Rajeev Alur
Orna Kupferman
Abstract
Temporal logic comes in two varieties: linear-time temporal logic assumes implicit universal quantification over all paths that are generated by the execution of a system; branching-time temporal logic allows explicit existential and universal quantification over all paths. We introduce a third, more general variety of temporal logic: alternating-time temporal logic offers selective quantification over those paths that are possible outcomes of games, such as the game in which the system and the environment alternate moves. While linear-time and branching-time logics are natural specification languages for closed systems, alternating-time logics are natural specification languages for open systems. For example, by preceding the temporal operator "eventually" with a selective path quantifier, we can specify that in the game between the system and the environment, the system has a strategy to reach a certain state. The problems of receptiveness, realizability, and controllability can be formulated as model-checking problems for alternating-time formulas. Depending on whether or not we admit arbitrary nesting of selective path quantifiers and temporal operators, we obtain the two alternating-time temporal logics ATL and ATL*.ATL and ATL* are interpreted over concurrent game structures. Every state transition of a concurrent game structure results from a choice of moves, one for each player. The players represent individual components and the environment of an open system. Concurrent game structures can capture various forms of synchronous composition for open systems, and if augmented with fairness constraints, also asynchronous composition. Over structures without fairness constraints, the model-checking complexity of ATL is linear in the size of the game structure and length of the formula, and the symbolic model-checking algorithm for CTL extends with few modifications to ATL. Over structures with weak-fairness constraints, ATL model checking requires the solution of 1-pair Rabin games, and can be done in polynomial time. Over structures with strong-fairness constraints, ATL model checking requires the solution of games with Boolean combinations of Büchi conditions, and can be done in PSPACE. In the case of ATL*, the model-checking problem is closely related to the synthesis problem for linear-time formulas, and requires doubly exponential time.
- Abadi, M., and Lamport, L. 1995. Conjoining specifications. ACM Trans. Prog. Lang. Syst. 17, 3, 507--534.]] Google Scholar
- Abadi, M., Lamport, L., and Wolper, P. 1989. Realizable and unrealizable concurrent program specifications. In Proc. 16th International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol. 372. Springer-Verlag, 1--17.]] Google Scholar
- Alur, R., de Alfaro, L., Grosu, R., Henzinger, T. A., Kang, M., Kirsch, C. M., Majumdar, R., Mang, F. Y. C., and Wang, B. Y. 2001. jMocha: A model-checking tool that exploits design structure. In Proc. 23rd International Conference on Software Engineering. IEEE Computer Society Press, 835--836.]] Google Scholar
- Alur, R., and Henzinger, T. A. 1999. Reactive modules. In Formal Methods in System Design 15, 1, 7--48.]] Google Scholar
- Alur, R., Henzinger, T. A., Mang, F. Y. C., Qadeer, S. K., Rajamani, S. K., and Tasiran, S. 1998. Mocha: Modularity in model checking. In Proc. 10th International Conference, Computer Aided Verification. Lecture Notes in Computer Science, vol. 1427. Springer-Verlag, 521--525.]] Google Scholar
- Alur, R., La Torre, S., and Madhusudan, P. 2002. Playing games with boxes and diamonds. Tech. Rep., Univ. Pennsylvania.]]Google Scholar
- Beeri, C. 1980. On the membership problem for functional and multivalued dependencies in relational databases. ACM Trans. Datab. Syst. 5, 241--259.]] Google Scholar
- Bryant, R. E. 1992. Symbolic Boolean manipulation with ordered binary-decision diagrams. ACM Comput. Surv. 24, 3, 293--318.]] Google Scholar
- Büchi, J. R. and Landweber, L. H. 1969. Solving sequential conditions by finite-state strategies. Trans. AMS 138, 295--311.]]Google Scholar
- Burch, J. R., Clarke, E. M., McMillan, K. L., Dill, D. L., and Hwang, L. J. 1992. Symbolic model checking: 1020 states and beyond. In Inf. Comput. 98, 2, 142--170.]] Google Scholar
- Chandra, A. K., Kozen, D. C., and Stockmeyer, L. J. 1981. Alternation. J. ACM 28, 1, 114--133.]] Google Scholar
- Clarke, E. M., and Emerson, E. A. 1981. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Proc. Workshop on Logic of Programs. Lecture Notes in Computer Science, vol. 131. Springer-Verlag, 52--71.]] Google Scholar
- Clarke, E. M., Emerson, E. A., and Sistla, A. P. 1986. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Progr. Lang. Syst. 8, 2, 244--263.]] Google Scholar
- Cleaveland, R., and Steffen, B. 1991. A linear-time model-checking algorithm for the alternation-free modal μ-calculus. In Proc. 3rd International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 575. Springer-Verlag, 48--58.]] Google Scholar
- Dam, M. 1994. CTL* and ECTL* as fragments of the modal μ-calculus. Theoret. Comput. Sci. 126, 77--96.]] Google Scholar
- de Alfaro, L., Henzinger, T. A., and Majumdar, R. 2001a. From verification to control: Dynamic programs for omega-regular objectives. In Proc. 16th Annual Symposium on Logic in Computer Science. IEEE Computer Society Press, 279--299.]]Google Scholar
- de Alfaro, L., Henzinger, T. A., and Mang, F. Y. C. 2000. The control of synchronous systems. In Proc. 11th International Conference on Concurrency Theory. Lecture Notes in Computer Science, vol. 1877. Springer-Verlag, 458--473.]] Google Scholar
- de Alfaro, L., Henzinger, T. A., and Mang, F. Y. C. 2001b. The control of synchronous systems, Part II. In Proc. 12th International Conference on Concurrency Theory. Lecture Notes in Computer Science, vol. 2154. Springer-Verlag, 566--580.]] Google Scholar
- Dill, D. L. 1989. Trace Theory for Automatic Hierarchical Verification of Speed-Independent Circuits. MIT Press.]] Google Scholar
- Emerson, E. A. 1990. Temporal and modal logic. In Handbook of Theoretical Computer Science, vol. B. J. van Leeuwen, Ed. Elsevier, 997--1072.]] Google Scholar
- Emerson, E. A., and Halpern, J. Y. 1986. Sometimes and not never revisited: On branching versus linear time. J. ACM 33, 1, 151--178.]] Google Scholar
- Emerson, E. A., and Jutla, C. 1988. The complexity of tree automata and logics of programs. In Proc. 29th Symp. on Foundations of Computer Science. IEEE Computer Society Press, 328--337.]]Google Scholar
- Emerson, E. A., and Lei, C.-L. 1985. Modalities for model checking: Branching-time logic strikes back. In Proc. 20th Symp. on Principles of Programming Languages. ACM Press, 84--96.]] Google Scholar
- Emerson, E. A., and Lei, C.-L. 1986. Efficient model checking in fragments of the propositional μ-calculus. In Proc. 1st Symp. on Logic in Computer Science. IEEE Computer Society Press, 267--278.]]Google Scholar
- Emerson, E. A., and Sistla, A. P. 1984. Deciding branching-time logic. In Proc. 16th Symp. on Theory of Computing. ACM Press, 14--24.]] Google Scholar
- Etessami, K., Wilke, T., and Schuller, R. A. 2001. Fair simulation relations, parity games, and state space reduction for Büchi automata. In Proc. 28th International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol. 2076. Springer-Verlag, 694--707.]] Google Scholar
- Fischer, M. J., and Ladner, R. E. 1979. Propositional dynamic logic of regular programs. J. Comput. Syst. Sci. 18, 194--211.]]Google Scholar
- Gawlick, R., Segala, R., Sogaard-Andersen, J., and Lynch, N. A. 1994. Liveness in timed and untimed systems. In Proc. 21st International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol. 820. Springer-Verlag, 166--177.]] Google Scholar
- Gurevich, Y., and Harrington, L. 1982. Trees, automata, and games. In Proc. 14th Symp. on Theory of Computing. ACM Press, 60--65.]] Google Scholar
- Halpern, J. Y. and Fagin, R. 1989. Modeling knowledge and action in distributed systems. Distrib. Comput. 3, 4, 159--179.]]Google Scholar
- Hoare, C. A. R. 1985. Communicating Sequential Processes. Prentice-Hall.]] Google Scholar
- Holzmann, G. J. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5, 279--295.]] Google Scholar
- Immerman, N. 1981. Number of quantifiers is better than number of tape cells. J. Comput. Syst. Sci. 22, 3, 384--406.]]Google Scholar
- Jurdzinski, M. 2000. Small progress measures for solving parity games. In Proc. 17th Symp. on Theoretical Aspects of Computer Science. Lecture Notes in Computer Science, vol. 1770. Springer-Verlag, 290--301.]] Google Scholar
- Kozen, D. 1983. Results on the propositional μ-calculus. Theoret. Comput. Sci. 27, 333--354.]]Google Scholar
- Kupferman, O., and Vardi, M. Y. 1995. On the complexity of branching modular model checking. In Proc. 6th International Conference on Concurrency Theory. Lecture Notes in Computer Science, vol. 962. Springer-Verlag, 408--422.]] Google Scholar
- Kupferman, O. and Vardi, M. Y. 1998. Verification of fair transition systems. Chicago J. Theoret. Comput. Sci. 1998, 2.]]Google Scholar
- Kupferman, O., Vardi, M. Y., and Wolper, P. 2000. An automata-theoretic approach to branching-time model checking. J. ACM 47, 2, 312--360.]] Google Scholar
- Kupferman, O., Vardi, M. Y., and Wolper, P. 2001. Module checking. Inf. Comput. 164, 322--344.]] Google Scholar
- Lichtenstein, O., and Pnueli, A. 1985. Checking that finite state concurrent programs satisfy their linear specification. In Proc. 12th Symp. on Principles of Programming Languages. ACM Press, 97--107.]] Google Scholar
- Lynch, N. A. 1996. Distributed Algorithms. Morgan-Kaufmann.]] Google Scholar
- McMillan, K. L. 1993. Symbolic Model Checking. Kluwer Academic Publishers.]] Google Scholar
- Parikh, R. 1983. Propositional game logic. In Proc. 24th Symp. on Foundations of Computer Science. IEEE Computer Society Press, 195--200.]]Google Scholar
- Peterson, G. L., and Reif, J. H. 1979. Multiple-person alternation. In Proc. 20st Symp. on Foundations of Computer Science. IEEE Computer Society Press, 348--363.]]Google Scholar
- Pnueli, A. 1977. The temporal logic of programs. In Proc. 18th Symp. on Foundations of Computer Science. IEEE Computer Society Press, 46--57.]]Google Scholar
- Pnueli, A., and Rosner, R. 1989a. On the synthesis of a reactive module. In Proc. 16th Symp. on Principles of Programming Languages. ACM Press, 179--190.]] Google Scholar
- Pnueli, A., and Rosner, R. 1989b. On the synthesis of an asynchronous reactive module. In Proc. 16th International Colloquium on Automata, Languages and Programming. Lecture Notes in Computer Science, vol. 372. Springer-Verlag, 652--671.]] Google Scholar
- Pnueli, A., and Rosner, R. 1990. Distributed reactive systems are hard to synthesize. In Proc. 31st Symp. on Foundations of Computer Science. IEEE Computer Society Press, 746--757.]]Google Scholar
- Queille, J. P., and Sifakis, J. 1981. Specification and verification of concurrent systems in Cesar. In Proc. 5th International Symp. on Programming. Lecture Notes in Computer Science, vol. 137. Springer-Verlag, 337--351.]] Google Scholar
- Rabin, M. O. 1972. Automata on Infinite Objects and Church's Problem. Regional Conference Series in Mathematics, vol. 13., AMS.]] Google Scholar
- Ramadge, P., and Wonham, W. 1989. The control of discrete event systems. IEEE Transactions on Control Theory 77, 81--98.]]Google Scholar
- Reif, J. H. 1984. The complexity of two-player games of incomplete information. J. Comput. Syst. Sci. 29, 274--301.]]Google Scholar
- Rosner, R. 1992. Modular synthesis of reactive systems. Ph.D. dissertation, Weizmann Institute of Science, Rehovot, Israel.]]Google Scholar
- Shapley, L. S. 1953. Stochastic games. In Proc. Nat. Acad. Sci., 39, 1095--1100.]]Google Scholar
- Thomas, W. 1990. Automata on infinite objects. Handbook of Theoretical Computer Science, vol. B, J. van Leeuwen, Ed. Elsevier, 165--191.]] Google Scholar
- Thomas, W. 1995. On the synthesis of strategies in infinite games. In Proc. 12th Symp. on Theoretical Aspects of Computer Science. Lecture Notes in Computer Science, vol. 900. Springer-Verlag, 1--13.]]Google Scholar
Index Terms
- Alternating-time temporal logic
Recommendations
Alternating-time Temporal Logic
FOCS '97: Proceedings of the 38th Annual Symposium on Foundations of Computer ScienceTemporal logic comes in two varieties: linear-time temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branching-time temporal logic allows explicit existential and universal quantification over ...
Constructive linear-time temporal logic: Proof systems and Kripke semantics
In this paper we study a version of constructive linear-time temporal logic (LTL) with the ''next'' temporal operator. The logic is originally due to Davies, who has shown that the proof system of the logic corresponds to a type system for binding-time ...
Alternating-Time Temporal Logic
COMPOS'97: Revised Lectures from the International Symposium on Compositionality: The Significant DifferenceTemporal logic comes in two varieties: linear-time temporal logic assumes implicit universal quantification over all paths that are generated by system moves; branching-time temporal logic allows explicit existential and universal quantification over ...
Comments