185 research outputs found
Reduction of Nondeterministic Tree Automata
We present an efficient algorithm to reduce the size of nondeterministic tree
automata, while retaining their language. It is based on new transition pruning
techniques, and quotienting of the state space w.r.t. suitable equivalences. It
uses criteria based on combinations of downward and upward simulation preorder
on trees, and the more general downward and upward language inclusions. Since
tree-language inclusion is EXPTIME-complete, we describe methods to compute
good approximations in polynomial time. We implemented our algorithm as a
module of the well-known libvata tree automata library, and tested its
performance on a given collection of tree automata from various applications of
libvata in regular model checking and shape analysis, as well as on various
classes of randomly generated tree automata. Our algorithm yields substantially
smaller and sparser automata than all previously known reduction techniques,
and it is still fast enough to handle large instances.Comment: Extended version (including proofs) of material presented at TACAS
201
Performance evaluation of an emergency call center: tropical polynomial systems applied to timed Petri nets
We analyze a timed Petri net model of an emergency call center which
processes calls with different levels of priority. The counter variables of the
Petri net represent the cumulated number of events as a function of time. We
show that these variables are determined by a piecewise linear dynamical
system. We also prove that computing the stationary regimes of the associated
fluid dynamics reduces to solving a polynomial system over a tropical
(min-plus) semifield of germs. This leads to explicit formul{\ae} expressing
the throughput of the fluid system as a piecewise linear function of the
resources, revealing the existence of different congestion phases. Numerical
experiments show that the analysis of the fluid dynamics yields a good
approximation of the real throughput.Comment: 21 pages, 4 figures. A shorter version can be found in the
proceedings of the conference FORMATS 201
Regular symmetry patterns
Symmetry reduction is a well-known approach for alleviating the state explosion problem in model checking. Automatically identifying symmetries in concurrent systems, however, is computationally expensive. We propose a symbolic framework for capturing symmetry patterns in parameterised systems (i.e. an infinite family of finite-state systems): two regular word transducers to represent, respectively, parameterised systems and symmetry patterns. The framework subsumes various types of "symmetry relations" ranging from weaker notions (e.g. simulation preorders) to the strongest notion (i.e. isomorphisms). Our framework enjoys two algorithmic properties: (1) symmetry verification: given a transducer, we can automatically check whether it is a symmetry pattern of a given system, and (2) symmetry synthesis: we can automatically generate a symmetry pattern for a given system in the form of a transducer. Furthermore, our symbolic language allows additional constraints that the symmetry patterns need to satisfy to be easily incorporated in the verification/synthesis. We show how these properties can help identify symmetry patterns in examples like dining philosopher protocols, self-stabilising protocols, and prioritised resource-allocator protocol. In some cases (e.g. Gries's coffee can problem), our technique automatically synthesises a safety-preserving finite approximant, which can then be verified for safety solely using a finite-state model checker.UPMAR
Parameterized Model-Checking for Timed-Systems with Conjunctive Guards (Extended Version)
In this work we extend the Emerson and Kahlon's cutoff theorems for process
skeletons with conjunctive guards to Parameterized Networks of Timed Automata,
i.e. systems obtained by an \emph{apriori} unknown number of Timed Automata
instantiated from a finite set of Timed Automata templates.
In this way we aim at giving a tool to universally verify software systems
where an unknown number of software components (i.e. processes) interact with
continuous time temporal constraints. It is often the case, indeed, that
distributed algorithms show an heterogeneous nature, combining dynamic aspects
with real-time aspects. In the paper we will also show how to model check a
protocol that uses special variables storing identifiers of the participating
processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is
non-trivial, since solutions to the parameterized verification problem often
relies on the processes to be symmetric, i.e. indistinguishable. On the other
side, many popular distributed algorithms make use of PIDs and thus cannot
directly apply those solutions
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
On Automated Lemma Generation for Separation Logic with Inductive Definitions
Separation Logic with inductive definitions is a well-known approach for
deductive verification of programs that manipulate dynamic data structures.
Deciding verification conditions in this context is usually based on
user-provided lemmas relating the inductive definitions. We propose a novel
approach for generating these lemmas automatically which is based on simple
syntactic criteria and deterministic strategies for applying them. Our approach
focuses on iterative programs, although it can be applied to recursive programs
as well, and specifications that describe not only the shape of the data
structures, but also their content or their size. Empirically, we find that our
approach is powerful enough to deal with sophisticated benchmarks, e.g.,
iterative procedures for searching, inserting, or deleting elements in sorted
lists, binary search tress, red-black trees, and AVL trees, in a very efficient
way
Graph-Based Shape Analysis Beyond Context-Freeness
We develop a shape analysis for reasoning about relational properties of data
structures. Both the concrete and the abstract domain are represented by
hypergraphs. The analysis is parameterized by user-supplied indexed graph
grammars to guide concretization and abstraction. This novel extension of
context-free graph grammars is powerful enough to model complex data structures
such as balanced binary trees with parent pointers, while preserving most
desirable properties of context-free graph grammars. One strength of our
analysis is that no artifacts apart from grammars are required from the user;
it thus offers a high degree of automation. We implemented our analysis and
successfully applied it to various programs manipulating AVL trees,
(doubly-linked) lists, and combinations of both
Interprocedural Reachability for Flat Integer Programs
We study programs with integer data, procedure calls and arbitrary call
graphs. We show that, whenever the guards and updates are given by octagonal
relations, the reachability problem along control flow paths within some
language w1* ... wd* over program statements is decidable in Nexptime. To
achieve this upper bound, we combine a program transformation into the same
class of programs but without procedures, with an Np-completeness result for
the reachability problem of procedure-less programs. Besides the program, the
expression w1* ... wd* is also mapped onto an expression of a similar form but
this time over the transformed program statements. Several arguments involving
context-free grammars and their generative process enable us to give tight
bounds on the size of the resulting expression. The currently existing gap
between Np-hard and Nexptime can be closed to Np-complete when a certain
parameter of the analysis is assumed to be constant.Comment: 38 pages, 1 figur
Efficacy of RTS,S malaria vaccines: individual-participant pooled analysis of phase 2 data.
BACKGROUND: The efficacy of RTS,S/AS01 as a vaccine for malaria is being tested in a phase 3 clinical trial. Early results show significant, albeit partial, protection against clinical malaria and severe malaria. To ascertain variations in vaccine efficacy according to covariates such as transmission intensity, choice of adjuvant, age at vaccination, and bednet use, we did an individual-participant pooled analysis of phase 2 clinical data. METHODS: We analysed data from 11 different sites in Africa, including 4453 participants. We measured heterogeneity in vaccine efficacy by estimating the interactions between covariates and vaccination in pooled multivariable Cox regression and Poisson regression analyses. Endpoints for measurement of vaccine efficacy were infection, clinical malaria, severe malaria, and death. We defined transmission intensity levels according to the estimated local parasite prevalence in children aged 2-10 years (PrP₂₋₁₀), ranging from 5% to 80%. Choice of adjuvant was either AS01 or AS02. FINDINGS: Vaccine efficacy against all episodes of clinical malaria varied by transmission intensity (p=0·001). At low transmission (PrP₂₋₁₀ 10%) vaccine efficacy was 60% (95% CI 54 to 67), at moderate transmission (PrP₂₋₁₀ 20%) it was 41% (21 to 57), and at high transmission (PrP₂₋₁₀ 70%) the efficacy was 4% (-10 to 22). Vaccine efficacy also varied by adjuvant choice (p<0·0001)--eg, at low transmission (PrP₂₋₁₀ 10%), efficacy varied from 60% (95% CI 54 to 67) for AS01 to 47% (14 to 75) for AS02. Variations in efficacy by age at vaccination were of borderline significance (p=0·038), and bednet use and sex were not significant covariates. Vaccine efficacy (pooled across adjuvant choice and transmission intensity) varied significantly (p<0·0001) according to time since vaccination, from 36% efficacy (95% CI 24 to 45) at time of vaccination to 0% (-38 to 38) after 3 years. INTERPRETATION: Vaccine efficacy against clinical disease was of limited duration and was not detectable 3 years after vaccination. Furthermore, efficacy fell with increasing transmission intensity. Outcomes after vaccination cannot be gauged accurately on the basis of one pooled efficacy figure. However, predictions of public-health outcomes of vaccination will need to take account of variations in efficacy by transmission intensity and by time since vaccination. FUNDING: Medical Research Council (UK); Bill & Melinda Gates Foundation Vaccine Modelling Initiative; Wellcome Trust
The ideal view on Rackoff's coverability technique
Rackoff’s small witness property for the coverability problem is the standard means to prove tight upper bounds in vector addition systems (VAS) and many extensions. We show how to derive the same bounds directly on the computations of the VAS instantiation of the generic backward coverability algorithm. This relies on a dual view of the algorithm using ideal decompositions of downwards-closed sets, which exhibits a key structural invariant in the VAS case. The same reasoning readily generalises to several VAS extensions
- …