Julian C. Bradfield

Modal Mu-Calculi

In the previous chapter we saw that modal formulas are not very expressive. They can not capture enduring traits of processes, the properties definable within temporal logic. However, these longer term properties can be viewed as closure conditions on immediate capabilities and necessities that modal logic captures. By permitting recursive modal equations, these temporal properties are expressible as extremal solutions of such equations. The property “whenever a coin is inserted, eventually an item is collected” is expressed using two recursive modal equations with different solutions. In the previous chapter, least and greatest solutions to recursive modal equations were represented using the fixed point quantifiers μZ and υZ. In this chapter we shall explicitly add these connectives to modal logic, thereby providing a very rich temporal logic.

The Modal mu-calculus Alternation Hierarchy is Strict

One of the open questions about the modal mu-calculus is whether the alternation hierarchy collapses; that is, whether all modal fix-point properties can be expressed with only a few alternations of least and greatest fix-points. In this paper, we resolve this question by showing that the hierarchy does not collapse.

Modal Logics and mu-Calculi: An Introduction

We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mu-calculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at model-checking, and finally at the relationship of modal logics to other formalisms.

Local model checking for infinite state spaces

Bradtield, J. and C. Stirling, Local model checking for infinite spaces, Theoretical Computer Science 96 (1992) 157-174. We present a sound and complete tableau proof system for establishing whether a set of elements of an arbitrary transition system model has a property expressed in (a slight extension of) the modal mu-calculus. The proof system, we believe, offers a very general verification method applicable to a wide range of computational systems. In the last twenty years many approaches to program verification have been developed. Hoare’s partial correctness logic for simple while programs gave an early sound and relatively complete proof system. This approach was subsequently extended to total correctness and to richer classes of programs. Dynamic logics offered a more abstract view of Hoare logics, especially in their propositional versions. Pnueli pioneered the use of propositional temporal logics as more general program logics, capable of describing crucial properties of perpetual concurrent systems. A variety of temporal logics have been studied, particularly branching and linear time. Many useful decidability and expressiveness results (relating logics and automata) have been obtained, as well as sound and complete axiomatizations of validity. A slightly earlier tradition in the study of correctness was given by the work on program schemes where second order logics were advocated, especially in the form of the mu-calculus due to de Bakker, de Roever and Park. An elegant generalization of propositional dynamic and temporal logics drawing on this tradition is the propositional modal mu-calculus, due to Pratt and Kozen. The modal mu-calculus has been shown to include Propositional

Verifying temporal properties of processes

Many interesting concurrent systems have infinite state spaces: examples include concurrent while programs; Petri Nets; CCS (or CSP) processes with value passing. All of these examples can be interpreted operationally as infinite labelled transition systems, structures of the form (7 ~, { --% : a E L }) where 7 ~ is a set of points (states, markings, processes) and % the appropriate binary transition relation on 7 ~ for each label a (action, set of events) belonging to the family L. A very rich temporal logic for expressing properties of such transition systems is a slight extension of the modal mu-calculus [9, 6] where the modalities are indexed by families of labels instead of individual labels. The question we address in this paper is: can model checking techniques, as introduced in [3] be extended from finite to infinite state spaces? (Pragmatically, this means moving from automated to computer-aided verification techniques.) We provide an affirmative answer by presenting a sound and complete tableau system for proving temporal properties of states (processes or markings) in arbitrary infinite transition system models. The tableau system extends local model checking techniques as presented in [4, 7, 11, 14]. The delicate aspect is showing that a point (or set of points) has, or lacks, a least fixed point property (a liveness property). The tableau proof system is data independent and therefore generalizes standard methods commonly used in program logics (such as Hoaxe logics). The verification technique is illustrated on examples drawn from CCS [8]. See [1] for the application of the method to Petri Nets and [12] for its application to concurrent while programs. Section 2 provides examples of CCS processes and their properties. In section 3 the syntax and semantics of the (slightly extended) modal mu-calculus are described. The tableau proof system is presented in section 4, and finally we briefly examine applications in section 5.

Enriching OCL Using Observational Mu-Calculus

The Object Constraint Language is a textual specification language which forms part of the Unified Modelling Language[8]. Its principal uses are specifying constraints such as well-formedness conditions (e.g. in the definition of UML itself) and specifying contracts between parts of a system being modelled in UML. Focusing on the latter, we propose a systematic way to extend OCL with temporal constructs in order to express richer contracts. Our approach is based on observational mu-calculus, a two-level temporal logic in which temporal features at the higher level interact cleanly with a domain specific logic at the lower level. Using OCL as the lower level logic, we achieve much improved expressiveness in a modular way. We present a unified view of invariants and pre/post conditions, and we show how the framework can be used to permit the specification of liveness properties.

12 Modal mu-calculi

Publisher Summary Modal mu-calculus is a logic used extensively in certain areas of computer science and is of considerable intrinsic mathematical and logical interest. Its defining feature is the addition of inductive definitions to modal logic; thereby it achieves a great increase in expressive power and an equally great increase in difficulty of understanding. It includes many of the logics used in systems verification, and is quite straightforward to evaluate. It also provides one of the strongest examples of the connections between modal and temporal logics, automata theory, and the theory of games. It provides second-order expressive power sufficient to generalize the most common temporal logics, but is still decidable and has the finite model property. It raises many intriguing issues about the interface between modal logic, complexity theory, and automata theory. This chapter surveys a range of the questions and results about the modal mu-calculus and related logics. The logic is defined, some approaches to gaining an intuitive understanding of formulae are described, and the main theorem about the semantics is established. The modal mu-calculus has the tree model property and relates to some other temporal logics, to automata and to games.

Fixpoint alternation: arithmetic, transition systems, and the binary tree

We provide an elementary proof of the fixpoint alternation hierarchy in arithmetic, which in turn allows us to simplify the proof of the modal mu-calculus alternation hierarchy. We further show that the alternation hierarchy on the binary tree is strict, resolving a problem of Niwinski.

A general definition of malware

We propose a general, formal definition of the concept of malware (malicious software) as a single sentence in the language of a certain modal logic. Our definition is general thanks to its abstract formulation, which, being abstract, is independent of—but nonetheless generally applicable to—the manifold concrete manifestations of malware. From our formulation of malware, we derive equally general and formal definitions of benware (benign software), anti-malware (“antibodies” against malware), and medware (medical software or “medicine” for affected software). We provide theoretical tools and practical techniques for the detection, comparison, and classification of malware and its derivatives. Our general defining principle is causation of (in)correctness.

An Effective Tableau System for the Linear Time µ-Calculus

We present a tableau system for the model checking problem of the linear time µ-calculus. It improves the system of Stirling and Walker by simplifying the success condition for a tableau. In our system success for a leaf is determined by the path leading to it, whereas Stirling and Walkers method requires the examination of a potentially infinite number of paths extending over the whole tableau.