Reduction of Nondeterministic Tree Automata

We present an efficient algorithm to reduce the size of nondeterministic tree automata, while retaining their language. It is based on new transition pruning techniques, and quotienting of the state space w.r.t. suitable equivalences. It uses criteria based on combinations of downward and upward simulation preorder on trees, and the more general downward and upward language inclusions. Since tree-language inclusion is EXPTIME-complete, we describe methods to compute good approximations in polynomial time. We implemented our algorithm as a module of the well-known libvata tree automata library, and tested its performance on a given collection of tree automata from various applications of libvata in regular model checking and shape analysis, as well as on various classes of randomly generated tree automata. Our algorithm yields substantially smaller and sparser automata than all previously known reduction techniques, and it is still fast enough to handle large instances.Comment: Extended version (including proofs) of material presented at TACAS 201

Quadratic Word Equations with Length Constraints, Counter Systems, and Presburger Arithmetic with Divisibility

Word equations are a crucial element in the theoretical foundation of constraint solving over strings, which have received a lot of attention in recent years. A word equation relates two words over string variables and constants. Its solution amounts to a function mapping variables to constant strings that equate the left and right hand sides of the equation. While the problem of solving word equations is decidable, the decidability of the problem of solving a word equation with a length constraint (i.e., a constraint relating the lengths of words in the word equation) has remained a long-standing open problem. In this paper, we focus on the subclass of quadratic word equations, i.e., in which each variable occurs at most twice. We first show that the length abstractions of solutions to quadratic word equations are in general not Presburger-definable. We then describe a class of counter systems with Presburger transition relations which capture the length abstraction of a quadratic word equation with regular constraints. We provide an encoding of the effect of a simple loop of the counter systems in the theory of existential Presburger Arithmetic with divisibility (PAD). Since PAD is decidable, we get a decision procedure for quadratic words equations with length constraints for which the associated counter system is \emph{flat} (i.e., all nodes belong to at most one cycle). We show a decidability result (in fact, also an NP algorithm with a PAD oracle) for a recently proposed NP-complete fragment of word equations called regular-oriented word equations, together with length constraints. Decidability holds when the constraints are additionally extended with regular constraints with a 1-weak control structure.Comment: 18 page

JBMC: a bounded model checking tool for verifying java bytecode

We present a bounded model checking tool for verifying Java bytecode, which is built on top of the CPROVER framework, named Java Bounded Model Checker (JBMC). JBMC processes Java bytecode together with a model of the standard Java libraries and checks a set of desired properties. Experimental results show that JBMC can correctly verify a set of Java benchmarks from the literature and that it is competitive with two state-of-the-art Java verifiers

On Solving Word Equations Using SAT

We present Woorpje, a string solver for bounded word equations (i.e., equations where the length of each variable is upper bounded by a given integer). Our algorithm works by reformulating the satisfiability of bounded word equations as a reachability problem for nondeterministic finite automata, and then carefully encoding this as a propositional satisfiability problem, which we then solve using the well-known Glucose SAT-solver. This approach has the advantage of allowing for the natural inclusion of additional linear length constraints. Our solver obtains reliable and competitive results and, remarkably, discovered several cases where state-of-the-art solvers exhibit a faulty behaviour

Photoluminescence and Electron Spin Resonance of ilicon Dioxide Crystal with Rutile Structure (Stishovite)

This work was supported by ERANET MYND. Also, financial support provided by Scientific Research Project for Students and Young Researchers Nr. SJZ/2017/2 realized at the Institute of Solid State Physics, University of Latvia is greatly acknowledged. The authors express our gratitude to R.I. Mashkovtsev for help in ESR signal interpretation. The authors are appreciative to T.I. Dyuzheva, L.M. Lityagina, N.A. Bendeliani for stishovite single crystals and to K. Hubner and H.-J. Fitting for stishovite powder of Barringer Meteor Crater.An electron spin resonance (ESR) and photoluminescence signal is observed in the as grown single crystal of stishovite indicating the presence of defects in the non‐irradiated sample. The photoluminescence of the as received stishovite single crystals exhibits two main bands – a blue at 3 eV and an UV at 4.75 eV. Luminescence is excited in the range of optical transparency of stishovite (below 8.75 eV) and, therefore, is ascribed to defects. A wide range of decay kinetics under a pulsed excitation is observed. For the blue band besides the exponential decay with a time constant of about 18 μs an additional ms component is revealed. For the UV band besides the fast component with a time constant of 1–3 ns a component with a decay in tens μs is obtained. The main components (18 μs and 1–3 ns) possess a typical intra‐center transition intensity thermal quenching. The effect of the additional slow component is related to the presence of OH groups and/or carbon molecular defects modifying the luminescence center. The additional slow components exhibit wave‐like thermal dependences. Photo‐thermally stimulated creation–destruction of the complex comprising host defect and interstitial modifiers explains the slow luminescence wave‐like thermal dependences.ERANET MYND; ISSP UL Nr. SJZ/2017/2 ; Institute of Solid State Physics, University of Latvia as the Center of Excellence has received funding from the European Union’s Horizon 2020 Framework Programme H2020-WIDESPREAD-01-2016-2017-TeamingPhase2 under grant agreement No. 739508, project CAMART

Relational Thread-Modular Abstract Interpretation Under Relaxed Memory Models

International audienceWe address the verification problem of numeric properties in many-threaded concurrent programs under weakly consistent memory models, especially TSO. We build on previous work that proposed an abstract interpretation method to analyse these programs with rela-tional domains. This method was not sufficient to analyse more than two threads in a decent time. Our contribution here is to rely on a rely-guarantee framework with automatic inference of thread interferences to design an analysis with a thread-modular approach and describe re-lational abstractions of both thread states and interferences. We show how to adapt the usual computing procedure of interferences to the additional issues raised by weakly consistent memories. We demonstrate the precision and the performance of our method on a few examples, operating a prototype analyser that verifies safety properties like mutual exclusion. We discuss how weak memory models affect the scalability results compared to a sequentially consistent environment

Local reasoning about the presence of bugs: Incorrectness Separation Logic

There has been a large body of work on local reasoning for proving the absence of bugs, but none for proving their presence. We present a new formal framework for local reasoning about the presence of bugs, building on two complementary foundations: 1) separation logic and 2) incorrectness logic. We explore the theory of this new incorrectness separation logic (ISL), and use it to derive a begin-anywhere, intra-procedural symbolic execution analysis that has no false positives by construction. In so doing, we take a step towards transferring modular, scalable techniques from the world of program verification to bug catching