Wojciech Penczek

Model-checking of causality properties

A temporal logic for causality (T/sub LC/) is introduced. The logic is interpreted over causal structures corresponding to partial order executions of programs. For causal structures describing the behavior of a finite fixed set of processes, a T/sub LC/-formula can, equivalently, be interpreted over their linearizations. The main result of the paper is a tableau construction that gives a singly-exponential translation from a T/sub LC/ formula /spl psi/ to a Streett automaton that accepts the set of linearizations satisfying /spl psi/. This allows both checking the validity of T/sub LC/ formulas and model-checking of program properties. As the logic T/sub LC/ does not distinguish among different linearizations of the same partial order execution, partial order reduction techniques can be applied to alleviate the state-space explosion problem of model-checking.

√erics: a tool for verifying timed automata and estelle specifications

The paper presents a new tool for automated verification of Timed Automata as well as protocols written in the specification language Estelle. The current version offers an automatic translation from Estelle specifications to timed automata, and two complementary methods of reachability analysis. The first one is based on Bounded Model Checking (BMC), while the second one is an on-the-fly verification on an abstract model of the system.

Verification of Multiagent Systems via Unbounded Model Checking

We present an approach to the problem of verification of epistemic properties of multi-agent systems by means of symbolic model checking. In particular, it is shown how to extend the technique of unbounded model checking from a purely temporal setting to a temporal-epistemic one. In order to achieve this, we base our discussion on interpreted systems semantics, a popular semantics used in multi-agent systems literature.We give details of the technique and show how it can be applied to the well-known train, gate and controller problem.

Specification and model checking of temporal properties in time Petri nets and timed automata

The paper surveys some of the most recent approaches to verification of properties, expressible in some timed and untimed temporal logics (LTL, CTL, TCTL), for real-time systems represented by time Petri nets (TPN’s) and timed automata (TA). Firstly, various structural translations from TPN’s to TA are discussed. Secondly, model abstraction methods, based on state class approaches for TPN’s, and on partition refinement for TA, are given. Next, SAT-based verification techniques, like bounded and unbounded model checking, are discussed. The main focus is on bounded model checking for TCTL and for reachability properties. The paper ends with a comparison of experimental results for several time Petri nets, obtained using the above solutions, i.e., either model abstractions for TPN’s, or a translation of a net to a timed automaton and then verification methods for TA. The experiments have been performed using some available tools for TA and TPN’s.

Towards Bounded Model Checking for the Universal Fragment of TCTL

Bounded Model Checking (BMC) based on SAT methods consists in searching for a counterexample of a particular length and to generate a propositional formula that is satisfiable iff such a counterexample exists. Our paper shows how the concept of bounded model checking can be extended to deal with TACTL (the universal fragment of TCTL) properties of Timed Automata.

Propositional Temporal Logics and Equivalences

We compare propositional temporal logics by comparing the equivalences that they induce on models. Linear time, branching time and partial order temporal logics are considered. The logics are interpreted on occurrence transition systems, generated by labelled prime event structures without autoconcurrency. The induced equivalences are also compared to directly defined equivalences, e.g., history preserving bisimulation, pomset bisimulation, pomset trace equivalence, and others. It is then shown which of the induced equivalences are and which are not preserved under action refinement.

A Temporal Logic for Event Structures

The formalism of temporal logic has been suggested as an appropriate tool for specifying and proving properties of distributed programs It has become clear that the modalities of temporal logic are well suited for capturing the dynamic properties of distributed programs and systems. Originally, temporal logic was designed in order to analyse and reason about time sequences in general (for example, by Emerson and Halpern. 1985, 1986; Lamport, 1980; Gabbay et al., 1980; Pnueli, 1981). In most of the papers in the area of temporal logic concurrency is represented in terms of an arbitrary nondeterministic interleaving. Because of that the difference between concurrency and non-determinism is lost. This is quite acceptable for many pur-poses, but not always, as shown by Mazurkiewicz et al. (1988). A maior consequence, however, is that one is forced to attach formulas to the global states of a distributed system (program). In general, it is very difficult, if not impossible, to observe such global states; parts of the global state may be changing simultaneously due to independent actions carried out on two separate locations. So, we need a formalism which deals only with local states. In this formalism we incorporate operators representing the relations of causality and conflict.

Partial Order Reductions for Model Checking Temporal-epistemic Logics over Interleaved Multi-agent Systems

We investigate partial order reduction for model checking multiagent systems by focusing on interleaved interpreted systems. These are a particular class of interpreted systems, a mainstream MAS formalism, in which only one action at the time is performed. We present a notion of stuttering-equivalence, and prove the semantical equivalence of stuttering-equivalent traces with respect to linear and branching time temporal logics for knowledge without the next operator. We give algorithms to reduce the size of the models before the model checking step and show preservation properties. We evaluate the technique by discussing the experimental results obtained against well-known examples in the MAS literature.

Bounded Model Checking for Interpreted Systems: Preliminary Experimental Results

We present experimental results relating to a bounded model checking algorithm applied to the attacking generals problem. We use interpreted systems semantics and a logical language comprising knowledge and time.

Abstractions and Partial Order Reductions for Checking Branching Properties of Time Petri Nets

The paper deals with verification of untimed branching time properties of Time Petri Nets. The atomic variant of the geometric region method for preserving properties of CTL* and ACTL* is improved. Then, it is shown, for the first time, how to apply the partial order reduction method to deal with next-time free branching properties of Time Petri Nets. The above two results are combined offering an efficient method for model checking of ACTL-X* and CTL-X* properties of Time Petri Nets.