Results 1 
4 of
4
Equational Abstraction Refinement for Certified Tree Regular Model Checking
, 2012
"... Abstract. Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinitestate systems in which states are represented by trees and sets of states by tree automata. The central problem is to decide whether a set of bad states belongs to the set of reachable states. A ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinitestate systems in which states are represented by trees and sets of states by tree automata. The central problem is to decide whether a set of bad states belongs to the set of reachable states. An obstacle is that this set is in general neither regular nor computable in finite time. This paper proposes a new CounterExample Guided Abstraction Refinement (CEGAR) algorithm for TRMC. Our approach relies on a new equationalabstraction based completion algorithm to compute a regular overapproximation of the set of reachable states in finite time. This set is represented by R/Eautomata, a new extended tree automaton formalism whose structure can be exploited to detect and remove false positives in an efficient manner. Our approach has been implemented in TimbukCEGAR, a new toolset that is capable of analyzing Java programs by exploiting an elegant translation from the Java byte code to term rewriting systems. Experiments show that TimbukCEGAR outperforms existing CEGARbased completion algorithms. Contrary to existing TRMC toolsets, the answers provided by TimbukCEGAR are certified by Coq, which means that they are formally proved correct. 1
Finite Models vs Tree Automata in Safety Verification
"... In this paper we deal with verification of safety properties of termrewriting systems. The verification problem is translated to a purely logical problem of finding a finite countermodel for a firstorder formula, which is further resolved by a generic finite model finding procedure. A finite count ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
In this paper we deal with verification of safety properties of termrewriting systems. The verification problem is translated to a purely logical problem of finding a finite countermodel for a firstorder formula, which is further resolved by a generic finite model finding procedure. A finite countermodel produced during successful verification provides with a concise description of the system invariant sufficient to demonstrate a specific safety property. We show the relative completeness of this approach with respect to the tree automata completion technique. On a set of examples taken from the literature we demonstrate the efficiency of finite model finding approach as well as its explanatory power.
Termination Criteria for Tree Automata Completion
"... This paper presents two criteria for the termination of tree automata completion. Tree automata completion is a technique for computing a tree automaton recognizing or overapproximating the set of terms reachable w.r.t. a term rewriting system. The first criterion is based on the structure of the ..."
Abstract
 Add to MetaCart
(Show Context)
This paper presents two criteria for the termination of tree automata completion. Tree automata completion is a technique for computing a tree automaton recognizing or overapproximating the set of terms reachable w.r.t. a term rewriting system. The first criterion is based on the structure of the term rewriting system itself. We prove that for most of the known classes of linear rewriting systems preserving regularity, the tree automata completion is terminating. Moreover, it outputs a tree automaton recognizing exactly the set of reachable terms. When the term rewriting system is outside of such classes, the set of reachable terms can be approximated using a set of equations defining an abstraction. The second criterion, which holds for any leftlinear term rewriting system, defines sufficient restrictions on the set of equations for the tree automata completion to terminate. We then show how to take advantage of this second criterion to use completion as a new static analysis technique for functional programs. Some examples are demonstrated using the Timbuk completion tool.
Author manuscript, published in "ICFEM, Kyoto: Japan (2012)" Equational Abstraction Refinement for Certified Tree Regular Model Checking
, 2012
"... Abstract. Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinitestate systems in which states are represented by trees and sets of states by tree automata. The central problem is to decide whether a set of bad states belongs to the set of reachable states. A ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinitestate systems in which states are represented by trees and sets of states by tree automata. The central problem is to decide whether a set of bad states belongs to the set of reachable states. An obstacle is that this set is in general neither regular nor computable in finite time. This paper proposes a new CounterExample Guided Abstraction Refinement (CEGAR) algorithm for TRMC. Our approach relies on a new equationalabstraction based completion algorithm to compute a regular overapproximation of the set of reachable states in finite time. This set is represented by R/Eautomata, a new extended tree automaton formalism whose structure can be exploited to detect and remove false positives in an efficient manner. Our approach has been implemented in TimbukCEGAR, a new toolset that is capable of analyzing Java programs by exploiting an elegant translation from the Java byte code to term rewriting systems. Experiments show that TimbukCEGAR outperforms existing CEGARbased completion algorithms. Contrary to existing TRMC toolsets, the answers provided by TimbukCEGAR are certified by Coq, which means that they are formally proved correct. 1