A Fixpoint Calculus for Local and Global Program Flows
|
|
- Brianna Wright
- 5 years ago
- Views:
Transcription
1 Univerity of Pennylvania ScholarlyCommon Deartmental Paer (CIS) Deartment of Comuter & Information Science A Fixoint Calculu for Local and Global Program Flow Rajeev Alur Univerity of Pennylvania, alur@ci.uenn.edu Swarat Chaudhuri Univerity of Pennylvania P. Madhuudan Univerity of Illinoi at Urbana-Chamaign Follow thi and additional work at: htt://reoitory.uenn.edu/ciaer Part of the Comuter Science Common Recommended Citation Rajeev Alur, Swarat Chaudhuri, and P. Madhuudan, "A Fixoint Calculu for Local and Global Program Flow", Conference Record of the 33rd ACM SIGPLAN-SIGACT Symoium on Princile of Programming Language (POPL '06), January htt://dx.doi.org/ / Thi aer i oted at ScholarlyCommon. htt://reoitory.uenn.edu/ciaer/495 For more information, leae contact libraryreoitory@obox.uenn.edu.
2 A Fixoint Calculu for Local and Global Program Flow Abtract We define a new fixoint modal logic, the viibly uhdown μ-calculu (VP-μ), a an extenion of the modal μ- calculu. The model of thi logic are execution tree of tructured rogram where the rocedure call and return are made viible. Thi new logic can exre uhdown ecification on the model that it claical counterart cannot, and i motivated by recent work on viibly uhdown language [4]. We how that our logic naturally cature everal intereting rogram ecification in rogram verification and dataflow analyi. Thi include a variety of rogram ecification uch a comuting combination of local and global rogram flow, re/ot condition of rocedure, ecurity roertie involving the context tack, and interrocedural dataflow analyi roertie. The logic can cature flow-enitive and inter-rocedural analyi, and it ha contruct that allow kiing rocedure call o that local flow in a rocedure can alo be tracked. The logic generalize the emantic of the modal μ-calculu by conidering ummarie intead of node a firt-cla object, with aroriate contruct for concatenating ummarie, and naturally cature the way in which uhdown model are model-checked. The main reult of the aer i that the modelchecking roblem for VP-μ i effectively olvable againt uhdown model with no more effort than that required for weaker logic uch a CTL. We alo invetigate the exreive ower of the logic VP-μ: we how that it encomae all roertie exreed by a correonding uhdown temoral logic on linear tructure (caret [2]) a well a by the claical μ-calculu. Thi make VP-μ the mot exreive known rogram logic for which algorithmic oftware model checking i feaible. In fact, the decidability of mot known rogram logic (μ-calculu, temoral logic LTL and CTL, caret, etc.) can be undertood by their interretation in the monadic econd-order logic over tree. Thi i not true for the logic VP-μ, making it a new owerful tractable rogram logic. Diciline Comuter Science Thi conference aer i available at ScholarlyCommon: htt://reoitory.uenn.edu/ciaer/495
3 A Fixoint Calculu for Local and Global Program Flow Rajeev Alur Univerity of Pennylvania Swarat Chaudhuri Univerity of Pennylvania P. Madhuudan Univerity of Illinoi, Urbana-Chamaign Abtract We define a new fixoint modal logic, the viibly uhdown µ-calculu (VP-µ), a an extenion of the modal µ-calculu. The model of thi logic are execution tree of tructured rogram where the rocedure call and return are made viible. Thi new logic can exre uhdown ecification on the model that it claical counterart cannot, and i motivated by recent work on viibly uhdown language [4]. We how that our logic naturally cature everal intereting rogram ecification in rogram verification and dataflow analyi. Thi include a variety of rogram ecification uch a comuting combination of local and global rogram flow, re/ot condition of rocedure, ecurity roertie involving the context tack, and interrocedural dataflow analyi roertie. The logic can cature flow-enitive and interrocedural analyi, and it ha contruct that allow kiing rocedure call o that local flow in a rocedure can alo be tracked. The logic generalize the emantic of the modal µ-calculu by conidering ummarie intead of node a firt-cla object, with aroriate contruct for concatenating ummarie, and naturally cature the way in which uhdown model are model-checked. The main reult of the aer i that the model-checking roblem for VP-µ i effectively olvable againt uhdown model with no more effort than that required for weaker logic uch a CTL. We alo invetigate the exreive ower of the logic VP-µ: we how that it encomae all roertie exreed by a correonding uhdown temoral logic on linear tructure (CARET [2]) a well a by the claical µ-calculu. Thi make VP-µ the mot exreive known rogram logic for which algorithmic oftware model checking i feaible. In fact, the decidability of mot known rogram logic (µ-calculu, temoral logic LTL and CTL, CARET, etc.) can be undertood by their interretation in the monadic econd-order logic over tree. Thi i not true for the logic VP- µ, making it a new owerful tractable rogram logic. Categorie and Subject Decritor D.2.4 [Software Engineering]: Software/Program Verification Model checking; F.3.1 [Theory of Comutation]: Secifying and Verifying and Reaoning Thi reearch wa artially uorted by ARO URI award DAAD and NSF award CCR Permiion to make digital or hard coie of all or art of thi work for eronal or claroom ue i granted without fee rovided that coie are not made or ditributed for rofit or commercial advantage and that coie bear thi notice and the full citation on the firt age. To coy otherwie, to reublih, to ot on erver or to reditribute to lit, require rior ecific ermiion and/or a fee. POPL 06 January 11 13, 2006, Charleton, South Carolina, USA. Coyright c 2006 ACM /06/ $5.00. about Program; F.4.1 [Theory of Comutation]: Mathematical Logic Temoral logic General Term Algorithm, Theory, Verification Keyword Logic, ecification, verification, µ-calculu, infinitetate, model-checking, game, uhdown ytem 1. Introduction The µ-calculu [20, 16] i a modal logic with fixoint interreted over labeled tranition ytem, or equivalently, over their tree unfolding. It i an extenively tudied ecification formalim with alication to rogram analyi, comuter-aided verification, and databae query language [13, 25]. From a theoretical erective, it tatu a the canonical temoral logic for regular requirement i due to the fact that it exreivene exceed that of all commonly ued temoral logic uch a LTL, CTL, and CTL, and equal that of alternating arity tree automata or the biimulation-cloed fragment of monadic econd-order theory over tree [14, 18]. From a ractical tandoint, iterative comutation of fixoint naturally ugget ymbolic evaluation, and ymbolic model checker uch a SMV check CTL roertie of finite-tate model by comiling them into µ-calculu formula [8, 21]. In thi aer, we focu on the role of µ-calculu to ecify roertie of labeled tranition ytem correonding to uhdown automata, or equivalently, Boolean rogram [5] or recurive tate machine (RSM) [3, 7]. Such uhdown model can cature the control flow in tyical equential imerative rogramming language with recurive rocedure call, and are central to interrocedural dataflow analyi [22] and oftware model checking [6, 17]. While algorithmic verification of µ-calculu roertie of uch model i oible [26, 10], claical µ-calculu cannot exre uhdown ecification that require inection of the tack or matching of call and return. Even though the general roblem of checking uhdown roertie of uhdown automata i undecidable, algorithmic olution have been rooed for checking many different kind of non-regular roertie [19, 12, 15, 11, 2, 4]. Thee include acce control requirement uch a a module A hould be invoked only if the module B belong to the call-tack, bound on tack ize uch a after any oint where hold, the number of interrut-handler in the call-tack hould never exceed 5 and the claical Hoare-tyle correctne requirement of rogram module with re- and ot-condition, uch a if hold when a module i invoked, the module mut return, and q mut hold on return. In the rogram analyi literature, it ha been argued that data flow analyi, uch a the comutation of live variable and very buy exreion, can be viewed a evaluating µ-calculu formula over abtraction of rogram [24, 23]. Thi correondence doe not hold when we need to account for local data flow ath. For intance, for an exreion e that involve a variable local to a rocedure P, the et of control oint within P at which e i very
4 buy (that i, e i guaranteed to be ued before any of it variable get modified), cannot be ecified uing a µ-calculu formula even though interrocedural dataflow analyi can comute thi information. The goal of thi aer i to identify a fixoint calculu that can exre uch uhdown requirement and yet ha a decidable model checking roblem with reect to uhdown model. Our earch for uch a calculu wa guided by the recently rooed framework of viibly uhdown language for linear-time roertie [4]. In thi variation of uhdown automata over word, the inut ymbol determine when the uhdown automaton can uh or o, and thu the tack deth at every oition. The reulting cla of language i cloed under union, interection, and comlementation, and roblem uch a incluion that are undecidable for context-free language are decidable for viibly uhdown automata. Thi imlie that checking uhdown roertie of uhdown model i feaible a long a the call and return are made viible allowing the tack of the roerty and the model to ynchronize. Thi viibility requirement eem only natural while writing requirement about re/ot condition or for interrocedural flow roertie. The linear-time temoral logic CARET i baed on the ame rincile: it formula are interreted over equence tagged with call and return, and it yntax include for each temoral modality, beide it claical global verion, a local verion that jum from a call-tate to the matching return-tate, and thu, can exre non-regular roertie, without cauing undecidability. In order to develo a viibly uhdown branching-time logic, we conider tructured tree a model. In a tructured tree, node are labeled with atomic rooition a in Krike model, and edge are tagged a call, return, or local. To aociate a tructured tree with a rogram (or it abtraction), we mut chooe the et of obervable atomic tate roertie, tag edge correonding to call and return from rogram block aroriately, and then take the tree unfolding of thi abtract rogram model. The abtract model can be an abtraction of the rogram at any level of abtraction: from the keletal control-flow grah to boolean redicate abtraction of rogram. We define the viibly uhdown µ-calculu (VP-µ) over tructured tree. The variable of the calculu evaluate not over et of tate, but rather over et of ubtree that cature ummarie of comutation in the current rogram block. The fixoint oerator in the logic then comute fixoint of ummarie. For a given tate of a tructured tree, conider the ubtree rooted at uch that the leave correond to exit from the current block: different ath in the ubtree correond to different comutation of the rogram, and the firt unmatched return edge along a ath lead to a leaf (ome ath may be infinite correonding to cycle that never return in the abtracted rogram). In order to be able to relate ath in thi ubtree to the tree rooted at the leave, we allow marking of the leave: a 1-ary ummary i ecified by the root and a ubet U of the leave of the ubtree rooted at. Each formula of the logic i evaluated over uch a ummary. The central contruct of the logic correond to concatenation of call tree: the formula call ϕ{ψ} hold at a ummary, U if the tate ha a call-edge to a tate t, and there exit a ummary t, V atifying ϕ and for each leaf v that belong to V, the ubtree v, U atifie ψ. Our logic i bet exlained uing the ecification of local reachability: let u identify the et of all ummarie, U uch that there i a local ath from to ome node in U (i.e. all call from the initial rocedure mut have returned before reaching U). In our logic, thi i written a the formula ϕ = µx. ret R 1 loc X call X{X}. The above mean that X i the mallet et of ummarie of the form, U uch that (1) there i a ret-labeled edge from to ome node in U, (2) there i a loc-labeled edge from to t and there i a ummary t, U in X, or (3) there i a call-labeled edge from to t and a ummary t, V in X uch that from each v V, v, U i a ummary in X. Notice that the above formula identifie the ummarie in the natural way it will be comuted on a uhdown ytem: comute the local ummarie of each rocedure, and udate the reachability relation uing the call-to-return ummarie found in the rocedure called. Uing the above formula, we can tate local reachability of a tate atifying a: µy.( loc Y call ϕ{y }) which intuitively tate that Y i the et of ummarie (, U) where there i a local ath from to U that goe through a tate atifying. The initial ummary (involving the initial tate of the rogram) atifie the formula only if a -labeled tate i reachable in the to-mot context, which cannot be tated in the tandard µ-calculu. Thi examle alo illutrate how local flow in the context of dataflow analyi can be catured uing our logic. In general, we allow marking of the leave with k color: a k-colored ummary rooted at a node conit of k ubet of the leave of the ubtree rooted at thi node. The k-ary concatenation formula call ϕ{ψ 1,... ψ k } ay that the called rocedure hould atify ϕ, and the ubtree at the return node labeled with color i hould atify the requirement ψ i. While the concatenation oeration i a owerful recurive contruct that allow the logic to exre uhdown roertie, multile color allow exreion of branching-time roertie that can roagate between the called and the calling context. The main reult of thi aer i that the logic VP-µ can be model-checked effectively. Given a model of a rogram a a recurive tate machine [3, 7], or equivalently a uhdown ytem, and a VP-µ formula ϕ, we how that we can model-check whether the tree unfolding of the model atifie ϕ in exonential time (the rocedure i exonential in both the formula and the model). For a fixed formula ϕ, however, the model-checking roblem i only olynomial in the number of tate in the model and exonential in the number of control location where a rocedure in the model may return. The model-checking algorithm work by comuting fix-oint of the ummary et inductively, and illutrate how the emantic of the logic naturally ugget a model-checking algorithm. The comlexity of model-checking VP-µ i EXPTIMEcomlete, which matche the comlexity of model-checking the tandard µ-calculu on uhdown ytem (in fact, model-checking alternating reachability roertie i already EXPTIME hard [26]). Finally, we tudy ome exreivene iue for the logic VP- µ. We firt how that VP-µ cature the temoral logic CARET, which i a linear-time temoral logic over viibly uhdown word that can cature everal intereting uhdown ecification roertie. Thi how that our branching-time logic cature the relevant counterart logic over linear model, much the ame way a the tandard µ-calculu cature the temoral logic LTL. Thi make VP-µ the mot exreive known ecification logic of rogram with a decidable model checking roblem with reect to Boolean rogram. We alo how that the notion of k-color in the logic i imortant by roving a hierarchy theorem: formula of VP-µ that ue k color are trictly weaker than formula that ue (k + 1) color. Finally, we how that the atifiability roblem for VP-µ i undecidable. Note that thi i not an iue a we are really only intereted in the model-checking roblem; in fact the reult erve to illutrate how owerful the logic VP-µ i. The aer i organized a follow. Section 2 introduce tructured tree and ummarie and Section 3 define the logic VP-µ. In Section 4 we reent variou roertie that can be exreed uing VP-µ, including reachability, local reachability, exreion for variou temoral modalitie like eventually and until, ecurity roertie that involve inection of tack, tack overflow roertie, roertie decribing re and ot-condition for rocedure, roertie of acce control and ome data-flow analyi roertie
5 uch a very buy exreion. Section 5 how how recurive tate machine model of rogram can be model-checked againt VP-µ formula, Section 6 contain reult on exreivene and undecidability of atifiability, and we conclude with ome dicuion in Section Structured tree Let AP be a finite et of atomic rooition, and I = {call, ret, loc} a fixed et of tag. We are intereted in tree whoe node and edge are reectively labeled by rooition and tag, and model abtract tate and tatement in equential, tructured, oibly recurive rogram. Formally, an (AP, I)-labeled tree i a tule S = (S, 0, E, λ, η), where (S, 0, E) i a tree with node et S, root node 0 and edge relation E, the node-labeling function λ : S 2 AP label node with et of rooition they atify, and the tranition-labeling function η : E I tag tranition a rocedure call (labeled by call), rocedure return (ret), or local a tatement within rocedure (loc). For a I, we write a horthand for (, ) E and η((, )) = a. A finite ath in an (AP, I)-labeled tree i a equence π = n over S uch that ( i, i+1) E for all 1 i < n. We will extend η to ath in S a follow. Let e i rereent the tranition ( i, i+1) in the above ath π. Then η(π) i the word η(e 1)η(e 2)... η(e n 1) over the alhabet I. Such a labeling let u mark certain ath in S a matched. A ath π in S i called matched if and only if w = η(π) i of the form Sfrag relacement w := loc call w ret ww. Given node and in S, we call a matching return of if and only if there i a matched ath π = n uch that ret n. Intuitively, model the firt tate that the underlying rogram reache on oing the context of off it tack frame. The et of matching return of i written a MR(). Then: DEFINITION 1. A tructured tree over AP i an (AP, I)-labeled tree with root 0 that atifie MR( 0) =. (a) 2 1 (b) q q 7 5 q q q color 2 q color 1 12 Legend: ret call loc Figure 1. (a) A tructured tree (b) A 2-colored ummary Intuitively, ath from the root in tructured tree do not have exce return that do not match any call a tructured tree model the branching behavior of a rogram from a tate to, at mot, the end of the rocedural context where lie. Alo oberve that the maximal ubtree rooted at an arbitrary node in a tructured tree i not, in general, tructured. Fig. 1-a how a tructured tree, with node 1,..., 15 and tranition labeled call, ret and loc. Some of the node are labeled by rooition and q. Note articularly the matching return relation; for intance, the node 10, 11, 12, and 15 are matching return for the node 2. Alo, MR( 1) =. 2.1 Summarie We are intereted in ubtree of tructured tree wholly contained within rocedural context; uch a ubtree model the branching behavior of a rogram from a tate to each return oint of it context. Each uch ubtree rooted at ha a ummary comriing (1) the node, and (2) the et of all node that are reached on return from it context, i.e., MR(). Alo, in order to demand different temoral requirement at different return for a context, we introduce a coloring of node in MR() intuitively, a return get color i if it i to atify the i-th requirement. Note that uch colored ummarie are defined for all and that, in articular, we do not require to be an entry node of a rocedure. Set of uch ummarie define the emantic of formula in VP-µ. Formally, for a non-negative integer k, a k-colored ummary i a tule, U 1, U 2,..., U k, where S and U 1, U 2,..., U k MR(). For examle, in Fig. 1-a, 1 i a valid 0-colored ummary, and 2, { 11, 12}, { 10, 12} and 3, { 6}, are valid 2-colored ummarie. The et of all ummarie in S, each k-colored for ome k, i denoted by S. Oberve how each ummary decribe a ubtree along with a coloring of ome of it leave. For intance, the ummary = 2, { 11, 12}, { 10, 12} mark the ubtree in Fig. 1-b. Such a tree may be contructed by taking the ubtree of S rooted at node 2, and choing off the ubtree rooted at MR( 2). Note that becaue of unmatched infinite ath from the root, uch a tree may in general be infinite. Now, node 11 and 12 are aigned the color 1, and node 10 and 12 are colored 2. The node 15 i not colored. Alo, note that in the linear-time etting, a air (, ), where MR(), would uffice a a ummary, and that thi i the way in which traditional ummarization-baed deciion rocedure have defined ummarie. On the other hand, for branching-time reaoning, uch a imle definition i not enough. 3. A fixoint calculu of call and return 3.1 Syntax In addition to being interreted over ummarie, the logic VP-µ differ from claical calculi like the modal µ-calculu [20] in a crucial way: it yntax and emantic exlicitly recognize the rocedural tructure of rogram via modalitie call, ret and loc. A ditinction i made between call-edge, along which a rogram uhe frame on it tack, ret-edge, which require a o from the tack, and loc-edge, which change the rogram counter and local and global tore without modifying the tack. Alo, in order to enforce different return condition at differently colored return in a ummary, it can a formula a arameter to call modalitie. Formally, let AP be a finite et of atomic rooition, Var be a finite et of variable, and {R 1, R 2,...} be a et of marker. Then, for AP and X Var, formula ϕ of VP-µ are defined by: ϕ := X ϕ ϕ ϕ ϕ µx.φ νx.φ call ϕ{ψ 1, ψ 2,..., ψ k } [call] ϕ{ψ 1, ψ 2,..., ψ k } loc ϕ [loc] ϕ ret R i [ret] R i, where k 0 and i 1. Let u define the yntactic horthand tt = and ff = for ome AP. Alo, let the arity of a VP-µ formula ϕ be the maximum k uch that ϕ ha a ubformula of the form call ϕ {ψ 1,..., ψ k } or [call]ϕ {ψ 1,..., ψ k }. Intuitively, the marker R i in a formula are bound by call and [call] modalitie, and variable X are bound by fixoint quantifier µx and νx. We require our call-formula to bind all the marker in their coe. Formally, let the maximum marker index ind(ϕ) of a formula ϕ be defined inductively a: ind(ϕ 1 ϕ 2) = ind(ϕ 1 ϕ 2) = max{ind(ϕ 1), ind(ϕ 2)}; ind( loc ϕ) = ind([loc]ϕ) = ind(µx.ϕ) = ind(νx.ϕ) = ind(ϕ); and
6 (a) 10 (c) P 1 foo P 2 color 1 1 color 2 2 (b) P 1 P 2 color 1 r 1 r2 r 3 color 2 Figure 2. (a) Local modalitie (b) Call modalitie (c) Matching context. ind( ret R i) = ind([ret]r i) = i. For each AP and X Var, let u define ind() = ind(x) = 0. Finally, let u have ind( call ϕ{ψ 1,..., ψ k }) = ind([call]ϕ{ψ 1,..., ψ k }) = max{ind(ψ 1),..., ind(ψ k )}. We will only be intereted in formula where for every ubformula χ of the form call χ {ψ 1,..., ψ k } or [call]χ {ψ 1,..., ψ k }, we have ind(χ ) k. Such a formula ϕ i aid to be marker-cloed if ind(ϕ) = 0. The et Free(ϕ) of free variable in a VP-µ formula ϕ i defined a: Free(ϕ 1 ϕ 2) = Free(ϕ 1 ϕ 2) = Free(ϕ 1) Free(ϕ 2); Free( loc ϕ) = Free([loc]ϕ) = Free(ϕ); and Free( ret R i) = Free([ret]R i) =. We have Free( call ϕ{ψ 1,..., ψ k }) = Free([call]ϕ{ψ 1,..., ψ k }) = Free(ϕ) Free(ψ 1)... Free(ψ k ); for each AP and X Var, Free() = and Free(X) = {X}. Finally, we have Free(µX.ϕ) = Free(νX.ϕ) = Free(ϕ) \ {X}. A formula ϕ i aid to be variable-cloed if it ha Free(ϕ) =. We call ϕ cloed if it i marker-cloed and variablecloed. 3.2 Semantic Like in the modal µ-calculu, formula in VP-µ encode et, in thi cae et of ummarie. Alo like in the µ-calculu, modalitie and boolean and fixed-oint oerator allow u to encode comutation on thee et. To undertand the emantic of local ( loc and [loc]) modalitie in VP-µ, conider the 2-colored ummary = 3, { 6}, { 8} in the tree S in Fig. 1-a. We oberve that when control move from node 3 to 5 along a local edge, the current context tay the ame, but the et of return that can end it and are reachable from the current control oint get retricted (MR( 5) MR( 3)). The temoral requirement that we demand on return from the current context tay the ame modulo thi retriction. Conequently, the 2- colored ummary = 5,, { 8} decribe rogram flow from thi oint to the end of the current context and the requirement to be atified at the latter. We ue modalitie loc and [loc] to reaon about uch local ucceion. For intance, in thi cae, ummary will be aid to atify the formula loc q. An intereting viual inight about the tructure of the tree S for come from Fig. 2-a. Note that the tree S for hang from the former by a local edge; additionally, (1) every leaf of S i a leaf of S, and (2) uch a leaf get the ame color in and. Succeion along call edge i more comlex, becaue along uch an edge, a frame i uhed on a rogram tack and a new calling context get defined. In Fig. 1-a, take the ummary = 2, { 11}, { 12}, and uoe we want to aert a 3- arameter call formula call ϕ {q,, tt} at 2. Thi require u to conider a 3-colored ummary of the context tarting at 3, where matching return of 3 atifying q, and tt are reectively marked by color 1, 2 and 3. Clearly, thi ummary i = 3, { 6}, { 8}, { 6, 8}. Our formula require that atifie ϕ. In general, we could have formula of the form ϕ = call ϕ {ψ 1, ψ 2,..., ψ k }, where ψ i are arbitrary VP-µ formula. To ee what thi mean, look at the ummarie r 1 = 6,, { 12} and r 2 = 8, { 11},, which cature flow (under the aumed coloring of MR( 2)) from 6 and 8 to the end of the context they are in. To ee if ϕ i atified, we will need to conider a ummary rooted at 3 where the color i i aigned to node 6 and 8 reciely when r 1 and r 2 reectively atify ψ i. Now, we require to atify ϕ. So far a the tructure of thee tree go, we find that the above require a lit of the tree S for ummary in the way hown in Fig. 2-b. The root of thi tree mut have a call-edge to the root of the tree for, which mut atify ϕ. At each leaf of S colored i, we mut be able to concatenate a ummary tree S atifying ψ i uch that (1) every leaf in S i a leaf of S, and (2) each uch leaf get the ame et of color in S and S. A for the return modalitie, we ue them to aert that we return at a oint colored i. Becaue the binding of thee color to temoral requirement wa fixed at a context that called the current context, the ret-modalitie let u relate a ath in the latter with the continuation of a ath in the former. For intance, in Fig. 2- c, where the rectangle abtract the art of a rogram unfolding within the body of a rocedure foo, the marking of return oint 1 and 2 by color 1 and 2 i viible inide foo a well a at the call ite of foo. Thi let u match ath P 1 and P 2 inide foo reectively with ath P 1 and P 2 in the calling rocedure. Thi let VP-µ cature the uhdown tructure of branching-time run of a rocedural rogram. Let u now decribe the emantic of VP-µ formally. A VP-µ formula ϕ i interreted in an environment that interret variable in Free(ϕ) a et of ummarie in a tructured tree S. Formally, an environment i a ma E : Free(ϕ) 2 S. Let u write [ϕ] S E to denote the et of ummarie in S atifying ϕ in environment E (uually S will be undertood from the context, and we will imly write [ϕ] E ). For a ummary =, U 1, U 2,..., U k, where S and U i MR() for all i, atifie ϕ, i.e., [ϕ] E, if and only if one of the following hold: ϕ = AP and λ() ϕ = for ome AP, and / λ() ϕ = X, and E(X) ϕ = ϕ 1 ϕ 2 uch that [ϕ 1 ] E or [ϕ 2 ] E ϕ = ϕ 1 ϕ 2 uch that [ϕ 1 ] E and [ϕ 2 ] E ϕ = call ϕ {ψ 1, ψ 2,..., ψ m}, and there i a t S uch that (1) call t, and (2) the ummary t = t, V 1, V 2,..., V m, where for all 1 i m, V i = MR(t) { :, U 1 MR( ),..., U k MR( ) [ψ i ] E}, i uch that t [ϕ ] E ϕ = [call] ϕ {ψ 1, ψ 2,..., ψ m}, and for all t S uch that call t, the ummary t = t, V 1, V 2,..., V m, where for all 1 i m, V i = MR(t) { :, U 1 MR( ),..., U k MR( ) [ψ i ] E}, i uch that t [ϕ ] E ϕ = loc ϕ, and there i a t S uch that loc t and the ummary t = t, V 1, V 2,..., V k, where V i = MR(t) U i, i uch that t [ϕ ] E ϕ = [loc] ϕ, and for all t S uch that loc t, the ummary t = t, V 1, V 2,..., V k, where V i = MR(t) U i, i uch that t [ϕ ] E
7 ϕ = ret R i, and there i a t S uch that ret t and t U i ϕ = [ret] R i, and for all t S uch that ret t, we have t U i ϕ = µx.ϕ, and S for all S S atifying [ϕ ] E[X:=S] S ϕ = νx.ϕ, and there i ome S S uch that (1) S [ϕ ] E[X:=S] and (2) S. Here E[X := S] i the environment E uch that (1) E (X) = S, and (2) E (Y ) = E(Y ) for all variable Y X. We ay a node atifie a formula ϕ if the 0-colored ummary atifie ϕ. A tructured tree S rooted at 0 i aid atify ϕ if 0 atifie ϕ (we denote thi by S = ϕ). A few obervation are in order. Firt, while VP-µ doe not allow formula of form ϕ, it i cloed under negation o long a we tick to cloed formula. Given a cloed VP-µ formula ϕ, conider the formula Neg(ϕ), defined inductively in the following way: Neg() =, Neg( ) =, Neg(X) = X Neg(ϕ 1 ϕ 2) = Neg(ϕ 1) Neg(ϕ 2), and Neg(ϕ 1 ϕ 2) = Neg(ϕ 1) Neg(ϕ 2) If ϕ = call ϕ {ψ 1, ψ 2,..., ψ k }, then Neg(ϕ) = [call] Neg(ϕ ){Neg(ψ 1), Neg(ψ 2),..., Neg(ψ k )} If ϕ = [call] ϕ {ψ 1, ψ 2,..., ψ k }, then Neg(ϕ) = call Neg(ϕ ){Neg(ψ 1), Neg(ψ 2),..., Neg(ψ k )} Neg( loc ϕ ) = [loc]neg(ϕ ), and Neg([loc]ϕ ) = loc Neg(ϕ ) Neg( ret R i) = [ret]r i, and Neg([ret]R i) = ret R i Neg(µX.ϕ) = νx.neg(ϕ), and Neg(νX.ϕ) = µx.neg(ϕ) Performing induction on the tructure of ϕ, we obtain: THEOREM 1. For all cloed VP-µ formula ϕ, [ϕ] = S \ [Neg(ϕ)]. Second, note that the emantic of cloed VP-µ formula i indeendent of the environment; cutomarily, we will evaluate uch formula in the unique emty environment : S. More imortantly, the emantic of uch a formula ϕ doe not deend on current color aignment; in other word, for all =, U 1, U 2,..., U k, [ϕ] iff [ϕ]. Conequently, when ϕ i cloed, we can infer that node atifie ϕ from ummary atifie ϕ. Third, every VP-µ formula ϕ(x) with a free variable X can be viewed a a ma ϕ(x) : 2 S 2 S defined a follow: for all environment E and all ummary et S S, ϕ(x)(s) = [ϕ(x)] E[X:=S]. It i not hard to verify that thi ma i monotonic, and that therefore, by the Tarki-Knater theorem, it leat and greatet fixed oint exit. The formula µx.ϕ(x) and νx.ϕ(x) reectively evaluate to thee two et. From Tarki- Knater, we alo know that for a VP-µ formula ϕ with one free variable X, the et [µx.ϕ] lie in the equence of ummary et, ϕ( ), ϕ(ϕ( )),..., and that [νx.ϕ] i a member of the equence S, ϕ(s), ϕ(ϕ(s)),.... Fourth, a VP-µ formula ϕ may alo be viewed a a ma ϕ : (U 1, U 2,..., U k ) S, where S i the et of all node uch that U 1, U 2,..., U k MR() and the ummary, U 1, U 2,..., U k atifie ϕ. Naturally, S = if no uch exit. Now, while a VP- µ formula can demand that the color of a return from the current context i i, it cannot aert that the color of a return mut not be i (i.e., there i no formula of the form, ay, ret R i). It follow that the outut of the above ma will tay the ame if we grow any of the et U i of matching return rovided a inut. Formally, let =, U 1,..., U k and =, U 1,... U k be two ummarie uch that U i U i for all i. Then for every environment E and every VP-µ formula ϕ, [ϕ] E if [ϕ] E. Such monotonicity over marking ha an intereting ramification. Let u uoe that in the emantic claue for formula of the form call ϕ {ψ 1, ψ 2,..., ψ k } and [call]ϕ {ψ 1, ψ 2,..., ψ k }, we allow t = t, V 1,..., V k to be any k-colored ummary uch that (1) t [ϕ ] E, and (2) for all i and all V i,, U 1 MR( ), U 2 MR( ),..., U k MR( ) [ψ i ] E. Intuitively, from uch a ummary, one can grow the et U i to get the maximal t that we ued in thee two claue. From the above dicuion, VP-µ and thi modified logic have equivalent emantic. Finally, let u ee what would haen if we did allow formula of form ret R i (at a ummary, U 1,..., U k, the above hold iff there i an edge ret t uch that t / U i). It turn out that formula involving the above need not be monotonic, and hence their fixoint may not exit. To ee why, conider the formula ϕ = call ( ret R 1 ret ( R 1)){X}) and a tructured tree where the root lead to two ret-children 1 and 2, both of which are leave. Let S 1 = { 1, }, and S 2 = { 1,, 2, }. Viewing ϕ a a ma ϕ : 2 S 2 S, we ee that ϕ(s 1) i not a ubet of ϕ(s 2). 3.3 Biimulation cloure Biimulation i a fundamental relation in the analyi of labeled tranition ytem. The equivalence induced by a variety of branching-time logic, including the µ-calculu, coincide with biimulation. In thi ection, we tudy the equivalence induced by VP-µ, that i, we want to undertand when two node atify the ame et of VP-µ formula. Conider two tructured tree S 1 = (S 1, in 1, E 1, λ 1, η 1) and S 2 = (S 2, in 2, E 2, λ 2, η 2). Let S be S 1 S 2 (we can aume that the et S 1 and S 2 are dijoint), S be the et of all ummarie in S 1 and S 2, and η denote the labeling of S a given by η 1 and η 2. The biimulation relation S S i the greatet relation uch that whenever t hold, (1) η() = η(t), (2) for every edge a a, there i an edge t t uch that t, and (3) for a every edge t t a, there i an edge uch that t. We write S 1 S 2 if in 1 in 2. VP-µ i interreted over ummarie, o we need to lift the biimulation relation to ummarie. A ummary, U 1,... U k S i aid to be biimulation-cloed if for every air u, v MR() of matching return of, if u v, then for each 1 i k, u U i reciely when v U i. Thu, in a biimulation-cloed ummary, the marking doe not ditinguih among biimilar node, and thu, return formula (formula of the form ret R i and [ret]r i) do not dintinguih among biimilar node. Two biimulation-cloed ummarie =, U 1,..., U k and t = t, V 1,..., V k in S and having the ame number of color are aid to be biimilar, written t, iff t, and for each 1 i k, for all u MR() and v MR(t), if u v, then u U i reciely when v V i. Thu, root of biimilar ummarie are biimilar and the correonding marking are union of the ame equivalence clae of the artitioning of the matching return induced by biimilarity. Note that every 0-ary ummary i biimulation-cloed, and biimilarity of 0- ary ummarie coincide with biimilarity of their root. Conider tree S and T in Fig. 3. We have named the node 1, 2, t 1, t 2 etc. and labeled ome of them with rooition. Note that 2 4, hence the ummary 1, { 2}, { 4} in S i not biimulation-cloed. Now conider the biimulation-cloed ummarie 1, { 2, 4}, { 3} and t 1, {t 2}, {t 3}. By our definition they are biimilar. However, the (biimulation-cloed) ummarie 1, { 2, 4}, { 3} and t 1, {t 3}, {t 2} are not. We now want to rove that biimilar ummarie atify the ame VP-µ formula. For an inductive roof, we need to conider the environment alo. We aume that the environment E ma VP-µ
8 call S 2 Legend: ret T loc Figure 3. Biimilarity. variable to ubet of S (the union of the et of ummarie of the dijoint tructure). Such an environment i aid to be biimulationcloed if for every variable X, and for every air of biimilar ummarie t, E(X) reciely when t E(X). LEMMA 1. If E i a biimulation-cloed environment and ϕ i a VP-µ formula, [ϕ] E i biimulation-cloed. Proof: The roof i by induction on the tructure of the formula ϕ. Conider two biimulation-cloed biimilar ummarie =, U 1,... U k and t = t, V 1,... V k, and a biimulation-cloed environment E. We want to how that [ϕ] E reciely when t [ϕ] E. If ϕ i a rooition or negated rooition, the claim follow from biimilarity of node and t. When ϕ i a variable, the claim follow from biimulation cloure of E. We conider a few intereting cae. Suoe ϕ = ret R i. atifie ϕ reciely when ha a return-edge to ome node in U i. Since and t are biimilar, thi can haen reciely when t ha a return edge to a node t biimilar to, and from definition of biimilar ummarie, t mut be in V i, and thu t mut atify ϕ. Suoe ϕ = call ϕ {ψ 1,... ψ m}. Suoe atifie ϕ. Then there i a call-ucceor of uch that, U 1,... U m atifie ϕ, where U i = {u MR( ) u, U 1 MR(u),... U k MR(u) [ψ i ] E}. Since and t are biimilar, there exit a callucceor t of t uch that t. For each 1 i m, let V i = {v MR(t ) u U i. u v}. Verify that the ummarie, U 1,... U m and t, V 1,... V m are biimilar. By induction hyothei, t, V 1,... V m atifie ϕ. Alo, for each v V i, for 1 i m, the ummary v, V 1 MR(v),... V k MR(v) i biimilar to u, U 1 MR(u),... U k MR(u), for ome u U i, and hence, by induction hyothei, atifie ψ i. Thi etablihe that t atifie ϕ. Cae ϕ = µx.ϕ. Let X 0 =. For i 0, let X i+1 = [ϕ ] E[X:=Xi ]. Then [ϕ] E = i 0 X i. Since E i biimulation cloed, and X 0 i biimulation-cloed, by induction, for i 0, each X i i biimulation-cloed, and o i [ϕ] E. A a corollary, we get that if S 1 S 2, then for every cloed VP-µ formula ϕ, S 1 = ϕ reciely when S 2 = ϕ. The roof alo how that to decide whether a tructured tree atifie a cloed VP- µ formula, during the fixoint evaluation, one can retrict attention only to biimulation-cloed ummarie. In other word, we can redefine the emantic of VP-µ o that the et S of ummarie contain only biimulation-cloed ummarie. It alo ugget that to evaluate a cloed VP-µ formula over a tructured tree, one can reduce the tructured tree by collaing biimilar node a in the cae of claical model checking. If the two tructured tree S 1 and S 2 are not biimilar, then there exit a µ-calculu formula (in fact, of the much imler Henney- Milner modal logic, which doe not involve any fixoint) that i atified at the root of only one of the two tree. Thi doe not immediately yield a VP-µ formula that ditinguihe the two tree becaue VP-µ formula cannot aert requirement acro t 2 t 1 t 4 t 3 return-edge in a direct way. However, a more comlex encoding i oible. We defer the detail to the full aer. Thu, two tructured tree atify the ame et of cloed VP-µ formula reciely when they are biimilar. Let u conider two arbitrary node and t (in the ame tructured tree, or in two different tructured tree). When do thee two node atify the ame et of cloed VP-µ formula? From the argument o far, biimilarity i ufficient. However, the atifaction of a cloed VP-µ formula at a node deend olely on the ubtree rooted at and truncated at the matching return of. In fact, the full ubtree rooted at may not be tructured a it can contain exce return. For a tructured tree S, and a node, let S denote the tructured tree rooted at obtained by deleting all the return-edge leading to the node in MR(). For intance, in Fig. 3, S 1 comrie node 1 and 5 and the loc-edge connecting them. It i eay to check that if ϕ i a cloed VP-µ formula then atifie ϕ in the original tructured tree reciely when S atifie ϕ. If and t are not bimilar, and the non-biimilarity can be etablihed within the tructured ubtree S and S t rooted at thee node, then ome cloed VP-µ formula can ditinguih them. THEOREM 2. Two node and t atify the ame et of cloed VP- µ formula reciely when S S t. 4. Secifying requirement In thi ection, we exlore how to ue VP-µ a a ecification language. On one hand, we will ee how VP-µ and claical temoral logic differ fundamentally in tyle of exreion; on the other, we will exre roertie not exreible in logic like the µ-calculu. The C rogram in Fig. 4 will be ued to illutrate ome of our ecification. Alo, becaue fixoint formula are tyically hard to read, we will define ome yntactic ugar for VP-µ uing CTLlike temoral oerator. Reachability Let u exre in VP-µ the reachability roerty Reach that ay: a node t atifying rooition can be reached from the current node before the current context end. A a rogram tart with an emty tack frame, we may omit the retriction about the current context if model the initial rogram tate. Now conider a nontrivial witne π for Reach that tart with an edge call. There are two oibilitie: (1) a node atifying i reached in the new context or a context called tranitively from it, and (2) a matching return of i reached, and at, Reach i once again atified. To deal with cae (2), we mark a matching return that lead to by color 1. Let X tore the et of ummarie of form, where atifie Reach. Then we want the ummary, MR() to atify call ϕ {X}, where ϕ tate that can reach one of it matching return of color 1. In cae (1), there i no return requirement (we do not need the original call to return), and we imly aert call X{}. Before we get to ϕ, note that the formula loc X cature the cae when π tart with a local tranition. Combining the two cae and uing CTL-tyle notation, the formula we want i EF = µx.( loc X call X{} call ϕ {X}). Now oberve that ϕ alo exree reachability, excet (1) it target need to atify ret R 1, and (2) thi target need to lie in the ame rocedural context a. In other word, we want to exre what we call local reachability of ret R 1. It i eay to verify that ϕ = µy.( ret R 1 loc Y call Y {Y }). We cannot merely ubtitute for ret R 1 in ϕ to exre local reachability of. However, a formula EF l for thi roerty i
9 eaily obtained by retricting the formula EF : EF l = µx.( loc X call ϕ {X}). For examle, conider the tructured tree in Fig. 4 that model the unfolding of the C rogram in the ame figure. The tranition in the tree are labeled by line number, and ome of the node are labeled by rooition. Suoe we have a rooition free(x) that i true immediately after a line where x i freed, EF l free(x) hold at the entry oint of rocedure foo (node 1). Generalizing, we will allow to be any VP-µ formula that kee EF and EF l cloed. It i eay to verify that the formula AF, which tate that along all ath from the current node, a node atifying i reached before the current context terminate, i given by AF = µx.( ([loc]x [call]ϕ {X})), where ϕ demand that a matching return colored 1 be reached along all local ath: ϕ = µy.( ([ret]r 1 [loc]y [call]y {Y })). A in the reviou cae, we can define a correonding oerator AF l that aert local reachability along all ath. For intance, in Fig. 4, AF l free(x) doe not hold at node 1. Note that the highlight of thi aroach to ecification i the way we lit a rogram unfolding along rocedure boundarie, ecify thee iece modularly, and lug the ummary ecification o obtained into their call ite. Thi interrocedural reaoning ditinguihe it from logic uch a the µ-calculu that would reaon only about global run of the rogram. Alo, there i a ignificant difference in the way fixoint are comuted in VP-µ and the µ-calculu. Conider the fixoint comutation for the µ-calculu formula µx.( X) that exree reachability of a node atifying. The emantic of thi formula i given by a et S X of node which i comuted iteratively. At the end of the i-th te, S X comrie node that have a ath with at mot (i 1) tranition to a node atifying. Contrat thi with the evaluation of the outer fixoint in the VP-µ formula EF. Aume that ϕ (intuitively, the et of jum from call to return ) ha already been evaluated, and conider the et S X of ummarie for EF. At the end of the i-th hae, thi et contain all = uch that ha a ath coniting of (i 1) call and loc-tranition to a node atifying. However, becaue of the ubformula call ϕ {X}, it alo include all where reache via a ath of at mot (i 1) local and jum tranition. Note how return edge are conidered only a art of ummarie lugged into the comutation. Invariance and until Now conider the invariance roerty on ome ath from the current node, roerty hold everywhere till the end of the current context. A VP-µ formula EG for thi i obtained from the identity EG = Neg(AF Neg()). The formula AG, which aert that hold on each oint on each run from the current node, can be written imilarly. Other claic branching-time temoral roertie like the exitential weak until (written a E( 1 W 2)) and the exitential until (E( 1 U 2)) are alo exreible. The former hold if there i a ath π from the current node uch that 1 hold at every oint on π till it reache the end of the current context or a node atifying 2 (if π doen t reach either, 1 mut hold all along on it). The latter, in addition, require 2 to hold at ome oint on π. The for-all-ath analog of thee roertie (A( 1 U 2) and A( 1 W 2)) aren t hard to write either. Neither i it difficult to exre local or ame-context verion of thee roertie. Conider the maximal ubequence π of a rogram ath π from uch that each node of π belong to the 1 int a, *g; 2 void foo () 4 3 { mod l (e) 4 int *x, b=1; 5 5 x = ALLOC(int); 6 g = x; 7 bar (); 6 8 free (x); c bar 9 b = a*a + b*b; 7 10 return; 11 } 15 c foo mod 12 void bar () 17 g(e) PSfrag relacementfree(g) 13 { int y; a++; 16 if (y==0) free(g); free(x) 18 ele 19 foo (); return; ue e 21 } mod l (e)... Figure 4. A C examle ame rocedural context a. A VP-µ formula EG l for exitential local invariance demand that hold on ome uch π, while AG l aert the ame for all π. Similarly, we can define exitential and univeral local until roertie, and correonding VP-µ formula E( 1 U l 2) and A( 1 U l 2). For intance, in Fig. 4, E( free(g) U l free(x)) hold at node 1 (wherea E( free(g) U free(x)) doe not). Weak verion of thee formula are alo written with eae. For intance, it i eay to verify that we can write generic exitential, local, weak until roertie a E( 1 W l 2) = νx.(( 1 2) ( 2 loc X call ϕ {X})), where ϕ aert local reachability of ret R 1 a before. Interrocedural dataflow analyi It i well-known that many claic dataflow analyi roblem can be reduced to temoral logic model-checking over rogram abtraction [24, 23]. For examle, conider the roblem of finding very buy exreion in a rogram that arie in comiler otimization. An exreion e i aid to be very buy at a rogram oint if every ath from mut evaluate e before any variable in e i redefined. Let u firt aume that all variable are in coe all the time along every ath from. Now label every node in the rogram unfolding right after a tatement evaluating e by a rooition ue(e), and every node reached via redefinition of a variable in e by mod(e) (ee Fig. 4). Becaue of loo in the flow grah, we would not exect every ath from to eventually atify ue(e); however, we can demand that each oint in uch a loo will have a ath to a loo exit from where a ue of e would be reachable. Then a VP-µ formula that demand that e i very buy at i 1 A((EF ue(e) mod(e)) W ue(e)). Note that thi roerty ue the ower of VP-µ to reaon about branching time. However, comlication arie if we are conidering interrocedural ath and e ha local a well a global variable. Suoe in Fig 4, the global variable a and the local variable b are two obervable, and we want to check if the exreion e = (a 2 + b 2 ), ued
10 in line 9, i very buy at line 6. We would, a before, track change to a and b between line 6 and 9. But we mut note that a oon a an interrocedural ath π between thee two oint leave the current context, the obervable b fall out of coe. Thi ath may ubequently come back to rocedure foo becaue of recurion, and a new intance of b may be created. However, modification of thi new intance of b hould not caue e not to be very buy in the current context. In other word, we hould only be concerned with the local ue of b. For the ame reaon, ue of e in a different context hould not be of interet of u. On the other hand, the global variable a need to be tracked through every context along a ath before a local ue of e on it. Local temoral roertie come of ue in covering uch cae. Let u define two rooition mod g(e) and mod l (e) that are true at oint where, reectively, a global or a local variable in e i modified. The VP-µ roerty we aert at i νx.(((ef l ue(e)) mod g(e) mod l (e)) ue(e)) (ue(e) ([loc]x [call]ψ{x, tt})), where the formula ψ track global variable like a in new context: ψ = µy.( mod g(e) (([ret]r 1 ret R 2) ([call]y {Y, tt} [loc]y ))). Note the ue of the formula ret R 2 to enure that [ret]r 1 i not vacuouly true. Puhdown ecification The domain where VP-µ tand out mot clearly from reviouly tudied fixoint calculi i that of uhdown ecification, i.e., ecification involving the rogram tack. We have already introduced a cla of uch ecification exreible in VP-µ: that of local temoral roertie. For intance, the formula EF l need to track the rogram tack to know whether a reachable node atifying i indeed in the initial calling context. Some uch ecification have reviouly been dicued in context of the temoral logic CARET. On the other hand, it i well-known that the modal µ-calculu i a regular ecification language (i.e., it i equivalent in exreivene to a cla of finitetate tree automata), and cannot reaon about the tack in thi way. We have already een an alication of thee richer ecification in rogram analyi. In the ret of thi ection, we will ee more of them. Neted formula and tack inection Interetingly, we can exre certain roertie of the tack jut by neting VP-µ formula for (non-local) reachability and invariance. To undertand why, recall that VP-µ formula for reachability and invariance only reaon about node aearing before the end of the context where they were aerted. Now let u try to exre a tack inection roerty uch a if rocedure foo i called, rocedure bar mut not be on the call tack. Secification like thi have reviouly been ued in reearch on oftware ecurity [19, 15], and are not exreible by regular ecification like the µ-calculu. While the temoral logic CARET can exre uch roertie, it require a at-time oerator called caller to do o. To exre thi roerty in VP-µ, we define rooition c foo and c bar that reectively hold at every call ite for foo and bar. Now, auming control tart in foo, conider the formula ϕ = EF (c bar call (EF c foo){}). Thi formula demand a rogram ath where, firt, bar i called (there i no return requirement), and then, before that context i oed off the tack, a call ite for foo i reached. It follow that the roerty we are eeking i Neg(ϕ). Other tack inection roertie exreible in VP-µ include when rocedure foo i called, all rocedure on the tack mut have the neceary rivilege. Combining reaoning about the rogram tack with reaoning about the global evolution of the rogram, VP-µ can even ecify dynamic ecurity contraint where rivilege of rocedure change dynamically deending on the rivilege ued o far. Stack overflow One of the hazard of uing recurive call in a C-like language i that tack overflow, caued by unbounded recurion, i a eriou ecurity vulnerability. VP-µ can ecify requirement that afeguard againt uch error. Once again, neted modalitie come handy. Suoe we aert AG( call ff {}) throughout every context reached through k call in ucceion without intervening return (thi can be ket track of uing a k-length chain of call modalitie). Thi will diallow further call, bounding the tack to height k. Other ecification for tack boundedne include: every call in every rogram execution eventually return. Thi roerty require the rogram tack to be emty infinitely often. Though thi requirement doe not ay how large the tack may get even if a call return, it may till overflow the tack at ome oint. Further, in certain cae, a call may not return becaue of cycle introduced by abtraction. However, it doe rule out infinite recurive loo in many cae; for intance, the rogram in Fig. 4 will fail thi roerty becaue of a real recurive cycle. We cature it by aerting AG Termin at the initial rogram oint, where Termin = [call](af l ( ret R 1)){tt}. Precondition and otcondition For a rogram tate, let u conider the et Jm() of node to which a call from may return. Then the requirement: roerty hold at ome node in Jm() i catured by the VP-µ formula jum = call (EF l ret R 1){}. The dual formula [jum], which require to hold at all uch jum target, i alo eaily contructed. An immediate alication of thi i to encode the artial and total correctne requirement oular in formalim like Hoare logic and JML [9]. A artial correctne requirement for a rocedure A aert that if recondition Pre i atified when A i called, then if A terminate, otcondition Pot hold uon return. Total correctne, additionally, require A to terminate. Thee requirement cannot be exreed uing regular ecification. In VP-µ, let u ay that at every call ite to rocedure A, rooition c A hold. Then a formula for artial correctne, aerted at the initial rogram tate, i AG((Pre c A) [jum]pot). Total correctne i exreed a AG((Pre c A) (Termin [jum]pot)). Acce control The ability of VP-µ to handle local and global variable imultaneouly i ueful in other domain, e.g., acce control. Conider a rocedure A that can be called with a high or low rivilege, and uoe we have a rule that A can acce a databae (rooition acce i true when it doe) only if it i called with a high rivilege (riv hold when it i). It i temting to write a roerty ϕ = riv AG ( acce) to exre thi requirement. However, a context where A ha low rivilege may lead to another where A ha high rivilege via a recurive invocation, and ϕ will not let A acce the databae even in thi new context. The formula we are looking for i really ϕ = riv AG l ( acce), aerted at every call ite for A. Multile return condition A we hall ee in Section 6.2, the theoretical exreivene of VP-µ deend on the fact that we can a multile return condition a arameter to VP-µ call
A Fixpoint Calculus for Local and Global Program Flows
A Fixoint Calculu for Local and Global Program Flow Rajeev Alur Univerity of Pennylvania alur@ci.uenn.edu Swarat Chaudhuri Univerity of Pennylvania warat@ci.uenn.edu P. Madhuudan Univerity of Illinoi,
More information66 Lecture 3 Random Search Tree i unique. Lemma 3. Let X and Y be totally ordered et, and let be a function aigning a ditinct riority in Y to each ele
Lecture 3 Random Search Tree In thi lecture we will decribe a very imle robabilitic data tructure that allow inert, delete, and memberhi tet (among other oeration) in exected logarithmic time. Thee reult
More informationFigure 1 Siemens PSSE Web Site
Stability Analyi of Dynamic Sytem. In the lat few lecture we have een how mall ignal Lalace domain model may be contructed of the dynamic erformance of ower ytem. The tability of uch ytem i a matter of
More informationAdministration, Department of Statistics and Econometrics, Sofia, 1113, bul. Tzarigradsko shose 125, bl.3, Bulgaria,
Adanced Studie in Contemorary Mathematic, (006), No, 47-54 DISTRIBUTIONS OF JOINT SAMPLE CORRELATION COEFFICIENTS OF INDEPEENDENT NORMALLY DISTRIBUTED RANDOM VARIABLES Eelina I Velea, Tzetan G Ignato Roue
More informationProblem Set 8 Solutions
Deign and Analyi of Algorithm April 29, 2015 Maachuett Intitute of Technology 6.046J/18.410J Prof. Erik Demaine, Srini Devada, and Nancy Lynch Problem Set 8 Solution Problem Set 8 Solution Thi problem
More informationLecture 3. Dispersion and waves in cold plasma. Review and extension of the previous lecture. Basic ideas. Kramers-Kronig relations
Lecture 3 Dierion and wave in cold lama Review and extenion of the reviou lecture Baic idea At the reviou lecture, we dicued how to roerly earch for eigenmode (or quai-eigenmode) of a dierive medium. In
More informationAsynchronous cellular automata for pomsets. Institut fur Algebra, Technische Universitat Dresden, D Dresden.
Aynchronou cellular aomata for omet Manfred Drote 1, Paul Gatin 2, and Dietrich Kuke 1y 1 Intit fur Algebra, Techniche Univeritat Dreden, D-0102 Dreden fdrote,kukeg@math.tu-dreden.de 2 LIAFA, ERS 58, Univerite
More informationAvoiding Forbidden Submatrices by Row Deletions
Avoiding Forbidden Submatrice by Row Deletion Sebatian Wernicke, Jochen Alber, Jen Gramm, Jiong Guo, and Rolf Niedermeier Wilhelm-Schickard-Intitut für Informatik, niverität Tübingen, Sand 13, D-72076
More informationUsing Maple to Evaluate the Partial Derivatives of Two-Variables Functions
Available Online at wwwijcmccom International Journal of Comuter Science and Mobile Comuting A Monthly Journal of Comuter Science and Information Technology ISSN 30 088X IJCSMC, Vol, Iue 6, June 013, g5
More informationModel checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]
Chater 5 Model checking, verification of CTL One must verify or exel... doubts, and convert them into the certainty of YES or NO. [Thomas Carlyle] 5. The verification setting Page 66 We introduce linear
More informationCONGRUENCES FOR RAMANUJAN S f AND ω FUNCTIONS VIA GENERALIZED BORCHERDS PRODUCTS. April 10, 2013
CONGRUENCES FOR RAMANUJAN S f AND ω FUNCTIONS VIA GENERALIZED BORCHERDS PRODUCTS JEN BERG, ABEL CASTILLO, ROBERT GRIZZARD, VÍTĚZSLAV KALA, RICHARD MOY, AND CHONGLI WANG Aril 0, 0 Abtract. Bruinier and
More informationLogic, Automata and Games
Logic, Automata and Game Jacque Duparc EJCIM 27 EJCIM, 23-27 January 27 J. Duparc ( & ) Logic, Automata and Game Lyon, 23-27 January 27 / 97 Reference [] K. R. Apt and E. Grädel. Lecture in game theory
More informationGraphs Encoded by Regular Expressions
Grah Encoded by Regular Exreion Stefan Gulan Univerität Trier, FB IV Informatik gulan@uni-trier.de Abtract In the converion of finite automata to regular exreion, an exonential blowu in ize can generally
More informationPreemptive scheduling on a small number of hierarchical machines
Available online at www.ciencedirect.com Information and Computation 06 (008) 60 619 www.elevier.com/locate/ic Preemptive cheduling on a mall number of hierarchical machine György Dóa a, Leah Eptein b,
More informationskipping section 6.6 / 5.6 (generating permutations and combinations) concludes basic counting in Chapter 6 / 5
kiing ection 6.6 / 5.6 generating ermutation and combination conclude baic counting in Chater 6 / 5 on to Chater 7 / 6: Dicrete robability before we go to trickier counting in Chater 8 / 7 age 431-475
More informationDesign of Two-Channel Low-Delay FIR Filter Banks Using Constrained Optimization
contrained otimization, CIT Journal of Comuting and Information Technology, vol. 8, no 4,. 34 348, 2. Deign of Two-Channel Low-Delay FIR Filter Bank Uing Contrained Otimization Abtract Robert Bregović
More informationLecture 9: Shor s Algorithm
Quantum Computation (CMU 8-859BB, Fall 05) Lecture 9: Shor Algorithm October 7, 05 Lecturer: Ryan O Donnell Scribe: Sidhanth Mohanty Overview Let u recall the period finding problem that wa et up a a function
More informationIterative Decoding of Trellis-Constrained Codes inspired by Amplitude Amplification (Preliminary Version)
Iterative Decoding of Trelli-ontrained ode inired by Amlitude Amlification (Preliminary Verion hritian Franck arxiv:190406473v1 [cit] 13 Ar 2019 Abtract We invetigate a novel aroach for the iterative decoding
More informationMemoryle Strategie in Concurrent Game with Reachability Objective Λ Krihnendu Chatterjee y Luca de Alfaro x Thoma A. Henzinger y;z y EECS, Univerity o
Memoryle Strategie in Concurrent Game with Reachability Objective Krihnendu Chatterjee, Luca de Alfaro and Thoma A. Henzinger Report No. UCB/CSD-5-1406 Augut 2005 Computer Science Diviion (EECS) Univerity
More informationarxiv: v2 [math.nt] 1 Jan 2018
A CONTINUOUS ANALOGUE OF LATTICE PATH ENUMERATION: PART II TANAY WAKHARE AND CHRISTOPHE VIGNAT arxiv:66986v [mathnt] Jan 8 Abtract Following the work of Cano and Díaz, we tudy continuou binomial coefficient
More informationRADIATION THERMOMETRY OF METAL IN HIGH TEMPERATURE FURNACE
XVII IMEKO World Congre Metrology in the 3rd Millennium June 22 27, 2003, Dubrovnik, Croatia RADIATION THERMOMETRY OF METAL IN HIGH TEMPERATURE FURNACE Tohru Iuchi, Tohru Furukawa and Nobuharu Sato Deartment
More informationThe Winding Path to RL
Markov Deciion Procee MDP) Ron Parr ComSci 70 Deartment of Comuter Science Duke Univerity With thank to Kri Hauer for ome lide The Winding Path to RL Deciion Theory Decritive theory of otimal behavior
More informationList coloring hypergraphs
Lit coloring hypergraph Penny Haxell Jacque Vertraete Department of Combinatoric and Optimization Univerity of Waterloo Waterloo, Ontario, Canada pehaxell@uwaterloo.ca Department of Mathematic Univerity
More informationTwo-echelon supply chain coordination under information asymmetry with multiple types
Two-echelon uly chain coordination under information aymmetry with multile tye.b.o. Kerkkam & W. van den Heuvel & A.P.M. Wagelman Econometric Intitute eort EI206-8 Abtract We analye a rincial-agent contracting
More information1 Introduction The information retrieval (IR) roblem can be decribed a the quet to nd the et of relevant information object correonding to a given inf
Preferential Model of Query by Navigation P.D. Bruza School of Information Sytem and Reearch Data Network CRC Queenland Univerity of Technology Autralia bruzaici.qut.edu.au B. van Linder Phili Reearch
More informationRisk reducing actions: efficiency evaluation
E TRNCTION on BUINE and ECONOMIC Joel Pereira Jr., ougla Barboa, Patricia Bernarde, Thiago Bruzadelli, Petr Eel, Tiago araiva Ri reducing action: efficiency evaluation JOE PEREIR JR.,2,*, OUG BRBO,4, PTRICI
More informationMidterm 3 Review Solutions by CC
Midterm Review Solution by CC Problem Set u (but do not evaluate) the iterated integral to rereent each of the following. (a) The volume of the olid encloed by the arabaloid z x + y and the lane z, x :
More informationLecture 21. The Lovasz splitting-off lemma Topics in Combinatorial Optimization April 29th, 2004
18.997 Topic in Combinatorial Optimization April 29th, 2004 Lecture 21 Lecturer: Michel X. Goeman Scribe: Mohammad Mahdian 1 The Lovaz plitting-off lemma Lovaz plitting-off lemma tate the following. Theorem
More informationUSEFUL TECHNIQUES FOR FIELD ANALYSTS IN THE DESIGN AND OPTIMIZATION OF LINEAR INDUCTION MOTORS
USEFUL TECHNIQUES FOR FIELD ANALYSTS IN THE DESIGN AND OPTIMIZATION OF LINEAR INDUCTION MOTORS By: K.R. Davey R.C. Zowarka Twelfth Biennial IEEE Conference on Electromagnetic Field Comutation (CEFC 006),
More informationCodes Correcting Two Deletions
1 Code Correcting Two Deletion Ryan Gabry and Frederic Sala Spawar Sytem Center Univerity of California, Lo Angele ryan.gabry@navy.mil fredala@ucla.edu Abtract In thi work, we invetigate the problem of
More informationClasses of Fuzzy Real-Valued Double Sequences Related to the Space p
Global Journal of Science rontier Reearch Mathematic and Deciion Science Volume 3 Iue 6 Verion 0 Year 03 Tye : Double Blind Peer Reviewed International Reearch Journal Publiher: Global Journal Inc USA
More informationarxiv: v1 [quant-ph] 22 Oct 2010
The extenion problem for partial Boolean tructure in Quantum Mechanic Cotantino Budroni 1 and Giovanni Morchio 1, 2 1) Dipartimento di Fiica, Univerità di Pia, Italy 2) INFN, Sezione di Pia, Italy Alternative
More informationLecture 8: Period Finding: Simon s Problem over Z N
Quantum Computation (CMU 8-859BB, Fall 205) Lecture 8: Period Finding: Simon Problem over Z October 5, 205 Lecturer: John Wright Scribe: icola Rech Problem A mentioned previouly, period finding i a rephraing
More informationPrinciples. Model (System Requirements) Answer: Model Checker. Specification (System Property) Yes, if the model satisfies the specification
Model Checking Princiles Model (System Requirements) Secification (System Proerty) Model Checker Answer: Yes, if the model satisfies the secification Counterexamle, otherwise Krike Model Krike Structure
More informationLAPLACE EQUATION IN A DOMAIN WITH A RECTILINEAR CRACK: HIGHER ORDER DERIVATIVES OF THE ENERGY WITH RESPECT TO THE CRACK LENGTH
LAPLACE EQUATION IN A DOMAIN WITH A RECTILINEAR CRACK: HIGHER ORDER DERIVATIVES OF THE ENERGY WITH RESPECT TO THE CRACK LENGTH GIANNI DAL MASO, GIANLUCA ORLANDO, AND RODICA TOADER Abtract We conider the
More informationClustering Methods without Given Number of Clusters
Clutering Method without Given Number of Cluter Peng Xu, Fei Liu Introduction A we now, mean method i a very effective algorithm of clutering. It mot powerful feature i the calability and implicity. However,
More informationCHAPTER 5. The Operational Amplifier 1
EECE22 NETWORK ANALYSIS I Dr. Charle J. Kim Cla Note 9: Oerational Amlifier (OP Am) CHAPTER. The Oerational Amlifier A. INTRODUCTION. The oerational amlifier or o am for hort, i a eratile circuit building
More informationA New Criterion for Meromorphic Multivalent Starlike Functions of Order γ defined by Dziok and Srivastava Operator
Proceeding of the Paitan Academy of Science 5 :77 83 3 Coyright Paitan Academy of Science ISSN: 377-969 rint 36-448 online Paitan Academy of Science Reearch Article A New Criterion for Meromorhic Multivalent
More informationSoftware Model Checking Using Languages of Nested Trees
15 Software Model Checking Using Languages of Nested Trees RAJEEV ALUR, University of Pennsylvania SWARAT CHAUDHURI, Rice University P. MADHUSUDAN, University of Illinois While model checking of pushdown
More informationEstimating Conditional Mean and Difference Between Conditional Mean and Conditional Median
Etimating Conditional Mean and Difference Between Conditional Mean and Conditional Median Liang Peng Deartment of Ri Management and Inurance Georgia State Univerity and Qiwei Yao Deartment of Statitic,
More information11.5 MAP Estimator MAP avoids this Computational Problem!
.5 MAP timator ecall that the hit-or-mi cot function gave the MAP etimator it maimize the a oteriori PDF Q: Given that the MMS etimator i the mot natural one why would we conider the MAP etimator? A: If
More informationGame Relations and Metrics
Game Relation and Metric Luca de Alfaro Computer Engineering Department Univerity of California, Santa Cruz, USA Vihwanath Raman Computer Science Department Univerity of California, Santa Cruz, USA and
More informationON THE UNIQUENESS OF MEROMORPHIC FUNCTIONS SHARING THREE WEIGHTED VALUES. Indrajit Lahiri and Gautam Kumar Ghosh
MATEMATIQKI VESNIK 60 (008), 5 3 UDK 517.546 originalni nauqni rad reearch aer ON THE UNIQUENESS OF MEROMORPHIC FUNCTIONS SHARING THREE WEIGHTED VALUES Indrajit Lahiri and Gautam Kumar Ghoh Abtract. We
More informationROOT LOCUS. Poles and Zeros
Automatic Control Sytem, 343 Deartment of Mechatronic Engineering, German Jordanian Univerity ROOT LOCUS The Root Locu i the ath of the root of the characteritic equation traced out in the - lane a a ytem
More informationNew bounds for Morse clusters
New bound for More cluter Tamá Vinkó Advanced Concept Team, European Space Agency, ESTEC Keplerlaan 1, 2201 AZ Noordwijk, The Netherland Tama.Vinko@ea.int and Arnold Neumaier Fakultät für Mathematik, Univerität
More informationSocial Studies 201 Notes for November 14, 2003
1 Social Studie 201 Note for November 14, 2003 Etimation of a mean, mall ample ize Section 8.4, p. 501. When a reearcher ha only a mall ample ize available, the central limit theorem doe not apply to the
More informationUnbounded solutions of second order discrete BVPs on infinite intervals
Available online at www.tjna.com J. Nonlinear Sci. Appl. 9 206), 357 369 Reearch Article Unbounded olution of econd order dicrete BVP on infinite interval Hairong Lian a,, Jingwu Li a, Ravi P Agarwal b
More informationJul 4, 2005 turbo_code_primer Revision 0.0. Turbo Code Primer
Jul 4, 5 turbo_code_primer Reviion. Turbo Code Primer. Introduction Thi document give a quick tutorial on MAP baed turbo coder. Section develop the background theory. Section work through a imple numerical
More informationPushdown Automaton. CSC 473 Automata, Grammars & Languages 10/14/10. PushDown Automaton. PDA (contʼd) A A A
CSC 473 Automata, Grammar & anguage 10/14/10 Puhdown Automaton Den 2.12: A uhdown automaton M i a 6-tule M = ( Q, ", #,,, F) " = " # { } Q i a inite et, the tate $ = $ # { } i a inite, the inut alhabet
More informationarxiv: v4 [math.co] 21 Sep 2014
ASYMPTOTIC IMPROVEMENT OF THE SUNFLOWER BOUND arxiv:408.367v4 [math.co] 2 Sep 204 JUNICHIRO FUKUYAMA Abtract. A unflower with a core Y i a family B of et uch that U U Y for each two different element U
More informationChapter Landscape of an Optimization Problem. Local Search. Coping With NP-Hardness. Gradient Descent: Vertex Cover
Coping With NP-Hardne Chapter 12 Local Search Q Suppoe I need to olve an NP-hard problem What hould I do? A Theory ay you're unlikely to find poly-time algorithm Mut acrifice one of three deired feature
More informationCTL, the branching-time temporal logic
CTL, the branching-time temoral logic Cătălin Dima Université Paris-Est Créteil Cătălin Dima (UPEC) CTL 1 / 29 Temoral roerties CNIL Safety, termination, mutual exclusion LTL. Liveness, reactiveness, resonsiveness,
More informationSocial Studies 201 Notes for March 18, 2005
1 Social Studie 201 Note for March 18, 2005 Etimation of a mean, mall ample ize Section 8.4, p. 501. When a reearcher ha only a mall ample ize available, the central limit theorem doe not apply to the
More informationRELIABILITY ANALYSIS OF A COMPLEX REPAIRABLE SYSTEM COMPOSED OF TWO 2-OUT-OF-3: G SUBSYSTEMS CONNECTED IN PARALLEL
Journal of Reliability and Statitical Studie; ISSN (Print: 97-8, (Online:9-5666 Vol. 7, Iue Secial (: 89- RELIILITY NLYSIS OF COMPLEX REPIRLE SYSTEM COMPOSE OF TWO -OUT-OF-: G SUSYSTEMS CONNECTE IN PRLLEL
More informationAnalysis the Transient Process of Wind Power Resources when there are Voltage Sags in Distribution Grid
Analyi the Tranient Proce of Wind Power Reource when there are Voltage Sag in Ditribution Grid Do Nhu Y 1,* 1 Hanoi Univerity of ining and Geology, Deartment of Electrification, Electromechanic Faculty,
More informationSOLUTIONS TO ALGEBRAIC GEOMETRY AND ARITHMETIC CURVES BY QING LIU. I will collect my solutions to some of the exercises in this book in this document.
SOLUTIONS TO ALGEBRAIC GEOMETRY AND ARITHMETIC CURVES BY QING LIU CİHAN BAHRAN I will collect my olution to ome of the exercie in thi book in thi document. Section 2.1 1. Let A = k[[t ]] be the ring of
More informationMulticolor Sunflowers
Multicolor Sunflower Dhruv Mubayi Lujia Wang October 19, 2017 Abtract A unflower i a collection of ditinct et uch that the interection of any two of them i the ame a the common interection C of all of
More informationarxiv: v1 [math.mg] 25 Aug 2011
ABSORBING ANGLES, STEINER MINIMAL TREES, AND ANTIPODALITY HORST MARTINI, KONRAD J. SWANEPOEL, AND P. OLOFF DE WET arxiv:08.5046v [math.mg] 25 Aug 20 Abtract. We give a new proof that a tar {op i : i =,...,
More informationDo Dogs Know Bifurcations?
Do Dog Know Bifurcation? Roland Minton Roanoke College Salem, VA 4153 Timothy J. Penning Hoe College Holland, MI 4943 Elvi burt uon the mathematical cene in May, 003. The econd author article "Do Dog Know
More informationSingular perturbation theory
Singular perturbation theory Marc R. Rouel June 21, 2004 1 Introduction When we apply the teady-tate approximation (SSA) in chemical kinetic, we typically argue that ome of the intermediate are highly
More informationTheoretical Computer Science. Optimal algorithms for online scheduling with bounded rearrangement at the end
Theoretical Computer Science 4 (0) 669 678 Content lit available at SciVere ScienceDirect Theoretical Computer Science journal homepage: www.elevier.com/locate/tc Optimal algorithm for online cheduling
More informationEE Control Systems LECTURE 14
Updated: Tueday, March 3, 999 EE 434 - Control Sytem LECTURE 4 Copyright FL Lewi 999 All right reerved ROOT LOCUS DESIGN TECHNIQUE Suppoe the cloed-loop tranfer function depend on a deign parameter k We
More informationPrice Protection with Consumer s Policy Behavior Beibei LI, Huipo WANG and Yunfu HUO
8 3rd International Conference on Society Science and Economic Develoment (ICSSED 8) ISBN: 978--6595-3- Price Protection with Conumer Policy Behavior Beibei LI, Huio WANG and Yunfu HUO No., Xuefu Street,
More informationUnavoidable Cycles in Polynomial-Based Time-Invariant LDPC Convolutional Codes
European Wirele, April 7-9,, Vienna, Autria ISBN 978--87-4-9 VE VERLAG GMBH Unavoidable Cycle in Polynomial-Baed Time-Invariant LPC Convolutional Code Hua Zhou and Norbert Goertz Intitute of Telecommunication
More informationON THE APPROXIMATION ERROR IN HIGH DIMENSIONAL MODEL REPRESENTATION. Xiaoqun Wang
Proceeding of the 2008 Winter Simulation Conference S. J. Maon, R. R. Hill, L. Mönch, O. Roe, T. Jefferon, J. W. Fowler ed. ON THE APPROXIMATION ERROR IN HIGH DIMENSIONAL MODEL REPRESENTATION Xiaoqun Wang
More informationOperational transconductance amplifier based voltage-mode universal filter
Indian Journal of Pure & Alied Phyic ol. 4, etember 005,. 74-79 Oerational tranconductance amlifier baed voltage-mode univeral filter Naeem Ahmad & M R Khan Deartment of Electronic and Communication Engineering,
More informationControl Systems Analysis and Design by the Root-Locus Method
6 Control Sytem Analyi and Deign by the Root-Locu Method 6 1 INTRODUCTION The baic characteritic of the tranient repone of a cloed-loop ytem i cloely related to the location of the cloed-loop pole. If
More informationBayesian Learning, Randomness and Logic. Marc Snir
Bayeian Learning, Randomne and Logic Marc Snir Background! 25 year old work, far from my current reearch! why preent now?! Becaue it wa done when I wa Eli tudent! Becaue it i about the foundation of epitemology!
More information7.2 INVERSE TRANSFORMS AND TRANSFORMS OF DERIVATIVES 281
72 INVERSE TRANSFORMS AND TRANSFORMS OF DERIVATIVES 28 and i 2 Show how Euler formula (page 33) can then be ued to deduce the reult a ( a) 2 b 2 {e at co bt} {e at in bt} b ( a) 2 b 2 5 Under what condition
More informationCopyright 1967, by the author(s). All rights reserved.
Copyright 1967, by the author(). All right reerved. Permiion to make digital or hard copie of all or part of thi work for peronal or claroom ue i granted without fee provided that copie are not made or
More informationHORNSAT, Model Checking, Verication and Games * (Abstract For Category A) Sandeep K. Shukla Harry B. Hunt III Daniel J.
HORNSAT, Model Checking, Verication and Game * (Abtract For Category A) Sandeep K. Shukla Harry B. Hunt III Daniel J. Roenkrantz Department of Computer Science Univerity at Albany { State Univerity of
More informationBasic propositional and. The fundamentals of deduction
Baic ooitional and edicate logic The fundamental of deduction 1 Logic and it alication Logic i the tudy of the atten of deduction Logic lay two main ole in comutation: Modeling : logical entence ae the
More informationNonlinear Single-Particle Dynamics in High Energy Accelerators
Nonlinear Single-Particle Dynamic in High Energy Accelerator Part 6: Canonical Perturbation Theory Nonlinear Single-Particle Dynamic in High Energy Accelerator Thi coure conit of eight lecture: 1. Introduction
More informationMemoryfull Branching-Time Logic
Memoryfull Branching-Time Logic Orna Kuferman 1 and Moshe Y. Vardi 2 1 Hebrew University, School of Engineering and Comuter Science, Jerusalem 91904, Israel Email: orna@cs.huji.ac.il, URL: htt://www.cs.huji.ac.il/
More informationMulticast Network Coding and Field Sizes
Multicat Network Coding and Field Size Qifu (Tyler) Sun, Xunrui Yin, Zongpeng Li, and Keping Long Intitute of Advanced Networking Technology and New Service, Univerity of Science and Technology Beijing,
More informationComputers and Mathematics with Applications. Sharp algebraic periodicity conditions for linear higher order
Computer and Mathematic with Application 64 (2012) 2262 2274 Content lit available at SciVere ScienceDirect Computer and Mathematic with Application journal homepage: wwweleviercom/locate/camwa Sharp algebraic
More informationLecture 7: Testing Distributions
CSE 5: Sublinear (and Streaming) Algorithm Spring 014 Lecture 7: Teting Ditribution April 1, 014 Lecturer: Paul Beame Scribe: Paul Beame 1 Teting Uniformity of Ditribution We return today to property teting
More informationElectronic Theses and Dissertations
Eat Tenneee State Univerity Digital Common @ Eat Tenneee State Univerity Electronic Thee and Diertation Student Work 5-208 Vector Partition Jennifer French Eat Tenneee State Univerity Follow thi and additional
More informationConvex Hulls of Curves Sam Burton
Convex Hull of Curve Sam Burton 1 Introduction Thi paper will primarily be concerned with determining the face of convex hull of curve of the form C = {(t, t a, t b ) t [ 1, 1]}, a < b N in R 3. We hall
More informationBogoliubov Transformation in Classical Mechanics
Bogoliubov Tranformation in Claical Mechanic Canonical Tranformation Suppoe we have a et of complex canonical variable, {a j }, and would like to conider another et of variable, {b }, b b ({a j }). How
More informationNumerical Simulation of Triaxial Compression Stress Paths Tests for Unsaturated Soil
Numerical Simulation of Triaxial Comreion Stre Path Tet for Unaturated Soil Dong Jian-jun Key Laboratory Of Mechanical Reliability For Heavy Equiment And Large Structure of Hebei Province, Yanhan Univerity,
More information4. Connectivity Connectivity Connectivity. Whitney's s connectivity theorem: (G) (G) (G) for special
4. Connectivity 4.. Connectivity Vertex-cut and vertex-connectivity Edge-cut and edge-connectivty Whitney' connectivity theorem: Further theorem for the relation of and graph 4.. The Menger Theorem and
More informationarxiv: v2 [math.nt] 30 Apr 2015
A THEOREM FOR DISTINCT ZEROS OF L-FUNCTIONS École Normale Supérieure arxiv:54.6556v [math.nt] 3 Apr 5 943 Cachan November 9, 7 Abtract In thi paper, we etablih a imple criterion for two L-function L and
More informationTHE SPLITTING SUBSPACE CONJECTURE
THE SPLITTING SUBSPAE ONJETURE ERI HEN AND DENNIS TSENG Abtract We anwer a uetion by Niederreiter concerning the enumeration of a cla of ubpace of finite dimenional vector pace over finite field by proving
More informationCS 170: Midterm Exam II University of California at Berkeley Department of Electrical Engineering and Computer Sciences Computer Science Division
1 1 April 000 Demmel / Shewchuk CS 170: Midterm Exam II Univerity of California at Berkeley Department of Electrical Engineering and Computer Science Computer Science Diviion hi i a cloed book, cloed calculator,
More informationLINEAR ALGEBRA METHOD IN COMBINATORICS. Theorem 1.1 (Oddtown theorem). In a town of n citizens, no more than n clubs can be formed under the rules
LINEAR ALGEBRA METHOD IN COMBINATORICS 1 Warming-up example Theorem 11 (Oddtown theorem) In a town of n citizen, no more tha club can be formed under the rule each club have an odd number of member each
More informationarxiv: v2 [math.co] 11 Sep 2017
The maximum number of clique in graph without long cycle Ruth Luo September 13, 017 arxiv:1701.0747v [math.co] 11 Sep 017 Abtract The Erdő Gallai Theorem tate that for k 3 every graph on n vertice with
More informationOptimal Coordination of Samples in Business Surveys
Paper preented at the ICES-III, June 8-, 007, Montreal, Quebec, Canada Optimal Coordination of Sample in Buine Survey enka Mach, Ioana Şchiopu-Kratina, Philip T Rei, Jean-Marc Fillion Statitic Canada New
More informationSOME RESULTS ON INFINITE POWER TOWERS
NNTDM 16 2010) 3, 18-24 SOME RESULTS ON INFINITE POWER TOWERS Mladen Vailev - Miana 5, V. Hugo Str., Sofia 1124, Bulgaria E-mail:miana@abv.bg Abtract To my friend Kratyu Gumnerov In the paper the infinite
More informationThe Axiom of Choice and the Law of Excluded Middle in Weak Set Theories
The Axiom of Choice and the Law of Excluded Middle in Weak Set Theorie John L. Bell Department of Philoophy, Univerity of Wetern Ontario In contructive mathematic the axiom of choice (AC) ha a omewhat
More informationUNIT 15 RELIABILITY EVALUATION OF k-out-of-n AND STANDBY SYSTEMS
UNIT 1 RELIABILITY EVALUATION OF k-out-of-n AND STANDBY SYSTEMS Structure 1.1 Introduction Objective 1.2 Redundancy 1.3 Reliability of k-out-of-n Sytem 1.4 Reliability of Standby Sytem 1. Summary 1.6 Solution/Anwer
More informationMATEMATIK Datum: Tid: eftermiddag. A.Heintz Telefonvakt: Anders Martinsson Tel.:
MATEMATIK Datum: 20-08-25 Tid: eftermiddag GU, Chalmer Hjälpmedel: inga A.Heintz Telefonvakt: Ander Martinon Tel.: 073-07926. Löningar till tenta i ODE och matematik modellering, MMG5, MVE6. Define what
More informationarxiv: v1 [math.ac] 30 Nov 2012
ON MODULAR INVARIANTS OF A VECTOR AND A COVECTOR YIN CHEN arxiv:73v [mathac 3 Nov Abtract Let S L (F q be the pecial linear group over a finite field F q, V be the -dimenional natural repreentation of
More informationNCAAPMT Calculus Challenge Challenge #3 Due: October 26, 2011
NCAAPMT Calculu Challenge 011 01 Challenge #3 Due: October 6, 011 A Model of Traffic Flow Everyone ha at ome time been on a multi-lane highway and encountered road contruction that required the traffic
More informationOn the Unit Groups of a Class of Total Quotient Rings of Characteristic p k with k 3
International Journal of Algebra, Vol, 207, no 3, 27-35 HIKARI Ltd, wwwm-hikaricom http://doiorg/02988/ija2076750 On the Unit Group of a Cla of Total Quotient Ring of Characteritic p k with k 3 Wanambii
More informationCOHOMOLOGY AS A LOCAL-TO-GLOBAL BRIDGE
COHOMOLOGY AS A LOCAL-TO-GLOBAL BRIDGE LIVIU I. NICOLAESCU ABSTRACT. I dicu low dimenional incarnation of cohomology and illutrate how baic cohomological principle lead to a proof of Sperner lemma. CONTENTS.
More informationIEOR 3106: Fall 2013, Professor Whitt Topics for Discussion: Tuesday, November 19 Alternating Renewal Processes and The Renewal Equation
IEOR 316: Fall 213, Profeor Whitt Topic for Dicuion: Tueday, November 19 Alternating Renewal Procee and The Renewal Equation 1 Alternating Renewal Procee An alternating renewal proce alternate between
More informationSimulation of Wound Rotor Synchronous Machine under Voltage Sags
Simulation of Wound Rotor Synchronou Machine under oltage Sag D. Aguilar, G. azquez, Student Member, IEEE, A. Rolan, Student Member, IEEE, J. Rocabert, Student Member, IEEE, F. Córcole, Member, IEEE, and
More informationHybrid Control and Switched Systems. Lecture #6 Reachability
Hbrid Control and Switched Stem Lecture #6 Reachabilit João P. Hepanha Univerit of California at Santa Barbara Summar Review of previou lecture Reachabilit tranition tem reachabilit algorithm backward
More information(b) Is the game below solvable by iterated strict dominance? Does it have a unique Nash equilibrium?
14.1 Final Exam Anwer all quetion. You have 3 hour in which to complete the exam. 1. (60 Minute 40 Point) Anwer each of the following ubquetion briefly. Pleae how your calculation and provide rough explanation
More information