Tree automata, approximations, and constraints for verification : Tree (Not quite) regular model-checking Vincent Hugot To cite this version: Vincent Hugot. Tree automata, approximations, and constraints for verification : Tree (Not quite) regular model-checking. Information Theory [cs.IT]. Université de Franche-Comté, 2013. English. NNT : 2013BESA2010. tel-00909608v2 HAL Id: tel-00909608 https://tel.archives-ouvertes.fr/tel-00909608v2 Submitted on 10 Sep 2014 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Thèse de Doctorat école doctorale sciences pour l’ingénieur et microtechniques UNIVERSITÉ DE FRANCHE-COMTÉ N◦ 6 6 6 THESE` present´ ee´ par VINCENT HUGOT pour obtenir le Grade de Docteur de l’Universite´ de Franche-Comte´ Specialit´ e´ : Informatique Tree Automata, Approximations, and Constraints for Verification Tree (Not-Quite) Regular Model-Checking Soutenue publiquement le 27 Septembre 2013 devant le Jury compose´ de : PHILIPPE SCHNOEBELEN Rapporteur Directeur de recherche, CNRS JEAN-MARC TALBOT Rapporteur Professeur a` l’Universite´ d’Aix-Marseille PIERRE-CYRILLE HEAM´ Co-Directeur Professeur a` l’Universite´ de Franche-Comte´ OLGA KOUCHNARENKO Directeur de these` Professeur a` l’Universite´ de Franche-Comte´ FLORENT JACQUEMARD Examinateur Charge´ de recherche HDR, INRIA JEAN-FRANC¸ OIS RASKIN Examinateur Professeur a` l’Universite´ libre de Bruxelles SOPHIE TISON Examinateur Professeur a` l’Universite´ de Lille 2 Version of the document: d361, dated 2013-12-30 05:08:42+01:00 , compiled on December 30, 2013. Table of Contents I Motivations and Preliminaries 8 1 Formal Tools for Verification 9 1.1 Model-Checking: Simple, Symbolic & Bounded ............ 10 1.2 Regular Model-Checking .......................... 13 1.3 Tree Automata in Verification ....................... 16 1.4 Outline and Contributions ......................... 19 2 Some Technical Preliminaries 22 2.1 Pervasive Notions and Notations ..................... 23 2.2 Ranked Alphabets, Terms, and Trees ................... 24 2.3 Term Rewriting Systems .......................... 27 2.4 Bottom-Up Tree Automata ......................... 30 2.5 Tree Automata With Global Constraints ................. 35 2.6 Decision Problems and Complexities ................... 37 II Approximating LTL over Rewrite Sequences 40 3 Term Rewriting for Model-Checking 41 3.1 On the Usefulness of Rewriting for Verification ............ 42 3.2 Reachability Analysis for Term Rewriting ................ 44 3.2.1 Preservation of Regularity Through Forward Closure ..... 45 3.2.2 Tree Automata Completion Algorithm ............. 46 3.2.3 Exact Behaviours of Completion ................. 47 3.2.4 One-Step Rewriting, and Completion .............. 47 3.2.5 The Importance of Being Left-Linear .............. 49 3.2.6 One-Step Rewriting, and Constraints .............. 51 4 Approximating LTL on Rewrite Sequences 53 4.1 Preliminaries & Problem Statement ................... 56 4.1.1 Rewrite Words & Maximal Rewrite Words ........... 56 4.1.2 Defining Temporal Semantics on Rewrite Words ........ 57 4.1.3 Rewrite Propositions & Problem Statement ........... 58 4.2 Technical Groundwork: Antecedent Signatures ............. 59 4.2.1 Overview & Intuitions ....................... 59 4.2.2 Choosing a Suitable Fragment of LTL .............. 61 4.2.3 Girdling the Future: Signatures .................. 62 4.3 From Temporal Properties to Rewrite Propositions .......... 73 4.4 Generating an Approximated Procedure ................ 87 4.4.1 Juggling Assumptions and Expressive Power ......... 87 3 4 TABLE OF CONTENTS 4.4.2 Optimisation of Rewrite Propositions .............. 95 4.5 Examples & Discussion of Applicability ................. 97 4.5.1 Examples: Three Derivations ................... 97 4.5.2 Coverage of Temporal Specification Patterns .......... 101 4.5.3 Encodings: Java Byte-Code, Needham–Schroeder & CCS ... 102 4.6 Conclusions & Perspectives ........................ 104 III Decision Problems for Tree Automata with Global Constraints 106 5 A Brief History of Constraints 107 5.1 Tree Automata With Positional Constraints ............... 107 5.1.1 The Original Proposal ....................... 108 5.1.2 A Stable Superclass With Propositional Constraints ...... 109 5.1.3 Constraints Between Brothers ................... 109 5.1.4 Reduction Automata ........................ 110 5.1.5 Reduction Automata Between Brothers ............. 111 5.2 Tree Automata With Global Constraints ................. 111 5.2.1 Generalisation to Propositional Constraints and More .... 112 5.2.2 Rigid Tree Automata ........................ 113 5.3 Synthetic Taxonomy of Automata With Constraints .......... 114 5.4 Notations: Modification of an Automaton ................ 115 6 Bounding the Number of Constraints 117 6.1 The Emptiness & Finiteness Problems .................. 118 6.2 The Membership Problem ......................... 121 6.3 A Strict Hierarchy .............................. 126 6.4 Summary and Conclusions ........................ 128 7 SAT Encodings for TAGED Membership 129 7.1 Propositional Encoding ........................... 130 7.2 Complexity and Optimisations ...................... 135 7.3 Implementation and Experiments .................... 136 7.3.1 Experimental Results ........................ 137 7.3.2 The Tool: Inputs and Outputs .................. 138 7.4 Conclusions ................................. 139 IV Decision Problems for Tree-Walking Automata 142 8 Tree Automata for XML 143 8.1 Tree-Walking Automata .......................... 144 8.2 Abstracting Away Unranked Trees .................... 148 8.2.1 Unranked Trees and Their Automata .............. 148 8.2.2 Document Type Definitions (DTD) ................ 151 8.2.3 Binarisation of Trees and Automata ............... 152 8.3 Queries, Path Expressions, and Their Automata ............ 155 8.3.1 Logic-based Queries ........................ 156 8.3.2 (Core) XPath: a Navigational Language ............. 157 8.3.3 Caterpillar Expressions ...................... 160 TABLE OF CONTENTS 5 8.4 The Families of Tree-Walking Automata ................. 162 8.4.1 Basic Tree-Walking Automata ................... 163 8.4.2 Nested Tree-Walking Automata ................. 164 9 Loops and Overloops: Effects on Complexity 165 9.1 Introduction ................................. 166 9.2 Loops, Overloops and the Membership Problem ............ 167 9.2.1 Defining, Classifying and Computing Loops .......... 167 9.2.2 A Direct Application of Loops to Membership Testing .... 170 9.2.3 From Loops to Overloops ..................... 172 9.3 Transforming TWA into equivalent BUTA ................ 174 9.3.1 Two Variants: Loops and Overloops ............... 175 9.3.2 Overloops: Deterministic Size Upper-Bound .......... 177 9.4 A Polynomial Over-Approximation for Emptiness ........... 179 9.5 Experimental Results ............................ 181 9.5.1 Evaluating the Approximation’s Effectiveness ......... 181 9.5.2 Overloops Yield Smaller BUTA .................. 182 9.5.3 Demonstration Software ...................... 183 9.6 Conclusions ................................. 184 V Summary and Perspectives 186 10 Summary and Future Works 187 10.1 Summary of Contributions ........................ 187 10.2 Future Works & Perspectives ....................... 188 11 Appendix 191 11.1 More Relatives of Automata With Constraints ............. 191 11.1.1 Directed Acyclic Ordered Graph Automata ........... 191 11.1.2 Tree Automata With One Memory ................ 193 11.2 More Relatives of Tree-Walking Automata ................ 196 11.2.1 Tree-Walking Pebble Automata .................. 196 11.2.2 Tree-Walking Invisible Pebble Automata ............ 197 11.2.3 Tree-Walking Marbles Automata ................. 198 11.2.4 Tree-Walking Set-Pebble Automata ............... 199 11.2.5 Alternating Tree-Walking Automata ............... 199 12 [FR] Résumé en français 200 12.1 Approximation de LTL sur réécriture .................. 202 12.2 Problèmes de décisions pour automates à contraintes ......... 206 12.3 Problèmes de décision pour les automates cheminants ........ 208 List of Figures 1.1 Tree representation of “Star Trek” XML document. .......... 18 2.1 Reading dependencies between chapters. ................ 23 2.2 Automata, their closure properties and decision complexities. .... 38 2.3 Decision problems: inputs and outputs. ................. 39 3.1 Executions of a rewrite system satisfying (X ⇒ •Y). ......... 42 3.2 Forward-closure regularity-preserving classes of TRS. ......... 46 4.1 LTL semantics on maximal rewrite words. ............... 58 4.2 Building signatures on A-LTL. ...................... 73 4.3 Partially supported patterns from [Dwyer, Avrunin & Corbett, 1999]. 101 5.1 A taxonomy of automata, with or without constraints. ........ 116 6.1 Reduction of intersection-emptiness: the language. .......... 120 6.2 Housings: affecting a similarity classes to each group. ........ 123 7.1 CNF solving time, laboratory example. ................. 137 7.2 CNF solving time, L=, for accepted and rejected terms. ........ 138 7.3 Input syntax of the membership