Abstract regular (tree) model checking

  • Ahmed Bouajjani
  • Peter Habermehl
  • Adam Rogalewicz
  • Tomáš Vojnar
RMC Regular Model Checking

Abstract

Regular model checking is a generic technique for verification of infinite-state and/or parametrised systems which uses finite word automata or finite tree automata to finitely represent potentially infinite sets of reachable configurations of the systems being verified. The problems addressed by regular model checking are typically undecidable. In order to facilitate termination in as many cases as possible, acceleration is needed in the incremental computation of the set of reachable configurations in regular model checking. In this work, we describe how various incrementally refinable abstractions on finite (word and tree) automata can be used for this purpose. Moreover, the use of abstraction does not only increase chances of the technique to terminate, but it also significantly reduces the problem of an explosion in the number of states of the automata that are generated by regular model checking. We illustrate the efficiency of abstract regular (tree) model checking in verification of simple systems with various sources of infinity such as unbounded counters, queues, stacks, and parameters. We then show how abstract regular tree model checking can be used for verification of programs manipulating tree-like dynamic data structures. Even more complex data structures can be handled using a suitable tree-like encoding.

Keywords

Formal verification Infinite-state and parameterised systems Programs with dynamic linked data structures Regular model checking Abstraction Finite word and tree automata 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdulla, P.A., Chen, Y.-F., Holík, L., Mayr, R., Vojnar, T.: When simulation meets antichains (on Checking Language Inclusion of NFAs). In: Proceedings of TACAS’10. LNCS, vol. 6015. Springer, Berlin (2010)Google Scholar
  2. 2.
    Abdulla, P.A., Jonsson, B., Nilsson, M., d’Orso, J., Saksena, M.: Regular model checking for MSO + LTL. In: Proceedings of CAV’04. LNCS, vol. 3114. Springer, Berlin (2004)Google Scholar
  3. 3.
    Abdulla, P.A., Jonsson, B., Nilsson, M., d’Orso, J., Saksena, M.: Regular model checking for LTL(MSO). Special section on regular model checking. STTT (2010, this volume)Google Scholar
  4. 4.
    Abdulla, P.A., d’Orso, J., Jonsson, B., Nilsson, M.: Regular model checking made simple and efficient. In: Proceedings of CONCUR’02. LNCS, vol. 2421. Springer, Berlin (2002)Google Scholar
  5. 5.
    Abdulla, P.A., d’Orso, J., Jonsson, B., Nilsson, M.: Algorithmic improvements in regular model checking. In: Proceedings of CAV’03. LNCS, vol. 2725. Springer, Berlin (2003)Google Scholar
  6. 6.
    Abdulla, P.A., Jonsson, B., Mahata, P., d’Orso, J.: Regular tree model checking. In: Proceedings of CAV’02. LNCS, vol. 2404. Springer, Berlin (2002)Google Scholar
  7. 7.
    Abdulla, P.A., Legay, A., d’Orso, J., Rezine A.: Simulation-based iteration of tree transducers. In: Proceedings of TACAS’05. LNCS, vol. 3440. Springer, Berlin (2005)Google Scholar
  8. 8.
    Bensalem, S., Lakhnech, Y., Owre, S.: Computing abstractions of infinite state systems compositionally and automatically. In: Proceedings of CAV’98. LNCS, vol. 1427. Springer, Berlin (1998)Google Scholar
  9. 9.
    Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P., Wies, T., Yang, H.: Shape analysis for composite data structures. In: Proceedings of CAV’07. LNCS, vol. 4490. Springer, Berlin (2007)Google Scholar
  10. 10.
    Boigelot, B., Legay, A., Wolper, P.: Iterating transducers in the large. In: Proceedings of CAV’03. LNCS, vol. 2725. Springer, Berlin (2003)Google Scholar
  11. 11.
    Bouajjani, A., Habermehl, P., Holík, L., Touili, T., Vojnar, T.: Antichain-based universality and inclusion testing over nondeterministic finite tree automata. In: Proceedings of CIAA’08. LNCS, vol. 5148. Springer, Berlin (2008)Google Scholar
  12. 12.
    Bouajjani, A., Habermehl, P., Moro, P., Vojnar, T.: Verifying programs with dynamic 1-selector-linked structures in regular model checking. In: Proceedings of TACAS’05. LNCS, vol. 3440. Springer, Berlin (2005)Google Scholar
  13. 13.
    Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular tree model checking. In: Proceedings of Infinity’05. ENTCS 149:37–48 (2006)Google Scholar
  14. 14.
    Bouajjani, A., Habermehl, P., Rogalewicz, A., Vojnar, T.: Abstract regular tree model checking of complex dynamic data structures. In: Proceedings of SAS’06. LNCS, vol. 4134. Springer, Berlin (2006)Google Scholar
  15. 15.
    Bouajjani, A., Habermehl, P., Vojnar, T.: Abstract regular model checking. In: Proceedings of CAV’04. LNCS, vol. 3114. Springer, Berlin (2004)Google Scholar
  16. 16.
    Bouajjani, A., Jonsson, B., Nilsson, M., Touili, T.: Regular model checking. In: Proceedings of CAV’00. LNCS, vol. 1855. Springer, Berlin (2000)Google Scholar
  17. 17.
    Bouajjani, A., Legay, A., Wolper, P.: Handling liveness properties in (ω-)regular model checking. In: Proceedings of Infinity’04. ENTCS 138:101–115 (2005)Google Scholar
  18. 18.
    Bouajjani, A., Touili, T.: Extrapolating tree transformations. In: Proceedings of CAV’02. LNCS, vol. 2404. Springer, Berlin (2002)Google Scholar
  19. 19.
    Bouajjani, A., Touili, T.: Widening techniques for regular tree model checking. Special section on regular model checking. STTT (2010, this volume)Google Scholar
  20. 20.
    Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Compositional shape analysis by means of bi-abduction. In: Proceedings of POPL’09. ACM Press, New York (2009)Google Scholar
  21. 21.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Proceedings of CAV’00. LNCS, vol. 1855. Springer, Berlin (2000)Google Scholar
  22. 22.
    Comon, H., Dauchet, M., Gilleron, R., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree automata techniques and applications. http://www.grappa.univ-lille3.fr/tata (2005)
  23. 23.
    Dams, D., Lakhnech, Y., Steffen, M.: Iterating transducers. In: Proceedings of CAV’01. LNCS, vol. 2102. Springer, Berlin (2001)Google Scholar
  24. 24.
    Das, S., Dill, D.L.: Counter-example based predicate discovery in predicate abstraction. In: Proceedings of FMCAD’02 (2002)Google Scholar
  25. 25.
    Deshmukh, J.V., Emerson, E.A., Gupta, P.: Automatic verification of parameterized data structures. In: Proceedings of TACAS’06. LNCS, vol. 3920. Springer, Berlin (2006)Google Scholar
  26. 26.
    Doyen, L., Raskin, J.-F.: Antichain algorithms for finite automata. In: Proceedings of TACAS’10. LNCS, vol. 6015. Springer, Berlin (2010)Google Scholar
  27. 27.
    Engelfriet J.: Bottom-up and top-down tree transformations—a comparison. Math. Syst. Theory 9, 198–231 (1975)MathSciNetMATHCrossRefGoogle Scholar
  28. 28.
    Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: Proceedings of CAV’00. LNCS, vol. 1855. Springer, Berlin (2000)Google Scholar
  29. 29.
    Fribourg, L., Olsen, H.: Reachability sets of parametrized rings as regular languages. In: Proceedings of Infinity’97, ENTCS 9 (1997)Google Scholar
  30. 30.
    Graf, S., Saïdi, H.: Construction of abstract state graphs with PVS. In: Proceedings of CAV’97. LNCS, vol. 1254. Springer, Berlin (1997)Google Scholar
  31. 31.
    Guo, B., Vachharajani, N., August, D.I.: Shape analysis with inductive recursion synthesis. In: Proceedings of PLDI’07. ACM Press, New York (2007)Google Scholar
  32. 32.
    Habermehl, P., Holík, L., Rogalewicz, A., Šimáček, J., Vojnar, T.: Forest automata for verification of heap manipulation. In: Proceedings of CAV’11. LNCS, vol. 6806. Springer, Berlin (2011)Google Scholar
  33. 33.
    Habermehl, P., Vojnar, T.: Regular model checking using inference of regular languages. In: Proceedings of Infinity’04. ENTCS 138:21–36 (2005)Google Scholar
  34. 34.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of POPL’02. ACM Press, New York (2002)Google Scholar
  35. 35.
    Jonsson, B., Nilsson, M.: Transitive closures of regular relations for verifying infinite-state systems. In: Proceedings of TACAS’00. LNCS, vol. 1785. Springer, Berlin (2000)Google Scholar
  36. 36.
    Kesten, Y., Maler, O., Marcus, M., Pnueli, A., Shahar, E.: Symbolic model checking with rich assertional languages. In: Proceedings of CAV’97. LNCS, vol. 1254. Springer, Berlin (1997)Google Scholar
  37. 37.
    Klarlund, N., Møller, A.: MONA Version 1.4 User Manual, 2001. BRICS, Department of Computer Science, University of Aarhus, Denmark (2001)Google Scholar
  38. 38.
    Klarlund, N., Schwartzbach, M.I.: Graph types. In: Proceedings of POPL’93. ACM Press, New York (1993)Google Scholar
  39. 39.
    Legay, A.: Extrapolating (Omega-)regular model checking. Special section on regular model checking. STTT (2010, this volume)Google Scholar
  40. 40.
    Møller, A., Schwartzbach, M.I.: The pointer assertion logic engine. In: Proceedings of PLDI’01. ACM Press, New York (2001)Google Scholar
  41. 41.
    Nilsson, M.: Regular model checking. Licentiate Thesis, Uppsala University, Sweden (2000)Google Scholar
  42. 42.
    Nilsson, M.: Regular model checking. PhD thesis, Uppsala University (2005)Google Scholar
  43. 43.
    Perrin D., Pin J.-E.: Infinite Words: Automata, Semigroups, Logic and Games. Academic Press, New York (2003)Google Scholar
  44. 44.
    Pnueli, A., Shahar, E.: Liveness and acceleration in parameterized verification. In: Proceedings of CAV 2000. LNCS, vol. 1855. Springer, Berlin (2000)Google Scholar
  45. 45.
    Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: Proceedings of LICS’02. IEEE CS Press (2002)Google Scholar
  46. 46.
    Rogalewicz, A.: Verification of programs with complex data structures. PhD thesis, FIT, Brno University of Technology (2005)Google Scholar
  47. 47.
    Sagiv S., Reps T.W., Wilhelm R.: Parametric shape analysis via 3-valued logic. TOPLAS 24(3), 1–50 (2002)CrossRefGoogle Scholar
  48. 48.
    Saidi, H.: Model checking guided abstraction and analysis. In: Proceedings of SAS’00. LNCS, vol. 1824. Springer, Berlin (2000)Google Scholar
  49. 49.
    Schuppan, V., Biere, A.: Liveness checking as safety checking for infinite state spaces. In: Proceedings of Infinity’05 (2005)Google Scholar
  50. 50.
    Shahar, E.: Tools and techniques for verifying parameterized systems. PhD thesis, Weizmann Institute of Science, Rehovot, Israel (2001)Google Scholar
  51. 51.
    Shahar, E., Pnueli, A.: Acceleration in verification of parameterized tree networks. Technical Report MCS02-12, Weizmann Institute of Science, Rehovot, Israel (2002)Google Scholar
  52. 52.
    Touili, T.: Regular model checking using widening techniques. ENTCS 50 (2001)Google Scholar
  53. 53.
    van Noord, G.: FSA6.2, 2004. http://odur.let.rug.nl/~vannoord/Fsa/
  54. 54.
    Vardhan, A., Sen, K., Viswanathan, M., Agha, G.: Actively learning to verify safety for FIFO automata. In: Proceedings of FSTTCS’04. LNCS, vol. 3328. Springer, Berlin (2004)Google Scholar
  55. 55.
    Vardhan, A., Sen, K., Viswanathan, M., Agha, G.: Learning to verify safety properties. In: Proceedings of ICFEM’04. LNCS, vol. 3308. Springer, Berlin (2004)Google Scholar
  56. 56.
    Vardhan, A., Sen, K., Viswanathan, M., Agha, G.: Using language inference to verify omega-regular properties. In: Proceedings of TACAS’05. LNCS, vol. 3440. Springer, Berlin (2005)Google Scholar
  57. 57.
    Vardhan, A., Viswanathan, M.: Learning to verify branching time properties. In: Proceedings of ASE’05. IEEE/ACM (2005)Google Scholar
  58. 58.
    Vojnar, T.: Cut-offs and automata in formal verification of infinite-state systems. Habilitation thesis, FIT, Brno University of Technology, Czech Republic (2007)Google Scholar
  59. 59.
    Wolper, P., Boigelot, B.: Verifying systems with infinite but regular state spaces. In: Proceedings of CAV’98. LNCS, vol. 1427. Springer, Berlin (1998)Google Scholar
  60. 60.
    Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., O’Hearn, P.W.: Scalable shape analysis for systems code. In: Proceedings of CAV’08. LNCS, vol. 5123. Springer, Berlin (2008)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  • Ahmed Bouajjani
    • 1
  • Peter Habermehl
    • 1
  • Adam Rogalewicz
    • 2
  • Tomáš Vojnar
    • 2
  1. 1.LIAFA, Université Paris Diderot—Paris 7/CNRSParis Cedex 13France
  2. 2.FIT, Brno University of TechnologyBrnoCzech Republic

Personalised recommendations