Applications of automata learning in verification and synthesis

The objective of this thesis is to explore automata learning, which is an umbrella term for techniques that derive finite automata from external information sources, in the areas of verification and synthesis. We consider four application scenarios that turn out to be particularly well-suited: Regular Model Checking, quantified invariants of linear data structures, automatic reachability games, and labeled safety games. The former two scenarios stem from the area of verification whereas the latter two stem from the area of synthesis (more precisely, from the area of infinite-duration two-player games over graphs, as popularized by McNaughton). Regular Model Checking is a special kind of Model Checking in which the program to verify is modeled in terms of finite automata. We develop various (semi-)algorithms for computing invariants in Regular Model Checking: a white-box algorithm, which takes the whole program as input; two semi-black-box algorithms, which have access to a part of the program and learn missing information from a teacher; finally, two black-box algorithms, which obtain all information about the program from a teacher. For the black-box algorithms, we employ a novel paradigm, called ICE-learning, which is a generic learning setting for learning invariants. Quantified invariants of linear data structures occur in Floyd-Hoare-style verification of programs manipulating arrays and lists. To learn such invariants, we introduce the notion of quantified data automata and develop an active learning algorithm for these automata. Based on a finite sample of configurations that manifest on executions of the program in question, we learn a quantified data automaton and translate it into a logic formula expressing the invariant. The latter potentially requires an additional abstraction step to ensure that the resulting formula falls into a decidable logic. Automatic reachability games are classical reachability games played over automatic graphs; automatic graphs are defined by means of asynchronous transducers and subsume various types of graphs, such as finite graphs, pushdown graphs, and configuration graphs of Turing machines. We first consider automatic reachability games over finite graphs and present a symbolic fixed-point algorithm for computing attractors that uses deterministic finite automata to represent sets of vertices. Since such a

[1]  Tomás Brázdil,et al.  Reachability Games on Extended Vector Addition Systems with States , 2010, ICALP.

[2]  Jerome A. Feldman,et al.  On the Synthesis of Finite-State Machines from Samples of Their Behavior , 1972, IEEE Transactions on Computers.

[3]  Tomás Vojnar,et al.  Regular Model Checking Using Inference of Regular Languages , 2004, INFINITY.

[4]  Igor Walukiewicz,et al.  How much memory is needed to win infinite games? , 1997, Proceedings of Twelfth Annual IEEE Symposium on Logic in Computer Science.

[5]  Rüdiger Ehlers,et al.  Sparse Positional Strategies for Safety Games , 2012, SYNT.

[6]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[7]  Nikolaj Bjørner,et al.  Satisfiability Modulo Theories: An Appetizer , 2009, SBMF.

[8]  Yu-Fang Chen,et al.  Learning Boolean Functions Incrementally , 2012, CAV.

[9]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[10]  守屋 悦朗,et al.  J.E.Hopcroft, J.D. Ullman 著, "Introduction to Automata Theory, Languages, and Computation", Addison-Wesley, A5変形版, X+418, \6,670, 1979 , 1980 .

[11]  Martin Leucker,et al.  Inferring Network Invariants Automatically , 2006, IJCAR.

[12]  Yih-Kuen Tsay,et al.  Learning Minimal Separating DFA's for Compositional Verification , 2009, TACAS.

[13]  Marcus Gelderie,et al.  Strategy Machines and Their Complexity , 2012, MFCS.

[14]  Pierre Wolper,et al.  Omega-Regular Model Checking , 2004, TACAS.

[15]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[16]  Tayssir Touili Regular Model Checking using Widening Techniques , 2001, Electron. Notes Theor. Comput. Sci..

[17]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[18]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[19]  Jérôme Leroux,et al.  A polynomial time Presburger criterion and synthesis for number decision diagrams , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[20]  Robert McNaughton,et al.  Infinite Games Played on Finite Graphs , 1993, Ann. Pure Appl. Logic.

[21]  Axel Legay T(O)RMC: A Tool for (omega)-Regular Model Checking , 2008, CAV.

[22]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[23]  Igor L. Markov,et al.  Solving difficult instances of Boolean satisfiability in the presence of symmetry , 2003, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[24]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[25]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[26]  Pierre Wolper,et al.  Iterating Transducers in the Large (Extended Abstract) , 2003, CAV.

[27]  Joao Marques-Silva,et al.  Efficient Algorithms for the Inference of Minimum Size DFAs , 2001, Machine Learning.

[28]  Daniel Neider,et al.  Small Strategies for Safety Games , 2011, ATVA.

[29]  Rajeev Alur,et al.  Symbolic Compositional Verification by Learning Assumptions , 2005, CAV.

[30]  Tiziana Margaria,et al.  Next Generation LearnLib , 2011, TACAS.

[31]  Amir Pnueli,et al.  On the learnability of infinitary regular sets , 1991, COLT '91.

[32]  Samuel T. King,et al.  Verifying security invariants in ExpressOS , 2013, ASPLOS '13.

[33]  V. Brozek Optimal Strategies in Infinite-state Stochastic Reachability Games , 2011 .

[34]  Martin Leucker,et al.  Learning Minimal Deterministic Automata from Inexperienced Teachers , 2012, ISoLA.

[35]  Aurélien Lemay,et al.  Learning regular languages using RFSAs , 2004, Theor. Comput. Sci..

[36]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[37]  Lu Feng,et al.  Compositional Verification of Probabilistic Systems Using Learning , 2010, 2010 Seventh International Conference on the Quantitative Evaluation of Systems.

[38]  Christof Löding,et al.  ICE: A Robust Learning Framework for Synthesizing Invariants , 2013 .

[39]  Alain Finkel,et al.  FASTer Acceleration of Counter Automata in Practice , 2004, TACAS.

[40]  Rüdiger Ehlers Small witnesses, accepting lassos and winning strategies in omega-automata and games , 2011, ArXiv.

[41]  Jean-Marc Champarnaud,et al.  Random generation of DFAs , 2005, Theor. Comput. Sci..

[42]  Roman Rabinovich,et al.  Down the Borel Hierarchy: Solving Muller Games via Safety Games , 2012, GandALF.

[43]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[44]  Martin Leucker,et al.  Learning Meets Verification , 2006, FMCO.

[45]  Xiaokang Qiu,et al.  Decidable logics combining heap structures and data , 2011, POPL '11.

[46]  Kenneth L. McMillan,et al.  Applying SAT Methods in Unbounded Symbolic Model Checking , 2002, CAV.

[47]  Amir Pnueli,et al.  Symbolic Model Checking with Rich ssertional Languages , 1997, CAV.

[48]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[49]  Javier Esparza,et al.  Learning Workflow Petri Nets , 2010, Petri Nets.

[50]  Achim Blumensath,et al.  Finite Presentations of Infinite Structures: Automata and Interpretations , 2004, Theory of Computing Systems.

[51]  Wolfgang Thomas,et al.  A Short Introduction to Infinite Automata , 2001, Developments in Language Theory.

[52]  Marcus Nilsson,et al.  Regular Model Checking , 2000, CAV.

[53]  Soonho Kong,et al.  Automatically Inferring Quantified Loop Invariants by Algorithmic Learning from Simple Templates , 2010, APLAS.

[54]  Nils Jansen,et al.  Regular Model Checking Using Solver Technologies and Automata Learning , 2013, NASA Formal Methods.

[55]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[56]  Joao Marques-Silva,et al.  Efficient search techniques for the inference of minimum size finite automata , 1998, Proceedings. String Processing and Information Retrieval: A South American Symposium (Cat. No.98EX207).

[57]  Daniel Neider Reachability Games on Automatic Graphs , 2010, CIAA.

[58]  Marijn J. H. Heule,et al.  Exact DFA Identification Using SAT Solvers , 2010, ICGI.

[59]  Amir Pnueli,et al.  Beyond Regular Model Checking , 2001, FSTTCS.

[60]  Alois Knoll,et al.  GAVS+: An Open Platform for the Research of Algorithmic Game Solving , 2011, TACAS.

[61]  Leslie G. Valiant,et al.  A theory of the learnable , 1984, STOC '84.

[62]  Charles P. Pfleeger,et al.  State Reduction in Incompletely Specified Finite-State Machines , 1973, IEEE Transactions on Computers.

[63]  E. Mark Gold,et al.  Complexity of Automaton Identification from Given Data , 1978, Inf. Control..

[64]  Nils Klarlund,et al.  Mona: Monadic Second-Order Logic in Practice , 1995, TACAS.

[65]  Wolfgang Thomas,et al.  AMORE: A System for Computing Automata, MOnoids, and Regular Expressions , 1989, STACS.

[66]  Wolfgang Thomas,et al.  Church's Problem and a Tour through Automata Theory , 2008, Pillars of Computer Science.

[67]  Amir Pnueli,et al.  Specify, Compile, Run: Hardware from PSL , 2007, COCV@ETAPS.

[68]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[69]  M. Fischer,et al.  SUPER-EXPONENTIAL COMPLEXITY OF PRESBURGER ARITHMETIC , 1974 .

[70]  Christof Löding,et al.  ICE: A Robust Framework for Learning Invariants , 2014, CAV.

[71]  Jeffrey D. Ullman,et al.  Introduction to automata theory, languages, and computation, 2nd edition , 2001, SIGA.

[72]  Christel Baier,et al.  Principles of model checking , 2008 .

[73]  Albert Oliveras,et al.  6 Years of SMT-COMP , 2012, Journal of Automated Reasoning.

[74]  Matthew W. Moskewicz,et al.  Cha : Engineering an e cient SAT solver , 2001, DAC 2001.

[75]  Daniel Kroening,et al.  A Survey of Automated Techniques for Formal Software Verification , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[76]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[77]  Gilles Audemard,et al.  Predicting Learnt Clauses Quality in Modern SAT Solvers , 2009, IJCAI.

[78]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[79]  Henny B. Sipma,et al.  What's Decidable About Arrays? , 2006, VMCAI.

[80]  Niraj K. Jha,et al.  Switching and Finite Automata Theory: Frontmatter , 2009 .

[81]  Parosh Aziz Abdulla,et al.  A Survey of Regular Model Checking , 2004, CONCUR.

[82]  Thierry Cachat Symbolic Strategy Synthesis for Games on Pushdown Graphs , 2002, ICALP.

[83]  Arlindo L. Oliveira,et al.  A new algorithm for the reduction of incompletely specified finite state machines , 1998, 1998 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (IEEE Cat. No.98CB36287).

[84]  Andreas Podelski,et al.  Abstraction Refinement for Quantified Array Assertions , 2009, SAS.

[85]  Felix Schlenk,et al.  Proof of Theorem 3 , 2005 .

[86]  José L. Balcázar,et al.  Algorithms for Learning Finite Automata from Queries: A Unified View , 1997, Advances in Algorithms, Languages, and Complexity.

[87]  Marcus Gelderie,et al.  Memory Reduction via Delayed Simulation , 2011, iWIGP.

[88]  Laure Petrucci,et al.  FAST: Fast Acceleration of Symbolikc Transition Systems , 2003, CAV.

[89]  Benedikt Bollig,et al.  libalf: The Automata Learning Framework , 2010, CAV.

[90]  Sumit Gulwani,et al.  Program verification using templates over predicate abstraction , 2009, PLDI '09.

[91]  R. Varga,et al.  Proof of Theorem 4 , 1983 .

[92]  Ranjit Jhala,et al.  Array Abstractions from Proofs , 2007, CAV.

[93]  Daniel Neider Computing Minimal Separating DFAs and Regular Invariants Using SAT and SMT Solvers , 2012, ATVA.

[94]  Ahmed Bouajjani,et al.  Abstract Regular Model Checking , 2004, CAV.

[95]  Kenneth L. McMillan,et al.  Quantified Invariant Generation Using an Interpolating Saturation Prover , 2008, TACAS.

[96]  Ronald L. Rivest,et al.  Inference of finite automata using homing sequences , 1989, STOC '89.

[97]  Jérôme Leroux,et al.  FAST Extended Release , 2006, CAV.

[98]  Thomas A. Henzinger,et al.  Concurrent reachability games , 2007, Theor. Comput. Sci..

[99]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.

[100]  Wolfgang Thomas,et al.  Facets of Synthesis: Revisiting Church's Problem , 2009, FoSSaCS.

[101]  Christof Löding,et al.  Memory Reduction for Strategies in Infinite Games , 2007, CIAA.

[102]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[103]  Patricia Bouyer,et al.  Reachability in Stochastic Timed Games , 2009, ICALP.

[104]  Carsten Kern,et al.  Learning communicating and nondeterministic automata , 2009 .

[105]  Anuj Dawar,et al.  Complexity Bounds for Regular Games , 2005, MFCS.

[106]  William G. Griswold,et al.  Quickly detecting relevant program invariants , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[107]  Mihalis Yannakakis,et al.  Temporal Synthesis for Bounded Systems and Environments , 2011, STACS.

[108]  Christof Löding,et al.  Learning Universally Quantified Invariants of Linear Data Structures , 2013, CAV.

[109]  Daniel Neider Learning Visibly One-Counter Automata in Polynomial Time , 2010 .

[110]  Wolfgang Thomas,et al.  On the Synthesis of Strategies in Infinite Games , 1995, STACS.

[111]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[112]  Yih-Kuen Tsay,et al.  Extending Automated Compositional Verification to the Full Class of Omega-Regular Languages , 2008, TACAS.

[113]  Lu Feng,et al.  Automated Learning of Probabilistic Assumptions for Compositional Reasoning , 2011, FASE.