Results 1  10
of
15
On (Omega)Regular Model Checking
, 2008
"... Checking infinitestate systems is frequently done by encoding infinite sets of states as regular languages. Computing such a regular representation of, say, the set of reachable states of a system requires acceleration techniques that can finitely compute the effect of an unbounded number of transi ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
(Show Context)
Checking infinitestate systems is frequently done by encoding infinite sets of states as regular languages. Computing such a regular representation of, say, the set of reachable states of a system requires acceleration techniques that can finitely compute the effect of an unbounded number of transitions. Among the acceleration techniques that have been proposed, one finds both specific and generic techniques. Specific techniques exploit the particular type of system being analyzed, e.g. a system manipulating queues or integers, whereas generic techniques only assume that the transition relation is represented by a finitestate transducer, which has to be iterated. In this paper, we investigate the possibility of using generic techniques in cases where only specific techniques have been exploited so far. Finding that existing generic techniques are often not applicable in cases easily handled by specific techniques, we have developed a new approach to iterating transducers. This new approach builds on earlier work, but exploits a number of new conceptual and algorithmic ideas, often induced with the help of experiments, that give it a broad scope, as well as good performances.
Using Language Inference to Verify omegaregular Properties
 In Proc. of TACAS’05, volume 3440 of LNCS
, 2005
"... A novel machine learning based approach was proposed recently as a complementary technique to the acceleration based methods for verifying infinite state systems. In this method, the set of states satisfying a fixpoint property is learnt as opposed to being iteratively computed. We extend the ma ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
(Show Context)
A novel machine learning based approach was proposed recently as a complementary technique to the acceleration based methods for verifying infinite state systems. In this method, the set of states satisfying a fixpoint property is learnt as opposed to being iteratively computed. We extend the machine learning based approach to verifying general #regular properties that include both safety and liveness.
Minimization, learning, and conformance testing of boolean programs
 In CONCUR
, 2006
"... Abstract. Boolean programs with recursion are convenient abstractions of sequential imperative programs, and can be represented as recursive state machines (RSMs) or pushdown automata. Motivated by the special structure of RSMs, we define a notion of modular visibly pushdown automata (modular VPA) a ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Boolean programs with recursion are convenient abstractions of sequential imperative programs, and can be represented as recursive state machines (RSMs) or pushdown automata. Motivated by the special structure of RSMs, we define a notion of modular visibly pushdown automata (modular VPA) and show that for the class of languages accepted by such automata, unique minimal modular VPA exist. This yields an efficient approximate minimization theorem that minimizes RSMs to within a factor of k of the minimal RSM, where k is the maximum number of parameters in any module. Using the congruence defined for minimization, we show an active learning algorithm (with a minimally adequate teacher) for context free languages in terms of modular VPAs. We also present an algorithm that constructs complete test suites for Boolean program specifications. Finally, we apply our results on learning and test generation to perform model checking of blackbox Boolean programs. 1
A Machine Learning Approach for Statistical Software Testing
 in Proceedings, International Conference on Artificial Intelligence
"... Some Statistical Software Testing approaches rely on sampling the feasible paths in the control ow graph of the program; the difculty comes from the tiny ratio of feasible paths. This paper presents an adaptive sampling mechanism called EXIST for Exploration/eXploitation Inference for Software Test ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Some Statistical Software Testing approaches rely on sampling the feasible paths in the control ow graph of the program; the difculty comes from the tiny ratio of feasible paths. This paper presents an adaptive sampling mechanism called EXIST for Exploration/eXploitation Inference for Software Testing, able to retrieve distinct feasible paths with high probability. EXIST proceeds by alternatively exploiting and updating a distribution on the set of program paths. An original representation of paths, accommodating longrange dependencies and data sparsity and based on extended Parikh maps, is proposed. Experimental validation on realworld and articial problems demonstrates dramatic improvements compared to the state of the art. 1
Inferring network invariants automatically
 In Proc. International Joint Conference on Automated Reasoning (IJCAR ’06), volume 4130 of LNAI
, 2006
"... Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reas ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reasoning about it, uniform verification with respect to the family P [1] ‖ · · · ‖ P [n] can be carried out. In this paper, we propose a procedure that searches systematically for a network invariant satisfying a given safety property. The search is based on algorithms for learning finite automata due to Angluin and Biermann. We optimize the search by combining both algorithms for improving successive possible invariants. We also show how to reduce the learning problem to SAT, allowing efficient SAT solvers to be used, which turns out to yield a very competitive learning algorithm. The overall search procedure finds a minimal such invariant, if it exists. 1
Learning to verify branching time properties
 In Proc. of the Twentieth IEEE/ACM International Conference on Automated Software Engineering
, 2005
"... Abstract. We present a new model checking algorithm for verifying computation tree logic (CTL) properties. Our technique is based on using language inference to learn the fixpoints necessary for checking a CTL formula instead of computing them iteratively as is done in traditional model checking. Th ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new model checking algorithm for verifying computation tree logic (CTL) properties. Our technique is based on using language inference to learn the fixpoints necessary for checking a CTL formula instead of computing them iteratively as is done in traditional model checking. This allows us to analyze infinite or large statespace systems where the traditional iterations may not converge or may take too long to converge. We allow fairness constraints to be specified for verification of various liveness properties. The main challenge in developing a learning based model checking algorithm for CTL is that CTL properties express nested fixpoints. We overcome this challenge by developing a new characterization of CTL properties in terms of functions that have unique fixpoints. We instantiate our technique to systems in which states are encoded as strings and use a regular inference algorithm to learn the CTL fixpoints. We prove that if the fixpoints have a regular representation, our procedure will always terminate with the correct answer. We have extended our Lever tool to use the technique presented in this paper and demonstrate its effectiveness by verifying a number of parametric and integer systems. 1
Cutoffs and Automata in Formal Verification of InfiniteState Systems
, 2006
"... In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference and journal papers joint into a unified framework and accompanied with a significantly extended overview of other existing approaches. The presented original results include cutoffs for verification of parameterised networks of processes with shared resources, the approach of abstract regular model checking combining regular model checking with the counterexampleguided abstraction refinement (CEGAR) loop, a proposal of using language inference for regular model checking, techniques for an application of regular model checking to verification of programs manipulating dynamic linked data structures, the approach of abstract regular tree model checking as well as a proposal of a novel class of tree automata with size constraints with applications in verification of programs manipulating balanced tree structures.
Structural Statistical Software Testing with Active Learning in a Graph
"... Abstract. Structural Statistical Software Testing (SSST) exploits the control flow graph of the program being tested to construct test cases. Specifically, SSST exploits the feasible paths in the control flow graph, that is, paths which are actually exerted for some values of the program input; the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Structural Statistical Software Testing (SSST) exploits the control flow graph of the program being tested to construct test cases. Specifically, SSST exploits the feasible paths in the control flow graph, that is, paths which are actually exerted for some values of the program input; the limitation is that feasible paths are massively outnumbered by infeasible ones. Addressing this limitation, this paper presents an active learning algorithm aimed at sampling the feasible paths in the control flow graph. The difficulty comes from both the few feasible paths initially available and the nature of the feasible path concept, reflecting the longrange dependencies among the nodes of the control flow graph. The proposed approach is based on a frugal representation inspired from Parikh maps, and on the identification of the conjunctive subconcepts in the feasible path concept within a Disjunctive Version Space framework. Experimental validation on realworld and artificial problems demonstrates significant improvements compared to the state of the art.
EXIST: Exploitation/Exploration Inference for Statistical Software Testing
 in &quot;Online Trading of Exploration and Exploitation, NIPS 2006 Workshop
, 2006
"... Pathbased Statistical Software Testing is interested in sampling the feasible paths in the control flow graph of the program being tested. As the ratio of feasible paths becomes negligible for large programs, an ML approach is presented to iteratively estimate and exploit the distribution of feasib ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Pathbased Statistical Software Testing is interested in sampling the feasible paths in the control flow graph of the program being tested. As the ratio of feasible paths becomes negligible for large programs, an ML approach is presented to iteratively estimate and exploit the distribution of feasible paths. 1
Learning Visibly OneCounter Automata in Polynomial Time
, 2010
"... Visibly onecounter automata are a restricted kind of onecounter automata: The input symbols are typed such that the type determines the instruction that is executed on the counter when the input symbol is read. We present an Angluinlike algorithm for actively learning visibly onecounter automat ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Visibly onecounter automata are a restricted kind of onecounter automata: The input symbols are typed such that the type determines the instruction that is executed on the counter when the input symbol is read. We present an Angluinlike algorithm for actively learning visibly onecounter automata that runs in polynomial time in characteristic parameters of the target language and in the size of the information provided by the teacher.