Yu-Fang Chen

Advanced Ramsey-based Büchi automata inclusion testing

Checking language inclusion between two nondeterministic Buchi automata A and B is computationally hard (PSPACE-complete). However, several approaches which are efficient in many practical cases have been proposed. We build on one of these, which is known as the Ramsey-based approach. It has recently been shown that the basic Ramsey-based approach can be drastically optimized by using powerful subsumption techniques, which allow one to prune the search-space when looking for counterexamples to inclusion. While previous works only used subsumption based on set inclusion or forward simulation on A and B, we propose the following new techniques: (1) A larger subsumption relation based on a combination of backward and forward simulations on A and B. (2) A method to additionally use forward simulation between A and B. (3) Abstraction techniques that can speed up the computation and lead to early detection of counterexamples. The new algorithm was implemented and tested on automata derived from real-world model checking benchmarks, and on the Tabakov-Vardi random model, thus showing the usefulness of the proposed techniques.

Learning Minimal Separating DFA's for Compositional Verification

Algorithms for learning a minimal separating DFA of two disjoint regular languages have been proposed and adapted for different applications. One of the most important applications is learning minimal contextual assumptions in automated compositional verification. We propose in this paper an efficient learning algorithm, called , that learns and generates a minimal separating DFA. Our algorithm has a quadratic query complexity in the product of sizes of the minimal DFAs for the two input languages. In contrast, the most recent algorithm of Gupta et al. has an exponential query complexity in the sizes of the two DFAs. Moreover, experimental results show that our learning algorithm significantly outperforms all existing algorithms on randomly-generated example problems. We describe how our algorithm can be adapted for automated compositional verification. The adapted version is evaluated on the LTSA benchmarks and compared with other automated compositional verification approaches. The result shows that our algorithm surpasses others in 30 of 49 benchmark problems.

Extending automated compositional verification to the full class of omega-regular languages

Recent studies have suggested the applicability of learning to automated compositional verification. However, current learning algorithms fall short when it comes to learning liveness properties. We extend the automaton synthesis paradigm for the infinitary languages by presenting an algorithm to learn an arbitrary regular set of infinite sequences (an ω-regular language) over an alphabet Σ. Our main result is an algorithm to learn a nondeterministic Buchi automaton that recognizes an unknown ω-regular language. This is done by learning a unique projection of it on Σ* using the framework suggested by Angluin for learning regular subsets of Σ*.

When simulation meets antichains: on checking language inclusion of nondeterministic finite (tree) automata

We describe a new and more efficient algorithm for checking universality and language inclusion on nondeterministic finite word automata (NFA) and tree automata (TA). To the best of our knowledge, the antichain-based approach proposed by De Wulf et al. was the most efficient one so far. Our idea is to exploit a simulation relation on the states of finite automata to accelerate the antichain-based algorithms. Normally, a simulation relation can be obtained fairly efficiently, and it can help the antichain-based approach to prune out a large portion of unnecessary search paths. We evaluate the performance of our new method on NFA/TA obtained from random regular expressions and from the intermediate steps of regular model checking. The results show that our approach significantly outperforms the previous antichain-based approach in most of the experiments.

GOAL: a graphical tool for manipulating Büchi automata and temporal formulae

In this paper, we present a tool named GOAL (an acronym derived from “Graphical Tool for Omega-Automata and Logics”) whose main functions include (1) drawing and testing Buchi automata, (2) checking the language equivalence between two Buchi automata, (3) translating quantified propositional linear temporal logic (QPTL) formulae into equivalent Buchi automata, and (4) exporting Buchi automata as Promela code. The GOAL tool, available at http://goal.im.ntu.edu.tw, can be used for educational purposes, helping the user get a better understanding of how Buchi automata work and how they are related to linear temporal logics. It may also be used, as we shall explain below, to construct correct and smaller specification automata, supplementing model checkers that adopt the automata-theoretic approach, such as SPIN [5].

String Constraints for Verification

We present a decision procedure for a logic that combines (i)aword equations over string variables denoting words of arbitrary lengths, together with (ii)aconstraints on the length of words, and on (iii)athe regular languages to which words belong. Decidability of this general logic is still open. Our procedure is sound for the general logic, and a decision procedure for a particularly rich fragment that restricts the form in which word equations are written. In contrast to many existing procedures, our method does not make assumptions about the maximum length of words. We have developed a prototypical implementation of our decision procedure, and integrated it into a CEGAR-based model checker for the analysis of programs encoded as Horn clauses. Our tool is able to automatically establish the correctness of several programs that are beyond the reach of existing methods.

Automated assume-guarantee reasoning through implicit learning

We propose a purely implicit solution to the contextual assumption generation problem in assume-guarantee reasoning Instead of improving the L* algorithm — a learning algorithm for finite automata, our algorithm computes implicit representations of contextual assumptions by the CDNF algorithm — a learning algorithm for Boolean functions We report three parametrized test cases where our solution outperforms the monolithic interpolation-based Model Checking algorithm.

GOAL extended: towards a research tool for omega automata and temporal logic

This paper reports extensions to the GOAL tool that enable it to become a research tool for omega automata and temporal logic. The extensions include an expanded collection of translation, simplification, and complementation algorithms, a command-line mode which makes GOAL functions accessible by programs, and utility functions for such common tasks as file format conversion, random formulae generation, and statistics collection.

Norn: An SMT Solver for String Constraints

We present version 1.0 of the Norn SMT solver for string constraints. Norn is a solver for an expressive constraint language, including word equations, length constraints, and regular membership queries. As a feature distinguishing Norn from other SMT solvers, Norn is a decision procedure under the assumption of a set of acyclicity conditions on word equations, without any restrictions on the use of regular membership. Open image in new window

MEMORAX, a precise and sound tool for automatic fence insertion under TSO

We introduce Memorax, a tool for the verification of control state reachability (i.e., safety properties) of concurrent programs manipulating finite range and integer variables and running on top of weak memory models. The verification task is non-trivial as it involves exploring state spaces of arbitrary or even infinite sizes. Even for programs that only manipulate finite range variables, the sizes of the store buffers could grow unboundedly, and hence the state spaces that need to be explored could be of infinite size. In addition, Memorax incorporates an interpolation based CEGAR loop to make possible the verification of control state reachability for concurrent programs involving integer variables. The reachability procedure is used to automatically compute possible memory fence placements that guarantee the unreachability of bad control states under TSO. In fact, for programs only involving finite range variables and running on TSO, the fence insertion functionality is complete, i.e., it will find all minimal sets of memory fence placements (minimal in the sense that removing any fence would result in the reachability of the bad control states). This makes Memorax the first freely available, open source, push-button verification and fence insertion tool for programs running under TSO with integer variables.