34,554 research outputs found
Approximation based tree regular model checking
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether where is the reflexive and transitive closure of a successor relation induced by a term rewriting system , and and are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in most practical cases, extending a recent work by Feuillade, Genet and Viet Triem Tong. We also make this approach fully automatic for practical validation of security protocols
Handling Non Left-Linear Rules When Completing Tree Automata
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether the intersection of R*(L) and Lp is empty, where R* is the reflexive and transitive closure of a successor relation induced by a term rewriting system R, and L and Lp are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in the case when term rewriting system rules are non left-linear
Handling Left-Quadratic Rules When Completing Tree Automata
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether the intersection of R*(L) and Lp is empty, where R* is the reflexive and transitive closure of a successor relation induced by a term rewriting system R, and L and Lp are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in the case when term rewriting system rules are left-quadratic. The most common practical case is handled this way
Tree Regular Model Checking for Lattice-Based Automata
Tree Regular Model Checking (TRMC) is the name of a family of techniques for
analyzing infinite-state systems in which states are represented by terms, and
sets of states by Tree Automata (TA). The central problem in TRMC is to decide
whether a set of bad states is reachable. The problem of computing a TA
representing (an over- approximation of) the set of reachable states is
undecidable, but efficient solutions based on completion or iteration of tree
transducers exist. Unfortunately, the TRMC framework is unable to efficiently
capture both the complex structure of a system and of some of its features. As
an example, for JAVA programs, the structure of a term is mainly exploited to
capture the structure of a state of the system. On the counter part, integers
of the java programs have to be encoded with Peano numbers, which means that
any algebraic operation is potentially represented by thousands of applications
of rewriting rules. In this paper, we propose Lattice Tree Automata (LTAs), an
extended version of tree automata whose leaves are equipped with lattices. LTAs
allow us to represent possibly infinite sets of interpreted terms. Such terms
are capable to represent complex domains and related operations in an efficient
manner. We also extend classical Boolean operations to LTAs. Finally, as a
major contribution, we introduce a new completion-based algorithm for computing
the possibly infinite set of reachable interpreted terms in a finite amount of
time.Comment: Technical repor
Enhancing Approximations for Regular Reachability Analysis
This paper introduces two mechanisms for computing over-approximations of
sets of reachable states, with the aim of ensuring termination of state-space
exploration. The first mechanism consists in over-approximating the automata
representing reachable sets by merging some of their states with respect to
simple syntactic criteria, or a combination of such criteria. The second
approximation mechanism consists in manipulating an auxiliary automaton when
applying a transducer representing the transition relation to an automaton
encoding the initial states. In addition, for the second mechanism we propose a
new approach to refine the approximations depending on a property of interest.
The proposals are evaluated on examples of mutual exclusion protocols
Exploiting Term Hiding to Reduce Run-time Checking Overhead
One of the most attractive features of untyped languages is the flexibility
in term creation and manipulation. However, with such power comes the
responsibility of ensuring the correctness of these operations. A solution is
adding run-time checks to the program via assertions, but this can introduce
overheads that are in many cases impractical. While static analysis can greatly
reduce such overheads, the gains depend strongly on the quality of the
information inferred. Reusable libraries, i.e., library modules that are
pre-compiled independently of the client, pose special challenges in this
context. We propose a technique which takes advantage of module systems which
can hide a selected set of functor symbols to significantly enrich the shape
information that can be inferred for reusable libraries, as well as an improved
run-time checking approach that leverages the proposed mechanisms to achieve
large reductions in overhead, closer to those of static languages, even in the
reusable-library context. While the approach is general and system-independent,
we present it for concreteness in the context of the Ciao assertion language
and combined static/dynamic checking framework. Our method maintains the full
expressiveness of the assertion language in this context. In contrast to other
approaches it does not introduce the need to switch the language to a (static)
type system, which is known to change the semantics in languages like Prolog.
We also study the approach experimentally and evaluate the overhead reduction
achieved in the run-time checks.Comment: 26 pages, 10 figures, 2 tables; an extension of the paper version
accepted to PADL'18 (includes proofs, extra figures and examples omitted due
to space reasons
Verifying Temporal Regular Properties of Abstractions of Term Rewriting Systems
The tree automaton completion is an algorithm used for proving safety
properties of systems that can be modeled by a term rewriting system. This
representation and verification technique works well for proving properties of
infinite systems like cryptographic protocols or more recently on Java Bytecode
programs. This algorithm computes a tree automaton which represents a (regular)
over approximation of the set of reachable terms by rewriting initial terms.
This approach is limited by the lack of information about rewriting relation
between terms. Actually, terms in relation by rewriting are in the same
equivalence class: there are recognized by the same state in the tree
automaton.
Our objective is to produce an automaton embedding an abstraction of the
rewriting relation sufficient to prove temporal properties of the term
rewriting system.
We propose to extend the algorithm to produce an automaton having more
equivalence classes to distinguish a term or a subterm from its successors
w.r.t. rewriting. While ground transitions are used to recognize equivalence
classes of terms, epsilon-transitions represent the rewriting relation between
terms. From the completed automaton, it is possible to automatically build a
Kripke structure abstracting the rewriting sequence. States of the Kripke
structure are states of the tree automaton and the transition relation is given
by the set of epsilon-transitions. States of the Kripke structure are labelled
by the set of terms recognized using ground transitions. On this Kripke
structure, we define the Regular Linear Temporal Logic (R-LTL) for expressing
properties. Such properties can then be checked using standard model checking
algorithms. The only difference between LTL and R-LTL is that predicates are
replaced by regular sets of acceptable terms
Recommended from our members
A Monte Carlo model checker for probabilistic LTL with numerical constraints
We define the syntax and semantics of a new temporal logic called probabilistic LTL with numerical constraints (PLTLc).
We introduce an efficient model checker for PLTLc properties. The efficiency of the model checker is through approximation
using Monte Carlo sampling of finite paths through the modelâs state space (simulation outputs) and parallel model checking
of the paths. Our model checking method can be applied to any model producing quantitative output â continuous or
stochastic, including those with complex dynamics and those with an infinite state space. Furthermore, our offline approach
allows the analysis of observed (real-life) behaviour traces. We find in this paper that PLTLc properties with constraints
over free variables can replace full model checking experiments, resulting in a significant gain in efficiency. This overcomes
one disadvantage of model checking experiments which is that the complexity depends on system granularity and number of
variables, and quickly becomes infeasible. We focus on models of biochemical networks, and specifically in this paper on
intracellular signalling pathways; however our method can be applied to a wide range of biological as well as technical
systems and their models. Our work contributes to the emerging field of synthetic biology by proposing a rigourous approach
for the structured formal engineering of biological systems
Using parametric set constraints for locating errors in CLP programs
This paper introduces a framework of parametric descriptive directional types
for constraint logic programming (CLP). It proposes a method for locating type
errors in CLP programs and presents a prototype debugging tool. The main
technique used is checking correctness of programs w.r.t. type specifications.
The approach is based on a generalization of known methods for proving
correctness of logic programs to the case of parametric specifications.
Set-constraint techniques are used for formulating and checking verification
conditions for (parametric) polymorphic type specifications. The specifications
are expressed in a parametric extension of the formalism of term grammars. The
soundness of the method is proved and the prototype debugging tool supporting
the proposed approach is illustrated on examples.
The paper is a substantial extension of the previous work by the same authors
concerning monomorphic directional types.Comment: 64 pages, To appear in Theory and Practice of Logic Programmin
- âŠ