Orna Kupferman

Learn More
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing linear-time model-checking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automata-theoretic techniques have long been thought to introduce an exponential penalty,(More)
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proof-based approach to verification, making verification of safety properties simpler than verification of general properties. In this paper(More)
Automata on infinite words are used for specification and verification of nonterminating programs. Different types of automata induce different levels of expressive power, of succinctness, and of complexity. <italic>Alternating automata</italic> have both existential and universal branching modes and are particularly suitable for specification of programs.(More)
One of the advantages of temporal-logic model-checking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the specification in the system. On the other hand, when the answer to the correctness query is positive, most model-checking tools provide no witness for the satisfaction of the(More)
An open system can be modeled as a two-player game between the system and its environment. At each round of the game, player 1 (the system) and player 2 (the environment) independently and simultaneously choose moves, and the two choices determine the next state of the game. Properties of open systems can be modeled as objectives of these two-player games.(More)
In system synthesis, we transform a spe i ation into a system that is guaranteed to satisfy the spe i ation. When the system is distributed, the goal is to onstru t the system's underlying pro esses. Results on multi-player games imply that the synthesis problem for linear spe i ations is unde idable for general ar hite tures, and is nonelementary de idable(More)
We continue the study of combinatorial property testing. For a property ψ, an ε-test for ψ, for 0 < ε ≤ 1, is a randomized algorithm that given an input x, returns “yes” if x satisfies ψ, and returns “no” with high probability if x is ε-far from satisfying ψ, where ε-far essentially means that an ε-fraction of x needs to be changed in order for it to(More)
The automata-theoretic approach is one of the most fundamental approaches to developing decision procedures in mathematical logics. To decide whether a formula in a logic with the tree-model property is satisfiable, one constructs an automaton that accepts all (or enough) tree models of the formula and then checks that the language of this automaton is(More)