Formal Verification of a Geometry Algorithm: A Quest for Abstract Views and Symmetry in Coq Proofs

This extended abstract is about an effort to build a formal description of a triangulation algorithm starting with a naive description of the algorithm where triangles, edges, and triangulations are simply given as sets and the most complex notions are those of boundary and separating edges. When performing proofs about this algorithm, questions of symmetry appear and this exposition attempts to give an account of how these symmetries can be handled. All this work relies on formal developments made with Coq and the mathematical components library

Incremental, Inductive Coverability

We give an incremental, inductive (IC3) procedure to check coverability of well-structured transition systems. Our procedure generalizes the IC3 procedure for safety verification that has been successfully applied in finite-state hardware verification to infinite-state well-structured transition systems. We show that our procedure is sound, complete, and terminating for downward-finite well-structured transition systems---where each state has a finite number of states below it---a class that contains extensions of Petri nets, broadcast protocols, and lossy channel systems. We have implemented our algorithm for checking coverability of Petri nets. We describe how the algorithm can be efficiently implemented without the use of SMT solvers. Our experiments on standard Petri net benchmarks show that IC3 is competitive with state-of-the-art implementations for coverability based on symbolic backward analysis or expand-enlarge-and-check algorithms both in time taken and space usage.Comment: Non-reviewed version, original version submitted to CAV 2013; this is a revised version, containing more experimental results and some correction

Decidability of properties of timed-arc Petri nets

Timed-arc Petri nets (TAPN’s) are not Turing powerful, because, in particular, they cannot simulate a counter with zero testing. Thus, we could think that this model does not increase significantly the expressiveness of untimed Petri nets. But this is not true; in a previous paper we have shown that the differences between them are big enough to make the reachability problem undecidable. On the other hand, coverability and boundedness are proved now to be decidable. This fact is a consequence of the close interrelationship between TAPN’s and transfer nets, for which similar results have been recently proved. Finally, we see that if dead tokens are defined as those that cannot be used for firing any transition in the future, we can detect these kind of tokens in an effective way

Integer Vector Addition Systems with States

This paper studies reachability, coverability and inclusion problems for Integer Vector Addition Systems with States (ZVASS) and extensions and restrictions thereof. A ZVASS comprises a finite-state controller with a finite number of counters ranging over the integers. Although it is folklore that reachability in ZVASS is NP-complete, it turns out that despite their naturalness, from a complexity point of view this class has received little attention in the literature. We fill this gap by providing an in-depth analysis of the computational complexity of the aforementioned decision problems. Most interestingly, it turns out that while the addition of reset operations to ordinary VASS leads to undecidability and Ackermann-hardness of reachability and coverability, respectively, they can be added to ZVASS while retaining NP-completness of both coverability and reachability.Comment: 17 pages, 2 figure

Forward Analysis and Model Checking for Trace Bounded WSTS

We investigate a subclass of well-structured transition systems (WSTS), the bounded---in the sense of Ginsburg and Spanier (Trans. AMS 1964)---complete deterministic ones, which we claim provide an adequate basis for the study of forward analyses as developed by Finkel and Goubault-Larrecq (Logic. Meth. Comput. Sci. 2012). Indeed, we prove that, unlike other conditions considered previously for the termination of forward analysis, boundedness is decidable. Boundedness turns out to be a valuable restriction for WSTS verification, as we show that it further allows to decide all $\omega$-regular properties on the set of infinite traces of the system

Dynamic Recursive Petri Nets

International audienceIn the early two-thousands, Recursive Petri nets (RPN) have been introduced in order to model distributed planning of multi-agent systems for which counters and recursivity were necessary. While having a great expressive power, RPN suffer two limitations: (1) they do not include more general features for transitions like reset arcs, transfer arcs, etc. (2) the initial marking associated the recursive "call" only depends on the calling transition and not on the current marking of the caller. Here we introduce Dynamic Recursive Petri nets (DRPN) which address these issues. We show that the standard extensions of Petri nets for which decidability of the coverability problem is preserved are particular cases of DPRN. Then we establish that w.r.t. coverability languages, DRPN are strictly more expressive than RPN. Finally we prove that the coverability problem is still decidable for DRPN

Reset Nets Between Decidability and Undecidability

We study Petri nets with Reset arcs (also Transfer and Doubling arcs) in combination with other extensions of the basic Petri net model. While Reachability is undecidable in all these extensions (indeed they are Turing-powerful), we exhibit unexpected frontiers for the decidability of Termination, Coverability, Boundedness and place-Boundedness. In particular, we show counter-intuitive separations between seemingly related problems. Our main theorem is the very surprising fact that boundedness is undecidable for Petri nets with Reset arcs

Boundedness of Reset P/T Nets

P/T nets with reset and transfer arcs can be seen as countermachines with some restricted set of operations. Surprisingly, several problems related to boundedness are harder for Reset nets than for the more expressive Transfer nets. Our main result is that boundedness is undecidable for nets with three reset arcs, while it is decidable for nets with two resetable places