## How to compose Presburger-Accelerations: Applications to Broadcast Protocols (2002)

Venue: | IN PROC. 22ND CONF. FOUND. OF SOFTWARE TECHNOLOGY AND THEOR. COMP. SCI. (FST&TCS'2002), KANPUR |

Citations: | 48 - 17 self |

### BibTeX

@INPROCEEDINGS{Finkel02howto,

author = {Alain Finkel and J. Leroux},

title = {How to compose Presburger-Accelerations: Applications to Broadcast Protocols},

booktitle = {IN PROC. 22ND CONF. FOUND. OF SOFTWARE TECHNOLOGY AND THEOR. COMP. SCI. (FST&TCS'2002), KANPUR},

year = {2002},

pages = {145--156},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

Finite linear systems are finite sets of linear functions whose guards are de fined by Presburger formulas, and whose the squares matrice associated generate a finite multiplicative monoid. We prove that for finite linear systems, the accelerations of sequences of transitions always produce an effective Presburger-definable relation. We then show how to choose the good sequences of length n whose number is polynomial in n although the total number of cycles of length n is exponential in n. We implement these theoretical results in the tool FAST [FAS] (Fast Acceleration of Symbolic Transition systems). FAST computes in few seconds the minimal deterministic finite automata that represent the reachability sets of 8 well-known broadcast protocols.

### Citations

292 | Reachability analysis of pushdown automata: Application to model-checking
- Bouajjani, Esparza, et al.
- 1997
(Show Context)
Citation Context ... of safety properties can be reduced to reachability of a given state from a set of initial states. For some particular models like lossy channel systems [AJ96], [ABJ98] automata with stacks [FWW97], =-=[BEM97]-=-, reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachability from a regular set of initial states becaus... |

175 | B.: Verifying programs with unreliable channels
- Abdulla, Jonsson
- 1993
(Show Context)
Citation Context ...in verication. Let us recall that verication of safety properties can be reduced to reachability of a given state from a set of initial states. For some particular models like lossy channel systems [A=-=J96]-=-, [ABJ98] automata with stacks [FWW97], [BEM97], reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachabil... |

127 | Regular model checking
- Bouajjani, Jonsson, et al.
- 2000
(Show Context)
Citation Context ...t is clear that the reachability problem is undecidable for linear systems even of dimension 3 (by using a Post problem reduction [FB95]). We call Presburger Model Checking the Regular Model Checking =-=[BJNT00-=-], [FO97b], [BF00], [BGP97] in which Presburger formulas (instead of regular languages) are used as a symbolic representation of innite set of states. Presburger formulas enjoy good properties because... |

114 | A direct symbolic approach to model checking pushdown systems
- Finkel, Willems, et al.
- 1997
(Show Context)
Citation Context ...rication of safety properties can be reduced to reachability of a given state from a set of initial states. For some particular models like lossy channel systems [AJ96], [ABJ98] automata with stacks [=-=FWW97]-=-, [BEM97], reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachability from a regular set of initial stat... |

90 | Multiple counters automata, safety analysis and presburger arithmetic
- Comon, Jurski
- 1998
(Show Context)
Citation Context ...state from a set of initial states. For some particular models like lossy channel systems [AJ96], [ABJ98] automata with stacks [FWW97], [BEM97], reactive FIFO automata [SFRC99],sat counters automata (=-=[CJ98]-=- and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachability from a regular set of initial states because the reachability set (or the set of all predecessors) is regu... |

64 |
Presburger formulas and languages
- Semigroups
- 1966
(Show Context)
Citation Context ... of states. Presburger formulas enjoy good properties because, as regular sets, they are closed under union, intersection and negation; moreover, the satisability and the validity are both decidable [=-=-=-GS66]. We say that we accelerate a sequence of transitions labeled by from a set S of states when we symbolically compute the innite union of all n (S); this set is also called the -acceleration s... |

62 | P.: Symbolic reachability analysis of fifo-channel systems with nonregular sets of configurations
- Bouajjani, Habermehl
- 1999
(Show Context)
Citation Context ..., we can cite [BF00] and [BGP97] which both also use the tool MONA [MON]. For FIFO channels systems, acceleration of loops have been recently studied in [FPS00] with SLRE, in [BGWW97] with QDD and in =-=[BH99]-=- with CQDD; for lossy FIFO channels systems, acceleration of loops and SRE have been studied in [ABJ98] and [AAB99]. Plan of the paper Section 2 and 3 intuitively introduce, on a simple example, accel... |

56 | The power of QDDs - Boigelot, Godefroid, et al. - 1997 |

50 | Symbolic techniques for parametric reasoning about counter and clock systems
- Annichini, Asarin, et al.
(Show Context)
Citation Context ...eective computation of the Presburger-denable reachability set. [FS00b] considers acceleration from a theoretical point of view with applications to 2-counters automata and to FIFO channel systems. [A=-=AB00-=-] guesses the result of the innite iteration of a cycle, in a hybrid system, and verify whether the guess is correct or not. [Rev90], [FO97b], [FO97a] and [BF99] automatically accelerate a given non-e... |

47 |
A Closed Form for Datalog Queries with Integer Order
- Revesz
- 1990
(Show Context)
Citation Context ...th applications to 2-counters automata and to FIFO channel systems. [AAB00] guesses the result of the innite iteration of a cycle, in a hybrid system, and verify whether the guess is correct or not. [=-=Rev90]-=-, [FO97b], [FO97a] and [BF99] automatically accelerate a given non-elementary cycle. [PS00] attacks the acceleration techniques using formulas in a variant of WS1S for the symbolic representation of s... |

43 | M.: Handling global conditions in parameterized system verification
- Abdulla, Bouajjani, et al.
- 1999
(Show Context)
Citation Context ...ion set. We will compute and use accelerations of dierent sequences, to speed up the reachability set construction and help its termination. Accelerations are also called meta-transitions in [BW94], [=-=ABJN99]-=-, [Boi98] or exact widening in theseld of abstract interpretation. Boigelot's model and results B. Boigelot and P. Wolper in [BW94], [WB98] and [Boi98] consider a unique linear function f whose guard ... |

43 | Ph.: Reset nets between decidability and undecidability
- Dufourd, Finkel, et al.
- 1998
(Show Context)
Citation Context ...n. However, for positive linear systems (i.e., all matrices are positive (M a 2 Mm (N ))) we can easily deduce from [MS77] an algorithm to decide thesniteness of a linear system in EXPTIME. Following =-=[DFS98]-=- and [FS00b], we call Transfer/Reset/Inhibitor Petri Nets extended Petri nets which are able to (1) transfer the content of a place into another, (2) to reset (or empty) a place and (3) to zero-test a... |

35 | Reachability analysis of (timed) Petri nets using real arithmetic
- Bérard, Fribourg
- 1999
(Show Context)
Citation Context ...automata and to FIFO channel systems. [AAB00] guesses the result of the innite iteration of a cycle, in a hybrid system, and verify whether the guess is correct or not. [Rev90], [FO97b], [FO97a] and [=-=BF99]-=- automatically accelerate a given non-elementary cycle. [PS00] attacks the acceleration techniques using formulas in a variant of WS1S for the symbolic representation of sets of states: the authors ex... |

19 |
Decidability of reachability problems for classes of two counters automata
- Finkel, Sutre
(Show Context)
Citation Context ...articular models like lossy channel systems [AJ96], [ABJ98] automata with stacks [FWW97], [BEM97], reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata =-=[FS00b-=-], [FS00a], it is possible to test reachability from a regular set of initial states because the reachability set (or the set of all predecessors) is regular and is eectively computable. But, these \d... |

17 |
On the Veri of Broadcast Protocols
- Esparza, Finkel, et al.
- 1999
(Show Context)
Citation Context ...le" models are often too restricted because we may wish to use counters with no constraints on guards and actions, as for example, broadcast protocols with parameterized initial set of states [EN=-=98], [EFM99]-=-, [Del00a]. Hence, our desired model must be able to easily simulate counters automata and as an unavoidable consequence, most of reachability problems will become undecidable. We make the observation... |

16 |
Automatic veri of parameterized cache coherence protocols
- Delzanno
- 2000
(Show Context)
Citation Context ...s are often too restricted because we may wish to use counters with no constraints on guards and actions, as for example, broadcast protocols with parameterized initial set of states [EN98], [EFM99], =-=[Del00a]-=-. Hence, our desired model must be able to easily simulate counters automata and as an unavoidable consequence, most of reachability problems will become undecidable. We make the observation that almo... |

15 |
La finitude des représentations linéaires de semi-groupes est décidable
- Jacob
- 1978
(Show Context)
Citation Context ...ociated to f . Hence, it is natural to consider the class of linear systems whose the monoid generated by all the square matrices M , issnite (calledsnite linear systems). This condition is decidable =-=[Jac-=-78],[MS77]. We prove that acceleration of f is possible for any cycle . { How tosnd out the good accelerations ? The second step to really use accelerations is to compute how many dierent acceleratio... |

13 |
Symbolic model checking of in state systems using Presburger arithmetic
- Bultan, Gerber, et al.
(Show Context)
Citation Context ...ility problem is undecidable for linear systems even of dimension 3 (by using a Post problem reduction [FB95]). We call Presburger Model Checking the Regular Model Checking [BJNT00], [FO97b], [BF00], =-=[BGP97-=-] in which Presburger formulas (instead of regular languages) are used as a symbolic representation of innite set of states. Presburger formulas enjoy good properties because, as regular sets, they ar... |

13 |
On Model Checking for Non-deterministic In Systems
- Emerson, Namjoshi
- 1998
(Show Context)
Citation Context ...\decidable" models are often too restricted because we may wish to use counters with no constraints on guards and actions, as for example, broadcast protocols with parameterized initial set of st=-=ates [EN98]-=-, [EFM99], [Del00a]. Hence, our desired model must be able to easily simulate counters automata and as an unavoidable consequence, most of reachability problems will become undecidable. We make the ob... |

13 |
On finite semigroups of matrices
- Mandel, Simon
- 1977
(Show Context)
Citation Context ...to f . Hence, it is natural to consider the class of linear systems whose the monoid generated by all the square matrices M , issnite (calledsnite linear systems). This condition is decidable [Jac78],=-=[MS-=-77]. We prove that acceleration of f is possible for any cycle . { How tosnd out the good accelerations ? The second step to really use accelerations is to compute how many dierent accelerations are ... |

12 |
FMona: a tool for expressing validation techniques over infinite state systems
- Bodeveix, Filali
- 2000
(Show Context)
Citation Context ... reachability problem is undecidable for linear systems even of dimension 3 (by using a Post problem reduction [FB95]). We call Presburger Model Checking the Regular Model Checking [BJNT00], [FO97b], =-=[BF00-=-], [BGP97] in which Presburger formulas (instead of regular languages) are used as a symbolic representation of innite set of states. Presburger formulas enjoy good properties because, as regular sets... |

12 |
Verifying Systems with In but Regular State Space
- Boigelot, Wolper
- 1998
(Show Context)
Citation Context ... Accelerations are also called meta-transitions in [BW94], [ABJN99], [Boi98] or exact widening in theseld of abstract interpretation. Boigelot's model and results B. Boigelot and P. Wolper in [BW94], =-=[WB98-=-] and [Boi98] consider a unique linear function f whose guard is of the form Ax b. They gave two decidable technical conditions [B1] and [B2] over a linear function f (called here a Boigelot's functi... |

11 |
On-the- analysis of systems with unbounded lossy Fifo-channels
- Abdulla, Bouajjani, et al.
(Show Context)
Citation Context ...cation. Let us recall that verication of safety properties can be reduced to reachability of a given state from a set of initial states. For some particular models like lossy channel systems [AJ96], [=-=ABJ98]-=- automata with stacks [FWW97], [BEM97], reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachability from ... |

9 |
Symbolic veri with periodic sets
- Boigelot, Wolper
- 1994
(Show Context)
Citation Context ...cceleration set. We will compute and use accelerations of dierent sequences, to speed up the reachability set construction and help its termination. Accelerations are also called meta-transitions in [=-=BW94]-=-, [ABJN99], [Boi98] or exact widening in theseld of abstract interpretation. Boigelot's model and results B. Boigelot and P. Wolper in [BW94], [WB98] and [Boi98] consider a unique linear function f wh... |

6 |
Symbolic Methods for Exploring In State Spaces
- Boigelot
- 1998
(Show Context)
Citation Context ...e will compute and use accelerations of dierent sequences, to speed up the reachability set construction and help its termination. Accelerations are also called meta-transitions in [BW94], [ABJN99], [=-=Boi98]-=- or exact widening in theseld of abstract interpretation. Boigelot's model and results B. Boigelot and P. Wolper in [BW94], [WB98] and [Boi98] consider a unique linear function f whose guard is of the... |

6 |
Well-abstracted Transition Systems
- Finkel, Iyer, et al.
- 2000
(Show Context)
Citation Context ...me what we called the Presburger Model Checking, we can cite [BF00] and [BGP97] which both also use the tool MONA [MON]. For FIFO channels systems, acceleration of loops have been recently studied in =-=[FPS00]-=- with SLRE, in [BGWW97] with QDD and in [BH99] with CQDD; for lossy FIFO channels systems, acceleration of loops and SRE have been studied in [ABJ98] and [AAB99]. Plan of the paper Section 2 and 3 int... |

6 |
An algorithm constructing the semilinear post* for 2-dim reset/transfer vass
- Finkel, Sutre
- 2000
(Show Context)
Citation Context ... models like lossy channel systems [AJ96], [ABJ98] automata with stacks [FWW97], [BEM97], reactive FIFO automata [SFRC99],sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], =-=[FS00a], it-=- is possible to test reachability from a regular set of initial states because the reachability set (or the set of all predecessors) is regular and is eectively computable. But, these \decidable"... |

5 |
Symbolic Veri of Lossy Channel Systems: Application to the Bounded Retransmission Protocol
- Abdulla, Annichini, et al.
- 1999
(Show Context)
Citation Context ...of loops have been recently studied in [FPS00] with SLRE, in [BGWW97] with QDD and in [BH99] with CQDD; for lossy FIFO channels systems, acceleration of loops and SRE have been studied in [ABJ98] and =-=[AAB99]-=-. Plan of the paper Section 2 and 3 intuitively introduce, on a simple example, acceleration of cycles. Then, after recalling the basic notions (labeled transition systems, matrices and 3 functions, P... |

3 |
A decompositional approach for computing least of Datalog programs with z-counters. Constraints
- Fribourg, Olsen
- 1997
(Show Context)
Citation Context ... 2-counters automata and to FIFO channel systems. [AAB00] guesses the result of the innite iteration of a cycle, in a hybrid system, and verify whether the guess is correct or not. [Rev90], [FO97b], [=-=FO97a]-=- and [BF99] automatically accelerate a given non-elementary cycle. [PS00] attacks the acceleration techniques using formulas in a variant of WS1S for the symbolic representation of sets of states: the... |

3 |
Proving safety properties of in state systems by compilation into Presburger arithmetic
- Fribourg, Olsen
- 1997
(Show Context)
Citation Context ... that the reachability problem is undecidable for linear systems even of dimension 3 (by using a Post problem reduction [FB95]). We call Presburger Model Checking the Regular Model Checking [BJNT00], =-=[FO97b-=-], [BF00], [BGP97] in which Presburger formulas (instead of regular languages) are used as a symbolic representation of innite set of states. Presburger formulas enjoy good properties because, as regu... |

2 |
E ective recognizability and model checking of reactive o automata
- Sutre, Finkel, et al.
- 1999
(Show Context)
Citation Context ...uced to reachability of a given state from a set of initial states. For some particular models like lossy channel systems [AJ96], [ABJ98] automata with stacks [FWW97], [BEM97], reactive FIFO automata =-=[SFRC99]-=-,sat counters automata ([CJ98] and reset/transfer 2-counters automata [FS00b], [FS00a], it is possible to test reachability from a regular set of initial states because the reachability set (or the se... |

1 | Cours de mathematiques | 1 : Algebre. Dunod Universite - Arnaudies, Fraysse - 1988 |

1 |
Veri of consistency protocols via in symbolic model checking: A case study
- Delzanno
- 2000
(Show Context)
Citation Context ...reover as all broadcast protocols are parameterized Transfer/Reset/Inhibitors Petri Nets, we can prove that Transfer/Reset/Inhibitors Petri Nets and all broadcast protocols [EN98], [EFM99], [Del00a], =-=[Del00b]-=- aresnite linear systems. Proposition 1. Transfer/Reset/Inhibitor Petri Nets [DFS98] and all broadcast protocols [EN98], [EFM99], [Del00a], [Del00b] aresnite linear systems. 7 Proof. All these classes... |

1 |
Le langage des machines : introduction a la calculabilite et aux langages formels, chapter 7
- Floyd, Beigel
- 1995
(Show Context)
Citation Context ...are Presburger-denable; such systems are now called linear systems. It is clear that the reachability problem is undecidable for linear systems even of dimension 3 (by using a Post problem reduction [=-=FB95]-=-). We call Presburger Model Checking the Regular Model Checking [BJNT00], [FO97b], [BF00], [BGP97] in which Presburger formulas (instead of regular languages) are used as a symbolic representation of ... |

1 |
The burnside theorem for semi-groups
- McNaughton, Zalcstein
- 1975
(Show Context)
Citation Context ... exists a word such that M = M . As f (S 0 ) = Reach(L; S 0 ; ) is Presburger-denable for every Presburger-denable set S 0 , then by using [Boi98], the monoidsissnite. The Burnside theorem [MZ75], [Jac78], [MS77] implies that M L issnite. ut 5 How tosnd out the good accelerations ? For asnite linear system L = (; m; f ), the number of words with a length less than or equal to an integer ... |

1 |
Liveness and acceleration in parameterized verication
- Pnueli, Shahar
- 2000
(Show Context)
Citation Context ...lt of the innite iteration of a cycle, in a hybrid system, and verify whether the guess is correct or not. [Rev90], [FO97b], [FO97a] and [BF99] automatically accelerate a given non-elementary cycle. [=-=PS00]-=- attacks the acceleration techniques using formulas in a variant of WS1S for the symbolic representation of sets of states: the authors experiment their tool on examples but no decidability result is ... |

1 |
Abstraction et acceleration de systemes in PhD thesis, Ecole Normale Superieure de Cachan, Laboratoire Speci et Veri
- Sutre
- 2000
(Show Context)
Citation Context ... integers satisfying x+y = z. On the other hand, actions are relations (they are not restricted to be functions). Hence, their model is not comparable withsnite linear systems. A. Finkel and G. Sutre =-=[Sut0-=-0], [FS00b], [FS00a] study 2-counters automata with reset/transfer/+1/-1 actions and guards of the form x i c and x i = 0 (zero test). They prove that cycle-acceleration leads to the eective computat... |