Shigeki Hagihara

A temporal logic with mean-payoff constraints

In the quantitative verification and synthesis of reactive systems, the states or transitions of a system are associated with payoffs, and a quantitative property of a behavior of the system is often characterized by the mean payoff for the behavior. This paper proposes an extension of LTL thatdescribes mean-payoff constraints. For each step of a behavior of a system, the payment depends on a system transition and a temporal property of the behavior. A mean-payoff constraint is a threshold condition for the limit supremum or limit infimum of the mean payoffs of a behavior. This extension allows us to describe specifications reflecting qualitative and quantitative requirements on long-run average of costs and the frequencies of satisfaction of temporal properties. Moreover, we develop an algorithm for the emptiness problems of multi-dimensional payoff automata with Buchi acceptance conditions and multi-threshold mean-payoff acceptance conditions. The emptiness problems are decided by solving linear constraint satisfaction problems, and the decision problems of our logic are reduced to the emptiness problems. Consequently, we obtain exponential-time algorithms for the model- and satisfiability-checking of the logic. Some optimization problems of the logic can also be reduced to linear programming problems.

Qualitative Analysis of Gene Regulatory Networks by Satisfiability Checking of Linear Temporal Logic

We developed a method for analyzing the dynamics of gene regulatory networks in purely qualitative fashion. In our method, constraints for possible behaviors of a network and a biological property of interest are described as Linear Temporal Logic formulas, being automatically analyzed by satisfiability checking. In this way, we can investigate whether there exists some behavior which satisfies a specified property or whether all the behaviors satisfy a specified property, which are difficult in quantitative analysis.

Modular analysis of gene networks by linear temporal logic.

Despite a lot of advances in biology and genomics, it is still difficult to utilise such valuable knowledge and information to understand and analyse large biological systems due to high computational complexity. In this paper we propose a modular method with which from several small network analyses we analyse a large network by integrating them. This method is based on the qualitative framework proposed by authors in which an analysis of gene networks is reduced to checking satisfiability of linear temporal logic formulae. The problem of linear temporal logic satisfiability checking needs exponential time in the size of a formula. Thus it is difficult to analyse large networks directly in this method since the size of a formula grows linearly to the size of a network. The modular method alleviates this computational difficulty. We show some experimental results and see how we benefit from the modular analysis method.

AnZenMail: a secure and certified e-mail system

We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as email attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.

Qualitative analysis of gene regulatory networks by temporal logic

In this article we propose a novel formalism to model and analyse gene regulatory networks using a well-established formal verification technique. We model the possible behaviours of networks by logical formulae in linear temporal logic (LTL). By checking the satisfiability of LTL, it is possible to check whether some or all behaviours satisfy a given biological property, which is difficult in quantitative analyses such as the ordinary differential equation approach. Owing to the complexity of LTL satisfiability checking, analysis of large networks is generally intractable in this method. To mitigate this computational difficulty, we developed two methods. One is a modular checking method where we divide a network into subnetworks, check them individually, and then integrate them. The other is an approximate analysis method in which we specify behaviours in simpler formulae which compress or expand the possible behaviours of networks. In the approximate method, we focused on network motifs and presented approximate specifications for them. We confirmed by experiments that both methods improved the analysis of large networks. We propose a novel qualitative method for analysing gene networks based on formal verification technique.Behaviours and properties of networks are described in temporal logic formulae.By checking satisfiability of the formula, we can analyse properties of the network.To improve the efficiency of analysis we developed the modular and approximate method.

Minimal strongly unsatisfiable subsets of reactive system specifications

Verifying realizability in the specification phase is expected to reduce the development costs of safety-critical reactive systems. If a specification is not realizable, we must correct the specification. However, it is not always obvious what part of a specification should be modified. In this paper, we propose a method for obtaining the location of flaws. Rather than realizability, we use strong satisfiability, due to the fact that many practical unrealizable specifications are also strongly unsatisfiable. Using strong satisfiability, the process of analyzing realizability becomes less complex. We define minimal strongly unsatisfiable subsets (MSUSs) to locate flaws, and construct a procedure to compute them. We also show correctness properties of our method, and clarify the time complexity of our method. Furthermore, we implement the procedure, and confirm that MSUSs are computable for specifications of reactive systems at non-trivial scales.

Safraless LTL synthesis considering maximal realizability

Linear temporal logic (LTL) synthesis is a formal method for automatically composing a reactive system that realizes a given behavioral specification described in LTL if the specification is realizable. Even if the whole specification is unrealizable, it is preferable to synthesize a best-effort reactive system. That is, a system that maximally realizes its partial specifications. Therefore, we categorized specifications into must specifications (which should never be violated) and desirable specifications (the violation of which may be unavoidable). In this paper, we propose a method for synthesizing a reactive system that realizes all must specifications and strongly endeavors to satisfy each desirable specification. The general form of the desirable specifications without assumptions is

A Formal System for Analysis of Cryptographic Encryption and Their Security Properties

\mathbf{G }\varphi