Towards More Precise Rewriting Approximations

To check a system, some verification techniques consider a set of terms \(I\) that represents the initial configurations of the system, and a rewrite system \(R\) that represents the system behavior. To check that no undesirable configuration is reached, they compute an over-approximation of the set of descendants (successors) issued from \(I\) by \(R\), expressed by a tree language. Their success highly depends on the quality of the approximation. Some techniques have been presented using regular tree languages, and more recently using non-regular languages to get better approximations: using context-free tree languages [16] on the one hand, using synchronized tree languages [2] on the other hand. In this paper, we merge these two approaches to get even better approximations: we compute an over-approximation of the descendants, using synchronized-context-free tree languages expressed by logic programs. We give several examples for which our procedure computes the descendants in an exact way, whereas the former techniques compute a strict over-approximation.

[1]  William C. Rounds,et al.  Context-free grammars on trees , 1969, STOC.

[2]  Axel Legay,et al.  Equational Abstraction Refinement for Certified Tree Regular Model Checking , 2012, ICFEM.

[3]  Olga Kouchnarenko,et al.  Finer Is Better: Abstraction Refinement for Rewriting Approximations , 2008, RTA.

[4]  Joost Engelfriet,et al.  Context-free graph grammars and concatenation of graphs , 1997, Acta Informatica.

[5]  Jing Chen,et al.  Synchronized ContextFree Tree-tuple Languages , 2006 .

[6]  Sébastien Limet,et al.  Tree Tuple Languages from the Logic Programming Point of View , 2006, Journal of Automated Reasoning.

[7]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[8]  Pierre Réty,et al.  Synchronized Tree Languages for Reachability in Non-right-linear Term Rewrite Systems , 2016, WRLA.

[9]  Thomas Genet,et al.  Decidable Approximations of Sets of Descendants and Sets of Normal Forms , 1998, RTA.

[10]  Sébastien Limet,et al.  Proving Properties of Term Rewrite Systems via Logic Programs , 2004, RTA.

[11]  Pierre-Cyrille Héam,et al.  A theoretical limit for safety verification techniques with regular fix-point computations , 2008, Inf. Process. Lett..

[12]  Jacques Chabin,et al.  Over-approximating Descendants by Synchronized Tree Languages , 2013, RTA.

[13]  Helmut Seidl,et al.  Synchronized Tree Languages Revisited and New Applications , 2001, FoSSaCS.

[14]  Joost Engelfriet,et al.  IO and OI. I , 1977, J. Comput. Syst. Sci..

[15]  C.-H. Luke Ong,et al.  Improved Functional Flow and Reachability Analyses Using Indexed Linear Tree Grammars , 2011, RTA.

[16]  Yohan Boichut,et al.  Towards more Precise Rewriting Approximations ( full version ) , 2014 .

[17]  Joost Engelfriet,et al.  Context-free hypergraph grammars have the same term-generating power as attribute grammars , 1992, Acta Informatica.

[18]  Vlad Rusu,et al.  Equational approximations for tree automata completion , 2010, J. Symb. Comput..

[19]  Jean-Claude Raoult Rational tree relations , 1997 .

[20]  Joost Engelfriet,et al.  IO and OI. II , 1978, J. Comput. Syst. Sci..

[21]  Irène Durand,et al.  Left-linear Bounded TRSs are Inverse Recognizability Preserving , 2011, RTA.

[22]  Thomas Genet,et al.  Rewriting for Cryptographic Protocol Verification , 2000, CADE.