Analysis of Boolean Programs TACAS 2013

Similar documents
More on Polynomial Time and Space

Chapter 3 Complexity of Classical Planning

Exercises Computational Complexity

The Satisfiability Problem [HMU06,Chp.10b] Satisfiability (SAT) Problem Cook s Theorem: An NP-Complete Problem Restricted SAT: CSAT, k-sat, 3SAT

Verifying Liveness Properties of ML Programs

Umans Complexity Theory Lectures

Model checking pushdown systems

Theory of Computations Spring 2016 Practice Final Exam Solutions

PSPACE Problems. The Class PSPACE. PSPACE Problems are interesting since: They form the first interesting class potentially

Automata-Theoretic LTL Model Checking. Emptiness of Büchi Automata

More on Verification and Model Checking

Efficiently Reasoning about Programs

6.006 Introduction to Algorithms. Lecture 25: Complexity Prof. Erik Demaine

Model Checking of Hierarchical State Machines

4.1 Review - the DPLL procedure

Non-Deterministic Space

Introduction to Computers & Programming

The Big Picture. Chapter 3

NP-Completeness. Algorithms

Rewriting Models of Boolean Programs

! Greed. O(n log n) interval scheduling. ! Divide-and-conquer. O(n log n) FFT. ! Dynamic programming. O(n 2 ) edit distance.

Communication Complexity and Parallel Computing

Towards a Software Model Checker for ML. Naoki Kobayashi Tohoku University

SAT-CNF Is N P-complete

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

Graph algorithms based on infinite automata: logical descriptions and usable constructions

CS-E4800 Artificial Intelligence

NuSMV Hands-on introduction

W[1]-hardness. Dániel Marx. Recent Advances in Parameterized Complexity Tel Aviv, Israel, December 3, 2017

1. [5 points each] True or False. If the question is currently open, write O or Open.

University of Nevada, Las Vegas Computer Science 456/656 Fall 2016

Formal Verification. Lecture 7: Introduction to Binary Decision Diagrams (BDDs)

! Greed. O(n log n) interval scheduling. ! Divide-and-conquer. O(n log n) FFT. ! Dynamic programming. O(n 2 ) edit distance.

A Simple Tutorial on NuSMV

Model-Checking Concurrent Systems. The Model Checker Spin. The Model Checker Spin. Wolfgang Schreiner

Computation Engineering Applied Automata Theory and Logic. Ganesh Gopalakrishnan University of Utah. ^J Springer

Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac

CSC2108: Automated Verification Assignment 1 - Solutions

Decidable Problems. We examine the problems for which there is an algorithm.

Ashish Sabharwal Computer Science and Engineering University of Washington, Box Seattle, Washington

Reasoning about Reachability at Tom Rep s 60th Birthday Celebration

Chapter 8. NP and Computational Intractability. Slides by Kevin Wayne. Copyright 2005 Pearson-Addison Wesley. All rights reserved.

Engineering 9867 Advanced Computing Concepts

P and NP (Millenium problem)

Lecture 10: Nested Depth First Search, Counter- Example Generation Revisited, Bit-State Hashing, On-The-Fly Model Checking

8 NP-complete problem Hard problems: demo

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

Theory of Computations Spring 2016 Practice Final

CS5371 Theory of Computation. Lecture 8: Automata Theory VI (PDA, PDA = CFG)

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

COMP 382: Reasoning about algorithms

W[1]-hardness. Dániel Marx 1. Hungarian Academy of Sciences (MTA SZTAKI) Budapest, Hungary

Blum axioms and nondeterministic computation of functions

Negations in Refinement Type Systems

On the Recursion-Theoretic Complexity of Relative Succinctness of Representations of Languages

ECS 120 Lesson 16 Turing Machines, Pt. 2

Digraph Complexity Measures and Applications in Formal Language Theory

(p 300) Theorem 7.27 SAT is in P iff P=NP

Behavior models and verification Lecture 6

8.1 Polynomial-Time Reductions

Th(N, +) is decidable

Introduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion

Symbolic and Concolic Execution of Programs

We ve studied the main models and concepts of the theory of computation:

DATABASE THEORY. Lecture 11: Introduction to Datalog. TU Dresden, 12th June Markus Krötzsch Knowledge-Based Systems

Lecture 2: Symbolic Model Checking With SAT

Verifying C & C++ with ESBMC

Logic and Computation

USING QBF SOLVERS TO SOLVE GAMES AND PUZZLES. Zhihe Shen. Advisor: Howard Straubing

Principles of AI Planning. Principles of AI Planning. 7.1 How to obtain a heuristic. 7.2 Relaxed planning tasks. 7.1 How to obtain a heuristic

Planning as Search. Progression. Partial-Order causal link: UCPOP. Node. World State. Partial Plans World States. Regress Action.

CS256 Applied Theory of Computation

Chapter 14: Pushdown Automata

The masses will have to learn concurrent programming. But using locks and shared memory is hard and messy

Fixed Parameter Algorithms

CS402 - Theory of Automata Glossary By

The Complexity of Computing the Solution Obtained by a Specifi

Parameterized Complexity - an Overview

Model-Checking Concurrent Systems

NP Completeness. Andreas Klappenecker [partially based on slides by Jennifer Welch]

An Automata-Theoretic Approach to Presburger Arithmetic Constraints (Extended Abstract)

Finite State Verification. CSCE Lecture 14-02/25/2016

Theory of Languages and Automata

Lecture 2: NP-Completeness

Eliminating the Storage Tape in Reachability Constructions

Games, Puzzles & Computation

Equivalence of NTMs and TMs

8.1 Polynomial-Time Reductions

2SAT Andreas Klappenecker

Model Checking I Binary Decision Diagrams

TAFL 1 (ECS-403) Unit- V. 5.1 Turing Machine. 5.2 TM as computer of Integer Function

On Nested Depth First Search

Turing Machines. A transducer is a finite state machine (FST) whose output is a string and not just accept or reject.

Effectively-Propositional Modular Reasoning about Reachability in Linked Data Structures CAV 13, POPL 14 Shachar Itzhaky

Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis

CSE450. Translation of Programming Languages. Lecture 20: Automata and Regular Expressions

Past Pushdown Timed Automata and Safety Verification

Parameterized Reductions

LOGIC SYNTHESIS AND VERIFICATION ALGORITHMS. Gary D. Hachtel University of Colorado. Fabio Somenzi University of Colorado.

LTCS Report. Concept Descriptions with Set Constraints and Cardinality Constraints. Franz Baader. LTCS-Report 17-02

Transcription:

Analysis of Boolean Programs Patrice Godefroid Microsoft Research Mihalis Yannakakis Columbia University Page 1 March 2013

What is a Boolean Program? All variables have Boolean type, recursive procedures Ex: bool[8] x; // 8-bit global variable procedure foo() print(``a''); if (x>0) x = x-1; foo(); print(``b''); return; Both programs print a n b n Exponentially more succinct than pushdown automata Popular abstract domain for static SW model checking Ex of tools: SLAM, BLAST, YASM, TERMINATOR, YOGI, Precise control-flow representation Data part represented by Bool. predicates (predicate abstraction) Many interesting properties still decidable procedure bar(bool[8] y) print(``a''); if (y>0) bar(y-1); print(``b''); return; local var (saved on stack) Page 2 March 2013

Analysis of Boolean Programs Prior work: several algorithms For reachability, LTL model checking, Run in time exponential in the program size, or worse Often no detailed complexity analysis No lower bounds (can one do better?) This work: study of the worst-case complexity of Reachability, cycle detection, LTL, CTL, CTL* model checking For boolean programs and particular sub-classes Deterministic, hierarchical (no recursion), acyclic, I/O bounded, We present upper bounds and matching lower bounds in all cases All our algorithms are optimal in complexity-theoretic sense Note: different from prior results on pushdown automata Page 3 March 2013

Boolean Programs = ERSMs ERSMs = Extended Recursive State Machines ERSM generalizes: RSM: Recursive State Machine (with no Boolean variables) EHSM: Extended Hierarchical State Machine (no recursion) HSM: Hierarchical State Machine (EHSM with no variables) EFSM: Extended Finite State Machine (one procedure only) FSM: Finite State Machine (one procedure and no variables) Other particular cases considered: I/O bounded: number of I/O (local and global) vars < c. log A where c is some fixed constant and A is the size of the program Deterministic programs, acyclic programs, Page 4 March 2013

Reachability Analysis: Results Theorem: Reachability for ERSMs is EXPTIME-complete Proof: even for deterministic, acyclic ERSMs Upper bound: from prior work Lower bound: with a Boolean program simulating an alternating PSPACE machine Page 5 March 2013

Reachability: Particular Cases Other results: For acyclic EHSMs of bounded depth: NP-complete Page 6 March 2013

LTL Model Checking Theorem: The program complexity of LTL model checking is the same as for reachability analysis, for ERSMs and all the previous sub-classes considered Proofs: Automata-theoretic approach (standard) Negation of LTL formula -> Buchi automaton Product construction Detect a cycle or infinite stack that is accepting Lower bounds: derived from reachability results Upper bounds: Easy cases by reduction to non-extended cases (RSMs etc.) Ex: ERSM case is EXPTIME-complete Harder cases: new algorithms (with automata-theoretic approach) Ex: I/O Bounded ERSM is PSPACE-complete Page 7 March 2013

Branching-Time Properties Theorem: The program complexity of CTL model checking for ERSMs is 2EXPTIME-complete Proof: Upper bound: easy (reduction to RSM CTL model checking) Lower bound: using a nondeterministic Boolean program simulating an alternating EXPSPACE machine (see next slide) and the CTL formula E(C -> EX(CheckMode AF(OK)) U Success) Page 8 March 2013

Boolean prgm simulating an alt EXPSPACE machine Global variables: g_s, g_s', s_new: previous/next/temporary symbol in $\Sigma$ ($log( \Sigma )$ bits) g_q': current state ($log( Q )$ bits) g_h, g_h': previous/next location for the tape head (n bits) g_d: depth (is either 0, 1, 2) j: cell location (n bits) or UNDEF T[j],T'[j]: symbol in $\Sigma$ ($log( \Sigma )$ bits) or UNDEF // 2 symbols, not arrays OK=false, CheckMode=false, Success=false: boolean variables (false by default) Top() j=undef; T[j]=UNDEF; T'[j]=UNDEF; if Next($q_0$,0,$x_0$,0) then Success=true STOP; bool GuessNextTapeCell(tapeLocation i, symbol s) boolean ret; if (g_h'==i) then g_s' = s; // record in g_s' the next symbol read from the next location h' if (i<(2^n -1)) if (g_h==i+1) then s_new = g_s; // new symbol just written at the previous location h else s_new = nondeterministically pick a symbol in $\Sigma$; // $\exists$-nondeterminism ret=guessnexttapecell(i+1,s_new); // put s_new on the stack of the ERSM else ret=next(g_q',g_h',g_s',g_d'); if (CheckMode $\wedge$ i==j) then T[j]=s; return ret; bool Next(state q, headlocation h, symbol s, depth d) C:if (nondeterminism) then CheckMode=true; // in C:, $EX (CheckMode \wedge AF(OK))$ must hold if (CheckMode) // start CheckMode -- this is executed at most once! // we check that the last 2 tape contents T and T' (last) are $\delta_m$-compatible if (d==0) then OK=true; STOP; // nothing to check j= nondeterministically pick a cell location // $0\leq j<2^n$ -- $\forall$-nondeterminism due to $AF(OK)$ return false; // dummy return value in this mode; start popping to get T'[j] and T[j] if (q in $Q_T$) then return true; if (q in $Q_F$) then return false; boolean result; if (q in $Q_\exists$) then result=false; else result=true; // case where q in $Q_\forall$ boolean ret; for each (q',s',d) in $\delta_m$(q,s) // with s=t[h] if (D==L) then h '= h-1 else h' = h+1; // set h' = new head location if (d<2) then g_d'=d+1; // note: d is either 0, 1 or 2 else g_d'=d; g_q' = q'; g_h' = h'; // global variables for next call of Next() g_s = s'; g_h = h; // global variables for this call of Next() if (g_h==0) s_new = g_s; else s_new = nondeterministically pick a symbol in $\Sigma$; // $\exists$-nondeterminism ret=guessnexttapecell(0,s_new); if (CheckMode) if (T[j]!=UNDEF $\wedge$ T'[j]==UNDEF) then // we got T'[j] T'[j]=T[j]; if (d>0) then return false; // continue popping to get T[j] else T[j]=$x_j$; h'=h; // we are ready to check $\delta_m$-compatibility at position j if ((j!=h') $\wedge$ T'[j]==T[j]) then OK=true; // the tape cell content must be unchanged if (j==h') then OK=true; // nothing to check -- case enforced by construction STOP; if (q in $Q_\exists$) then result = result $\vee$ ret; else result = result $\wedge$ ret; return result; Page 9 March 2013

Particular Cases, Other Results For deterministic ERSMs, the program complexity of CTL model checking is only EXPTIME-complete For EHSMs (deterministic or not): PSPACE-complete Same as for HSMs! The program complexity of CTL* model checking is 2EXPTIME-complete for ERSMs EXPTIME-complete for deterministic ERSMs PSPACE-complete for EHSMs (same program complexity as for CTL in all 3 cases) Page 10 March 2013

Summary of Results Complexity bounds in the size of the program: For CTL, deterministic Boolean programs are exponentially easier compared to nondeterministic ones, except for EHSMs CTL harder than LTL for nondeterministic HSMs, RSMs, ERSMs Page 11 March 2013

Visual Summary for Main Classes Adding Boolean variables ( E extension): exponentially more succinct But not uniformly exponentially harder! See the cost of adding hierarchy, adding recursion Page 12 March 2013

Impact on Logic Encodings These results shed new light on logic encodings for (classes of) Boolean programs for VC-gen, SAT/SMT-based bounded model checking Example: reachability for EHSMs is PSPACE-complete No precise polyn.-size encoding of EHSMs in propositional logic But possible in QBF (can be reduced to QSAT) Example: reachability for acyclic EHSMs of bounded depth is NP-complete Possible precise polynomial-size encoding in propositional logic (can be reduced to SAT) Page 13 March 2013

Conclusion Boolean programs: natural program representation Simple, elegant, concise, popular, useful Used in static abstraction-based software model checking tools Generalizes other representations (E/FSMs, HSMs, RSMs, ) Interesting properties (this work!) This paper: 1 st comprehensive study of the worst-case complexity of basic analyses of Boolean programs Reachability, cycle detection, LTL, CTL, CTL* model checking Matching upper and lower bounds for all these problems Sub-classes: explain what features contribute to complexity Nondeterminism, cycles, variables, hierarchy, recursion, I/O-bound, Page 14 March 2013

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback