Using models to model-check recursive schemes

We propose a model-based approach to the model checking problem for recursive schemes. Since simply typed lambda calculus with the fixpoint operator, lambda-Y-calculus, is equivalent to schemes, we propose the use of a model of lambda-Y-calculus to discriminate the terms that satisfy a given property. If a model is finite in every type, this gives a decision procedure. We provide a construction of such a model for every property expressed by automata with trivial acceptance conditions and divergence testing. Such properties pose already interesting challenges for model construction. Moreover, we argue that having models capturing some class of properties has several other virtues in addition to providing decidability of the model-checking problem. As an illustration, we show a very simple construction transforming a scheme to a scheme reflecting a property captured by a given model.Comment: Long version of a paper presented at TLCA 201

Pushdown Processes: Games and Model Checking

Games given by transition graphs of pushdown processes are considered.It is shown that if there is a winning strategy in such agame then there is a winning strategy that is realized by a pushdownprocess. This fact turns out to be connected with the model checkingproblem for the pushdown automata and the propositional mu-calculus.It is shown that this model checking problem is DEXPTIME-complete

Static Analysis of Deterministic Negotiations

Negotiation diagrams are a model of concurrent computation akin to workflow Petri nets. Deterministic negotiation diagrams, equivalent to the much studied and used free-choice workflow Petri nets, are surprisingly amenable to verification. Soundness (a property close to deadlock-freedom) can be decided in PTIME. Further, other fundamental questions like computing summaries or the expected cost, can also be solved in PTIME for sound deterministic negotiation diagrams, while they are PSPACE-complete in the general case. In this paper we generalize and explain these results. We extend the classical "meet-over-all-paths" (MOP) formulation of static analysis problems to our concurrent setting, and introduce Mazurkiewicz-invariant analysis problems, which encompass the questions above and new ones. We show that any Mazurkiewicz-invariant analysis problem can be solved in PTIME for sound deterministic negotiations whenever it is in PTIME for sequential flow-graphs---even though the flow-graph of a deterministic negotiation diagram can be exponentially larger than the diagram itself. This gives a common explanation to the low-complexity of all the analysis questions studied so far. Finally, we show that classical gen/kill analyses are also an instance of our framework, and obtain a PTIME algorithm for detecting anti-patterns in free-choice workflow Petri nets. Our result is based on a novel decomposition theorem, of independent interest, showing that sound deterministic negotiation diagrams can be hierarchically decomposed into (possibly overlapping) smaller sound diagrams.Comment: To appear in the Proceedings of LICS 2017, IEEE Computer Societ

A Complete Deductive System for the mu-Calculus

The propositional mu-calculus as introduced by Kozen in [12] is considered.In that paper a finitary axiomatisation of the logic was presentedbut its completeness remained an open question. Here a different finitaryaxiomatisation of the logic is proposed and proved to be complete. Thetwo axiomatisations are compared

Gentzen-type axiomatization for PAL

AbstractThe aim of propositional algorithmic logic (PAL) is to investigate the properties of simple nondeterministic while-program schemes on propositional level. We present finite, cut-free, Gentzen-type axiomatization of PAL. As a corollary from completeness theorem, we obtain the small-model theorem and algorithm for checking the validity of PAL formulas

Positional Determinacy of Games with Infinitely Many Priorities

We study two-player games of infinite duration that are played on finite or infinite game graphs. A winning strategy for such a game is positional if it only depends on the current position, and not on the history of the play. A game is positionally determined if, from each position, one of the two players has a positional winning strategy. The theory of such games is well studied for winning conditions that are defined in terms of a mapping that assigns to each position a priority from a finite set. Specifically, in Muller games the winner of a play is determined by the set of those priorities that have been seen infinitely often; an important special case are parity games where the least (or greatest) priority occurring infinitely often determines the winner. It is well-known that parity games are positionally determined whereas Muller games are determined via finite-memory strategies. In this paper, we extend this theory to the case of games with infinitely many priorities. Such games arise in several application areas, for instance in pushdown games with winning conditions depending on stack contents. For parity games there are several generalisations to the case of infinitely many priorities. While max-parity games over omega or min-parity games over larger ordinals than omega require strategies with infinite memory, we can prove that min-parity games with priorities in omega are positionally determined. Indeed, it turns out that the min-parity condition over omega is the only infinitary Muller condition that guarantees positional determinacy on all game graphs

LambdaY-Calculus With Priorities

International audienceThe lambdaY-calculus with priorities is a variant of the simply-typed lambda calculus designed for higher-order model-checking. The higher-order model-checking problem asks if a given parity tree automaton accepts the Böhm tree of a given term of the simply-typed lambda calculus with recursion. We show that this problem can be reduced to the same question but for terms of lambdaY-calculus with priorities and visibly parity automata; a subclass of parity automata. The latter question can be answered by evaluating terms in a simple powerset model with least and greatest fixpoints. We prove that the recognizing power of powerset models and visibly parity automata are the same. So, up to conversion to the lambdaY-calculus with priorities, powerset models with least and greatest fixpoints are indeed the right semantic framework for the model-checking problem. The reduction to lambdaY-calculus with priorities is also efficient algorithmically: it gives an algorithm of the same complexity as direct approaches to the higher-order model-checking problem. This indicates that the task of calculating the value of a term in a powerset model is a central algo-rithmic problem for higher-order model-checking