PLTL Partitioned Model Checking for Reactive Systems under Fairness Assumptions

We are interested in verifying dynamic properties of finite state reactive systems under fairness assumptions by model checking. The systems we want to verify are specified through a top-down refinement process. In order to deal with the state explosion problem, we have proposed in previous works to partition the reachability graph, and to perform the verification on each part separately. Moreover, we have defined a class, called Bmod, of dynamic properties that are verifiable by parts, whatever the partition. We decide if a property P belongs to Bmod by looking at the form of the Buchi automaton that accepts the negation of P. However, when a property P belongs to Bmod, the property f => P, where f is a fairness assumption, does not necessarily belong to Bmod. In this paper, we propose to use the refinement process in order to build the parts on which the verification has to be performed. We then show that with such a partition, if a property P is verifiable by parts and if f is the expression of the fairness assumptions on a system, then the property f => P is still verifiable by parts. This approach is illustrated by its application to the chip card protocol T=1 using the B engineering design language

Using Acceleration to Compute Parameterized System Refinement

In this paper, we present a verification approach for a class of parameterized systems. These systems are composed of an arbitrary number of similar processes. As in \cite{abdulla99b} we represent the states by regular languages and the transitions by transducers over regular languages. If we can compute a symbolic model by acceleration of the actions, then we can also verify a refinement relation R between the symbolic models. We show that, under some conditions, if R is verified between two symbolic models, then refinement is verified between concrete parameterized systems. Then, we can take advantage the property (safety and PLTL properties) preservation by refinement for their verification

Verification of Liveness Properties with JML

This paper proposes a way to verify liveness properties in an extension of JML. The verification is divided into two subtasks: (1) generation of appropriate JML annotations that allow to verify that the class under consideration respects the liveness property, and (2) showing that the environment preserves the liveness properties by proving a refinement. For the generation of appropriate JML annotations, we require that the liveness properties are extended with a variant and invariant (conform variants and invariants to show termination of loops). We then show that under certain assumptions on the environment, we can prove the satisfaction of the liveness property. The second subtask then boils down to showing that the environment in fact respects these assumptions. The method is illustrated by an example

Automating Synthesis by Completion

When using a completion procedure, simple static analyses allow automatizing the manipulation of first-order functional programs. This paper shows how to apply these techniques in order to fully automatize program transformation by the two strategies: deforestation (eliminating useless intermediate data structures) and tupling (eliminating parallel traversals of identical data structures). These techniques enable us to transform a larger class of programs than the current deforestation algorithms. Programs are translated into a constructor-based rewrite system. Then, a completion procedure can be used for synthesis of the transformed rewrite system. Static analyses of the rewrite system are needed to automatize a given transformation strategy. They permit the following: (1) to automatically discover the specifications of the functions that need to be synthesized by completion in order to accommodate the strategy, (2) to control the production of critical pairs during the completion pr..

Automatic Transformations by Rewriting Techniques

. The paper shows how term rewriting techniques can be used to automatically transform first-order functional programs by both deforestation (eliminating useless intermediate data structures) and tupling (eliminating parallel traversals of identical data structures). Its novelty is that it includes these strategies for program improvement in a transformation system which uses completion procedures to automatically control a unfold/fold methodology. This means that eurekas for these strategies are automatically discovered and that they are processed by a completion procedure. The completion procedure is automatically constrained for orienting pairs into rules and for producing critical pairs. An interesting result is that the process preserves termination of the original set of rules, which is not guaranteed in general by a unfold/fold method. Introduction As it has often been said, functional programs are constructed using only functions as pieces. Data structures such as lists and ..

A Transformation System Combining Partial Evaluation with Term Rewriting

. This paper presents a new approach to optimizing functional programs based on combining partial evaluation and rewriting. Programs are composed of higher-order primitives. Partial evaluation is used to eliminate higher-order functions. First-order rewriting is used to process the transformation. Laws about the higher-order primitives that are relevant for the optimizations are automatically extracted from a library and transformed into first-order terms using partial evaluation. Such a combination of a partial evaluation system and an intrinsically first-order rewriting tool allows a form of higher-order rewriting at a first-order level. This way, it is possible to automate deforestation of higher-order programs. Introduction The so-called Squiggol [10] style for program construction is a high-level programming technique that consists of building a program by composing primitives or other functions while taking into account well-known laws on the primitives. Functions are usually de..

Induction and Synthesis for Automatic Program Transformation

e is a mechanism for suggesting strategies which is accomplished by automatically introducing new functions, called eurekas in the fold-unfold methodology [2] (previously these new functions had to be introduced through the insight of a clever user). Consider, for example, that the transformation step P i to P i+1 performs deforestation of a term t in P i . The transformation consists in looking for a set of rewrite rules S that reduce t to a term t 0 free of intermediary data structures. The mechanism for suggesting strategies is able to propose a left-hand side s of a rule in S which encompasses t and which contains no useless data structures. The right-hand side is built with a new functional symbol h which has as arguments all the variabl

Substitution: A formal methods case study using monads and transformations

The specification and derivation of substitution for the de Bruijn representation of - terms is used to illustrate programming with a function-sequence monad. The resulting program is improved by interactive program transformation methods into an efficient implementation that uses primitive machine arithmetic. These transformations illustrate new techniques that assist the discovery of the arithmetic structure of the solution. Introduction Substitution is one of many problems in computer science that, once understood in one context, is understood in all contexts. Why, then, must a different substitution function be written for every abstract syntax implemented? This paper shows how to define substitution once and use the monadic structure of the definition to instantiate it on different abstract syntax structures. It also shows how to interactively derive an efficient implementation of substitution from this very abstract definition. The authors are supported in part by a grant fr..

Monads, Indexes and Transformations

The specification and derivation of substitution for the de Bruijn representation of -terms is used to illustrate programming with a functionsequence monad. The resulting program is improved by interactive program transformation methods into an efficient implementation that uses primitive machine arithmetic. These transformations illustrate new techniques that assist the discovery of the arithmetic structure of the solution

Type-driven Defunctionalization

In 1972, Reynolds outlined a general method for eliminating functional arguments known as defunctionalization. The idea underlying defunctionalization is encoding functional values as first-order data, and then to realized the applications of the encoded function via an apply function. Although this process is simple enough, problems arise when defunctionalization is used in a polymorphic language. In such a language, a functional argument of a higher-order function can take different type instances in different applications. As a consequence, its associated apply function can be untypable in the soucre language. In the paper we present a defunctionalization transformation which preserves typability. Moreover, the transformation imposes no restriction on functional arguments of recursive functions, and it handles functions as results as well as functions encapsulated in constructors or tuples. The key to this success is the use of type information in the defunctionalization transformat..