21 research outputs found
Visibly Pushdown Modular Games
Games on recursive game graphs can be used to reason about the control flow
of sequential programs with recursion. In games over recursive game graphs, the
most natural notion of strategy is the modular strategy, i.e., a strategy that
is local to a module and is oblivious to previous module invocations, and thus
does not depend on the context of invocation. In this work, we study for the
first time modular strategies with respect to winning conditions that can be
expressed by a pushdown automaton.
We show that such games are undecidable in general, and become decidable for
visibly pushdown automata specifications.
Our solution relies on a reduction to modular games with finite-state
automata winning conditions, which are known in the literature.
We carefully characterize the computational complexity of the considered
decision problem. In particular, we show that modular games with a universal
Buchi or co Buchi visibly pushdown winning condition are EXPTIME-complete, and
when the winning condition is given by a CARET or NWTL temporal logic formula
the problem is 2EXPTIME-complete, and it remains 2EXPTIME-hard even for simple
fragments of these logics.
As a further contribution, we present a different solution for modular games
with finite-state automata winning condition that runs faster than known
solutions for large specifications and many exits.Comment: In Proceedings GandALF 2014, arXiv:1408.556
A Fixpoint Calculus for Local and Global Program Flows
We define a new fixpoint modal logic, the visibly pushdown μ-calculus (VP-μ), as an extension of the modal μ-calculus. The models of this logic are execution trees of structured programs where the procedure calls and returns are made visible. This new logic can express pushdown specifications on the model that its classical counterpart cannot, and is motivated by recent work on visibly pushdown languages [4]. We show that our logic naturally captures several interesting program specifications in program verification and dataflow analysis. This includes a variety of program specifications such as computing combinations of local and global program flows, pre/post conditions of procedures, security properties involving the context stack, and interprocedural dataflow analysis properties. The logic can capture flow-sensitive and inter-procedural analysis, and it has constructs that allow skipping procedure calls so that local flows in a procedure can also be tracked. The logic generalizes the semantics of the modal μ-calculus by considering summaries instead of nodes as first-class objects, with appropriate constructs for concatenating summaries, and naturally captures the way in which pushdown models are model-checked. The main result of the paper is that the model-checking problem for VP-μ is effectively solvable against pushdown models with no more effort than that required for weaker logics such as CTL. We also investigate the expressive power of the logic VP-μ: we show that it encompasses all properties expressed by a corresponding pushdown temporal logic on linear structures (caret [2]) as well as by the classical μ-calculus. This makes VP-μ the most expressive known program logic for which algorithmic software model checking is feasible. In fact, the decidability of most known program logics (μ-calculus, temporal logics LTL and CTL, caret, etc.) can be understood by their interpretation in the monadic second-order logic over trees. This is not true for the logic VP-μ, making it a new powerful tractable program logic
Enriched MU-Calculi Module Checking
The model checking problem for open systems has been intensively studied in
the literature, for both finite-state (module checking) and infinite-state
(pushdown module checking) systems, with respect to Ctl and Ctl*. In this
paper, we further investigate this problem with respect to the \mu-calculus
enriched with nominals and graded modalities (hybrid graded Mu-calculus), in
both the finite-state and infinite-state settings. Using an automata-theoretic
approach, we show that hybrid graded \mu-calculus module checking is solvable
in exponential time, while hybrid graded \mu-calculus pushdown module checking
is solvable in double-exponential time. These results are also tight since they
match the known lower bounds for Ctl. We also investigate the module checking
problem with respect to the hybrid graded \mu-calculus enriched with inverse
programs (Fully enriched \mu-calculus): by showing a reduction from the domino
problem, we show its undecidability. We conclude with a short overview of the
model checking problem for the Fully enriched Mu-calculus and the fragments
obtained by dropping at least one of the additional constructs
Event-Clock Nested Automata
In this paper we introduce and study Event-Clock Nested Automata (ECNA), a
formalism that combines Event Clock Automata (ECA) and Visibly Pushdown
Automata (VPA). ECNA allow to express real-time properties over non-regular
patterns of recursive programs. We prove that ECNA retain the same closure and
decidability properties of ECA and VPA being closed under Boolean operations
and having a decidable language-inclusion problem. In particular, we prove that
emptiness, universality, and language-inclusion for ECNA are EXPTIME-complete
problems. As for the expressiveness, we have that ECNA properly extend any
previous attempt in the literature of combining ECA and VPA
Module checking of pushdown multi-agent systems
In this paper, we investigate the module-checking problem of pushdown
multi-agent systems (PMS) against ATL and ATL* specifications. We establish
that for ATL, module checking of PMS is 2EXPTIME-complete, which is the same
complexity as pushdown module-checking for CTL. On the other hand, we show that
ATL* module-checking of PMS turns out to be 4EXPTIME-complete, hence
exponentially harder than both CTL* pushdown module-checking and ATL*
model-checking of PMS. Our result for ATL* provides a rare example of a natural
decision problem that is elementary yet but with a complexity that is higher
than triply exponential-time.Comment: arXiv admin note: substantial text overlap with arXiv:1709.0210
Two-Player Boundedness Counter Games
We consider two-player zero-sum games with winning objectives beyond regular languages, expressed as a parity condition in conjunction with a Boolean combination of boundedness conditions on a finite set of counters which can be incremented, reset to 0, but not tested. A boundedness condition requires that a given counter is bounded along the play. Such games are decidable, though with non-optimal complexity, by an encoding into the logic WMSO with the unbounded and path quantifiers, which is known to be decidable over infinite trees. Our objective is to give tight or tighter complexity results for particular classes of counter games with boundedness conditions, and study their strategy complexity. In particular, counter games with conjunction of boundedness conditions are easily seen to be equivalent to Streett games, so, they are CoNP-c. Moreover, finite-memory strategies suffice for Eve and memoryless strategies suffice for Adam. For counter games with a disjunction of boundedness conditions, we prove that they are in solvable in NP?CoNP, and in PTime if the parity condition is fixed. In that case memoryless strategies suffice for Eve while infinite memory strategies might be necessary for Adam. Finally, we consider an extension of those games with a max operation. In that case, the complexity increases: for conjunctions of boundedness conditions, counter games are EXPTIME-c
Automata-theoretic and bounded model checking for linear temporal logic
In this work we study methods for model checking the temporal logic LTL. The focus is on the automata-theoretic approach to model checking and bounded model checking.
We begin by examining automata-theoretic methods to model check LTL safety properties. The model checking problem can be reduced to checking whether the language of a finite state automaton on finite words is empty. We describe an efficient algorithm for generating small finite state automata for so called non-pathological safety properties. The presented implementation is the first tool able to decide whether a formula is non-pathological. The experimental results show that treating safety properties can benefit model checking at very little cost. In addition, we find supporting evidence for the view that minimising the automaton representing the property does not always lead to a small product state space. A deterministic property automaton can result in a smaller product state space even though it might have a larger number states.
Next we investigate modular analysis. Modular analysis is a state space reduction method for modular Petri nets. The method can be used to construct a reduced state space called the synchronisation graph. We devise an on-the-fly automata-theoretic method for model checking the behaviour of a modular Petri net from the synchronisation graph. The solution is based on reducing the model checking problem to an instance of verification with testers. We analyse the tester verification problem and present an efficient on-the-fly algorithm, the first complete solution to tester verification problem, based on generalised nested depth-first search.
We have also studied propositional encodings for bounded model checking LTL. A new simple linear sized encoding is developed and experimentally evaluated. The implementation in the NuSMV2 model checker is competitive with previously presented encodings. We show how to generalise the LTL encoding to a more succint logic: LTL with past operators. The generalised encoding compares favourably with previous encodings for LTL with past operators. Links between bounded model checking and the automata-theoretic approach are also explored.reviewe
A First-Order Complete Temporal Logic for Structured Context-Free Languages
The problem of model checking procedural programs has fostered much research
towards the definition of temporal logics for reasoning on context-free
structures. The most notable of such results are temporal logics on Nested
Words, such as CaRet and NWTL. Recently, the logic OPTL was introduced, based
on the class of Operator Precedence Languages (OPLs), more powerful than Nested
Words. We define the new OPL-based logic POTL and prove its FO-completeness.
POTL improves on NWTL by enabling the formulation of requirements involving
pre/post-conditions, stack inspection, and others in the presence of
exception-like constructs. It improves on OPTL too, which instead we show not
to be FO-complete; it also allows to express more easily stack inspection and
function-local properties. In a companion paper we report a model checking
procedure for POTL and experimental results based on a prototype tool developed
therefor. For completeness a short summary of this complementary result is
provided in this paper too.Comment: Partially supersedes arXiv:1910.0932