Verifying the Incorrectness of Programs and Automata

Verification of the incorrectness of programs and automata needs to be taken as seriously as the verification of correctness. However, there are no good general methods that always terminate and prove incorrectness. We propose one general method based on a lower bound approximation of the semantics of programs and automata. Based on the lower-bound approximation, it becomes easy to check whether certain error states are reached. This is in contrast to various abstract interpretation techniques that make an upper bound approximation of the semantics and test that the error states are not reached. The precision of our lower bound approximation is controlled by a single parameter that can be adjusted by the user of the MLPQ system in which the approximation method is implemented. As the value of the parameter decreases the implementation results in a finer program semantics approximation but requires a longer evaluation time. However, for all input parameter values the program is guaranteed to terminate. We use the lower bound approximation to verify the incorrectness of a subway train control automaton. We also use the lower bound approximation for a problem regarding computer security via trust management programs. We propose a trust management policy language extending earlier work by Li and Mitchell. Although, our trust management programming language is Turing-complete, programs in this language have semantics that lend themselves naturally to a lower-bound approximation. Namely, the lower bound approximation is such that no unwarranted authorization is given at any time, although some legitimate access may be denied.