Relational String Verification Using Multi-track Automata.

Slides:

Advertisements

Similar presentations

CS2303-THEORY OF COMPUTATION Closure Properties of Regular Languages

Advertisements

CSC 361NFA vs. DFA1. CSC 361NFA vs. DFA2 NFAs vs. DFAs NFAs can be constructed from DFAs using transitions: Called NFA- Suppose M 1 accepts L 1, M 2 accepts.

Nondeterministic Finite Automata CS 130: Theory of Computation HMU textbook, Chapter 2 (Sec 2.3 & 2.5)

Deterministic Finite Automata (DFA)

YES-NO machines Finite State Automata as language recognizers.

Automata and Formal Languages Tim Sheard 1 Lecture 9 Reasoning with DFAs.

Introduction to Computability Theory

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

Finite Automata Great Theoretical Ideas In Computer Science Anupam Gupta Danny Sleator CS Fall 2010 Lecture 20Oct 28, 2010Carnegie Mellon University.

1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata Prof. Amos Israeli.

Intro to DFAs Readings: Sipser 1.1 (pages 31-44) With basic background from Sipser 0.

Introduction to Computability Theory

Intro to DFAs Readings: Sipser 1.1 (pages 31-44) With basic background from Sipser 0.

Lecture 3UofH - COSC Dr. Verma 1 COSC 3340: Introduction to Theory of Computation University of Houston Dr. Verma Lecture 3.

Finite Automata and Non Determinism

CS5371 Theory of Computation

1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata (cont.) Prof. Amos Israeli.

CS5371 Theory of Computation Lecture 5: Automata Theory III (Non-regular Language, Pumping Lemma, Regular Expression)

Fall 2006Costas Busch - RPI1 Properties of Regular Languages.

1 Finite state automaton (FSA) LING 570 Fei Xia Week 2: 10/07/09 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA.

Lecture 3 Goals: Formal definition of NFA, acceptance of a string by an NFA, computation tree associated with a string. Algorithm to convert an NFA to.

CS5371 Theory of Computation Lecture 4: Automata Theory II (DFA = NFA, Regular Language)

Costas Busch - LSU1 Non-Deterministic Finite Automata.

Foundations of (Theoretical) Computer Science Chapter 1 Lecture Notes (Section 1.2: NFA’s) David Martin With some modifications.

FORMAL LANGUAGES, AUTOMATA AND COMPUTABILITY

Great Theoretical Ideas in Computer Science.

Regular Languages A language is regular over  if it can be built from ;, {  }, and { a } for every a 2 , using operators union ( [ ), concatenation.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

Regular Expressions (RE) Empty set Φ A RE denotes the empty set Empty string λ A RE denotes the set {λ} Symbol a A RE denotes the set {a} Alternation M.

DECIDABILITY OF PRESBURGER ARITHMETIC USING FINITE AUTOMATA Presented by : Shubha Jain Reference : Paper by Alexandre Boudet and Hubert Comon.

Theory of Computation, Feodor F. Dragan, Kent State University 1 Regular expressions: definition An algebraic equivalent to finite automata. We can build.

Lecture # 3 Chapter #3: Lexical Analysis. Role of Lexical Analyzer It is the first phase of compiler Its main task is to read the input characters and.

1 For each language, give a regular expression that generates the language and a DFA that accepts it. L 1 = { w  {0, 1}* : has both 00 and 11 as substrings}

Automating Construction of Lexers. Example in javacc TOKEN: { ( | | "_")* > | ( )* > | } SKIP: { " " | "\n" | "\t" } --> get automatically generated code.

4b 4b Lexical analysis Finite Automata. Finite Automata (FA) FA also called Finite State Machine (FSM) –Abstract model of a computing entity. –Decides.

1 State SymbolRead- Q E(Q) a b a b a b Convert to a DFA: Start state: Final States:

Regular Expressions and Languages A regular expression is a notation to represent languages, i.e. a set of strings, where the set is either finite or contains.

CHAPTER 1 Regular Languages

The decidability of Presburger Arithmetic By Guillermo Guillen 04/13/05 Dr. Smith COT 6421 FIU Spring 2005.

Modeling Computation: Finite State Machines without Output

Lecture 2 Overview Topics What I forgot from last lecture Proof techniques continued Alphabets, strings, languages Automata June 2, 2015 CSCE 355 Foundations.

1 Chapter Constructing Efficient Finite Automata.

Nondeterministic Finite Automata (NFAs). Reminder: Deterministic Finite Automata (DFA) q For every state q in Q and every character  in , one and only.

98 Nondeterministic Automata vs Deterministic Automata We learned that NFA is a convenient model for showing the relationships among regular grammars,

Given a string manipulating program, string analysis determines all possible values that a string expression can take during any program execution Using.

Finite Automata Great Theoretical Ideas In Computer Science Victor Adamchik Danny Sleator CS Spring 2010 Lecture 20Mar 30, 2010Carnegie Mellon.

INHERENT LIMITATIONS OF COMPUTER PROGRAMS CSci 4011.

CSCI 4325 / 6339 Theory of Computation Zhixiang Chen.

Regular Languages Chapter 1 Giorgi Japaridze Theory of Computability.

1 Section 11.3 Constructing Efficient Finite Automata First we’ll see how to transform an NFA into a DFA. Then we’ll see how to transform a DFA into a.

Finite Automata A simple model of computation. 2 Finite Automata2 Outline Deterministic finite automata (DFA) –How a DFA works.

P Symbol Q E(Q) a b a b a b Convert to a DFA: Start state: Final States:

1 Use the pumping theorem for context-free languages to prove that L= { a n b a n b a p : n, p ≥ 0, p ≥ n } is not context-free. Hint: For the pumping.

Page 1. 1)Let B n = { a k | where k is a multiple of n}. I.e. B 1 = { a k | where k is a multiple of 1} = { a k | k Є {0,1,2,3,…}} = {‘’, a, aa, aaa, aaaa,

Deterministic Finite-State Machine (or Deterministic Finite Automaton) A DFA is a 5-tuple, (S, Σ, T, s, A), consisting of: S: a finite set of states Σ:

Foundations of Computing Science

Introduction to the Theory of Computation

Sequential Flexibility

Properties of Regular Languages

Jaya Krishna, M.Tech, Assistant Professor

Jaya Krishna, M.Tech, Assistant Professor

Properties of Regular Languages

CSE322 CONSTRUCTION OF FINITE AUTOMATA EQUIVALENT TO REGULAR EXPRESSION Lecture #9.

4. Properties of Regular Languages

Closure Properties of Context-Free languages

Properties of Context-Free languages

Convert to a DFA: Start state: Final States: P Symbol Q E(Q) a b.

CSCI 2670 Introduction to Theory of Computing

1. How do I Solve Linear Equations

What is it? The term "Automata" is derived from the Greek word "αὐτόματα" which means "self-acting". An automaton (Automata in plural) is an abstract self-propelled.

Presentation transcript:

Relational String Verification Using Multi-track Automata

Relational String Analysis Earlier work on string analysis use multiple single-track DFAs during symbolic reachability analysis –One DFA per variable per program location Alternative approach: Use one multi-track DFA per program location –Each track represents the values of one string variable Using multi-track DFAs: –Identifies the relations among string variables –Improves the precision of the path-sensitive analysis –Can be used to prove properties that depend on relations among string variables, e.g., $file = $usr.txt

Multi-track Automata Let X (the first track), Y (the second track), be two string variables λ is the padding symbol A multi-track automaton that encodes the word equation: Y = X.txt (a,a), (b,b) … ( λ,t)( λ,x)( λ,t)

Alignment To conduct relational string analysis, we need to compute union or intersection of multi-track automata – Intersection is closed under aligned multi-track automata In an aligned multi-track automaton λs are right justified in all tracks, e.g., abλλ instead of aλbλ However, there exist unaligned multi-track automata that are not equivalent to any aligned multi-track automata –Use an alignment algorithm that constructs aligned automata which over or under approximates unaligned ones Over approximation: Generates an aligned multi-track automaton that accepts a super set of the language recognized by the unaligned multi-track automaton Under approximation: Generates an aligned multi-track automaton that accepts a subset of the language recognized by the unaligned multi-track automaton

Symbolic Reachability Analysis Transitions and configurations of a string system can be represented using word equations Word equations can be represented/approximated using aligned multi- track automata which are closed under intersection, union, complement and projection Operations required for reachability analysis (such as equivalence checking) can be computed on DFAs

Word Equations Word equations: Equality of two expressions that consist of concatenation of a set of variables and constants –Example: X = Y. txt Word equations and their combinations (using Boolean connectives) can be expressed using only equations of the form X = Y. c, X = c. Y, c = X. Y, X = Y. Z, Boolean connectives and existential quantification Our goal: –Construct multi-track automata from basic word equations The automata should accept tuples of strings that satisfy the equation –Boolean connectives can be handled using intersection, union and complement –Existential quantification can be handled using projection

Word Equations to Automata Basic equations X = Y. c, X = c. Y, c = X. Y and their Boolean combinations can be represented precisely using multi-track automata The size of the aligned multi-track automaton for X = c. Y is exponential in the length of c The nonlinear equation X = Y. Z cannot be represented precisely using an aligned multi-track automaton

Word Equations to Automata When we cannot represent an equation precisely, we can generate an over or under-approximation of it –Over-approximation: The automaton accepts all string tuples that satisfy the equation and possibly more –Under-approximation: The automaton accepts only the string tuples that satify the equation but possibly not all of them We can implement a function CONSTRUCT(equation, sign) –Which takes a word equation and a sign and creates a multi-track automata that over or under-approximation of the equation based on the input sign

Post condition computation During symbolic reachability analysis we compute the post-conditions of statements using the function CONSTRUCT Given a multi-track automata M and an assignment statement: X := sexp Post(M, X := sexp) denotes the post-condition of X := sexp with respect to M Post(M, X := sexp) = (  X, M ∩ CONSTRUCT(X’ = sexp, +))[X/X’]