14 research outputs found
Reachability analysis of first-order definable pushdown systems
We study pushdown systems where control states, stack alphabet, and
transition relation, instead of being finite, are first-order definable in a
fixed countably-infinite structure. We show that the reachability analysis can
be addressed with the well-known saturation technique for the wide class of
oligomorphic structures. Moreover, for the more restrictive homogeneous
structures, we are able to give concrete complexity upper bounds. We show ample
applicability of our technique by presenting several concrete examples of
homogeneous structures, subsuming, with optimal complexity, known results from
the literature. We show that infinitely many such examples of homogeneous
structures can be obtained with the classical wreath product construction.Comment: to appear in CSL'1
On insertion-deletion systems over relational words
We introduce a new notion of a relational word as a finite totally ordered
set of positions endowed with three binary relations that describe which
positions are labeled by equal data, by unequal data and those having an
undefined relation between their labels. We define the operations of insertion
and deletion on relational words generalizing corresponding operations on
strings. We prove that the transitive and reflexive closure of these operations
has a decidable membership problem for the case of short insertion-deletion
rules (of size two/three and three/two). At the same time, we show that in the
general case such systems can produce a coding of any recursively enumerable
language leading to undecidabilty of reachability questions.Comment: 24 pages, 8 figure
A Generic Framework for Reasoning about Dynamic Networks of Infinite-State Processes
We propose a framework for reasoning about unbounded dynamic networks of
infinite-state processes. We propose Constrained Petri Nets (CPN) as generic
models for these networks. They can be seen as Petri nets where tokens
(representing occurrences of processes) are colored by values over some
potentially infinite data domain such as integers, reals, etc. Furthermore, we
define a logic, called CML (colored markings logic), for the description of CPN
configurations. CML is a first-order logic over tokens allowing to reason about
their locations and their colors. Both CPNs and CML are parametrized by a color
logic allowing to express constraints on the colors (data) associated with
tokens. We investigate the decidability of the satisfiability problem of CML
and its applications in the verification of CPNs. We identify a fragment of CML
for which the satisfiability problem is decidable (whenever it is the case for
the underlying color logic), and which is closed under the computations of post
and pre images for CPNs. These results can be used for several kinds of
analysis such as invariance checking, pre-post condition reasoning, and bounded
reachability analysis.Comment: 29 pages, 5 tables, 1 figure, extended version of the paper published
in the the Proceedings of TACAS 2007, LNCS 442
Synchronizing Data Words for Register Automata
Register automata (RAs) are finite automata extended with a finite set of
registers to store and compare data from an infinite domain. We study the
concept of synchronizing data words in RAs: does there exist a data word that
sends all states of the RA to a single state?
For deterministic RAs with k registers (k-DRAs), we prove that inputting data
words with 2k+1 distinct data from the infinite data domain is sufficient to
synchronize. We show that the synchronization problem for DRAs is in general
PSPACE-complete, and it is NLOGSPACE-complete for 1-DRAs. For nondeterministic
RAs (NRAs), we show that Ackermann(n) distinct data (where n is the size of the
RA) might be necessary to synchronize. The synchronization problem for NRAs is
in general undecidable, however, we establish Ackermann-completeness of the
problem for 1-NRAs.
Another main result is the NEXPTIME-completeness of the length-bounded
synchronization problem for NRAs, where a bound on the length of the
synchronizing data word, written in binary, is given. A variant of this last
construction allows to prove that the length-bounded universality problem for
NRAs is co-NEXPTIME-complete
Temporal Logics on Words with Multiple Data Values
The paper proposes and studies temporal logics for attributed words, that is, data words with a (finite) set of (attribute,value)-pairs at each position. It considers a basic logic which is a semantical fragment of the logic of Demri and Lazic with operators for navigation into the future and the past. By reduction to the emptiness problem for data automata it is shown that this basic logic is decidable. Whereas the basic logic only allows navigation to positions where a fixed data value occurs, extensions are studied that also allow navigation to positions with different data values. Besides some undecidable results it is shown that the extension by a certain UNTIL-operator with an inequality target condition remains decidable
Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis
The safety of infinite state systems can be checked by a backward
reachability procedure. For certain classes of systems, it is possible to prove
the termination of the procedure and hence conclude the decidability of the
safety problem. Although backward reachability is property-directed, it can
unnecessarily explore (large) portions of the state space of a system which are
not required to verify the safety property under consideration. To avoid this,
invariants can be used to dramatically prune the search space. Indeed, the
problem is to guess such appropriate invariants. In this paper, we present a
fully declarative and symbolic approach to the mechanization of backward
reachability of infinite state systems manipulating arrays by Satisfiability
Modulo Theories solving. Theories are used to specify the topology and the data
manipulated by the system. We identify sufficient conditions on the theories to
ensure the termination of backward reachability and we show the completeness of
a method for invariant synthesis (obtained as the dual of backward
reachability), again, under suitable hypotheses on the theories. We also
present a pragmatic approach to interleave invariant synthesis and backward
reachability so that a fix-point for the set of backward reachable states is
more easily obtained. Finally, we discuss heuristics that allow us to derive an
implementation of the techniques in the model checker MCMT, showing remarkable
speed-ups on a significant set of safety problems extracted from a variety of
sources.Comment: Accepted for publication in Logical Methods in Computer Scienc
Light-Weight SMT-based Model Checking
AbstractRecently, the notion of an array-based system has been introduced as an abstraction of infinite state systems (such as mutual exclusion protocols or sorting programs) which allows for model checking of invariant (safety) and recurrence (liveness) properties by Satisfiability Modulo Theories (SMT) techniques. Unfortunately, the use of quantified first-order formulae to describe sets of states makes fix-point checking extremely expensive. In this paper, we show how invariant properties for a sub-class of array-based systems can be model-checked by a backward reachability algorithm where the length of quantifier prefixes is efficiently controlled by suitable heuristics. We also present various refinements of the reachability algorithm that allows it to be easily implemented in a client-server architecture, where a âlight-weightâ algorithm is the client generating proof obligations for safety and fix-point checks and an SMT solver plays the role of the server discharging the proof obligations. We also report on some encouraging preliminary experiments with a prototype implementation of our approach
Register-Bounded Synthesis
Traditional synthesis algorithms return, given a specification over finite sets of input and output Boolean variables, a finite-state transducer all whose computations satisfy the specification. Many real-life systems have an infinite state space. In particular, behaviors of systems with a finite control yet variables that range over infinite domains, are specified by automata with infinite alphabets. A register automaton has a finite set of registers, and its transitions are based on a comparison of the letters in the input with these stored in its registers. Unfortunately, reasoning about register automata is complex. In particular, the synthesis problem for specifications given by register automata, where the goal is to generate correct register transducers, is undecidable.
We study the synthesis problem for systems with a bounded number of registers. Formally, the register-bounded realizability problem is to decide, given a specification register automaton A over infinite input and output alphabets and numbers k_s and k_e of registers, whether there is a system transducer T with at most k_s registers such that for all environment transducers T\u27 with at most k_e registers, the computation T|T\u27, generated by the interaction of T with T\u27, satisfies the specification A. The register-bounded synthesis problem is to construct such a transducer T, if exists. The bounded setting captures better real-life scenarios where bounds on the systems and/or its environment are known. In addition, the bounds are the key to new synthesis algorithms, and, as recently shown in [A. Khalimov et al., 2018], they lead to decidability. Our contributions include a stronger specification formalism (universal register parity automata), simpler algorithms, which enable a clean complexity analysis, a study of settings in which both the system and the environment are bounded, and a study of the theoretical aspects of the setting; in particular, the differences among a fixed, finite, and infinite number of registers, and the determinacy of the corresponding games
Church Synthesis on Register Automata over Linearly Ordered Data Domains
Register automata are finite automata equipped with a finite set of registers in which they can store data, i.e. elements from an unbounded or infinite alphabet. They provide a simple formalism to specify the behaviour of reactive systems operating over data ?-words. We study the synthesis problem for specifications given as register automata over a linearly ordered data domain (e.g. (?, ?) or (?, ?)), which allow for comparison of data with regards to the linear order. To that end, we extend the classical Church synthesis game to infinite alphabets: two players, Adam and Eve, alternately play some data, and Eve wins whenever their interaction complies with the specification, which is a language of ?-words over ordered data. Such games are however undecidable, even when the specification is recognised by a deterministic register automaton. This is in contrast with the equality case, where the problem is only undecidable for nondeterministic and universal specifications.
Thus, we study one-sided Church games, where Eve instead operates over a finite alphabet, while Adam still manipulates data. We show they are determined, and deciding the existence of a winning strategy is in ExpTime, both for ? and ?. This follows from a study of constraint sequences, which abstract the behaviour of register automata, and allow us to reduce Church games to ?-regular games. Lastly, we apply these results to the transducer synthesis problem for input-driven register automata, where each output data is restricted to be the content of some register, and show that if there exists an implementation, then there exists one which is a register transducer