Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis

The safety of infinite state systems can be checked by a backward reachability procedure. For certain classes of systems, it is possible to prove the termination of the procedure and hence conclude the decidability of the safety problem. Although backward reachability is property-directed, it can unnecessarily explore (large) portions of the state space of a system which are not required to verify the safety property under consideration. To avoid this, invariants can be used to dramatically prune the search space. Indeed, the problem is to guess such appropriate invariants. In this paper, we present a fully declarative and symbolic approach to the mechanization of backward reachability of infinite state systems manipulating arrays by Satisfiability Modulo Theories solving. Theories are used to specify the topology and the data manipulated by the system. We identify sufficient conditions on the theories to ensure the termination of backward reachability and we show the completeness of a method for invariant synthesis (obtained as the dual of backward reachability), again, under suitable hypotheses on the theories. We also present a pragmatic approach to interleave invariant synthesis and backward reachability so that a fix-point for the set of backward reachable states is more easily obtained. Finally, we discuss heuristics that allow us to derive an implementation of the techniques in the model checker MCMT, showing remarkable speed-ups on a significant set of safety problems extracted from a variety of sources.Comment: Accepted for publication in Logical Methods in Computer Scienc

Computabilities of Validity and Satisfiability in Probability Logics over Finite and Countable Models

The $\epsilon$-logic (which is called $\epsilon$E-logic in this paper) of Kuyper and Terwijn is a variant of first order logic with the same syntax, in which the models are equipped with probability measures and in which the $\forall x$ quantifier is interpreted as "there exists a set $A$ of measure $\ge 1 - \epsilon$ such that for each $x \in A$, ...." Previously, Kuyper and Terwijn proved that the general satisfiability and validity problems for this logic are, i) for rational $\epsilon \in (0, 1)$, respectively $\Sigma^1_1$-complete and $\Pi^1_1$-hard, and ii) for $\epsilon = 0$, respectively decidable and $\Sigma^0_1$-complete. The adjective "general" here means "uniformly over all languages." We extend these results in the scenario of finite models. In particular, we show that the problems of satisfiability by and validity over finite models in $\epsilon$E-logic are, i) for rational $\epsilon \in (0, 1)$, respectively $\Sigma^0_1$- and $\Pi^0_1$-complete, and ii) for $\epsilon = 0$, respectively decidable and $\Pi^0_1$-complete. Although partial results toward the countable case are also achieved, the computability of $\epsilon$E-logic over countable models still remains largely unsolved. In addition, most of the results, of this paper and of Kuyper and Terwijn, do not apply to individual languages with a finite number of unary predicates. Reducing this requirement continues to be a major point of research. On the positive side, we derive the decidability of the corresponding problems for monadic relational languages --- equality- and function-free languages with finitely many unary and zero other predicates. This result holds for all three of the unrestricted, the countable, and the finite model cases. Applications in computational learning theory, weighted graphs, and neural networks are discussed in the context of these decidability and undecidability results.Comment: 47 pages, 4 tables. Comments welcome. Fixed errors found by Rutger Kuype

Reachability analysis of first-order definable pushdown systems

We study pushdown systems where control states, stack alphabet, and transition relation, instead of being finite, are first-order definable in a fixed countably-infinite structure. We show that the reachability analysis can be addressed with the well-known saturation technique for the wide class of oligomorphic structures. Moreover, for the more restrictive homogeneous structures, we are able to give concrete complexity upper bounds. We show ample applicability of our technique by presenting several concrete examples of homogeneous structures, subsuming, with optimal complexity, known results from the literature. We show that infinitely many such examples of homogeneous structures can be obtained with the classical wreath product construction.Comment: to appear in CSL'1

Existential questions in (relatively) hyperbolic groups {\it and} Finding relative hyperbolic structures

This arXived paper has two independant parts, that are improved and corrected versions of different parts of a single paper once named "On equations in relatively hyperbolic groups". The first part is entitled "Existential questions in (relatively) hyperbolic groups". We study there the existential theory of torsion free hyperbolic and relatively hyperbolic groups, in particular those with virtually abelian parabolic subgroups. We show that the satisfiability of systems of equations and inequations is decidable in these groups. In the second part, called "Finding relative hyperbolic structures", we provide a general algorithm that recognizes the class of groups that are hyperbolic relative to abelian subgroups.Comment: Two independant parts 23p + 9p, revised. To appear separately in Israel J. Math, and Bull. London Math. Soc. respectivel