## Section: New Results

### Automated Deduction

We develop general techniques which allow us to re-use available tools in order to build a new generation of satisfiability solvers offering a good trade-off between expressiveness, flexibility, and scalability. We focus on the careful integration of combination techniques and rewriting techniques to design satisfiability procedures for a wide range of (combined) theories of interest in verification.

#### Decision procedures for data structures combined with theories of arithmetic

Participants : Enrica Nicolini, Christophe Ringeissen, Michaël Rusinowitch.

We show how to use a non-disjoint extension of the Nelson-Oppen combination method to obtain decision procedures for theories modelling data structures and arithmetic constraints.

We propose a first solution when the incorporated arithmetic operator allows to express only linear increments, i.e. when the considered constraints have to be interpreted modulo the theory of integer offsets [44] . We present a superposition calculus dedicated to theories that model some data structures and that share the integer offsets; we show that the calculus is capable to actually decide the existential fragment of these theories and that can be plugged into the non-disjoint extension of the Nelson-Oppen combination method, deriving thus decision procedure for theories modeling more complex data structures.

As a second contribution [43] , we focus on the union of a data-structure and a theory of arithmetic sharing a successor function satisfying the injectivity and the acyclicity axioms. This union allows us to handle more expressive arithmetic constraints and to obtain a combined decision procedure in which the procedures for individual theories can be constructed by using an appropriate superposition calculus for the data-structure and classical solving techniques for the theory of arithmetic (Gauss elimination, Fourier-Motzkin elimination, Groebner bases computation).

To go beyond a shared unary successor symbol, we consider the case of abelian groups [42] . The possibility of having a shared addition symbol permits us to augment the expressiveness on the arithmetical part, lifting from linear increment expressed by using the successor symbols, to increment expressed as sums. This allows to handle, e.g., useful counting functions for data structures such as trees. We consider the completeness and the effectiveness of the non-disjoint combination method when the theory of abelian groups is shared. For the completeness, we show that the theory of abelian groups can be embedded into a theory admitting quantifier elimination. For achieving effectiveness, we rely on a superposition calculus modulo abelian groups developed by Godoy and Nieuwenhuis. We consider a many-sorted and constraint-free version of the calculus, in which we use a restricted form of unification in abelian groups with free symbols, and in which only literals are involved.

To be effective in all our papers mentioned above, the non-disjoint extension of the Nelson-Oppen combination method makes use of procedures able to compute the logical consequences over the shared signature.

#### Hypothesis Selection

Participant : Alain Giorgetti.

Increasing the automaticity of proofs in deductive verification of C programs is a challenging task. When applied to industrial C programs known heuristics to generate simpler verification conditions are not efficient enough. This is mainly due to their size and a high number of irrelevant hypotheses. We [34] have presented a strategy to reduce program verification conditions by selecting their relevant hypotheses. The relevance of a hypothesis is determined by the combination of a syntactic analysis and two graph traversals. The first graph is labeled by constants and the second one by the predicates in the axioms. The approach is applied on a benchmark arising in industrial program verification.

#### Tree Automata and Rewriting

Participants : Michaël Rusinowitch, Laurent Vigneron.

In collaboration with F. Jacquemard (DAHU project) we pursue our investigation on rewriting systems for unranked ordered terms, i.e. trees where the number of successors of a node is not determined by its label, and is not a priori bounded. We model XML update operations with parametrized rewriting on unranked trees. Then we compute the forward and backward reachability sets of these systems for unranked trees languages given by several classes of hedge automata [58] . This gives more insight on these notions that have not been investigated before. In the context of XML processing, static type checking amounts verifying that a document transformation always converts valid source documents into valid output documents. We solve this problem for arbitrary sequences of atomic XML update operations from different subsets of the W3C XQuery Update Facility 1.0. We then apply the results to the verification of access control policies for XML updates. We propose an algorithm for the policy local consistency problem, that is, for deciding whether a sequence of authorized operations starting from a given document can simulate a forbidden one.