic, major gaps remain in analyzing MLTL , e.g., for specification debugging or model checking, centering on the absence of any complete MLTL satisfiability checker. In this paper, we explore both the theoretical and algorithmic problems of MLTL satisfiability checking. We prove that the MLTL satisfiability checking problem is NEXPTIME-complete and that satisfiability checking MLTL 0 , the variant of MLTL where all intervals start at 0, is PSPACE-complete. To explore the best algorithmic solution for MLTL satisifiability checking, we reduce this problem to LTL satisfiability checking, LTL f ( LTL over finite traces) satisfiability checking, and model checking respectively, thus conducting translations for MLTL -to- LTL , MLTL -to- LTL f , and MLTL -to- SMV . Moreover, we propose a new SMT -based solution for MLTL satisfiability checking and create a translation for MLTL -to- SMT . Our extensive experimental evaluation shows that while the MLTL -to- SMV translation with NuXmv model checker performs best on the benchmarks whose interval ranges are small (than 100), the MLTL -to- SMT translation with the Z3 SMT solver offers the most scalable performance.

Daniela Lepri,Peter Csaba Ölveczky,Erika Ábrahám

DOI: https://doi.org/10.4204/EPTCS.36.7

2010-09-22

Abstract:This paper presents a transformational approach for model checking two important classes of metric temporal logic (MTL) properties, namely, bounded response and minimum separation, for nonhierarchical object-oriented Real-Time Maude specifications. We prove the correctness of our model checking algorithms, which terminate under reasonable non-Zeno-ness assumptions when the reachable state space is finite. These new model checking features have been integrated into Real-Time Maude, and are used to analyze a network of medical devices and a 4-way traffic intersection system.

Logic in Computer Science

Taolue Chen,Marco Diciolla,Marta Kwiatkowska,Alexandru Mereacre

DOI: https://doi.org/10.1007/978-3-642-24310-3_4

2011-01-01

Abstract:In this paper we study time-bounded verification of a finite continuous-time Markov chain (CTMC) C against a real-time specification, provided either as a metric temporal logic (MTL) property φ, or as a timed automaton (TA) A . The key question is: what is the probability of the set of timed paths of C that satisfy φ (or are accepted by A ) over a time interval of fixed, bounded length? We provide approximation algorithms to solve these problems. We first derive a bound N such that timed paths of C with at most N discrete jumps are sufficient to approximate the desired probability up to ε. Then, for each discrete (untimed) path σ of length at most N , we generate timed constraints over variables determining the residence time of each state along σ, depending on the realtime specification under consideration. The probability of the set of timed paths, determined by the discrete path and the associated timed constraints, can thus be formulated as a multidimensional integral. Summing up all such probabilities yields the result. For MTL, we consider both the continuous and the pointwise semantics. The approximation algorithms differ mainly in constraints generation for the two types of specifications.

Joel Ouaknine,James Worrell

DOI: https://doi.org/10.2168/lmcs-3(1:8)2007

2007-02-28

Logical Methods in Computer Science

Abstract:<p>Metric Temporal Logic (MTL) is a prominent specification formalism forreal-time systems. In this paper, we show that the satisfiability problem forMTL over finite timed words is decidable, with non-primitive recursivecomplexity. We also consider the model-checking problem for MTL: whether allwords accepted by a given Alur-Dill timed automaton satisfy a given MTLformula. We show that this problem is decidable over finite words. Overinfinite words, we show that model checking the safety fragment of MTL--whichincludes invariance and time-bounded response properties--is also decidable.These results are quite surprising in that they contradict various claims tothe contrary that have appeared in the literature.</p>

computer science, theory & methods,logic

Min Zhang,Yunhui Ying

DOI: https://doi.org/10.1145/3078633.3081035

2017-01-01

Abstract:The Clock Constraint Specification Language (CCSL) is a formal language companion to MARTE (shorthand for Modeling and Analysis of Real-Time and Embedded systems), a UML profile used to facilitate the design and analysis of real-time and embedded systems. CCSL is proposed to specify constraints on the occurrences of events in systems. However, the language lacks efficient verification support to formally analyze temporal properties, which are important properties to real-time and embedded systems. In this paper, we propose an SMT-based approach to model checking of the temporal properties specified in Linear Temporal Logic (LTL) for CCSL by transforming CCSL constraints and LTL formulas into SMT formulas. We implement a prototype tool for the proposed approach and use the state-of-the-art tool Z3 as its underlying SMT solver. We model two practical real-time and embedded systems, i.e., a traffic light controller and a power window system in CCSL, and model check LTL properties of them using the proposed approach. Experimental results demonstrate the effectiveness and efficiency of our approach.

Jingyi Mei,Ming Xu,Ji Guan,Yuxin Deng,Nengkun Yu

2023-06-30

Abstract:Verifying quantum systems has attracted a lot of interest in the last decades. In this paper, we study the quantitative model-checking of quantum continuous-time Markov chains (quantum CTMCs). The branching-time properties of quantum CTMCs are specified by continuous stochastic logic (CSL), which is famous for verifying real-time systems, including classical CTMCs. The core of checking the CSL formulas lies in tackling multiphase until formulas. We develop an algebraic method using proper projection, matrix exponentiation, and definite integration to symbolically calculate the probability measures of path formulas. Thus the decidability of CSL is established. To be efficient, numerical methods are incorporated to guarantee that the time complexity is polynomial in the encoding size of the input model and linear in the size of the input formula. A running example of Apollonian networks is further provided to demonstrate our method.

Logic in Computer Science

Lianyi Zhang,Qingdi Meng,Guiming Luo

DOI: https://doi.org/10.1007/978-3-319-12096-6_25

2014-01-01

Abstract:In this paper a hierarchical Markov model is proposed for the temporal analysis of periodic stochastic systems. For analyzing the system behavior, an interval linear temporal logic, ipLTL, is presented, which is an LTL with linear inequalities on the probability mass functions (pmfs) as an atomic proposition. We prove that the proposed model converges to a steady state which enables us to develop an algorithm to determine the bound of the system execution time and check the specification written in ipLTL. Some properties of the manufacturing systems are analyzed and verified to illustrate the efficiency of our methods.

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.1007/978-3-642-04761-9_10

2009-01-01

Abstract:We investigate the problem of verifying linear-time properties against inhomogeneous continuous-time Markov chains (ICTMCs). A fundamental question we address is how to compute reachability probabilities. We consider two variants: time-bounded and unbounded reachability. It turns out that both can be characterized as the least solution of a system of integral equations. We show that for the time-bounded case, the obtained integral equations can be transformed into a system of ordinary differential equations; for the time-unbounded case, we identify two sufficient conditions, namely the eventually periodic assumption and the eventually uniform assumption , under which the problem can be reduced to solving a time-bounded reachability problem for the ICTMCs and a reachability problem for a DTMC. These results provide the basis for a model checking algorithm for LTL. Under the eventually stable assumption , we show how to compute the probability of a set of ICTMC paths which satisfy a given LTL formula. By an automata-based approach, we reduce this problem to the previous established results for reachability problems.

Thomas Brihaye,Morgane Estiévenart,Gilles Geeraerts

DOI: https://doi.org/10.48550/arXiv.1406.4395

2014-06-17

Abstract:One clock alternating timed automata (OCATA) have been introduced as natural extension of (one clock) timed automata to express the semantics of MTL. In this paper, we consider the application of OCATA to the problems of model-checking and satisfiability for MITL (a syntactic fragment of MTL), interpreted over infinite words. Our approach is based on the interval semantics (recently introduced in [BEG13] in the case of finite words) extended to infinite words. We propose region-based and zone-based algorithms, based on this semantics, for MITL model-checking and satisfiability. We report on the performance of a prototype tool implementing those algorithms.

Logic in Computer Science,Logic

Haiyu Pan,Yongming Li,Yongzhi Cao,Zhanyou Ma

DOI: https://doi.org/10.1016/j.tcs.2015.10.014

IF: 1.002

2016-01-01

Theoretical Computer Science

Abstract:Multi-valued model-checking is an extension of classical model-checking used to verify the properties of systems with uncertain information content. It is used in systems where the semantic domain of both the models of the systems and the specification is a De Morgan algebra or more abstract structure such as semirings. A common feature of De Morgan algebras and semirings is that they satisfy the distributive law, which is crucial for all of the multi-valued model-checking algorithms developed so far. In this paper, we study computation tree logic with membership values in a finite lattice, which are called multi-valued computation tree logic (MCTL). We introduce three semantics for MCTL over the multi-valued Kripke structure: path semantics, fixpoint semantics, and algebraic semantics, and prove that they coincide if and only if the underlying lattice is distributive. Furthermore, we provide model-checking algorithms with respect to the three semantics. Our algorithms show that MCTL model-checking problems with respect to the fixpoint and algebraic semantics can be solved in polynomial time in the size of the state space of the multi-valued Kripke structure, the size of the lattice, and the length of the formula, while MCTL model-checking problem with respect to the path semantics is in PSPACE. We also provide a lower bound for the MCTL model-checking problem with respect to the path semantics.

Taolue Chen,Marco Diciolla,Marta Kwiatkowska,Alexandru Mereacre

DOI: https://doi.org/10.1145/2185632.2185672

2012-01-01

Abstract:Stochastic modeling and algorithmic verification techniques have been proved useful in analyzing and detecting unusual trends in performance and energy usage of systems such as power management controllers and wireless sensor devices. Many important properties are dependent on the cumulated time that the device spends in certain states, possibly intermittently. We study the problem of verifying continuous-time Markov chains (CTMCs) against linear duration properties (LDP), i.e. properties stated as conjunctions of linear constraints over the total duration of time spent in states that satisfy a given property. We identify two classes of LDP properties, eventuality duration properties (EDP) and invariance duration properties (IDP), respectively referring to the reachability of a set of goal states, within a time bound; and the continuous satisfaction of a duration property over an execution path. The central question that we address is how to compute the probability of the set of infinite timed paths of the CTMC that satisfy a given LDP. We present algorithms to approximate these probabilities up to a given precision, stating their complexity and error bounds. The algorithms mainly employ an adaptation of uniformization and the computation of volumes of multi-dimensional integrals under systems of linear constraints, together with different mechanisms to bound the errors.

Jonni Virtema,Jana Hofmann,Bernd Finkbeiner,Juha Kontinen,Fan Yang

DOI: https://doi.org/10.48550/arXiv.2010.03311

2020-10-07

Logic in Computer Science

Abstract:We study the expressivity and complexity of model checking linear temporal logic with team semantics (TeamLTL). TeamLTL, despite being a purely modal logic, is capable of defining hyperproperties, i.e., properties which relate multiple execution traces. TeamLTL has been introduced quite recently and only few results are known regarding its expressivity and its model checking problem. We relate the expressivity of TeamLTL to logics for hyperproperties obtained by extending LTL with trace and propositional quantifiers (HyperLTL and HyperQPTL). By doing so, we obtain a number of model checking results for TeamLTL and identify its undecidability frontier. In particular, we show decidability of model checking of the so-called left-flat fragment of any downward closed TeamLTL-extension. Moreover, we establish that the model checking problem of TeamLTL with Boolean disjunction and inclusion atoms is undecidable.

Paul Hunter,Joël Ouaknine,James Worrell

DOI: https://doi.org/10.48550/arXiv.1209.0516

2012-09-04

Logic in Computer Science

Abstract:A seminal result of Kamp is that over the reals Linear Temporal Logic (LTL) has the same expressive power as first-order logic with binary order relation < and monadic predicates. A key question is whether there exists an analogue of Kamp's theorem for Metric Temporal Logic (MTL) -- a generalization of LTL in which the Until and Since modalities are annotated with intervals that express metric constraints. Hirshfeld and Rabinovich gave a negative answer, showing that first-order logic with binary order relation < and unary function +1 is strictly more expressive than MTL with integer constants. However, a recent result of Hunter, Ouaknine and Worrell shows that with rational timing constants, MTL has the same expressive power as first-order logic, giving a positive answer. In this paper we generalize these results by giving a precise characterization of those sets of constants for which MTL and first-order logic have the same expressive power. We also show that full first-order expressiveness can be recovered with the addition of counting modalities, strongly supporting the assertion of Hirshfeld and Rabinovich that Q2MLO is one of the most expressive decidable fragments of FO(<,+1).

Yongwang Zhao,Zhuqing Li,Hualei Shen,Dianfu Ma

DOI: https://doi.org/10.1007/s00607-013-0295-3

2013-01-01

Computing

Abstract:As software systems are becoming increasingly complex, they need to dynamically and continually adapt their behavior to changing conditions in the long-term running. There will be large numbers of adaptations in these systems when evolving and the adaptations may be unknowable until system operation. To specify these adaptations, this paper proposes the mode-supported Linear Temporal Logic (mLTL) that is an effective way to describe global specifications of adaptive software. The global specifications are defined for adaptive software as requirements from the perspective of global adapting process. The model checking problem of mLTL is also resolved using Linear Temporal Logic (LTL) and Labelled Transition System Analyser (LTSA). Finally, we provide a prototype implementation for modelling and analyzing adaptive programs, and experimental evaluation shows feasibility and scalability of our approach.

Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.2168/lmcs-7(1:12)2011

2011-01-01

Logical Methods in Computer Science

Abstract:We study the verification of a finite continuous-time Markov chain (CTMC) C against a linear real-time specification given as a deterministic timed automaton (DTA) A with finite or Muller acceptance conditions. The central question that we address is: what is the probability of the set of paths of C that are accepted by A, i.e., the likelihood that C satisfies A? It is shown that under finite acceptance criteria this equals the reachability probability in a finite piecewise deterministic Markov process (PDP), whereas for Muller acceptance criteria it coincides with the reachability probability of terminal strongly connected components in such a PDP. Qualitative verification is shown to amount to a graph analysis of the PDP. Reachability probabilities in our PDPs are then characterized as the least solution of a system of Volterra integral equations of the second type and are shown to be approximated by the solution of a system of partial differential equations. For single-clock DTA, this integral equation system can be transformed into a system of linear equations where the coefficients are solutions of ordinary differential equations. As the coefficients are in fact transient probabilities in CTMCs, this result implies that standard algorithms for CTMC analysis suffice to verify single-clock DTA specifications.

Rayhana Amjad,Rob van Glabbeek,Liam O'Connor

DOI: https://doi.org/10.4204/EPTCS.412.4

2024-11-22

Abstract:LTL3 is a multi-valued variant of Linear-time Temporal Logic for runtime verification applications. The semantic descriptions of LTL3 in previous work are given only in terms of the relationship to conventional LTL. Our approach, by contrast, gives a full model-based inductive accounting of the semantics of LTL3, in terms of families of definitive prefix sets. We show that our definitive prefix sets are isomorphic to linear-time temporal properties (sets of infinite traces), and thereby show that our semantics of LTL3 directly correspond to the semantics of conventional LTL. In addition, we formalise the formula progression evaluation technique, popularly used in runtime verification and testing contexts, and show its soundness and completeness up to finite traces with respect to our semantics. All of our definitions and proofs are mechanised in Isabelle/HOL.

Logic in Computer Science

Muhammad Syifa'ul Mufid,Dieky Adzkiya,Alessandro Abate

DOI: https://doi.org/10.48550/arXiv.1907.03564

2019-07-08

Abstract:This paper introduces the abstraction of max-plus linear (MPL) systems via predicates. Predicates are automatically selected from system matrix, as well as from the specifications under consideration. We focus on verifying time-difference specifications, which encompass the relation between successive events in MPL systems. We implement a bounded model checking (BMC) procedure over a predicate abstraction of the given MPL system, to verify the satisfaction of time-difference specifications. Our predicate abstractions are experimentally shown to improve on existing MPL abstractions algorithms. Furthermore, with focus on the BMC algorithm, we can provide an explicit upper bound on the completeness threshold by means of the transient and the cyclicity of the underlying MPL system.

Logic in Computer Science,Systems and Control