The finite satisfiability problem of monadic second order logic is decidable only on classes of structures of bounded tree-width by the classic result of Seese (1991). We prove the following problem is decidable: Input: (i) A monadic... more
The finite satisfiability problem of monadic second order logic is decidable only on classes of structures of bounded tree-width by the classic result of Seese (1991). We prove the following problem is decidable: Input: (i) A monadic second order logic sentence $\alpha$, and (ii) a sentence $\beta$ in the two-variable fragment of first order logic extended with counting quantifiers. The vocabularies of $\alpha$ and $\beta$ may intersect. Output: Is there a finite structure which satisfies $\alpha\land\beta$ such that the restriction of the structure to the vocabulary of $\alpha$ has bounded tree-width? (The tree-width of the desired structure is not bounded.) As a consequence, we prove the decidability of the satisfiability problem by a finite structure of bounded tree-width of a logic extending monadic second order logic with linear cardinality constraints of the form $|X_{1}|+\cdots+|X_{r}|<|Y_{1}|+\cdots+|Y_{s}|$, where the $X_{i}$ and $Y_{j}$ are monadic second order variable...
... 218 J. Kinder, F. Zuleger, and H. Veith ... The set of states State := Loc × Val×Store is the product of the location valuations Loc := {pc} → A, the variable valuations Val := V → Z and the store valuations Store := Z → Z. We refer... more
... 218 J. Kinder, F. Zuleger, and H. Veith ... The set of states State := Loc × Val×Store is the product of the location valuations Loc := {pc} → A, the variable valuations Val := V → Z and the store valuations Store := Z → Z. We refer to the part of a state that represents an element of Store ...
Research Interests:
We introduce an extension ALCQIO_{b,Re} of the description logic ALCQIO, a sub-logic of the two-variable fragment of first order logic with counting quantifiers, with reachability assertions. ALCQIO_{b,Re}-formulae can define an unbounded... more
We introduce an extension ALCQIO_{b,Re} of the description logic ALCQIO, a sub-logic of the two-variable fragment of first order logic with counting quantifiers, with reachability assertions. ALCQIO_{b,Re}-formulae can define an unbounded number of trees. We show that finite implication of ALCQIO_{b,Re}-formulae is polynomial-time reducible to finite satisfiability of ALCQIO-formulae. As a consequence, we get that finite satisfiability and finite implication in ALCQIO_{b,Re} are NEXPTIME-complete. Description logics with transitive closure constructors have been studied before, but ALCQIO_{b,Re} is the first decidable description logic which allows at the same time nominals, inverse roles, counting quantifiers and transitive closures. ALCQIO_{b,Re} is well-suited for applications in software verification and shape analysis. Shape analysis requires expressive logics with reachability which have good computational properties. We show that ALCQIO_{b,Re} can describe complex data struct...
The verification community has studied dynamic data structures primarily in a bottom-up way by analyzing pointers and the shapes induced by them. Recent work in fields such as separation logic has made significant progress in extracting... more
The verification community has studied dynamic data structures primarily in a bottom-up way by analyzing pointers and the shapes induced by them. Recent work in fields such as separation logic has made significant progress in extracting shapes from program source code. Many real world programs however manipulate complex data whose structure and content is most naturally described by formalisms from object oriented programming and databases. In this paper, we attempt to bridge the conceptual gap between these two communities. Our approach is based on description logic, a widely used knowledge representation paradigm which gives a logical underpinning for diverse modeling frameworks such as UML and ER. We show how description logic can be used on top of an existing shape analysis to add content descriptions to the shapes. Technically, we assume that we have separation logic shape invariants obtained from a shape analysis tool, and requirements on the program data in terms of descripti...
ABSTRACT Human written source code in imperative programming languages exhibits typical patterns for variable use such as flags, loop iterators, counters, indices, bitvectors etc. Although it is widely understood by practitioners that... more
ABSTRACT Human written source code in imperative programming languages exhibits typical patterns for variable use such as flags, loop iterators, counters, indices, bitvectors etc. Although it is widely understood by practitioners that these variable roles are important for automated software analysis tools, they are not systematically studied by the formal methods community, and not well documented in the research literature. In this paper, we study the notion of variable roles on the example of basic types (int, float, char) in C. We propose a classification of the variables in a program by variable roles, and demonstrate that classical data flow analysis lends itself naturally both as a specification formalism and an analysis paradigm for this classification problem. We demonstrate the practical applicability of our method by predicting membership of source files to the different categories of the software verification competition SVCOMP 2013.