65 research outputs found
Towards Static Analysis of Functional Programs using Tree Automata Completion
This paper presents the first step of a wider research effort to apply tree
automata completion to the static analysis of functional programs. Tree
Automata Completion is a family of techniques for computing or approximating
the set of terms reachable by a rewriting relation. The completion algorithm we
focus on is parameterized by a set E of equations controlling the precision of
the approximation and influencing its termination. For completion to be used as
a static analysis, the first step is to guarantee its termination. In this
work, we thus give a sufficient condition on E and T(F) for completion
algorithm to always terminate. In the particular setting of functional
programs, this condition can be relaxed into a condition on E and T(C) (terms
built on the set of constructors) that is closer to what is done in the field
of static analysis, where abstractions are performed on data.Comment: Proceedings of WRLA'14. 201
Automata and Equations based Approximations for Reachability Analysis
Invited talkInternational audienceTerm Rewriting Systems (TRSs for short) are a convenient formal model for software systems. This formalism is expressive enough to model in a simple and accurate way many aspects of computation such as: recursivity, non-determinism, parallelism, distribution, communication. On such models, verification is facilitated by the large collection of proof techniques of rewriting: termination, non-termination, confluence, non-confluence, reachability, unreachability, inductive properties, etc. This talk focuses on unreachability properties of a TRS, which entails safety properties on the modeled software system. Starting from a single term s, proving that t is unreachable, i.e., s â * R t is straightforward if R is terminating. This problem is undecidable if R is not terminating or if we consider infinite sets of initial terms s and infinite sets of " Bad " terms t. There exists TRSs classes for which those problems are decidable. For those classes, decidability comes from the fact that the set of reachable terms is regular, i.e., it can be recognized by a tree automaton [5]. Those classes are surveyed in [7]. However, TRSs modeling software systems do not belong to those " decid-able classes " , in general. The rewriting and tree automata community have proposed different techniques to over-approximate the set of reachable terms. Over-approximating reachable terms provide a criterion for unreachability on TRSs and, thus, a criterion for safety of the modeled systems. Those approximation techniques range from TRSs transformation [11], ad hoc automata transformations [6,10,3], CounterExample-Guided Abstraction Refinement (CEGAR) [4,2,1], and abstraction by equational theories [12,9]. I will present the principles underlying those techniques, discuss their pros and cons, and recall some of their applications. Then, I will present a recent attempt to combine abstraction by equational theories and CEGAR to infer accurate over-approximations for TRSs modeling higher-order functional programs [8]
Approximation based tree regular model checking
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether where is the reflexive and transitive closure of a successor relation induced by a term rewriting system , and and are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in most practical cases, extending a recent work by Feuillade, Genet and Viet Triem Tong. We also make this approach fully automatic for practical validation of security protocols
Handling Non Left-Linear Rules When Completing Tree Automata
International audienceThis paper addresses the following general problem of tree regular model-checking: decide whether the intersection of R*(L) and Lp is empty, where R* is the reflexive and transitive closure of a successor relation induced by a term rewriting system R, and L and Lp are both regular tree languages. We develop an automatic approximation-based technique to handle this -- undecidable in general -- problem in the case when term rewriting system rules are non left-linear
Rewriting Approximations For Properties Verification Over CCS Specifications
This paper presents a way to verify CCS (without renaming) specifications using tree regular model checking. From a term rewriting system and a tree automaton representing the semantics of CCS and equations of a CCS specification to analyse, an over-approximation of the set of reachable terms is computed from an initial configuration. This set, in the framework of CCS, represents an over-approximation of all states (modulo bisimulation) and action sequences the CCS specification can reach. The approach described in this paper can be fully automated. It is illustrated with the Alternating Bit Protocol and with hardware components specifications
Guided Unfoldings for Finding Loops in Standard Term Rewriting
In this paper, we reconsider the unfolding-based technique that we have
introduced previously for detecting loops in standard term rewriting. We
improve it by guiding the unfolding process, using distinguished positions in
the rewrite rules. This results in a depth-first computation of the unfoldings,
whereas the original technique was breadth-first. We have implemented this new
approach in our tool NTI and compared it to the previous one on a bunch of
rewrite systems. The results we get are promising (better times, more
successful proofs).Comment: Pre-proceedings paper presented at the 28th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2018), Frankfurt
am Main, Germany, 4-6 September 2018 (arXiv:1808.03326
A Combination Framework for Complexity
In this paper we present a combination framework for polynomial complexity
analysis of term rewrite systems. The framework covers both derivational and
runtime complexity analysis. We present generalisations of powerful complexity
techniques, notably a generalisation of complexity pairs and (weak) dependency
pairs. Finally, we also present a novel technique, called dependency graph
decomposition, that in the dependency pair setting greatly increases
modularity. We employ the framework in the automated complexity tool TCT. TCT
implements a majority of the techniques found in the literature, witnessing
that our framework is general enough to capture a very brought setting
- âŠ