Showing papers in "arXiv: Formal Languages and Automata Theory in 2018"

Formal Specification and Verification of Autonomous Robotic Systems: A Survey

Abstract: Autonomous robotic systems are complex, hybrid, and often safety-critical; this makes their formal specification and verification uniquely challenging. Though commonly used, testing and simulation alone are insufficient to ensure the correctness of, or provide sufficient evidence for the certification of, autonomous robotics. Formal methods for autonomous robotics has received some attention in the literature, but no resource provides a current overview. This paper systematically surveys the state-of-the-art in formal specification and verification for autonomous robotics. Specially, it identifies and categorises the challenges posed by, the formalisms aimed at, and the formal approaches for the specification and verification of autonomous robotics.

The Reachability Problem for Petri Nets is Not Elementary

Abstract: Petri nets, also known as vector addition systems, are a long established model of concurrency with extensive applications in modelling and analysis of hardware, software and database systems, as well as chemical, biological and business processes. The central algorithmic problem for Petri nets is reachability: whether from the given initial configuration there exists a sequence of valid execution steps that reaches the given final configuration. The complexity of the problem has remained unsettled since the 1960s, and it is one of the most prominent open questions in the theory of verification. Decidability was proved by Mayr in his seminal STOC 1981 work, and the currently best published upper bound is non-primitive recursive Ackermannian of Leroux and Schmitz from LICS 2019. We establish a non-elementary lower bound, i.e. that the reachability problem needs a tower of exponentials of time and space. Until this work, the best lower bound has been exponential space, due to Lipton in 1976. The new lower bound is a major breakthrough for several reasons. Firstly, it shows that the reachability problem is much harder than the coverability (i.e., state reachability) problem, which is also ubiquitous but has been known to be complete for exponential space since the late 1970s. Secondly, it implies that a plethora of problems from formal languages, logic, concurrent systems, process calculi and other areas, that are known to admit reductions from the Petri nets reachability problem, are also not elementary. Thirdly, it makes obsolete the currently best lower bounds for the reachability problems for two key extensions of Petri nets: with branching and with a pushdown stack.

Detection and Mitigation of Classes of Attacks in Supervisory Control Systems

Abstract: The deployment of control systems with network-connected components has made feedback control systems vulnerable to attacks over the network. This paper considers the problem of intrusion detection and mitigation in supervisory control systems, where the attacker has the ability to enable or disable vulnerable actuator commands and erase or insert vulnerable sensor readings. We present a mathematical model for the system under certain classes of actuator enablement attacks, sensor erasure attacks, or sensor insertion attacks. We then propose a defense strategy that aims to detect such attacks online and disables all controllable events after an attack is detected. We develop an algorithmic procedure for verifying whether the system can prevent damage from the attacks considered with the proposed defense strategy, where damage is modeled as the reachability of a pre-defined set of unsafe system states.The technical condition of interest that is necessary and sufficient in this context, termed "GF-safe controllability", is characterized. We show that the verification of GF-safe controllability can be performed using diagnoser or verifier automata. Finally, we illustrate the methodology with a traffic control system example.

Monotone Precision and Recall Measures for Comparing Executions and Specifications of Dynamic Systems

Abstract: The behavioural comparison of systems is an important concern of software engineering research. For example, the areas of specification discovery and specification mining are concerned with measuring the consistency between a collection of execution traces and a program specification. This problem is also tackled in process mining with the help of measures that describe the quality of a process specification automatically discovered from execution logs. Though various measures have been proposed, it was recently demonstrated that they neither fulfil essential properties, such as monotonicity, nor can they handle infinite behaviour. In this paper, we address this research problem by introducing a new framework for the definition of behavioural quotients. We proof that corresponding quotients guarantee desired properties that existing measures have failed to support. We demonstrate the application of the quotients for capturing precision and recall measures between a collection of recorded executions and a system specification. We use a prototypical implementation of these measures to contrast their monotonic assessment with measures that have been defined in prior research.

Universal trees grow inside separating automata: Quasi-polynomial lower bounds for parity games

Abstract: Several distinct techniques have been proposed to design quasi-polynomial algorithms for solving parity games since the breakthrough result of Calude, Jain, Khoussainov, Li, and Stephan (2017): play summaries, progress measures and register games. We argue that all those techniques can be viewed as instances of the separation approach to solving parity games, a key technical component of which is constructing (explicitly or implicitly) an automaton that separates languages of words encoding plays that are (decisively) won by either of the two players. Our main technical result is a quasi-polynomial lower bound on the size of such separating automata that nearly matches the current best upper bounds. This forms a barrier that all existing approaches must overcome in the ongoing quest for a polynomial-time algorithm for solving parity games. The key and fundamental concept that we introduce and study is a universal ordered tree. The technical highlights are a quasi-polynomial lower bound on the size of universal ordered trees and a proof that every separating safety automaton has a universal tree hidden in its state space.

TeSSLa: Temporal Stream-based Specification Language

Abstract: Runtime verification is concerned with monitoring program traces. In particular, stream runtime verification (SRV) takes the program trace as input streams and incrementally derives output streams. SRV can check logical properties and compute temporal metrics and statistics from the trace. We present TeSSLa, a temporal stream-based specification language for SRV. TeSSLa supports timestamped events natively and is hence suitable for streams that are both sparse and fine-grained, which often occur in practice. We prove results on TeSSLa's expressiveness and compare different TeSSLa fragments to (timed) automata, thereby inheriting various decidability results. Finally, we present a monitor implementation and prove its correctness.

Polyregular Functions

Abstract: This paper is about certain string-to-string functions, called the polyregular functions. These are like the regular string-to-string functions, except that they can have polynomial (and not just linear) growth. The class has four equivalent definitions: 1. deterministic two-way transducers with pebbles; 2 the smallest class of string-to-string functions that is closed under composition, contains all sequential functions as well as two extra functions called squaring and iterated reverse 3. a fragment of the lambda-calculus, which has a list type constructor and limited forms of iteration such as map but not fold; 4. an imperative programming language, which has for loops that range over input positions. The first definition comes from [milo2003typechecking], while the remaining three are new to the author's best knowledge. The class of polyregular functions contains known classes of string-to-string transducers, such as the sequential, rational, or regular ones, but goes beyond them because of super-linear growth. Polyregular functions have good algorithmic properties, such as: - the output can be computed in linear time (in terms of combined input and output size); - the inverse image of a regular word language is (effectively) regular. We also identify a fragment of polyregular functions, called the first-order polyregular functions, which has additional good properties, e.g. the output can be computed by an AC0 circuit.

XML Navigation and Transformation by Tree-Walking Automata and Transducers with Visible and Invisible Pebbles

Abstract: The pebble tree automaton and the pebble tree transducer are enhanced by additionally allowing an unbounded number of "invisible" pebbles (as opposed to the usual "visible" ones). The resulting pebble tree automata recognize the regular tree languages (i.e., can validate all generalized DTD's) and hence can find all matches of MSO definable patterns. Moreover, when viewed as a navigational device, they lead to an XPath-like formalism that has a path expression for every MSO definable binary pattern. The resulting pebble tree transducers can apply arbitrary MSO definable tests to (the observable part of) their configurations, they (still) have a decidable typechecking problem, and they can model the recursion mechanism of XSLT. The time complexity of the typechecking problem for conjunctive queries that use MSO definable patterns can often be reduced through the use of invisible pebbles.

On Computing the Total Variation Distance of Hidden Markov Models

Abstract: We prove results on the decidability and complexity of computing the total variation distance (equivalently, the $L_1$-distance) of hidden Markov models (equivalently, labelled Markov chains). This distance measures the difference between the distributions on words that two hidden Markov models induce. The main results are: (1) it is undecidable whether the distance is greater than a given threshold; (2) approximation is #P-hard and in PSPACE.

Bounded Synthesis of Register Transducers

Abstract: Reactive synthesis aims at automatic construction of systems from their behavioural specifications. The research mostly focuses on synthesis of systems dealing with Boolean signals. But real-life systems are often described using bit-vectors, integers, etc. Bit-blasting would make such systems unreadable, hit synthesis scalability, and is not possible for infinite data-domains. One step closer to real-life systems are register transducers: they can store data-input into registers and later output the content of a register, but they do not directly depend on the data-input, only on its comparison with the registers. Previously it was proven that synthesis of register transducers from register automata is undecidable, but there the authors considered transducers equipped with the unbounded queue of registers. First, we prove the problem becomes decidable if bound the number of registers in transducers, by reducing the problem to standard synthesis of Boolean systems. Second, we show how to use quantified temporal logic, instead of automata, for specifications.

Counter Machines and Distributed Automata: A Story about Exchanging Space and Time.

Abstract: We prove the equivalence of two classes of counter machines and one class of distributed automata. Our counter machines operate on finite words, which they read from left to right while incrementing or decrementing a fixed number of counters. The two classes differ in the extra features they offer: one allows to copy counter values, whereas the other allows to compute copyless sums of counters. Our distributed automata, on the other hand, operate on directed path graphs that represent words. All nodes of a path synchronously execute the same finite-state machine, whose state diagram must be acyclic except for self-loops, and each node receives as input the state of its direct predecessor. These devices form a subclass of linear-time one-way cellular automata.

MONAA: A Tool for Timed Pattern Matching with Automata-Based Acceleration.

Abstract: We present monaa, a monitoring tool over a real-time property specified by either a timed automaton or a timed regular expression. It implements a timed pattern matching algorithm that combines 1) features suited for online monitoring, and 2) acceleration by automata-based skipping. Our experiments demonstrate monaa's performance advantage, especially in online usage.

The Containment Problem for Unambiguous Register Automata

Abstract: We investigate the complexity of the containment problem "Does $L(A)\subseteq L(B)$ hold?", where $B$ is an unambiguous register automaton and $A$ is an arbitrary register automaton. We prove that the problem is decidable and give upper bounds on the computational complexity in the general case, and when $B$ is restricted to have a fixed number of registers.

From LTL to rLTL Monitoring: Improved Monitorability through Robust Semantics

Abstract: Runtime monitoring is commonly used to detect the violation of desired properties in safety critical cyber-physical systems by observing its executions. Bauer et al. introduced an influential framework for monitoring Linear Temporal Logic (LTL) properties based on a three-valued semantics: the formula is already satisfied by the given prefix, it is already violated, or it is still undetermined, i.e., it can still be satisfied and violated by appropriate extensions. However, a wide range of formulas are not monitorable under this approach, meaning that they have a prefix for which satisfaction and violation will always remain undetermined no matter how it is extended. In particular, Bauer et al. report that 44% of the formulas they consider in their experiments fall into this category. Recently, a robust semantics for LTL was introduced to capture different degrees by which a property can be violated. In this paper we introduce a robust semantics for finite strings and show its potential in monitoring: every formula considered by Bauer et al. is monitorable under our approach. Furthermore, we discuss which properties that come naturally in LTL monitoring - such as the realizability of all truth values - can be transferred to the robust setting. Lastly, we show that LTL formulas with robust semantics can be monitored by deterministic automata and report on a prototype implementation.

On Series-Parallel Pomset Languages: Rationality, Context-Freeness and Automata

Abstract: Concurrent Kleene Algebra (CKA) is a formalism to study concurrent programs. Like previous Kleene Algebra extensions, developing a correspondence between denotational and operational perspectives is important, for both foundations and applications. This paper takes an important step towards such a correspondence, by precisely relating bi-Kleene Algebra (BKA), a fragment of CKA, to a novel type of automata, pomset automata (PAs). We show that PAs can implement the BKA semantics of series-parallel rational expressions, and that a class of PAs can be translated back to these expressions. We also characterise the behavior of general PAs in terms of context-free pomset grammars; consequently, universality, equivalence and series-parallel rationality of general PAs are undecidable.

Regular and First Order List Functions

Abstract: We define two classes of functions, called regular (respectively, first-order) list functions, which manipulate objects such as lists, lists of lists, pairs of lists, lists of pairs of lists, etc. The definition is in the style of regular expressions: the functions are constructed by starting with some basic functions (e.g. projections from pairs, or head and tail operations on lists) and putting them together using four combinators (most importantly, composition of functions). Our main results are that first-order list functions are exactly the same as first-order transductions, under a suitable encoding of the inputs; and the regular list functions are exactly the same as MSO-transductions.

A Characterization of Completely Reachable Automata

Abstract: A complete deterministic finite automaton in which every non-empty subset of the state set occurs as the image of the whole state set under the action of a suitable input word is called completely reachable. We characterize completely reachable automata in terms of certain directed graphs.

Convex Language Semantics for Nondeterministic Probabilistic Automata

Abstract: We explore language semantics for automata combining probabilistic and nondeterministic behavior. We first show that there are precisely two natural semantics for probabilistic automata with nondeterminism. For both choices, we show that these automata are strictly more expressive than deterministic probabilistic automata, and we prove that the problem of checking language equivalence is undecidable by reduction from the threshold problem. However, we provide a discounted metric that can be computed to arbitrarily high precision.

Most Permissive Semantics of Boolean Networks

Abstract: As shown in (http://dx.doi.org/10.1101/2020.03.22.998377), the usual update modes of Boolean networks (BNs), including synchronous and (generalized) asynchronous, fail to capture behaviors introduced by multivalued refinements. Thus, update modes do not allow a correct abstract reasoning on dynamics of biological systems, as they may lead to reject valid BN models. This technical report lists the main definitions and properties of the most permissive semantics of BNs introduced in http://dx.doi.org/10.1101/2020.03.22.998377. This semantics meets with a correct abstraction of any multivalued refinements, with any update mode. It subsumes all the usual updating modes, while enabling new behaviors achievable by more concrete models. Moreover, it appears that classical dynamical analyzes of reachability and attractors have a simpler computational complexity: - reachability can be assessed in a polynomial number of iterations. The computation of iterations is in NP in the very general case, and is linear when local functions are monotonic, or with some usual representations of functions of BNs (binary decision diagrams, Petri nets, automata networks, etc.). Thus, reachability is in P with locally-monotonic BNs, and P$^{\text{NP}}$ otherwise (instead of being PSPACE-complete with update modes); - deciding wherever a configuration belongs to an attractor is in coNP with locally-monotonic BNs, and coNP$^{\text{coNP}}$ otherwise (instead of PSPACE-complete with update modes). Furthermore, we demonstrate that the semantics completely captures any behavior achievable with any multilevel or ODE refinement of the BN; and the semantics is minimal with respect to this model refinement criteria: to any most permissive trajectory, there exists a multilevel refinement of the BN which can reproduce it. In brief, the most permissive semantics of BNs enables a correct abstract reasoning on dynamics of BNs, with a greater tractability than previously introduced update modes.

On the Structure Theory of Partial Automaton Semigroups

Abstract: We study automaton structures, i.e. groups, monoids and semigroups generated by an automaton, which, in this context, means a deterministic finite-state letter-to-letter transducer. Instead of considering only complete automata, we specifically investigate semigroups generated by partial automata. First, we show that the class of semigroups generated by partial automata coincides with the class of semigroups generated by complete automata if and only if the latter class is closed under removing a previously adjoined zero, which is an open problem in (complete) automaton semigroup theory stated by Cain. Then, we show that no semidirect product (and, thus, also no direct product) of an arbitrary semigroup with a (non-trivial) subsemigroup of the free monogenic semigroup is an automaton semigroup. Finally, we concentrate on inverse semigroups generated by invertible but partial automata, which we call automaton-inverse semigroups, and show that any inverse automaton semigroup can be generated by such an automaton (showing that automaton-inverse semigroups and inverse automaton semigroups coincide).

Lower Bounds for Synchronizing Word Lengths in Partial Automata

Abstract: It was conjectured by \v{C}ern\'y in 1964, that a synchronizing DFA on $n$ states always has a synchronizing word of length at most $(n-1)^2$, and he gave a sequence of DFAs for which this bound is reached Until now a full analysis of all DFAs reaching this bound was only given for $n \leq 4$, and with bounds on the number of symbols for $n \leq 10$ Here we give the full analysis for $n \leq 7$, without bounds on the number of symbols For PFAs (partial automata) on $\leq 7$ states we do a similar analysis as for DFAs and find the maximal shortest synchronizing word lengths, exceeding $(n-1)^2$ for $n \geq 4$ Where DFAs with long synchronization typically have very few symbols, for PFAs we observe that more symbols may increase the synchronizing word length For PFAs on $\leq 9$ states and two symbols we investigate all occurring synchronizing word lengths We give series of PFAs on two and three symbols, reaching the maximal possible length for some small values of $n$ For $n=6,7,8,9$, the construction on two symbols is the unique one reaching the maximal length For both series the growth is faster than $(n-1)^2$, although still quadratic Based on string rewriting, for arbitrary size we construct a PFA on three symbols with exponential shortest synchronizing word length, giving significantly better bounds than earlier exponential constructions We give a transformation of this PFA to a PFA on two symbols keeping exponential shortest synchronizing word length, yielding a better bound than applying a similar known transformation Both PFAs are transitive Finally, we show that exponential lengths are even possible with just one single undefined transition, again with transitive constructions

Regular Transducer Expressions for Regular Transformations

Abstract: Functional MSO transductions, deterministic two-way transducers, as well as streaming string transducers are all equivalent models for regular functions In this paper, we show that every regular function, either on finite words or on infinite words, captured by a deterministic two-way transducer, can be described with a regular transducer expression (RTE) For infinite words, the transducer uses Muller acceptance and $\omega$-regular look-ahead \RTEs are constructed from constant functions using the combinators if-then-else (deterministic choice), Hadamard product, and unambiguous versions of the Cauchy product, the 2-chained Kleene-iteration and the 2-chained omega-iteration Our proof works for transformations of both finite and infinite words, extending the result on finite words of Alur et al\ in LICS'14 In order to construct an RTE associated with a deterministic two-way Muller transducer with look-ahead, we introduce the notion of transition monoid for such two-way transducers where the look-ahead is captured by some backward deterministic B\"uchi automaton Then, we use an unambiguous version of Imre Simon's famous forest factorization theorem in order to derive a "good" ($\omega$-)regular expression for the domain of the two-way transducer "Good" expressions are unambiguous and Kleene-plus as well as $\omega$-iterations are only used on subexpressions corresponding to \emph{idempotent} elements of the transition monoid The combinator expressions are finally constructed by structural induction on the "good" ($\omega$-)regular expression describing the domain of the transducer

Sequential Circuits from Regular Expressions Revisited

Abstract: We revisit the long-neglected problem of sequential circuit constructions from regular expressions The class of languages that are recognized by sequential circuits is equivalent to the class of regular languages This fact is shown in [5] together with an inductive construction technique from regular expressions In this note, we present an alternative algorithm, called the trigger-set approach, obtained by reversing well-known the follow-set approach to construct automata We use our algorithm to obtain a regular expression matcher based on sequential circuits Finally, we report our performance results in comparison with existing automata-based matchers

On randomized generation of slowly synchronizing automata.

Abstract: Motivated by the randomized generation of slowly synchronizing automata, we study automata made of permutation letters and a merging letter of rank $ n\!-\!1 $. We present a constructive randomized procedure to generate synchronizing automata of that kind with (potentially) large alphabet size based on recent results on \textit{primitive} sets of matrices. We report numerical results showing that our algorithm finds automata with much larger reset threshold than a mere uniform random generation and we present new families of automata with reset threshold of $ \Omega(n^2/4) $. We finally report theoretical results on randomized generation of primitive sets of matrices: a set of permutation matrices with a $ 0 $ entry changed into a $ 1 $ is primitive and has exponent of $ O(n\log n) $ with high probability in case of uniform random distribution and the same holds for a random set of binary matrices where each entry is set, independently, equal to $ 1 $ with probability $ p $ and equal to $ 0 $ with probability $ 1-p $, when $ np-\log n\rightarrow\infty $ as $ n\rightarrow\infty $.

Identifiers in Registers - Describing Network Algorithms with Logic

Abstract: We propose a formal model of distributed computing based on register automata that captures a broad class of synchronous network algorithms. The local memory of each process is represented by a finite-state controller and a fixed number of registers, each of which can store the unique identifier of some process in the network. To underline the naturalness of our model, we show that it has the same expressive power as a certain extension of first-order logic on graphs whose nodes are equipped with a total order. Said extension lets us define new functions on the set of nodes by means of a so-called partial fixpoint operator. In spirit, our result bears close resemblance to a classical theorem of descriptive complexity theory that characterizes the complexity class PSPACE in terms of partial fixpoint logic (a proper superclass of the logic we consider here).

Decision Procedures for Path Feasibility of String-Manipulating Programs with Complex Operations

Abstract: The design and implementation of decision procedures for checking path feasibility in string-manipulating programs is an important problem, whose applications include symbolic execution and automated detection of cross-site scripting (XSS) vulnerabilities. A (symbolic) path is a finite sequence of assignments and assertions (i.e. without loops), and checking its feasibility amounts to determining the existence of inputs that yield a successful execution. We give two general semantic conditions which together ensure the decidability of path feasibility: (1) each assertion admits regular monadic decomposition, and (2) each assignment uses a (possibly nondeterministic) function whose inverse relation preserves regularity. We show these conditions are expressive since they are satisfied by a multitude of string operations. They also strictly subsume existing decidable string theories, and most existing benchmarks (e.g. most of Kaluza's, and all of SLOG's, Stranger's, and SLOTH's). We give a simple decision procedure and an extensible architecture of a string solver in that a user may easily incorporate his/her own string functions. We show the general fragment has a tight, but high complexity. To address this, we propose to allow only partial string functions (i.e., prohibit nondeterminism) in condition (2). When nondeterministic functions are needed, we also provide a syntactic fragment that provides a support of nondeterministic functions but can be reduced to an existing solver SLOTH. We provide an efficient implementation of our decision procedure for deterministic partial string functions in a new string solver OSTRICH. It provides built-in support for concatenation, reverse, functional transducers, and replaceall and provides a framework for extensibility to support further string functions. We demonstrate the efficacy of our new solver against other competitive solvers.

Regular Tree Algebras

Abstract: We introduce a class of algebras that can be used as recognisers for regular tree languages. We show that it is the only such class that forms a pseudo-variety and we prove the existence of syntactic algebras. Finally, we give a more algebraic characterisation of the algebras in our class.

Decidability of Timed Communicating Automata

Abstract: We study the reachability problem for networks of timed communicating processes. Each process is a timed automaton communicating with other processes by exchanging messages over unbounded FIFO channels. Messages carry clocks which are checked at the time of transmission and reception with suitable timing constraints. Each automaton can only access its set of local clocks and message clocks of sent/received messages. Time is dense and all clocks evolve at the same rate. Our main contribution is a complete characterisation of decidable and undecidable communication topologies generalising and unifying previous work. From a technical point of view, we use quantifier elimination and a reduction to counter automata with registers.

Circular critical exponents for Thue-Morse factors

Abstract: We prove various results about the largest exponent of a repetition in a factor of the Thue-Morse word, when that factor is considered as a circular word. Our results confirm and generalize previous results of Fitzpatrick and Aberkane & Currie.

Model Learning: A Survey on Foundation, Tools and Applications

Abstract: The quality and correct functioning of software components embedded in electronic systems are of utmost concern especially for safety and mission-critical systems. Model-based testing and formal verification techniques can be employed to enhance the reliability of software systems. Formal models form the basis and are prerequisite for the application of these techniques. An emerging and promising model learning technique can complement testing and verification techniques by providing learned models of black box systems fully automatically. This paper surveys one such state of the art technique called model learning which recently has attracted much attention of researchers especially from the domains of testing and verification. This survey paper reviews and provides comparison summaries highlighting the merits and shortcomings of learning techniques, algorithms, and tools which form the basis of model learning. This paper also surveys the successful applications of model learning technique in multidisciplinary fields making it promising for testing and verification of realistic systems.