On Model Checking for Visibly Pushdown Automata

Similar documents
Regularity Problems for Visibly Pushdown Languages

Pushdown automata. Twan van Laarhoven. Institute for Computing and Information Sciences Intelligent Systems Radboud University Nijmegen

Safety Properties for Querying XML Streams

Homework Assignment 6 Answers

DM17. Beregnelighed. Jacob Aae Mikkelsen

Foundations of Informatics: a Bridging Course

Logic Model Checking

CSE 105 THEORY OF COMPUTATION

CSE 105 THEORY OF COMPUTATION

THEORY OF COMPUTATION (AUBER) EXAM CRIB SHEET

Deterministic PDA s. Deepak D Souza. 08 Nov Department of Computer Science and Automation Indian Institute of Science, Bangalore.

SYLLABUS. Introduction to Finite Automata, Central Concepts of Automata Theory. CHAPTER - 3 : REGULAR EXPRESSIONS AND LANGUAGES

Visibly Linear Dynamic Logic

Pushdown Automata (Pre Lecture)

Deterministic PDA s. Deepak D Souza. 21 October Department of Computer Science and Automation Indian Institute of Science, Bangalore.

Computability and Complexity

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

Pushdown Automata. Chapter 12

Computational Models - Lecture 5 1

CSE 105 THEORY OF COMPUTATION

1. Draw a parse tree for the following derivation: S C A C C A b b b b A b b b b B b b b b a A a a b b b b a b a a b b 2. Show on your parse tree u,

CSE 105 THEORY OF COMPUTATION. Spring 2018 review class

Additive Number Theory and Automata

Introduction. Büchi Automata and Model Checking. Outline. Büchi Automata. The simplest computation model for infinite behaviors is the

CSE 105 THEORY OF COMPUTATION

Part I: Definitions and Properties

Computability and Complexity

Harvard CS 121 and CSCI E-207 Lecture 10: CFLs: PDAs, Closure Properties, and Non-CFLs

Pushdown Automata. We have seen examples of context-free languages that are not regular, and hence can not be recognized by finite automata.

Model Checking Procedural Programs

CSE 105 THEORY OF COMPUTATION

Hubert Comon-Lundh Florent Jacquemard Nicolas Perrin. Tree Automata with Memory, Visibility and Structural Constraints. Research Report LSV-07-01

Pushdown Automata. Pushdown Automata. Pushdown Automata. Pushdown Automata. Pushdown Automata. Pushdown Automata. The stack

CPS 220 Theory of Computation Pushdown Automata (PDA)

Sums of Palindromes: An Approach via Automata

Sanjit A. Seshia EECS, UC Berkeley

Università degli studi di Napoli Federico II

CS 455/555: Finite automata

Automata-Theoretic LTL Model-Checking

Closure Properties of Regular Languages. Union, Intersection, Difference, Concatenation, Kleene Closure, Reversal, Homomorphism, Inverse Homomorphism

Automata, Logic and Games: Theory and Application

Undecidable Problems and Reducibility

T (s, xa) = T (T (s, x), a). The language recognized by M, denoted L(M), is the set of strings accepted by M. That is,

Variable Automata over Infinite Alphabets

FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY

A Unifying Approach for Multistack Pushdown Automata (Track B)

Push-down Automata = FA + Stack

Finite Automata and Regular languages

Outline. CS21 Decidability and Tractability. Machine view of FA. Machine view of FA. Machine view of FA. Machine view of FA.

C6.2 Push-Down Automata

Antichain Algorithms for Finite Automata

Automata-based Verification - III

Weak Synchronization & Synchronizability. Multi-tape Automata and Machines

Automata Theory. Lecture on Discussion Course of CS120. Runzhe SJTU ACM CLASS

Theory of Computation

Sri vidya college of engineering and technology

CS 154, Lecture 2: Finite Automata, Closure Properties Nondeterminism,

arxiv: v2 [cs.fl] 29 Nov 2013

Models for Efficient Timed Verification

ECS 120: Theory of Computation UC Davis Phillip Rogaway February 16, Midterm Exam

MA/CSSE 474 Theory of Computation

Introduction to Languages and Computation

Computation Histories

Theory of Computation

Equivalence of DFAs and NFAs

CPS 220 Theory of Computation REGULAR LANGUAGES

Nondeterministic Finite Automata

CSCE 551: Chin-Tser Huang. University of South Carolina

3515ICT: Theory of Computation. Regular languages

Inf2A: Converting from NFAs to DFAs and Closure Properties

Lecture 6: Reachability Analysis of Timed and Hybrid Automata

Alan Bundy. Automated Reasoning LTL Model Checking

Harvard CS 121 and CSCI E-207 Lecture 10: Ambiguity, Pushdown Automata

CP405 Theory of Computation

Decidability (What, stuff is unsolvable?)

October 6, Equivalence of Pushdown Automata with Context-Free Gramm

Theory Bridge Exam Example Questions

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

Languages. Non deterministic finite automata with ε transitions. First there was the DFA. Finite Automata. Non-Deterministic Finite Automata (NFA)

3130CIT Theory of Computation

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

Context-Free Languages

Computational Models - Lecture 4

Computational Models Lecture 5

CS 301. Lecture 18 Decidable languages. Stephen Checkoway. April 2, 2018

COM364 Automata Theory Lecture Note 2 - Nondeterminism

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

On the Accepting Power of 2-Tape Büchi Automata

The Pumping Lemma. for all n 0, u 1 v n u 2 L (i.e. u 1 u 2 L, u 1 vu 2 L [but we knew that anyway], u 1 vvu 2 L, u 1 vvvu 2 L, etc.

Reachability Analysis of Pushdown Automata with an Upper Stack

Languages, regular languages, finite automata

Theory of Computation Turing Machine and Pushdown Automata

Final exam study sheet for CS3719 Turing machines and decidability.

Symbolic Backwards-Reachability Analysis for Higher-Order Pushdown Systems

A Enforceable Security Policies Revisited

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Büchi Automata and their closure properties. - Ajith S and Ankit Kumar

The Minimal Cost Reachability Problem in Priced Timed Pushdown Systems

Introduction to Formal Languages, Automata and Computability p.1/42

Unary Automatic Graphs: An Algorithmic Perspective 1

Transcription:

Japan Institute of Advanced Industrial Science and Technology Research Center for Specification and Verification LATA 2012 On Model Checking for Visibly Pushdown Automata Nguyen Van Tang and Hitoshi Ohsaki March 06, 2012 1

Outline Motivation Model Checking and Inclusion Problem Visibly Pushdown Automata P-Automata Computing Reachable Configurations On-the-fly model checking for VPA On-the-fly: Minimal determinization + P-automata Optimize Reachable Configurations Experiments Conclusions 2

M S Model Checking 1980s: Clarke, Sifakis, Holzmann, Alur, Model Checker Yes/proof No/Counter-example Model Checking L(M) L(S) Advantages: Automated formal verification, effective debugging tool Industrial Success: SMV/NuSMV, SPIN, UPPAAL, 3

Inclusion Problems: L(M) L(S) Model checking regular properties (CTL, LTL): SPIN Pushdown model checking regular properties: MoPed M: FA, S: FA Decidable M: PDA, S: FA Decidable M: PDA, S: PDA Undecidable Pushdown model checking context-free properties: High complexity, no efficient implementation. M: VPA, S: VPA Decidable (2004) Our Focus 4

Input tape Pushdown Automata Pushdown stack Control Locations Pushdown Automaton = Finite Automaton + 1 stack Deter. Union Inter. Comp. Emptiness Inclusion No Yes No No Yes No Emptiness checking Pumping lemma: easy to understand, but inefficient P-automata: finite automata-based representation, efficient Esparza et al. CAV 2000 5

Visibly Pushdown Automata Alur & Madhusudan, STOC 2004 a call q X Y Z a call Σ c e.g., call, <html> q Y Z a int q Y Z a int Σ i a ret q Z a ret Σ r e.g., return, </html> Relationships: FA Parenthesis languages VPA PDA Properties: Have good closure properties and decidability results 6

Model Checking and Inclusion Problems Model checking as inclusion problem L(M) L(S) L(M) L(S) = S : determinization and take complement S M S : product M S : emptiness (equivalent to reachability) checking Decidable Instances M, S : Finite (Büchi) Automata (e.g., SPIN) M : Pushdown Automaton, S : Finite Automaton (e.g., MoPed) M, S : Visibly Pushdown Automata M, S : Pushdown Automata 7 OK

Practically Efficient Algorithms Determinization/complementaion step is heavy Finite automata O(2 n ) Antichain CAV 2006 Büchi automata O(2 n log n ) VPA O(2 n 2) Efficient emptiness checking for PDA P-automata (Esparza et.al. 2000) Our Contribution Practically efficient algorithms for VPA On-the-fly: on-demand determinization/p-automata Optimized: minimal determinization/p-automata 8

Antichain Idea: Universality of Finite Automata In subset construction... u Set Keep minimal one is enough! I w Set Wulf. et al., CAV 2006 If u is accepted, w is accepted 9

Computing Antichains for Finite Automata Antichain (incomparable set) of minimal post-sets C 0 = {{1}} (Initial states) C 1 = {{1}, {2}} (= Min {{1} ε, {1,3} 0, {2} 1 }) C 2 = {{1}, {2}, {5}} C 3 = {{1}, {2}, {5}, {7}} C 4 = {{1}, {2}, {5}, {7}, {6,8}} C 5 = {{1}, {2}, {5}, {7}, {8}} (converged) Wulf. et al., CAV 2006 {7} does not intersect with F Detect not universal! 10

Antichains = On-demand Determinization Nondeterministic finite automaton Reduce search space On-demand determinization Not universal! 11

For VPA: On-the-fly instead of Antichain A: VPA 1) L(A) = *? 2) L(A) L(B)? Standard Method: 1) Deter. + reach. check 2) Deter. + product + reach. check ON-THE-FLY Our contribution Minimal-Determinization P-automaton Generation On-demand generation 12

On-the-fly: Key Ideas Determization + searching for a rejecting configuration: u nn-1 S1 Keep minimal one is enough! I w θ n θn-1 S2 S1 S2, if S1 F S2 F Namely, if u is accepted, w is accepted 13

P-Automata: Underlying Ideas q nn-1 q n n-1 Configuration of PDA: (state, stack content) A run of a finite automaton To represent set of reachable configurations as a finite automaton 14

P-Automata A P-automaton is an FA represent a set of regular configurations C Start with a P-automaton A C that represents C Construct a P-automaton A Post*(C) via extending A C until saturation by: (p,) (p, ) Δ p p add push internal pop = q p, q p new state ε* ε* (p,) (p,) Δ p add q p (p,) (p,ε) Δ ε p 15 add q

Compute Reachable Configurations (1/3) C Reachable from C by P Post*(C) P-automata A C A Post*(C) (p,) (p, ) Δ p push q (p,) (p, ) Δ p p add push 16 q p, q new state

Compute Reachable Configurations (2/3) C Reachable from C by P Post*(C) P-automata A C A Post*(C) p internal (p,) (p,) Δ q (p,) (p,) Δ p p 17 add internal q

Compute Reachable Configurations (3/3) C Reachable from C by P Post*(C) P-automata A C A Post*(C) p pop (p,) (p,ε) Δ = q ε* ε* (p,) (p,ε) Δ p 18 add ε p pop q

Example: Reachable Configurations a/ + s b/ - s s 0 s a/ + s 0 c 1 c 0 s q 0,s s 0 \bot f VPA s s s s, e 1 s q 1,s 1 \bot e 0 f 1 A C A Post*(C) 19

P-Automata: Minimization Strategy Ordering over configurations (q 1, 1 σ) (q 2, 2 σ) q 1 q 2 1 2 q 1 1 p σ f q 2 2 Minimization for P-Automaton σ q 1 1 p f Theorem. M is a NVPA. M i and A i is a optimized DVPA and P-automaton at step i. M is not universal iff i. L(A i ) RejectingConf(M i ). 20

Simulation Antichains Method for VPA Minimal Determinized VPA q 1 a/ c/ b q 2 q 3 q 4 a/ b q 5 q 6 Update P-automaton with minimization q 5 q 2, q 2 q 2 q 6 Minimal P- automaton q 6 q 1 q 1, q 3 q 4 q 1 q 3 ; q 1 q 4 f Update determinized VPA using states + top-of-stack symbols of frontier q 1, a b q 2, q 3, a q 5, Stop + No A rejecting state added c q 4, Minimal Reachable Configurations 21

Implementation and Experiments Standard stuck A Prototype Tool: VPA-Checker Developed in Java 1.5.0/NetBeans 6.0 Determinization, Boolean Operations, P-automata, Universality, and Inclusion Tests Parameter Setting: c = r = i = 2; Γ = 3; f = F / Q Example: a random VPA with 10 states has 200 transitions o reb mu N 20 18 16 14 12 10 8 6 4 2 0 f=0.2 f=0.4 f=0.6 f=0.8 f=1.0 Op-Onthefly outperforms Onthefly Standard Onthefly OntheflyOp rate of final states Universality Checking for random VPAs with 10 states. Timeout 22 = 180s!

Experimental Results: Universality Checking o reb mu N 20 18 16 14 12 10 8 6 4 2 0 Standard stuck ccus f 3 5 10 15 20 25 30 Onthefly-Op outperforms Onthefly Standard Onthefly OntheflyOp number of states wtset. hti ni Universality Checking for random VPAs with f=0.6. Timeout = 180s! 23 1

Experimental Results: Inclusion Checking Inclusion Checking for VPAs: f = 0.6 OP-ON-THE- FLY Included 14 60 Not Included 5 6.06 1000-5 3000-5 ON-THE-FLY 1000-5 3000-5 6 110 13 40.5 Included 6 54 Not Included 5 5.89 Timeout (300 s) 6 6 Timeout (300 s) 14 15 0-10 37.8 Inclusion: L(A) L(B) L(A B) = 24

Conclusions Conclusion On-the-fly universality checking for VPA On-the-fly inclusion checking for VPA Implementation Future Directions: VPA-based model checker VPA-based theoretical foundations for XML VPA-based tool: Validate DTD, XPath constraints 25

Thank you for attention! Q & A 26

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback