Robust Satisfaction

In order to check whether an open system satisfies a desired property, we need to check the behavior of the system with respect to an arbitrary environment. In the most general setting, the environment is another open system. Given an open system M and a property ψ, we say that M robustly satisfies ψ iff for every open system M′, which serves as an environment to M, the composition M||M′ satisfies ψ. The problem of robust model checking is then to decide, given M and ψ, whether M robustly satisfies ψ. In this paper we study the robust-model-checking problem. We consider systems modeled by nondeterministic Moore machines, and properties specified by branching temporal logic (for linear temporal logic, robust satisfaction coincides with usual satisfaction). We show that the complexity of the problem is EXPTIME-complete for CTL and the µ-calculus, and is 2EXPTIME-complete for CTL*. We partition branching temporal logic formulas into three classes: universal, existential, and mixed formulas. We show that each class has different sensitivity to the robustness requirement. In particular, unless the formula is mixed, robust model checking can ignore nondeterministic environments. In addition, we show that the problem of classifying a CTL formula into these classes is EXPTIME-complete.

[1]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Branching-Time Model Checking (Extended Abstract) , 1994, CAV.

[2]  David E. Muller,et al.  Alternating Automata on Infinite Trees , 1987, Theor. Comput. Sci..

[3]  E. A Emerson,et al.  Model Checking Under Generalized Fairness Constraints , 1984 .

[4]  David L. Dill,et al.  Trace theory for automatic hierarchical verification of speed-independent circuits , 1989, ACM distinguished dissertations.

[5]  Orna Kupferman,et al.  Weak alternating automata and tree automata emptiness , 1998, STOC '98.

[6]  E. Allen Emerson,et al.  Tree automata, mu-calculus and determinacy , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[7]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[8]  Marco Antoniotti,et al.  Synthesis and verification of discrete controllers for robotics and manufacturing devices with temporal logic and the control-D system , 1996 .

[9]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[10]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[11]  Ronald Fagin,et al.  Modelling Knowledge and Action in Distributed Systems , 1988, Concurrency.

[12]  Edmund M. Clarke,et al.  Reasoning about Networks with Many Identical Finite State Processes , 1989, Inf. Comput..

[13]  Bengt Jonsson,et al.  Assumption/Guarantee Specifications in Linear-Time Temporal Logic (Extended Abstract) , 1995, TAPSOFT.

[14]  Michael J. Fischer,et al.  Reasoning about Uncertainty in Fault-tolerant Distributed Systems , 1988, FTRTFT.

[15]  1979 Hawaii International Conference on System Sciences. , 1979, Journal of medical systems.

[16]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[17]  Edmund M. Clarke,et al.  Reasoning about networks with many identical finite-state processes , 1986, PODC '86.

[18]  Igor Walukiewicz,et al.  Guarded fixed point logic , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[19]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[20]  M. Rabin Weakly Definable Relations and Special Automata , 1970 .

[21]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[22]  Kenji Hiranuma The control of descrete event systems , 1993 .

[23]  E. Allen Emerson,et al.  An Automata Theoretic Decision Procedure for the Propositional Mu-Calculus , 1989, Inf. Comput..

[24]  james w.thatcher,et al.  tree automata: an informal survey , 1974 .

[25]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[26]  Orna Kupferman,et al.  Module Checking , 1996, Inf. Comput..

[27]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[28]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[29]  Bengt Jonsson,et al.  Assumption/Guarantee Specifications in Linear-Time Temporal Logic , 1996, Theor. Comput. Sci..

[30]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[31]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[32]  Leslie Lamport,et al.  "Sometime" is sometimes "not never": on the temporal logic of programs , 1980, POPL '80.

[33]  Thomas A. Henzinger,et al.  Hybrid Systems: Computation and Control , 1998, Lecture Notes in Computer Science.

[34]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[35]  E. Muller David,et al.  Alternating automata on infinite trees , 1987 .

[36]  Orna Kupferman,et al.  On the Complexity of Branching Modular Model Checking (Extended Abstract) , 1995, CONCUR.

[37]  Nancy A. Lynch,et al.  Liveness in Timed and Untimed Systems , 1994, Inf. Comput..

[38]  Orna Kupferman,et al.  Module Checking Revisited , 1997, CAV.

[39]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[40]  David E. Muller,et al.  Simulating Alternating Tree Automata by Nondeterministic Automata: New Results and New Proofs of the Theorems of Rabin, McNaughton and Safra , 1995, Theor. Comput. Sci..

[41]  Pierre Wolper,et al.  Automata theoretic techniques for modal logics of programs: (Extended abstract) , 1984, STOC '84.