Mardi 1 mars, Salle 6A92 (Sous-marin)
LIAFA, 175 rue du Chevaleret Paris 13eme

9h00 Coffee

9h15 Tayssir Touili (LIAFA) :
     An Expressive Framework for State/Event Systems

Specification languages for concurrent software systems need to
combine practical algorithmic efficiency with high expressive power
and the ability to reason about both states and events. We address
this question by defining a new branching-time temporal logic
 which integrates both state-based and action-based
properties. This logic  is universal, i.e., preserved by the simulation
relation, and thus amenable to counterexample-guided abstraction
refinement.  We provide a model-checking algorithm for this logic, and
describe a compositional abstraction-refinement loop which exploits
the natural decomposition of the concurrent system; the abstraction
and refinement steps are performed over each component separately, and
only the model checking step requires an explicit composition of the
abstracted components.  For experimental evaluation, we have
integrated the presented algorithms in the software verification tool
MAGIC, and determined a previously unknown race condition error in a
piece of an industrial robot control software.

10h00 Pause

10h15 Peter Habermehl (LIAFA):
      Verifying Programs with 1-Selector-Linked Structures in Regular Model Checking

We address the problem of automatic verification of programs with dynamic data structures. We consider the case of sequential, non-recursive programs manipulating 1-selector-linked structures such as traditional linked lists (possibly sharing their tails) and circular lists. We propose an automata-based approach for a symbolic verification of such programs using the regular model checking framework. Given a program, the configurations of the memory aresystematically encoded as words over a suitable finite alphabet, potentially infinite sets of configurations are represented by finite-state automata, and statements of the program are automatically translated into finite-state transducers defining regular relations between configurations. Then, abstract regular model checking techniques are applied in order to automatically check safety properties concerning the shape of the computed configurations or relating the input and output configurations. For this particular purpose, we introduce new techniques for the computation of abstractions of the set of reachable configurations and to refine these abstractions if spurious counterexamples are detected. Finally, we present experimental results showing the applicability of the approach and its efficiency.
acceleration problem for integer counter automata.

11h00 Pause

11h15 Radu Iosif (VERIMAG):
      "Quantitative Verification of Programs with Lists"

In this work we study imperative programs that handle list objects, performing unrestricted selector updating operations. For this class of programs, we address the problem of {\em quantitative verification}, by reasoning about arithmetic relations between the lengths of certain lists. We first show undecidability of the general problem, by reduction from the reachability problem for two-counter machines. Second, we introduce a decidable property specification logic and we study the complexity of the decision problem. Finally, we propose a semi-algorithmic method for the verification of Hoare-Floyd style properties of programs with lists. Using this method, we can reduce the invariant computation problem for a program with lists to an acceleration problem for integer counter automata.

12h00 Pause

13h30 Julien D'Orso (LIAFA):
      Simulation-Based Iteration of Tree Transducers

Regular model checking is the name of a family of techniques for
analyzing infinite-state systems in which states are represented by
words, sets of states by finite automata, and transitions by
finite-state transducers. The central problem is to
compute the transitive closure of a transducer. A main obstacle
is that the set of reachable states is in general not regular.
Recently, regular model checking has
been extended to systems with tree-like architectures.
In this paper, we provide a procedure, based on a new implementable acceleration technique, for computing the transitive closure of a tree transducer. The procedure consists of incrementally adding new transitions while merging states which are related according to a pre-defined equivalence relation. The equivalence is induced by a {\it downward} and an {\it upward} simulation relation which can be efficiently computed. Our technique can also be used to compute the
set of reachable states without computing the transitive closure. We
have implemented and applied our technique to several protocols.

14h15 Guillaume Salagnac (VERIMAG):
     "Fast escape analysis for region-based memory management"

Abstract: We present an algorithm for escape analysis inspired by, but
  more precise than, the one proposed by Gay and Steensgaard. The
  primary purpose of our algorithm is to produce useful information to
  allocate objects using a region-based memory manager. The algorithm
  combines intraprocedural variable-based and interprocedural points-to
  analyses. This is a work in progress towards achieving an
  application-oriented trade-off between precision and scalability. We
  illustrate the algorithm on several typical programming patterns, and
  show experimental results of a first prototype on a few benchmarks.

15h00 Discussion