A study on multi-dimensional products of graphs and hybrid logics

In this work, we address some issues related to products of graphs and products of modal logics. Our main contribution is the presentation of a necessary and sufficient condition for a countable and connected graph to be a product, using a property called intransitivity. We then proceed to describe this property in a logical language. First, we show that intransitivity is not modally definable and also that no necessary and sufficient condition for a graph to be a product can be modally definable. Then, we exhibit a formula in a hybrid language that describes intransitivity. With this, we get a logical characterization of products of graphs of arbitrary dimensions. We then use this characterization to obtain two other interesting results. First, we determine that it is possible to test in polynomial time, using a model-checking algorithm, whether a finite connected graph is a product. This test has cubic complexity in the size of the graph and quadratic complexity in its number of dimensions. Finally, we use this characterization of countable connected products to provide sound and complete axiomatic systems for a large class of products of modal logics. This class contains the logics defined by product frames obtained from Kripke frames that satisfy connectivity, transitivity and symmetry plus any additional property that can be defined by a pure hybrid formula. Most sound and complete axiomatic systems presented in the literature are for products of a pair of modal logics, while we are able, using hybrid logics, to provide sound and complete axiomatizations for many products of arbitrary dimensions.     

Modular abstractions for verifying real-time distributed systems

In this work we present a verification methodology for real-time distributed systems, based on their modular decomposition into processes. Given a distributed system, each of its components is reduced by abstracting away from details that are irrelevant for the required specification. The abstract components are then composed to form an abstract system to which a model checking procedure is applied. The abstraction relation and the specification language guarantee that if the abstract system satisfies a specification, then the original system satisfies it as well.The specification languageRTL is a branching-time version of the real-time temporal logicTPTL presented in Alur and Henzinger [1]. Its model checking is linear in the size of the system and exponential in the size of the formula. Two notions of abstraction for real-time systems are introduced, each preserving a sublanguage ofRTL.     

PSPACE-completeness of Modular Supervisory Control Problems*

In this paper we investigate computational issues associated with the supervision of concurrent processes modeled as modular discrete-event systems. Here, modular discrete-event systems are sets of deterministic finite-state automata whose interaction is modeled by the parallel composition operation. Even with such a simple model process model, we show that in general many problems related to the supervision of these systems are PSPACE-complete. This shows that although there may be space-efficient methods for avoiding the state-explosion problem inherent to concurrent processes, there are most likely no time-efficient solutions that would aid in the study of such large-scale systems. We show our results using a reduction from a special class of automata intersection problem introduced here where behavior is assumed to be prefix-closed. We find that deciding if there exists a supervisor for a modular system to achieve a global specification is PSPACE-complete. We also show many verification problems for system supervision are PSPACE-complete, even for prefix-closed cases. Supervisor admissibility and online supervision operations are also discussed.*This research was supported in part by NSF grant CCR-0082784.     

Note on winning positions on pushdown games with ω-regular conditions

We consider infinite two-player games on pushdown graphs. For parity winning conditions, we show that the set of winning positions of each player is regular and we give an effective construction of an alternating automaton recognizing it. This provides a DEXPTIME procedure to decide whether a position is winning for a given player. Finally, using the same methods, we show, for any ω-regular winning condition, that the set of winning positions for a given player is regular and effective.     

Methods for Quantitative Analysis of Probabilistic Pushdown Automata

We present several constructions and techniques which have recently been used to tackle the prob- lems of qualitative/quantitative analysis of probabilistic pushdown automata.     

Pancyclicity of recursive circulant graphs

In this paper, we study the existence of cycles of all lengths in the recursive circulant graphs, and we show a necessary and sufficient condition for the graph being pancyclic and bipancyclic.     

Applying game theory mechanisms in open agent systems with complete information

Game theory is a popular tool for designing interaction protocols for agent systems. It is currently not clear how to extend this to open agent systems. By “open” we mean that foreign agents will be free to enter and leave different systems at will. This means that agents will need to be able to work with previously unseen protocols. There does not yet exist any agreement on a standard way in which such protocols can be specified and published. Furthermore, it is not clear how an agent could be given the ability to use an arbitrary published protocol; the agent would need to be able to work out a strategy for participation. To address this we propose a machine readable language in which a game theory mechanism can be written in the form of an agent interaction protocol. This language allows the workings of the protocol to be made public so that agents can inspect it to determine its properties and hence their best strategy. Enabling agents to automatically determine the game theoretic properties of an arbitrary interaction protocol is difficult. Rather than requiring agents to find the equilibrium of a game, we propose that a recommended equilibrium will be published along with the protocol; agents can then check the recommendation to decide if it is indeed an equilibrium. We present an algorithm for this decision problem. We also develop an equilibrium which simplifies the complexity of the checking problem, while still being robust to unilateral deviations.     

Space bounds for a game on graphs

We study a one-person game played by placing pebbles, according to certain rules, on the vertices of a directed graph. In [3] it was shown that for each graph withn vertices and maximum in-degreed, there is a pebbling strategy which requires at mostc(d) n/logn pebbles. Here we show that this bound is tight to within a constant factor. We also analyze a variety of pebbling algorithms, including one which achieves the 0(n/logn) bound.Research partially supported by DAAD (German Academic Exchange Service) Grant No. 430/402/563/5 (W.J.P.)Research partially supported by National Science Foundation grant MCS75-22870 and Office of Naval Research contract N0014-76-C-0688 (R.E.T. and J.R.C.).Reproduction in whole or in part is permitted for any purpose of the United States Government.     

Modular Verification of Open Features Using Three-Valued Model Checking

Feature-oriented programming organizes programs around features rather than objects, thus better supporting extensible, product-line architectures. Programming languages increasingly support this style of programming, but programmers get little support from verification tools. Ideally, programmers should be able to verify features independently of each other and use automated compositional reasoning techniques to infer properties of a system from properties of its features. Achieving this requires carefully designed interfaces: they must hold sufficient information to enable compositional verification, yet tools should be able to generate this information automatically because experience indicates programmers cannot or will not provide it manually. We present a model of interfaces that supports automated, compositional, feature-oriented model checking. To demonstrate their utility, we automatically detect the feature-interaction problems originally found manually by Robert Hall in an email suite case study.Research done while at Brown University.     

The super-connected property of recursive circulant graphs

In a graph G, a k-container C_k(u,v) is a set of k disjoint paths joining u and v. A k-container C_k(u,v) is k∗-container if every vertex of G is passed by some path in C_k(u,v). A graph G is k∗-connected if there exists a k∗-container between any two vertices. An m-regular graph G is super-connected if G is k∗-connected for any k with 1?k?m. In this paper, we prove that the recursive circulant graphs G(2^m,4), proposed by Park and Chwa [Theoret. Comput. Sci. 244 (2000) 35-62], are super-connected if and only if m≠2.     

On a game in directed graphs

Inspired by recent algorithms for electing a leader in a distributed system, we study the following game in a directed graph: each vertex selects one of its outgoing arcs (if any) and eliminates the other endpoint of this arc; the remaining vertices play on until no arcs remain. We call a directed graph lethal if the game must end with all vertices eliminated and mortal if it is possible that the game ends with all vertices eliminated. We show that lethal graphs are precisely collections of vertex-disjoint cycles, and that the problem of deciding whether or not a given directed graph is mortal is NP-complete (and hence it is likely that no “nice” characterization of mortal graphs exists).     

Flip-pushdown automata with k pushdown reversals and E0L systems are incomparable

We prove that any propagating E0L system cannot generate the language {w#w|w∈{0,1}^?}$\{w\mathrm{\#}w|w\in {\{0,1\}}^{?}\}$. This result, together with some known ones, enables us to conclude that the flip-pushdown automata with k pushdown reversals, i.e., the pushdown automata with the ability to flip the pushdown, and E0L systems are incomparable. This result solves an open problem stated by Holzer and Kutrib in 2003.     

Frame rule for mutually recursive procedures manipulating pointers

Using a predicate transformer semantics of programs, we introduce statements for heap operations and separation logic operators for specifying programs that manipulate pointers. We prove a powerful Hoare total correctness rule for mutually recursive procedures manipulating pointers. The rule combines earlier proof rules for (mutually) recursive procedures with the frame rule for pointer programs. The theory, including the proofs, is implemented in the theorem prover PVS. In this implementation program variables and addresses can store values of almost any type of the theorem prover.     

Modular Verification of SPARCv8 Code

Journal of Computer Science and Technology - Inline assembly code is common in system software to interact with the underlying hardware platforms. The safety and correctness of the assembly code is...     

知识驱动的游戏攻略自动标注算法

为了帮助用户快速检索感兴趣的游戏攻略,提出了知识驱动的游戏攻略自动标注算法。首先,对每款游戏的多个资讯网站进行融合,自动构建游戏领域知识库;然后,再通过游戏领域词汇发现算法和决策树分类模型,抽取游戏攻略中的游戏术语;由于游戏术语在攻略中大多以简称的形式存在,故最后将攻略中游戏术语和知识库进行链接得到该术语所对应的全称即语义标签对攻略进行标注。在多款游戏上的实验结果表明,所提出的游戏攻略标注方法的准确率高达90%。同时,游戏领域词汇发现算法与其他术语抽取方法n-gram语言模型相比取得了更好的效果。     

Modular design for simulation

This paper presents a modular design approach for the implementation of process-oriented or event-oriented discrete systems simulation software. Requirements for such a simulation facility are discussed, to include list processing capabilities, data structuring capabilities, dynamic allocation of data storage, statistics collection and number-crunching capabilities, and subprograms. Specific focus is placed upon implementing the process view which requires constructs in the language for initiating, controlling and terminating a process. Resource management facilities are also considered, to include a means of defining a resource with its associated resource handler and a set of primitives for requesting, releasing and obtaining status information regarding a resource. HPSIM, an organized collection of modules written in Modula-2, was designed to facilitate both event-oriented and process-oriented discrete systems simulation, Modula-2 was chosen for its data abstraction facilities, its software engineering capabilities, its execution efficiency, its ability for separate compilation and its implementation of co-routines. The modeller encapsulates the conceptual model of the system into a software module which is interfaced with the HPSIM modules. The IMPORT statement in Modula-2 allows the modeller to access any of the routines provided by HPSIM as required. An example involving a single-server CPU system highlights the process/resource features of HPSIM.     

Using Computer Algebra techniques for the specification,verification and synthesis of recursive programs

We describe an innovative method for proving total correctness of tail recursive programs having a specific structure, namely programs in which an auxiliary tail recursive function is driven by a main nonrecursive function, and only the specification of the main function is provided. The specification of the auxiliary function is obtained almost fully automatically by solving coupled linear recursive sequences with constant coefficients. The process is carried out by means of CA (Computer Algebra) and AC (Algorithmic Combinatorics) and is implemented in the Theorema system (using Mathematica). We demonstrate this method on an example involving polynomial expressions. Furthermore, we develop a method for synthesis of recursive programs for computing polynomial expressions of a fixed degree by means of “cheap” operations, e.g., additions, subtractions and multiplications. For a given polynomial expression, we define its recursive program in a schemewise manner. The correctness of the synthesized programs follows from the general correctness of the synthesis method, which is proven once for all, using the verification method presented in the first part of this paper.     

Model Checking of Time Petri Nets Using the State Class Timed Automaton

In this paper, we propose a method for building the state class graph of a bounded time Petri net (TPN) as a timed automaton (TA), which we call the state class timed automaton. We consider bounded TPN, whose underlying net is not necessarily bounded. We prove that our translation preserves the behavioral semantics of the TPN (the initial TPN and the obtained TA are proved timed-bisimilar). It allows us to check real-time properties on TPN by using the state class TA. This can be done efficiently thanks to a reduction of the number of clocks. We have implemented the method, and give some experimental results illustrating the efficiency of the translation algorithm in terms of number of clocks. Using the state class TA, we also give a framework for expressing and efficiently verifying TCTL properties on the initial TPN.     

On the consistency, expressiveness, and precision of partial modeling formalisms

Partial transition systems support abstract model checking of complex temporal properties by combining both over- and under-approximating abstractions into a single model. Over the years, three families of such modeling formalisms have emerged, represented by (1) Kripke Modal Transition Systems (KMTSs), with restrictions on necessary and possible behaviors; (2) Mixed Transition Systems (MixTSs), with relaxation on these restrictions; and (3) Generalized Kripke MTSs (GKMTSs), with hyper-transitions, respectively. In this paper, we investigate these formalisms based on two fundamental ways of using partial transition systems (PTSs) - as objects for abstracting concrete systems (and thus, a PTS is semantically consistent if it abstracts at least one concrete system) and as models for checking temporal properties (and thus, a PTS is logically consistent if it gives consistent interpretation to all temporal logic formulas). We study the connection between semantic and logical consistency of PTSs, compare the three families w.r.t. their expressive power (i.e., what can be modeled, what abstractions can be captured using them), and discuss the analysis power of these formalisms, i.e., the cost and precision of model checking.Specifically, we identify a class of PTSs for which semantic and logical consistency coincide and define a necessary and sufficient structural condition to guarantee consistency. We also show that all three families of PTSs have the same expressive power (but do differ in succinctness). However, GKMTSs are more precise (i.e., can establish more properties) for model checking than the other two families. The direct use of GKMTSs in practice has been hampered by the difficulty of encoding them symbolically. We address this problem by developing a new semantics for temporal logic of PTSs that makes the MixTS family as precise for model checking as the GKMTS family. The outcome is a symbolic model checking algorithm that combines the efficient encoding of MixTSs with the model checking precision of GKMTSs. Our preliminary experiments indicate that the new algorithm is a good match for predicate-abstraction-based model checkers.