Orna Kupferman's research while affiliated with Hebrew University of Jerusalem and other places

Publications (258)

Chapter
While the minimization problem for deterministic Büchi word automata is known to be NP-complete, several fundamental problems around it are still open. This includes the complexity of minimzation for transition-based automata, where acceptance is defined with respect to the set of transitions that a run traverses infinitely often, and minimization...
Preprint
Full-text available
We study three levels in a hierarchy of nondeterminism: A nondeterministic automaton $\cal A$ is determinizable by pruning (DBP) if we can obtain a deterministic automaton equivalent to $\cal A$ by removing some of its transitions. Then, $\cal A$ is good-for-games (GFG) if its nondeterministic choices can be resolved in a way that only depends on t...
Article
While many applications of automata in formal methods can use nondeterministic automata, some applications, most notably synthesis, need deterministic or good-for-games (GFG) automata. The latter are nondeterministic automata that can resolve their nondeterministic choices in a way that only depends on the past. The minimization problem for determi...
Article
Full-text available
The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language L and a bound k, recog...
Chapter
Full-text available
In rational synthesis , we automatically construct a reactive system that satisfies its specification in all rational environments, namely environments that have objectives and act to fulfill them. We complete the study of the complexity of LTL rational synthesis. Our contribution is threefold. First, we tighten the known upper bounds for settings...
Chapter
A complexity measure for regular languages based on the sensing required to recognize them was recently introduced by Almagor, Kuperberg, and Kupferman. Intuitively, the sensing cost quantifies the detail in which a random input word has to be read in order to decide its membership in the language, when the input letters composing the word are trut...
Chapter
The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language L and a bound k, recog...
Preprint
Full-text available
In the classical synthesis problem, we are given an LTL formula \psi over sets of input and output signals, and we synthesize a system T that realizes \psi: with every input sequences x, the system associates an output sequence T(x) such that the generated computation x \otimes T(x) satisfies \psi. In practice, the requirement to satisfy the specif...
Preprint
The automation of decision procedures makes certification essential. We suggest to use determinacy of turn-based two-player games with regular winning conditions in order to generate certificates for the number of states that a deterministic finite automaton (DFA) needs in order to recognize a given language. Given a language $L$ and a bound $k$, r...
Preprint
Full-text available
While many applications of automata in formal methods can use nondeterministic automata, some applications, most notably synthesis, need deterministic or good-for-games(GFG) automata. The latter are nondeterministic automata that can resolve their nondeterministic choices in a way that only depends on the past. The minimization problem for determin...
Chapter
Full-text available
Different classes of automata on infinite words have different expressive power. Deciding whether a given language $$L \subseteq \varSigma ^\omega $$ L ⊆ Σ ω can be expressed by an automaton of a desired class can be reduced to deciding a game between Prover and Refuter: in each turn of the game, Refuter provides a letter in $$\varSigma $$ Σ , and...
Preprint
Full-text available
Different classes of automata on infinite words have different expressive power. Deciding whether a given language $L \subseteq \Sigma^\omega$ can be expressed by an automaton of a desired class can be reduced to deciding a game between Prover and Refuter: in each turn of the game, Refuter provides a letter in $\Sigma$, and Prover responds with an...
Chapter
We study capacitated automata (CAs) [10], where transitions correspond to resources and have capacities, bounding the number of times they may be traversed. We follow the utilization semantics of CAs and view them as recognizers of multi-languages – sets of multisets of words, where a multiset S of words is in the multi-language of a CA A if all th...
Article
Weighted automata map input words to values, and have numerous applications in computer science. A result by Krob from the 90s implies that the universality problem is decidable for weighted automata over the tropical semiring with weights in N∪{∞} and is undecidable when the weights are in Z∪{∞}. We continue the study of the borders of decidabilit...
Chapter
Design and control of multi-agent systems correspond to the synthesis of winning strategies in games that model the interaction between the agents. In games with full observability, the strategies of players depend on the full history of the play. In games with partial observability, strategies depend only on observable components of the history. W...
Chapter
Good-For-Games (GFG) automata are nondeterministic automata that can resolve their nondeterministic choices based on the past. The fact that the synthesis problem can be reduced to solving a game on top of a GFG automaton for the specification (that is, no determinization is needed) has made them the subject of extensive research in the last years....
Preprint
Full-text available
Minimization of deterministic automata on finite words results in a {\em canonical\/} automaton. For deterministic automata on infinite words, no canonical minimal automaton exists, and a language may have different minimal deterministic B\"uchi (DBW) or co-B\"uchi (DCW) automata. In recent years, researchers have studied {\em good-for-games\/} (GF...
Chapter
Full-text available
We introduce and study good-enough synthesis (ge-synthesis) – a variant of synthesis in which the system is required to satisfy a given specification \(\psi \) only when it interacts with an environments for which a satisfying interaction exists. Formally, an input sequence x is hopeful if there exists some output sequence y such that the induced c...
Chapter
Variable automata with arithmetic enable the specification of reactive systems with variables over an infinite domain of numeric values and whose operation involves arithmetic manipulation of these values [9]. We study the synthesis problem for such specifications. While the problem is in general undecidable, we define a fragment, namely semantical...
Article
Full-text available
In the traditional maximum-flow problem, the goal is to transfer maximum flow in a network by directing, in each vertex in the network, incoming flow to outgoing edges. The problem corresponds to settings in which a central authority has control on all vertices of the network. Today’s computing environment, however, involves systems with no central...
Article
The size of deterministic automata required for recognizing regular and [Formula: see text]-regular languages is a well-studied measure for the complexity of languages. We introduce and study a new complexity measure, based on the sensing required for recognizing the language. Intuitively, the sensing cost quantifies the detail in which a random in...
Article
Hierarchical graphs are used in order to describe systems with a sequential composition of sub-systems. A hierarchical graph consists of a vector of subgraphs. Vertices in a subgraph may “call” other subgraphs. The reuse of subgraphs, possibly in a nested way, causes hierarchical graphs to be exponentially more succinct than equivalent flat graphs....
Conference Paper
Full-text available
We introduce and study SL[F], a quantitative extension of SL (Strategy Logic), one of the most natural and expressive logics describing strategic behaviours. The satisfaction value of an SL[F] formula is a real value in [0,1], reflecting ``how much'' or ``how well'' the strategic on-going objectives of the underlying agents are satisfied. We demons...
Article
Capacitated automata (CAs), introduced by Kupferman and Tamir at 2014, are a variant of finite-state automata in which each transition is associated with a (possibly infinite) capacity that bounds the number of times the transition may be traversed in a single run. We continue the study of the theoretical properties of CA and solve problems that we...
Article
In resource allocation games, selfish players share resources that are needed in order to fulfill their objectives. The cost of using a resource depends on the load on it. In the traditional setting, the players make their choices concurrently and in one-shot. That is, a strategy for a player is a subset of the resources. We introduce and study dyn...
Preprint
Temporal logics are extensively used for the specification of on-going behaviours of reactive systems. Two significant developments in this area are the extension of traditional temporal logics with modalities that enable the specification of on-going strategic behaviours in multi-agent systems, and the transition of temporal logics to a quantitati...
Article
Full-text available
Of special interest in formal verification are safety specifications, which assert that the system stays within some allowed region, in which nothing “bad” happens. Equivalently, a computation violates a safety specification if it has a “bad prefix”—a prefix all whose extensions violate the specification. The theoretical properties of safety specif...
Preprint
Network games are widely used as a model for selfish resource-allocation problems. In the classical model, each player selects a path connecting her source and target vertices. The cost of traversing an edge depends on the {\em load}; namely, number of players that traverse it. Thus, it abstracts the fact that different users may use a resource at...
Chapter
Vacuity is a leading sanity check in model-checking, applied when the system is found to satisfy the specification. The check detects situations where the specification passes in a trivial way, say when a specification that requires every request to be followed by a grant is satisfied in a system with no requests. Such situations typically reveal p...
Conference Paper
In Rational Synthesis, we consider a multi-agent system in which some of the agents are controllable and some are not. All agents have objectives, and the goal is to synthesize strategies for the controllable agents so that their objectives are satisfied, assuming rationality of the uncontrollable agents. Previous work on rational synthesis conside...
Article
Full-text available
Network games (NGs) are played on directed graphs and are extensively used in network design and analysis. Search problems for NGs include finding special strategy profiles such as a Nash equilibrium and a globally-optimal solution. The networks modeled by NGs may be huge. In formal verification, abstraction has proven to be an extremely effective...
Preprint
Flow networks have attracted a lot of research in computer science. Indeed, many questions in numerous application areas can be reduced to questions about flow networks. Many of these applications would benefit from a framework in which one can formally reason about properties of flow networks that go beyond their maximal flow. We introduce {\em Fl...
Chapter
We study automata on infinite words and their applications in system specification and verification. We first introduce Büchi automata and survey their closure properties, expressive power, and determinization. We then introduce additional acceptance conditions and the model of alternating automata. We compare the different classes of automata in t...
Article
Full-text available
A counterexample to the satisfaction of a linear property ψ in a system S is an infinite computation of S that violates ψ. When ψ is a safety property, a counterexample to its satisfaction need not be infinite. Rather, it is a bad-prefix for ψ: a finite word all whose extensions violate ψ. The existence of finite counterexamples is very helpful in...
Article
Synthesis is the automated construction of a system from its specification. In real life, hardware and software systems are rarely constructed from scratch. Rather, a system is typically constructed from a library of components. Lustig and Vardi formalized this intuition and studied LTL synthesis from component libraries. In real life, designers se...
Article
In GFG automata, it is possible to resolve nondeterminism in a way that only depends on the past and still accepts all the words in the language. The motivation for GFG automata comes from their adequacy for games and synthesis, wherein general nondeterminism is inappropriate. We continue the ongoing effort of studying the power of nondeterminism i...
Article
Full-text available
In the classical synthesis problem, we are given a specification ψ over sets of input and output signals, and we synthesize a finite-state transducer that realizes ψ: with every sequence of input signals, the transducer associates a sequence of output signals so that the generated computation satisfies ψ. In recent years, researchers consider exten...
Conference Paper
Network games (NGs) are played on directed graphs and are extensively used in network design and analysis. Search problems for NGs include finding special strategy profiles such as a Nash equilibrium and a globally optimal solution. The networks modeled by NGs may be huge. In formal verification, abstraction has proven to be an extremely effective...
Conference Paper
Full-text available
In assume-guarantee synthesis, we are given a specification \(\langle A,G \rangle \), describing an assumption on the environment and a guarantee for the system, and we construct a system that interacts with an environment and is guaranteed to satisfy G whenever the environment satisfies A. While assume-guarantee synthesis is 2EXPTIME-complete for...
Conference Paper
The talk surveys a series of works that lift the rich semantics and structure of graphs, and the experience of the formal-verification community in reasoning about them, to classical graph-theoretical problems.
Conference Paper
Hierarchical graphs are used in order to describe systems with a sequential composition of sub-systems. A hierarchical graph consists of a vector of subgraphs. Vertices in a subgraph may “call” other subgraphs. The reuse of subgraphs, possibly in a nested way, causes hierarchical graphs to be exponentially more succinct than equivalent flat graphs....
Conference Paper
The size of deterministic automata required for recognizing regular and \(\omega \)-regular languages is a well-studied measure for the complexity of languages. We introduce and study a new complexity measure, based on the sensing required for recognizing the language. Intuitively, the sensing cost quantifies the detail in which a random input word...
Conference Paper
Classical network-formation games (NFGs) are played on directed graphs, and are used in network design and analysis. Edges in the network are associated with costs and players have reachability objectives, which they try to fulfill at a minimal cost. When several players use the same edge, they share its cost. The theoretical and practical aspects...
Conference Paper
In resource allocation games, selfish players share resources that are needed in order to fulfill their objectives. The cost of using a resource depends on the load on it. In the traditional setting, the players make their choices concurrently and in one-shot. That is, a strategy for a player is a subset of the resources. We introduce and study dyn...
Article
Full-text available
Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of it...
Article
In the classical synthesis problem, we are given an LTL formula psi over sets of input and output signals, and we synthesize a transducer that realizes psi. One weakness of automated synthesis in practice is that it pays no attention to the quality of the synthesized system. Indeed, the classical setting is Boolean: a computation satisfies a specif...
Article
Classical network-formation games are played on a directed graph. Players have reachability objectives: each player has to select a path from his source to target vertices. Each edge has a cost, shared evenly by the players using it. We introduce and study network-formation games with regular objectives. In our setting, the edges are labeled by alp...
Article
In recent years, there has been a growing need and interest in formally reasoning about the quality of software and hardware systems. As opposed to traditional verification, in which one considers the question of whether a system satisfies a given specification or not, reasoning about quality addresses the question of how well the system satisfies...
Conference Paper
In the synthesis problem, we are given a specification \(\psi \) over input and output signals, and we synthesize a system that realizes \(\psi \): with every sequence of input signals, the system associates a sequence of output signals so that the generated computation satisfies \(\psi \). The above classical formulation of the problem is Boolean....
Article
In Boolean synthesis, we are given an LTL specification, and the goal is to construct a transducer that realizes it against an adversarial environment. Often, a specification contains both Boolean requirements that should be satisfied against an adversarial environment, and multi-valued components that refer to the quality of the satisfaction and w...
Conference Paper
Capacitated automata (CAs) have been recently introduced in [8] as a variant of finite-state automata in which each transition is associated with a (possibly infinite) capacity. The capacity bounds the number of times the transition may be traversed in a single run. The study in [8] includes preliminary results about the expressive power of CAs, th...
Conference Paper
Of special interest in formal verification are safety specifications, which assert that the system stays within some allowed region, in which nothing “bad” happens. Equivalently, a computation violates a safety specification if it has a “bad prefix” – a prefix all whose extensions violate the specification. The theoretical properties of safety spec...
Chapter
Vacuity checking is traditionally performed after model checking has terminated successfully. It ensures that all the elements of the specification have played a role in its satisfaction by the system. The need to check the quality of specifications is even more acute in property-based design, where the specification is the only input, serving as a...
Conference Paper
Nondeterministic weighted finite automata (WFAs) map input words to real numbers. Each transition of a WFA is labeled by both a letter from some alphabet and a weight. The weight of a run is the sum of the weights on the transitions it traverses, and the weight of a word is the minimal weight of a run on it. In probabilistic weighted automata (PWFA...
Conference Paper
Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of it...
Article
We study capacitated automata (CAs), where transitions correspond to resources and may have bounded capacities. Each transition in a CA is associated with a (possibly infinite) bound on the number of times it may be traversed. We study CAs from two points of view. The first is that of traditional automata theory, where we view CAs as recognizers of...
Conference Paper
This work focuses on data-parameterized abstract systems that extend standard modelling by allowing atomic propositions to be parameterized by variables that range over some infinite domain. These variables may range over process ids, message numbers, etc. Thus, abstract systems enable simple modelling of infinite-state systems whose source of infi...
Conference Paper
We say that a deterministic finite automaton (DFA) AA is composite if there are DFAs A1,…,AtA1,…,At such that L(A)=⋂i=1tL(Ai) and the index of every AiAi is strictly smaller than the index of AA. Otherwise, AA is prime. We study the problem of deciding whether a given DFA is composite, the number of DFAs required in a decomposition, decompositions...
Conference Paper
Synthesis is the automated construction of a system from its specification. In real life, hardware and software systems are rarely constructed from scratch. Rather, a system is typically constructed from a library of components. Lustig and Vardi formalized this intuition and studied LTL synthesis from component libraries. In real life, designers se...
Conference Paper
Multi-agents cost-sharing games are commonly used for modeling settings in which different entities share resources. For example, the setting in which entities need to route messages in a network is modeled by a network-formation game: the network is modeled by a graph, and each agent has to select a path satisfying his reachability objective. In p...
Conference Paper
In recent years, there is growing need and interest in formalizing and reasoning about the quality of software and hardware systems. As opposed to traditional verification, where one handles the question of whether a system satisfies, or not, a given specification, reasoning about quality addresses the question of \emph{how well} the system satisfi...
Conference Paper
Classical network-formation games are played on a directed graph. Players have reachability objectives, and each player has to select a path satisfying his objective. Edges are associated with costs, and when several players use the same edge, they evenly share its cost. The theoretical and practical aspects of network-formation games have been ext...
Conference Paper
In the classical synthesis problem, we are given a linear temporal logic (LTL) formula ψ over sets of input and output signals, and we synthesize a finite-state transducer that realizes ψ: with every sequence of input signals, the transducer associates a sequence of output signals so that the generated computation satisfies ψ. In recent years, rese...
Conference Paper
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region, in which nothing “bad” happens. Equivalently, a property is a safety property if every violation of it occurs after a finite execution of the system. Thus, a computation violates the property if it has a “bad prefi...
Conference Paper
Over the last decade, extensive research has been conducted on coverage metrics for model checking. The most common coverage metrics are based on mutations, where one examines the effect of small modifications of the system on the satisfaction of the specification. While it is commonly accepted that mutation-based coverage provides adequate means f...
Article
Abstraction is a leading technique for coping with large state spaces. Abstraction over-approximates the transitions of the original system or the automaton that models it and may introduce nondeterminism. In applications where determinism is essential, we say that an abstraction function is helpful if, after determining and minimizing the abstract...
Conference Paper
We introduce generalized register automata (GRAs) and study their properties and applications in reasoning about systems and specifications over infinite domains. We show that GRAs can capture both VLTL – a logic that extends LTL with variables over infinite domains, and abstract systems – finite state systems whose atomic propositions are paramete...
Conference Paper
Safety properties, which assert that the system always stays within some allowed region, have been extensively studied and used. In the last years, we see more and more research on quantitative formal methods, where systems and specifications are weighted. We introduce and study safety in the weighted setting. For a value v ∈ ℚ , we say that a weig...
Conference Paper
Vacuity detection is a method for finding errors in the model-checking process when the specification is found to hold in the model. Most vacuity algorithms are based on checking the effect of applying mutations on the specification. It has been recognized that vacuity results differ in their significance. While in many cases such results are value...
Article
Full-text available
The determinization of Buchi automata is a celebrated problem, with applications in synthesis, probabilistic verification, and multi-agent systems. Since the 1960s, there has been a steady progress of constructions: by McNaughton, Safra, Piterman, Schewe, and others. Despite the proliferation of solutions, they are all essentially ad-hoc constructi...
Conference Paper
The logic \({\ensuremath{\rm LTL}} ^{\triangledown } \) extends \({\ensuremath{\rm LTL}} \) by quality operators. The satisfaction value of an \({\ensuremath{\rm LTL}} ^{\triangledown } \) formula in a computation refines the 0/1 value of \({\ensuremath{\rm LTL}} \) formulas to a real value in [0,1]. The higher the value is, the better is the quali...
Conference Paper
Traditional formal methods are based on a Boolean satisfaction notion: a reactive system satisfies, or not, a given specification. We generalize formal methods to also address the quality of systems. As an adequate specification formalism we introduce the linear temporal logic LTL[\({\cal F}\)]. The satisfaction value of an LTL[\({\cal F}\)] formul...
Conference Paper
Full-text available
Choices made by nondeterministic word automata depend on both the past (the prefix of the word read so far) and the future (the suffix yet to be read). In several applications, most notably synthesis, the future is diverse or unknown, leading to algorithms that are based on deterministic automata. Hoping to retain some of the advantages of nondeter...
Conference Paper
Partially-specified systems and specifications are used in formal methods such as stepwise design and query checking. Existing methods consider a setting in which the systems and their correctness are Boolean. In recent years there has been growing interest and need for quantitative formal methods, where systems may be weighted and specifications m...
Article
Full-text available
Complementation of B\"uchi automata, required for checking automata containment, is of major theoretical and practical interest in formal verification. We consider two recent approaches to complementation. The first is the rank-based approach of Kupferman and Vardi, which operates over a DAG that embodies all runs of the automaton. This approach is...
Conference Paper
Of special interest in verification are safety properties, which assert that the system always stays within some allowed region. For closed systems, the theoretical properties of safety properties as well as their practical advantages with respect to general properties are well understood. For open (a.k.a. reactive) systems, whose behavior depends...
Conference Paper
Traditional automata accept or reject their input, and are therefore Boolean. Lattice automata generalize the traditional setting and map words to values taken from a lattice. In particular, in a fully-ordered lattice, the elements are 0,1,…,n − 1, ordered by the standard ≤ order. Lattice automata, and in particular lattice automata defined with re...
Conference Paper
In classical LTL model checking, both the system and the specification are over a finite set of atomic propositions. We present a natural extension of this model, in which the atomic propositions are parameterized by variables ranging over some (possibly infinite) domain. For example, by parameterizing the atomic propositions send and receive by a...
Article
We solve the longstanding open problems of the blow-up involved in the translations, when possible, of a nondeterministic Büchi word automaton (NBW) to a nondeterministic co-Büchi word automaton (NCW) and to a deterministic co-Büchi word automaton (DCW). For the NBW to NCW translation, the currently known upper bound is 2O(n log n) and the lower bo...
Conference Paper
Weighted automata map input words to real numbers and are useful in reasoning about quantitative systems and specifications. The containment problem for weighted automata asks, given two weighted automata \(\mathcal{A}\) and \(\mathcal{B}\), whether for all words w, the value that \(\mathcal{A}\) assigns to w is less than or equal to the value \(\m...
Conference Paper
In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification against all environments. While model-checking theory has led to industrial development and use of formal-verification tools, the integration of synthesis in the industry is slow. This has to do with theoretical limitations, like the c...
Conference Paper
We consider the problem of automatically synthesizing, from a linear temporal logic (LTL) specification, a system that is guaranteed to satisfy the specification with respect to all environments. Algorithms for solving the synthesis problem reduce it to the solution of a game played between the system and its environment, in which the system and en...
Conference Paper
In the traditional Boolean setting of formal verification, alternating automata are the key to many algorithms and tools. In this setting, the correspondence between disjunctions/conjunctions in the specification and nondeterministic/universal transitions in the automaton for the specification is straightforward. A recent exciting research directio...
Conference Paper
In [2], we showed how viewing online algorithms as reactive systems enables the application of ideas from formal verification to the competitive analysis of online algorithms. Our approach is based on weighted automata, which assign to each input word a cost in \({\rm I\!R}^{\geq 0}\). By relating the “unbounded look ahead” of optimal offline algor...
Conference Paper
Weighted automata map input words to numerical values. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing. In the 90’s, Krob studied the decidability of problems on rational series, which strongly relate to weighted automata. In particular, it follows from Krob’s r...
Conference Paper
Trigger querying is the problem of finding, given a system M and an LTL formula ϕ, the set of scenarios that trigger ϕ in M; that is, the language L of finite computations of M such that all infinite computations that have a prefix in L continue with a suffix that satisfies ϕ. For example, the trigger query M ⊧ ? ↦Ferr asks for the set of scenarios...
Conference Paper
A nondeterministic weighted finite automaton (WFA) maps an input word to a numerical value. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing. Many of these applications require the WFAs to be deterministic, or work substantially better when the WFAs are determini...
Conference Paper
There is recently a significant effort to add quantitative objectives to formal verification and synthesis. We introduce and investigate the extension of temporal logics with quantitative atomic assertions, aiming for a general and flexible framework for quantitative-oriented specifications. In the heart of quantitative objectives lies the accumula...
Conference Paper
The translation of LTL formulas to nondeterministic automata involves an exponential blow-up, and so does the translation of nondeterministic automata to deterministic ones. This yields a 22O(n)2^{2^{O(n)}} upper bound for the translation of LTL to deterministic automata. A lower bound for the translation was studied in [KV05a], which describes a 2...
Conference Paper
Traditional automata accept or reject their input, and are therefore Boolean. In contrast, weighted automata map each word to a value from a semiring over a large domain. The special case of lattice automata, in which the semiring is a finite lattice, has interesting theoretical properties as well as applications in formal methods. A minimal determ...
Conference Paper
We solve the open problems of translating, when possible, all common classes of nondeterministic word automata to deterministic and nondeterministic co-Büchi word automata. The handled classes include Büchi, parity, Rabin, Streett and Muller automata. The translations follow a unified approach and are all asymptotically tight. The problem of transl...
Article
Full-text available
Temporal synthesis is the automated construction of a system from its temporal specification. It is by now realized that requiring the synthesized system to satisfy the specifications against all possible environments may be too demanding, and, dually, allowing all systems may be not demanding enough. In this work we study bounded temporal synthesi...
Conference Paper
Weighted automata map input words to numerical values. Applications of weighted automata include formal verification of quantitative properties, as well as text, speech, and image processing. A weighted automaton is defined with respect to a semiring. For the tropical semiring, the weight of a run is the sum of the weights of the transitions taken...