1 / 12

Widening Automata

Widening Automata. Verification of assertions Forward fixpoint computation. Set of initial states I Postcondition function Post() Error states. I. Post(I). ?. Post(Post(I)). E. Verification of assertions Backward fixpoint computation. Set of initial states I

jmcclinton
Download Presentation

Widening Automata

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Widening Automata

  2. Verification of assertionsForward fixpoint computation • Set of initial states I • Postcondition function Post() • Error states I . . . Post(I) ? Post(Post(I)) E

  3. Verification of assertionsBackward fixpoint computation • Set of initial states I • Precondition function Pre() • Error states E E . . . Pre(E) ? Pre(Pre(E)) I

  4. Fixpoints may not converge • For infinite state systems fixpoint computations may • not converge at all • require a large number of iterations • Widening is a approximation technique that helps a fixpoint computation converge

  5. A widening operator • Idea: Instead of computing a sequence of automata A1, A2, … where Ai+1=Aipost(Ai), compute A’1, A’2, … where A‘i+1=A’i(A’ipost(A’i)) • By definition AB  AB • The goal is to find a widening operator  such that: • The sequence A’1, A’2, … converges • It converges fast • The computed fixpoint is as close as possible to the exact set of reachable states

  6. Widening Automata • Given automata A and A’ we want to compute AA’ • We say that states k and k’ are equivalent (kk’) if either • k and k’ can be reached from either initial state with the same string (unless k or k’ is a sink state) • or, the languages accepted from k and k’ are equal • or, for some state k’’, kk’’ and k’k’’ • The states of AA’ are the equivalence classes of 

  7. Example 0 1 0,1 X X 1 0 0,1 0 0 1 0 1 1 3 0 1 0,1 0 1 0 0,1 0 X 0,1 1 1 X X 0 3 0 1 2 1 0 2 0 1 0,1 3 1 0

  8. Example 0 1 0,1 0 1 0,1 X X 1 0 0,1 0 X 0,1 1 X X 1 0 0,1 0 1 0 3 0 1 1 0 2 0 1 0,1 1 0 0 X 0,1 1 0 X X = 1 0 0 1 0,1 0,1 2 3 0 1

  9. Example 0 0, X 1 1 0 X X 1 0 0 1 0,1 0 2 0 0 1 2 0 1 1 1 3 2 4 0 X 0,1 0 X 1 1 0 1 0 X X 0 0 2 1 0 1 0,1 0 3 4 0 1 2 0 1 3 1 0 1 0 1 4 X 0

  10. Example 0 X 0,1 0 0, X 1 1 0 X X 1 0 X X X 1 1 0 0 0 2 1 0 0 1 0,1 0 1 0,1 0 1 2 0 3 4 0 1 0 1 0 1 1 0 1 0 1 X 0 0 X 0,1 X 1 0,0 = 1 0 0,2 1,3 0 1

  11. An exactness result (some definitions) • An automaton (Q,,,q0,F) is called state-disjoint if for all qiqjQ, L(qi)L(qj)= • An automaton (Q1,,1,q01,F1) is called weakly equivalent to (Q2,,2,q02,F2) iff there exists f: Q1 Q2, such that: • f(q01)=q02 • f(1(q,))=2(f(q), ) for all qQ1 and  • f(q) F2 for all q F1

  12. An exactness result • If • a least fixpoint is represented by a state-disjoint automaton A • and, the first automaton As in the approximate sequence is weakly equivalent to A • then • the approximate sequence converges to the exact least fixpoint

More Related