7 Discussion and Future work - arxiv: v1 [cs.fl] 28 May 2021

In this paper, we examined how an unbounded stack can be integrated seamlessly with zone-abstractions in timed automata. We would like to point out that two easy extensions of our work are possible. First, as remarked earlier, our algorithm checks for well-nested reachability, i.e., it requires to reach a final state with empty stack for acceptance. But it is easy to generalize this to general control-state reachability: we can show that a control control-state q is reachable in the PDTA (with possibly a non-empty stack) iff some node (q, Z) is discovered by our algorithm and added to some S(q^′,Z^′) (and not just to S(q0,Z0) as in the well-nested case). While this idea is simple and requires only minor edits to the existing algorithm, the proof of correctness requires more work and we leave this for future work.

Secondly, we could handle the model with ages in stack as in [3,1] with an exponential blowup (thanks to [12]). However, an open question is whether this blowup can be avoided in practice at least. As noted earlier, there exist exten-sions [14,13] studied especially in the context of binary reachability, which are expressively strictly more powerful, for which decidability results are known. It

would be interesting to see how we can extend the zone-based approach devel-oped here to those models.

Finally, it seems interesting to examine further the link to the liveness prob-lem, possibly allowing us to transfer ideas and obtain faster implementations.

Another possibility would be to use the extrapolation operator (rather than or in addition to simulation), which we have not considered in this work.

References

1. Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Jari Stenman. Dense-timed pushdown automata. In Proceedings of the 27th Annual IEEE Symposium on Logic in Computer Science, LICS 2012, Dubrovnik, Croatia, June 25-28, 2012, page 35–44, 2012.

2. S. Akshay, Paul Gastin, Vincent Jug´e, and Shankara Narayanan Krishna. Timed systems through the lens of logic. In 34th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2019, Vancouver, BC, Canada, June 24-27, 2019, pages 1–13, 2019.

3. S. Akshay, Paul Gastin, and Shankara Narayanan Krishna. Analyzing Timed Sys-tems Using Tree Automata. Logical Methods in Computer Science, Volume 14, Issue 2, May 2018.

4. S. Akshay, Paul Gastin, Shankara Narayanan Krishna, and Sparsa Roychowdhury.

Revisiting underapproximate reachability for multipushdown systems. In Tools and Algorithms for the Construction and Analysis of Systems - 26th International Conference, TACAS 2020, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020, Dublin, Ireland, April 25-30, 2020, Proceedings, Part I, volume 12078 of Lecture Notes in Computer Science, pages 387–404. Springer, 2020.

5. S. Akshay, Paul Gastin, Shankara Narayanan Krishna, and Ilias Sarkar. Towards an efficient tree automata based technique for timed systems. In 28th International Conference on Concurrency Theory, CONCUR 2017, September 5-8, 2017, Berlin, Germany, pages 39:1–39:15, 2017.

6. Rajeev Alur and David L Dill. A theory of timed automata. Theoretical computer science, 126(2):183–235, 1994.

7. Gerd Behrmann, Patricia Bouyer, Kim Guldstrand Larsen, and Radek Pel´anek.

Lower and upper bounds in zone based abstractions of timed automata. In Kurt Jensen and Andreas Podelski, editors, Tools and Algorithms for the Construc-tion and Analysis of Systems, 10th InternaConstruc-tional Conference, TACAS 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, March 29 - April 2, 2004, Proceedings, volume 2988 of Lecture Notes in Computer Science, pages 312–326. Springer, 2004.

8. Johan Bengtsson, Kim Larsen, Fredrik Larsson, Paul Pettersson, and Wang Yi.

Uppaal—a tool suite for automatic verification of real-time systems. In Interna-tional Hybrid Systems Workshop, pages 232–243. Springer, 1995.

9. Ahmed Bouajjani, Rachid Echahed, and Riadh Robbana. On the automatic veri-fication of systems with continuous variables and unbounded discrete data struc-tures. In International Hybrid Systems Workshop, pages 64–85. Springer, 1994.

10. Patricia Bouyer. Forward analysis of updatable timed automata. Formal Methods Syst. Des., 24(3):281–320, 2004.

11. Patricia Bouyer, Fran¸cois Laroussinie, and Pierre-Alain Reynier. Diagonal con-straints in timed automata: Forward analysis of timed systems. In Paul Pettersson and Wang Yi, editors, Formal Modeling and Analysis of Timed Systems, Third International Conference, FORMATS 2005, Uppsala, Sweden, September 26-28, 2005, Proceedings, volume 3829 of Lecture Notes in Computer Science, pages 112–

126. Springer, 2005.

12. Lorenzo Clemente and Slawomir Lasota. Timed pushdown automata revisited. In 30th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2015, Kyoto, Japan, July 6-10, 2015, page 738–749, 2015.

13. Lorenzo Clemente and Slawomir Lasota. Reachability relations of timed pushdown automata. J. Comput. Syst. Sci., 117:202–241, 2021.

14. Lorenzo Clemente, Slawomir Lasota, Ranko Lazic, and Filip Mazowiecki. Timed pushdown automata and branching vector addition systems. In 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017, Reykjavik, Iceland, June 20-23, 2017, pages 1–12. IEEE Computer Society, 2017.

15. Zhe Dang. Pushdown timed automata: a binary reachability characterization and safety verification. Theor. Comput. Sci., (1-3):93–121, 2003.

16. Paul Gastin, Sayan Mukherjee, and B. Srivathsan. Fast algorithms for handling diagonal constraints in timed automata. In Computer Aided Verification - 31st International Conference, CAV 2019, New York City, NY, USA, July 15-18, 2019, Proceedings, Part I, volume 11561 of Lecture Notes in Computer Science, pages 41–59. Springer, 2019.

17. Frédéric Herbreteau, Dileep Kini, B. Srivathsan, and Igor Walukiewicz. Using non-convex approximations for efficient analysis of timed automata. In IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Sci-ence, FSTTCS 2011, December 12-14, 2011, Mumbai, India, volume 13 of LIPIcs, pages 78–89. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2011.

18. Fr´ed´eric Herbreteau and Gerald Point. Tchecker. Available at https://github.com/fredher/tchecker.

19. Fr´ed´eric Herbreteau, B. Srivathsan, Thanh-Tung Tran, and Igor Walukiewicz. Why liveness for timed automata is hard, and what we can do about it. ACM Trans.

Comput. Log., 21(3):17:1–17:28, 2020.

20. Fr´ed´eric Herbreteau, B. Srivathsan, and Igor Walukiewicz. Better abstractions for timed automata. In Proceedings of the 27th Annual IEEE Symposium on Logic in Computer Science, LICS 2012, Dubrovnik, Croatia, June 25-28, 2012, pages 375–384. IEEE Computer Society, 2012.

21. Alfons Laarman, Mads Chr. Olesen, Andreas Engelbredt Dalsgaard, Kim Guld-strand Larsen, and Jaco van de Pol. Multi-core emptiness checking of timed b¨uchi automata using inclusion abstraction. In Natasha Sharygina and Helmut Veith, editors, Computer Aided Verification - 25th International Conference, CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. Proceedings, volume 8044 of Lecture Notes in Computer Science, pages 968–983. Springer, 2013.

22. Kim G Larsen, Paul Pettersson, and Wang Yi. Uppaal in a nutshell. International journal on software tools for technology transfer, 1(1-2):134–152, 1997.

23. Stavros Tripakis. Checking timed b¨uchi automata emptiness on simulation graphs.

ACM Trans. Comput. Log., 10(3):15:1–15:19, 2009.

24. Ashutosh Trivedi and Dominik Wojtczak. Recursive timed automata. In ATVA Proceedings, pages 306–324, 2010.

A Appendix

A.1 Benchmarks Used

We have used a total of 10 benchmarks. Of these the following are the ones which accept an empty language, B2(k) for all values of k, B4, B6(k1, k2, k3) for k1 ≥ k2, and B7. The rest of the PDTA accept non-empty languages. The benchmarks we have used are described as follows,

– B1: The benchmark B1in Figure 8 is an adaptation of the P DT A in Figure 1.

Instead of 3 pushes we have 8, and instead of, y ≤ 3 we have y ≤ 10. The state q1 is reachable in the benchmark. We use this benchmark, since the zone graph for this P DT A without any simulation will be infinitely large.

– B2(k): This is an adaptation of the P DT A in Figure 3, with k + 1 pops between q0, and q3, and y ≤ k replacing y ≤ 1. The PDTA has k + 4 states, and state q2 is unreachable irrespective of the value of k. We have chosen this as a benchmark since in order to say that q2 is unreachable, the loop q0 −→ q1 −→ q0, has to be taken as many times as possible, creating more number of root nodes, with each root node containing the set of nodes that it can reach, making the size of the entire TLM proportional to k². Therefore in order to accurately say that q2 is unreachable, it would take O(k²) time.

– B3(k1, k2): We have made this benchmark using a T P DA, with timed stack, and converting it to a timeless stack P DT A using an approach similar to the one proposed in [12]. The T P DA with timed stack is shown in Figure 7. In both Figures 7 and 10, we can see that state s1 is reachable only if k1≤ k2. This creates a significant difference in execution times when it comes to B3(4, 3), and B3(3, 4).

q1 r1 s1

pusha

popa, age≥ k1 popa, age≤ k2

Fig. 7: Timed Stack T P DA used for conversion to B3(k1, k2).

– B4: This benchmark was originally used for testing in the region based im-plementation [5]. Since there was only one push-pop pair, and no cycles with push/pop in it, it could be simulated using an extra clock x3. The language accepted by the automaton is empty, since q5 is unreachable.

– B5(k1, k2): An illustration of this benchmark is shown in Figure 12, with k1 = 4. k1 should be even for q1 to be reachable. This PDTA benchmark is used since a large number of pushes are required to reach q1, creating more root nodes. Also because of internal transition loops between rx, and r_x^′ in the PDTA which can create many non equivalent zones, this creates the possibility of a large TLM.

– B6(k1, k2, k3): The illustration for this benchmark is shown in Figure 13. It has been used to indicate that the size of the TLM is not just dependent on the size of the automaton, but also on the constants used in the automaton.

In this PDTA, the size of the TLM is dependent on all k1, k2, and k3. k1, and k2enforce the pushes and pops in the automaton to be taken a fixed number of times, and if k1≥ k2, the language accepted is empty.

– B7: The benchmark illustrated in Figure 14 has been used also in order to highlight the significance of open guards. The guards over the pushes, push_a, and pushb, make it impossible to take two pushes on a, then a push on b, which is required to empty the stack on reaching q2. And the guards x== 0 ∧ z == 20, also make it harder to directly reach q2 with an empty stack.

– B8: A variation of this P DT A was used in testing for the region based imple-mentation as well. States {q1, q3, q5, q6, q8} are reachable, and the language is not empty.

– B9(k1, k2): The PDTA for this benchmark with k1 = 2 is illustrated in Figure 16. This benchmark has been used in order to force the automaton to take only a single path which is allowed. Also the extra 2 state loops on nodes like r2, can create many non-equivalent nodes under one root node, and these nodes can then be propagated to other root nodes via pushes and pops, which can make the execution time heavily dependent on the constant k2.

– B10: This benchmark has been used in order to show that our tool can also handle open constraints on guards. This benchmark like B6 one can have the size of TLM highly dependent on the constants in transition guards.

A.2 All Results

Here we display all results on the benchmarks that have been used.

q0 · · ·

q₁ t0: push⁸a

t1: y ≤ 10, {x}, popa

t2: (x ≥ 1, {x}), popa

Fig. 8: B1: P DT A. States q0, and q1are reachable. The · · · indicates that there are a series of states, say, {r1, r2, ...r8} between q0, and q1, with 8 pushes, starting from q0 −→ r1, to r7 −→ r8. And in the end there transition t1 is in between r8

and q1.

q₀ · · · q₂

x≥ 1, {x}

y≤ k, pusha

pop^k+1_a

Fig. 9: Parametrized P DT A - B2(k). Used in experiments using different values of k. The · · · indicate there are a series of transitions (linear) between q0and q2

consisting of k + 1 pops. The number of states between q0and q2, will be k + 1.

q1 q2 r1

r₂

s₁ s2

pusha2,{y}

pusha1,{x}

pusha

pusha1,{x}

popa1, x≥ k1

popa, y≤ k2

popa2, y≤ k2

Fig. 10: B3(k1, k2) Parametrized P DT A with parameters k1, and k2. If k1> k2, then the state {q1, r1} is reachable. Otherwise, {q1, r1, s1} are reachable.

q2 q3

q₄

q5 q6

{x1, x2}

x1≥ 1, {x3}, pusha x1= 1, {x2}

x1= 1, x2≤ 3 x1= 1

{x1≤ 1, x2≥ 1, x3= 1}, popa

{x1, x2}

{x1= 1, x2= 0}

x1= 0

Fig. 11: B4 P DT A, states {q0, q1, q3, q4} are reachable.

q0 r1

r₁^′

r^′₂

r^′₃

r^′₄

pusha

x≥ 1, {x}

y≤ k2

pusha

x≥ 1, {x} y≤ k2

popa

x≥ 1, {x}

y≤ k2

popa

x≥ 1, {x} y≤ k2

Fig. 12: B5(4, k2): Parametrized PDTA with k1= 4. k1indicates the total num-ber of pairs of states rx, and r^′_x in between q0 and q1. For all even k1, state q1

is reachable.

q₁^′ q₂

q₄

x= 1, {x} y≤ k1, pusha

z₁≥ 1, {z1} z2 ≤ k3

x= 0, y ≥ k1,{x, y}

x= 1, {x} y < k2, popa

Fig. 13: B6(k1, k2, k3): State q5is not reachable if k1≥ k2, otherwise it is.

q1 q2

q3 q4

x >1, pusha,{x}

y <2, pushb,{y}

x= 0, z = 20 popb

popa

Fig. 14: B7: P DT A with state {q1} as reachable.

q₁ q₂ q₃

q7 q8

pusha,{x2} x2= 1, popa,{x4}

x4= 0, pushb,{x3}

x3≥ 1, popb,{x1} {x1}

pusha,{x2}

x₂≥ 1, popa

Fig. 15: B8: P DT A with states {q1, q3, q5, q6, q8} as reachable.

r^′₂

r^′₅

s₁ s₂ · · · sf

pusha1

pusha₂

pusha3

pusha4

pusha5

pusha6 pusha7

pusha8

popa4 popa3 popa2 popa5

x≥ 1, {x} y≤ k2

x≥ 1, {x}

y≤ k2

Fig. 16: B9(2, k2): Parametrized PDTA with k1= 2. k1indicates the total num-ber of loops of size 4, around q0. It involves a direct loop of 4 pushes on unique symbols ai to ai+4, and another loop on the middle state. Finally starting from q0there is a line of transitions with no loops, having pops matching all loops in order. Only {q0, sf} are reachable in the automata irrespective of the values of k1, k2.

q1 q2

q₃

x >1, pusha,{x}

y <2, pushb,{y}

x= 0, z = 4

popa popb

Fig. 17: B10: P DT A with states {q1, q2, q3, q4} as reachable.

Testing on Benchmarks

Benchmark LU LU ∼LU ∼LU RB RB

Time # nodes Time # nodes Time # nodes

B1 0.2 17 0.2 17 235.6 4100

B2(5) 0.3 27 0.3 27 21 1500

B2(10) 0.8 77 0.8 77 6835.8 30200

B2(100) 20.0 5252 20.7 5252 T.O. ≥154700

B2(1000) 9140.4 502502 9164.8 502502 T.O. T.O.¹

B3(4, 3) 0.2 6 0.2 6 1043.8 14300

B3(3, 4) 0.2 9 0.2 9 98.8 3400

B4 0.2 8 0.1 8 0.3 17

B5(100, 10) 0.8 202 5.4 2212 OOM OOM

B₅(100, 100) 0.6 202 67.6 20302 OOM OOM

B5(100, 1000) 0.7 202 3564.3 201202 OOM OOM

B5(1000, 100) 4.2 2002 673.8 202102 OOM OOM

B5(5000, 100) 23.2 10002 3429.3 1010102 OOM OOM

B6(4, 5, 100) 0.3 30 12.4 2459 NA NA

B6(4, 5, 1000) 0.3 30 483.1 24059 NA NA

B6(4, 5, 10000) 0.3 30 47694.8 240059 NA NA

B6(5, 4, 100) 0.3 30 14.3 3047 NA NA

B6(5, 4, 1000) 0.3 30 611.8 30047 NA NA

B6(5, 4, 10000) 0.3 30 60271.9 300047 NA NA

B6(500, 501, 100) 38.9 3006 509.8 34802 NA NA

B6(501, 500, 100) 38.2 3006 501.0 34799 NA NA

B7 112.4 4475 113.1 4475 NA NA

B8 0.2 8 0.2 8 0.6 26

B9(10, 10) 0.3 81 13.3 4136 T.O. ≥96500

B9(50, 10) 1.1 401 52.9 20856 OOM OOM

B₉(100, 10) 1.9 801 107.0 41756 OOM OOM

B9(10, 20) 0.5 81 47.2 14091 T.O. ≥106400

B9(10, 50) 0.4 81 543.2 79356 T.O. ≥370500

B9(10, 100) 0.4 81 5374.1 306131 T.O. ≥133600

B10 1.8 150 2.0 166 NA NA

Table 3: List of all results on the three environments. All time is recorded in milliseconds. T.O. refers to timeout before 120 seconds, and OOM refers to OOM kill of process. In case of timeout ≥ n, refers to recorded number of nodes before timeout occurred. In case of B2(1000) the preprocessing is not complete before the timeout and hence no nodes are displayed.

In document arxiv: v1 [cs.fl] 28 May 2021 (Page 24-36)