Verifying Safety Properties With the TLA+ Proof System

TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties

Balanced Schnyder woods for planar triangulations: an experimental study with applications to graph drawing and graph separators

In this work we consider balanced Schnyder woods for planar graphs, which are Schnyder woods where the number of incoming edges of each color at each vertex is balanced as much as possible. We provide a simple linear-time heuristic leading to obtain well balanced Schnyder woods in practice. As test applications we consider two important algorithmic problems: the computation of Schnyder drawings and of small cycle separators. While not being able to provide theoretical guarantees, our experimental results (on a wide collection of planar graphs) suggest that the use of balanced Schnyder woods leads to an improvement of the quality of the layout of Schnyder drawings, and provides an efficient tool for computing short and balanced cycle separators.Comment: Appears in the Proceedings of the 27th International Symposium on Graph Drawing and Network Visualization (GD 2019

Trace Spaces: an Efficient New Technique for State-Space Reduction

State-space reduction techniques, used primarily in model-checkers, all rely on the idea that some actions are independent, hence could be taken in any (respective) order while put in parallel, without changing the semantics. It is thus not necessary to consider all execution paths in the interleaving semantics of a concurrent program, but rather some equivalence classes. The purpose of this paper is to describe a new algorithm to compute such equivalence classes, and a representative per class, which is based on ideas originating in algebraic topology. We introduce a geometric semantics of concurrent languages, where programs are interpreted as directed topological spaces, and study its properties in order to devise an algorithm for computing dihomotopy classes of execution paths. In particular, our algorithm is able to compute a control-flow graph for concurrent programs, possibly containing loops, which is "as reduced as possible" in the sense that it generates traces modulo equivalence. A preliminary implementation was achieved, showing promising results towards efficient methods to analyze concurrent programs, with very promising results compared to partial-order reduction techniques

Lower bounds on the dilation of plane spanners

(I) We exhibit a set of 23 points in the plane that has dilation at least $1.4308$, improving the previously best lower bound of $1.4161$ for the worst-case dilation of plane spanners. (II) For every integer $n\geq13$, there exists an $n$-element point set $S$ such that the degree 3 dilation of $S$ denoted by $\delta_0(S,3) \text{ equals } 1+\sqrt{3}=2.7321\ldots$ in the domain of plane geometric spanners. In the same domain, we show that for every integer $n\geq6$, there exists a an $n$-element point set $S$ such that the degree 4 dilation of $S$ denoted by $\delta_0(S,4) \text{ equals } 1 + \sqrt{(5-\sqrt{5})/2}=2.1755\ldots$ The previous best lower bound of $1.4161$ holds for any degree. (III) For every integer $n\geq6$, there exists an $n$-element point set $S$ such that the stretch factor of the greedy triangulation of $S$ is at least $2.0268$.Comment: Revised definitions in the introduction; 23 pages, 15 figures; 2 table

Morphing Schnyder drawings of planar triangulations

We consider the problem of morphing between two planar drawings of the same triangulated graph, maintaining straight-line planarity. A paper in SODA 2013 gave a morph that consists of $O(n^2)$ steps where each step is a linear morph that moves each of the $n$ vertices in a straight line at uniform speed. However, their method imitates edge contractions so the grid size of the intermediate drawings is not bounded and the morphs are not good for visualization purposes. Using Schnyder embeddings, we are able to morph in $O(n^2)$ linear morphing steps and improve the grid size to $O(n)\times O(n)$ for a significant class of drawings of triangulations, namely the class of weighted Schnyder drawings. The morphs are visually attractive. Our method involves implementing the basic "flip" operations of Schnyder woods as linear morphs.Comment: 23 pages, 8 figure

Small grid embeddings of 3-polytopes

We introduce an algorithm that embeds a given 3-connected planar graph as a convex 3-polytope with integer coordinates. The size of the coordinates is bounded by $O(2^{7.55n})=O(188^{n})$. If the graph contains a triangle we can bound the integer coordinates by $O(2^{4.82n})$. If the graph contains a quadrilateral we can bound the integer coordinates by $O(2^{5.46n})$. The crucial part of the algorithm is to find a convex plane embedding whose edges can be weighted such that the sum of the weighted edges, seen as vectors, cancel at every point. It is well known that this can be guaranteed for the interior vertices by applying a technique of Tutte. We show how to extend Tutte's ideas to construct a plane embedding where the weighted vector sums cancel also on the vertices of the boundary face

On the Area Requirements of Planar Greedy Drawings of Triconnected Planar Graphs

In this paper we study the area requirements of planar greedy drawings of triconnected planar graphs. Cao, Strelzoff, and Sun exhibited a family $\cal H$ of subdivisions of triconnected plane graphs and claimed that every planar greedy drawing of the graphs in $\mathcal H$ respecting the prescribed plane embedding requires exponential area. However, we show that every $n$-vertex graph in $\cal H$ actually has a planar greedy drawing respecting the prescribed plane embedding on an $O(n)\times O(n)$ grid. This reopens the question whether triconnected planar graphs admit planar greedy drawings on a polynomial-size grid. Further, we provide evidence for a positive answer to the above question by proving that every $n$-vertex Halin graph admits a planar greedy drawing on an $O(n)\times O(n)$ grid. Both such results are obtained by actually constructing drawings that are convex and angle-monotone. Finally, we consider $\alpha$-Schnyder drawings, which are angle-monotone and hence greedy if $\alpha\leq 30^\circ$, and show that there exist planar triangulations for which every $\alpha$-Schnyder drawing with a fixed $\alpha<60^\circ$ requires exponential area for any resolution rule

Automatic Verification Of TLA+ Proof Obligations With SMT Solvers

International audienceTLA+ is a formal specification language that is based on ZF set theory and the Temporal Logic of Actions TLA. The TLA+ proof system TLAPS assists users in deductively verifying safety properties of TLA+ specifications. TLAPS is built around a proof manager, which interprets the TLA+ proof language, generates corresponding proof obligations, and passes them to backend verifiers. In this paper we present a new backend for use with SMT solvers that supports elementary set theory, functions, arithmetic, tuples, and records. Type information required by the solvers is provided by a typing discipline for TLA+ proof obligations, which helps us disambiguate the translation of expressions of (untyped) TLA+, while ensuring its soundness. Preliminary results show that the backend can help to significantly increase the degree of automation of certain interactive proofs