Tree Regular Model Checking for Lattice-Based Automata

Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinite-state systems in which states are represented by terms, and sets of states by Tree Automata (TA). The central problem in TRMC is to decide whether a set of bad states is reachable. The problem of computing a TA representing (an over- approximation of) the set of reachable states is undecidable, but efficient solutions based on completion or iteration of tree transducers exist. Unfortunately, the TRMC framework is unable to efficiently capture both the complex structure of a system and of some of its features. As an example, for JAVA programs, the structure of a term is mainly exploited to capture the structure of a state of the system. On the counter part, integers of the java programs have to be encoded with Peano numbers, which means that any algebraic operation is potentially represented by thousands of applications of rewriting rules. In this paper, we propose Lattice Tree Automata (LTAs), an extended version of tree automata whose leaves are equipped with lattices. LTAs allow us to represent possibly infinite sets of interpreted terms. Such terms are capable to represent complex domains and related operations in an efficient manner. We also extend classical Boolean operations to LTAs. Finally, as a major contribution, we introduce a new completion-based algorithm for computing the possibly infinite set of reachable interpreted terms in a finite amount of time.

[1]  Amir Pnueli,et al.  Symbolic Model Checking with Rich ssertional Languages , 1997, CAV.

[2]  Anca Muscholl,et al.  Verifying Recursive Active Documents with Positive Data Tree Rewriting , 2010, FSTTCS.

[3]  Bertrand Jeannet,et al.  Lattice Automata: A Representation for Languages on Infinite Alphabets, and Some Applications to Verification , 2007, SAS.

[4]  Parosh Aziz Abdulla,et al.  Algorithmic Improvements in Regular Model Checking , 2003, CAV.

[5]  Valérie Viet Triem Tong,et al.  Reachability Analysis over Term Rewriting Systems , 2004, Journal of Automated Reasoning.

[6]  Yohan Boichut,et al.  Rewriting Approximations for Fast Prototyping of Static Analyzers , 2007, RTA.

[7]  Zoltán Ésik,et al.  Fuzzy tree automata , 2007, Fuzzy Sets Syst..

[8]  Tayssir Touili,et al.  Extrapolating Tree Transformations , 2002, CAV.

[9]  Kim G. Larsen,et al.  Quantitative Refinement for Weighted Modal Transition Systems , 2011, MFCS.

[10]  Orna Kupferman,et al.  Lattice Automata , 2007, VMCAI.

[11]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[12]  Pierre Wolper,et al.  Iterating Transducers in the Large (Extended Abstract) , 2003, CAV.

[13]  Amir Pnueli,et al.  Symbolic model checking with rich assertional languages , 2001, Theor. Comput. Sci..

[14]  Christine Choppy,et al.  Abstract Rewriting with Concrete Operations , 1989, RTA.

[15]  Parosh Aziz Abdulla,et al.  Regular Tree Model Checking , 2002, CAV.

[16]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.

[17]  Pierre Wolper,et al.  Verifying Systems with Infinite but Regular State Spaces , 1998, CAV.

[18]  Stéphane Kaplan,et al.  Conditional Rewrite Rules , 1984, Theor. Comput. Sci..

[19]  Ahmed Bouajjani,et al.  Abstract regular (tree) model checking , 2012, International Journal on Software Tools for Technology Transfer.

[20]  Parosh Aziz Abdulla,et al.  Simulation-Based Iteration of Tree Transducers , 2005, TACAS.

[21]  Thomas Genet,et al.  Decidable Approximations of Sets of Descendants and Sets of Normal Forms , 1998, RTA.

[22]  Pierre Wolper,et al.  On (Omega-)regular model checking , 2008, TOCL.

[23]  Christian von Essen,et al.  Automated Termination Analysis of Java Bytecode by Term Rewriting , 2010, RTA.

[24]  Parosh Aziz Abdulla,et al.  Parameterized Verification of Infinite-State Processes with Global Conditions , 2007, CAV.

[25]  Parosh Aziz Abdulla,et al.  Parameterized Tree Systems , 2008, FORTE.