Lecture Notes in Computer Science 5505 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen UniversityofDortmund,Germany MadhuSudan MassachusettsInstituteofTechnology,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Stefan Kowalewski Anna Philippou (Eds.) Tools and Algorithms for the Construction and Analysis of Systems 15th International Conference, TACAS 2009 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009 York, UK, March 22-29, 2009 Proceedings 1 3 VolumeEditors StefanKowalewski RWTHAachen,EmbeddedSoftwareLaboratory Ahornstr.55,52074,Aachen,Germany E-mail:[email protected] AnnaPhilippou UniversityofCyprus,DepartmentofComputerScience 1678Nicosia,Cyprus E-mail:[email protected] LibraryofCongressControlNumber:Appliedfor CRSubjectClassification(1998):D.2.2,D.2.4,F.3,F.1.3,F.4.2 LNCSSublibrary:SL1–TheoreticalComputerScienceandGeneralIssues ISSN 0302-9743 ISBN-10 3-642-00767-8SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-00767-5SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2009 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SPIN:12632459 06/3180 543210 Foreword ETAPS 2009 was the 12th instance of the European Joint Conferences on The- oryandPracticeofSoftware.ETAPSisanannualfederatedconferencethatwas establishedin1998bycombininganumberofexistingandnewconferences.This year it comprised five conferences (CC, ESOP, FASE, FOSSACS, TACAS), 22 satellite workshops (ACCAT, ARSPA-WITS, Bytecode, COCV, COMPASS, FESCA, FInCo, FORMED, GaLoP, GT-VMT, HFL, LDTA, MBT, MLQA, OpenCert, PLACES, QAPL, RC, SafeCert, TAASN, TERMGRAPH, and WING),fourtutorials,andseveninvitedlectures(excludingthosethatwerespe- cifictothesatelliteevents). The five main conferences received 532 submissions (including 30 tool demonstration papers), 141 of which were accepted (10 tool demos), giving an overall acceptance rate of about 26%, with most of the con- ferences at around 25%. Congratulations therefore to all the authors who made it to the final programme! I hope that most of the other authors will still have foundawayofparticipatinginthisexcitingevent,andthatyouwillallcontinue submitting to ETAPS and contributing towards making it the best conference on software science and engineering. The events that comprise ETAPS address various aspects of the system de- velopmentprocess,including specification,design,implementation,analysisand improvement. The languages, methodologies and tools which support these ac- tivities are all well within its scope. Different blends of theory and practice are represented, with an inclination towards theory with a practical motivation on the one hand and soundly based practice on the other. Many of the issues involvedin softwaredesignapply to systems in general,including hardwaresys- tems, and the emphasis on software is not intended to be exclusive. ETAPS is a confederation in which each event retains its own identity, with a separate Programme Committee and proceedings. Its format is open-ended, allowing it to grow and evolve as time goes by. Contributed talks and system demonstrations are in synchronised parallel sessions, with invited lectures in plenary sessions. Two of the invited lectures are reserved for ‘unifying’ talks on topics ofinterestto the wholerangeofETAPSattendees.The aimofcramming all this activity into a single one-week meeting is to create a strong magnet for academic and industrial researchers working on topics within its scope, giving them the opportunity to learn about research in related areas, and thereby to fosternewandexistinglinksbetweenworkinareasthatwereformerlyaddressed in separate meetings. ETAPS 2009 was organised by the University of York in cooperation with (cid:1) European Association for Theoretical Computer Science (EATCS) (cid:1) European Association for Programming Languages and Systems (EAPLS) (cid:1) European Association of Software Science and Technology (EASST) VI Foreword and with support from ERCIM, Microsoft Research, Rolls-Royce, Transitive, and Yorkshire Forward. The organising team comprised: Chair Gerald Luettgen Secretariat Ginny Wilson and Bob French Finances Alan Wood Satellite Events Jeremy Jacob and Simon O’Keefe Publicity Colin Runciman and Richard Paige Website Fiona Polack and Malihe Tabatabaie. Overall planning for ETAPS conferences is the responsibility of its Steering Committee, whose current membership is: VladimiroSassone(Southampton,Chair),LucadeAlfaro(SantaCruz),Roberto Amadio (Paris),Giuseppe Castagna(Paris),MarshaChechik (Toronto),Sophia Drossopoulou(London),HartmutEhrig(Berlin),JavierEsparza(Munich),Jose Fiadeiro(Leicester),AndrewGordon(MSRCambridge),RajivGupta(Arizona), Chris Hankin (London), Laurie Hendren (McGill), Mike Hinchey (NASA God- dard), Paola Inverardi (L’Aquila), Joost-Pieter Katoen (Aachen), Paul Klint (Amsterdam), Stefan Kowalewski (Aachen), Shriram Krishnamurthi (Brown), Kim Larsen (Aalborg), Gerald Luettgen (York), Rupak Majumdar (Los Ange- les), Tiziana Margaria (Go¨ttingen), Ugo Montanari (Pisa), Oege de Moor (Ox- ford), Luke Ong (Oxford), Catuscia Palamidessi (Paris), George Papadopoulos (Cyprus),Anna Philippou(Cyprus),DavidRosenblum(London),DonSannella (Edinburgh), Joa˜o Saraiva (Minho), Michael Schwartzbach (Aarhus), Perdita Stevens (Edinburgh), Gabriel Taentzer (Marburg), Da´niel Varro´ (Budapest), and Martin Wirsing (Munich). I would like to express my sincere gratitude to all of these people and or- ganisations,the ProgrammeCommittee ChairsandPC members ofthe ETAPS conferences, the organisers of the satellite events, the speakers themselves, the many reviewers, and Springer for agreeing to publish the ETAPS proceedings. Finally, I would like to thank the Organising Chair of ETAPS 2009, Gerald Luettgen,forarrangingforustoholdETAPSinthemostbeautifulcityofYork. January 2009 Vladimiro Sassone, Chair ETAPS Steering Committee Preface This volume contains the proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2009). TACAS 2009 took place in York, UK, 23–26 March, 2009, as part of the 12th European Joint Conferences on Theory and Practice of Software (ETAPS 2009), whose aims, organization, and history are presented in the foreword of this volume by the ETAPS Steering Committee Chair, Vladimiro Sassone. TACAS is a forum for researchers, developers, and users interested in rigor- ously based tools and algorithms for the construction and analysis of systems. The conference serves to bridge the gaps between different communities that share common interests in tool development and its algorithmic foundations. The researchareascoveredby suchcommunities include, butarenotlimited to, formal methods, software and hardware verification, static analysis, program- ming languages, software engineering, real-time systems, and communications protocols. The TACAS forum provides a venue for such communities at which commonproblems,heuristics,algorithms,datastructuresandmethodologiescan be discussed and explored. In doing so, TACAS aims to support researchers in their quest to improve the utility, reliability, flexibility, and efficiency of tools and algorithms for building systems. The specific topics covered by the conference included but were not limited to: specification and verification techniques for finite and infinite-state systems; softwareandhardwareverification;theorem-provingandmodel-checking;system construction and transformation techniques; static and run-time analysis; ab- stractiontechniquesformodeling andvalidation;compositionalandrefinement- based methodologies; testing and test-case generation; analytical techniques for secure, real-time, hybrid, critical, biological or dependable systems; integration of formal methods and static analysis in high-level hardware design or software environments;toolenvironmentsandtoolarchitectures;SAT solvers;andappli- cations and case studies. TACAStraditionallyconsiderstwotypes ofpapers:researchpapersandtool demonstrationpapers.Researchpapersarefull-lengthpapersthatcontainnovel researchontopicswithinthescopeoftheTACASconferenceandhaveaclearrel- evance for toolconstruction.Tooldemonstrationpapers are shorterpapers that give an overview of a particular tool and its applications or evaluation. TACAS 2009receivedatotalof 131submissionsincluding 22tooldemonstrationpapers andaccepted35papersofwhich8papersweretooldemonstrationpapers.Each submissionwasevaluatedbyatleastthreereviewers.Afterasix-weekreviewing process, the program selection was carried out in a two-week electronic Pro- gramCommittee meeting.We believe thatthe committee deliberationsresulted in a strong technical program. The TACAS 2009 Program Committee selected StevenMiller (RockwellCollins,USA) as an invitedspeaker,who kindly agreed VIII Preface to give a talk entitled “Bridging the Gap Between Model-Based Development and Model Checking”. The talk presented a translator framework that enables the use of several popular model checkers with commercial modeling tools and reported on its successful application in the development of avionics software. An abstract of this talk is included in this volume. As TACAS 2009 Program Committee Co-chairs we would like to thank the authors of all submitted papers, the Program Committee members and all the referees for their invaluable contribution in guaranteeing such a strong tech- nical program. We also thank Frank Holzwarth and Martin Karusseit for their promptsupportwiththeOnlineConferenceSystemusedtomanagetheprogram selection process and Dominique Gu¨ckel for creating the TACAS 2009 webpage and helping with the preparation of the proceedings. Finally, we would like to express our appreciation to the ETAPS Steering Committee and especially its Chair,VladimiroSassone,aswellastheOrganizingCommittee,chairedbyGer- ald Lu¨ttgen, for their efforts in making ETAPS 2009 such a successful event. January 2009 Stefan Kowalewski Anna Philippou Organization Steering Committee Ed Brinksma ESIandUniversityofTwente,TheNetherlands Rance Cleaveland University of Maryland and Fraunhofer USA Inc., USA Kim Larsen Aalborg University, Denmark Bernhard Steffen University of Dortmund, Germany Lenore Zuck University of Illinois, USA Program Committee Marco Bernardo University of Urbino, Italy Ahmed Bouajjani University of Paris 7, France Ed Brinksma ESIandUniversityofTwente,TheNetherlands Alessandro Cimatti FBK-IRST, Italy Rance Cleaveland University of Maryland and Fraunhofer USA Inc., USA Swarat Chaudhuri Pennsylvania State University, USA Veronique Cortier CNRS-LORIA, Nancy, France Patrice Godefroid Microsoft Research, Redmond, USA Orna Grumberg Technion, Israel Institute of Technology, Israel Aarti Gupta NEC Laboratories America Inc., USA Nicolas Halbwachs Verimag/CNRS, Grenoble, France Michael Huth Imperial College, UK Kim Larsen Aalborg University, Denmark Stefan Kowalewski RWTH Aachen, Germany Thomas Kropf Robert Bosch AG, Germany Marta Kwiatkowska University of Oxford, UK Rupak Majumdar University of California, Los Angeles, USA Panagiotis Manolios Northeastern University, USA Radu Mateescu INRIA/VASY, France Ken McMillan Cadence Berkeley Labs, USA Anna Philippou University of Cyprus, Cyprus Andreas Podelski University of Freiburg, Germany C.R. Ramakrishnan Stony Brook University, USA Natasha Sharygina University of Lugano, Switzerland Oleg Sokolsky University of Pennsylvania, USA Bernhard Steffen University of Dortmund, Germany Frits Vaandrager Nijmegen University, The Netherlands Carsten Weise RWTH Aachen, Germany Lenore Zuck University of Illinois, USA X Organization Referees Alessandro Aldini Wolfgang Grieskamp Petur Olsen Christophe Alias Alberto Griggio Luke Ong Rajeev Alur Jan Friso Groote Ghassan Oreiby Eugene Asarin Dominique Gu¨ckel Ghassan Oreiby Mohamed Faouzi Atig Peter Habermehl Rotem Oshman Marco Bakera Christine Hang Luca Padovani Sebastien Bardin Faranak H. Dehkordi Paritosh Pandya Clark Barrett Tamir Heyman David Parker Jasper Berendsen Radu Iosif Charles Pecheur Nathalie Bertrand Franjo Ivancic Edgar Pek Nikolaj Bjorner Himanshu Jain Knot Pipatsrisawat Bernard Boigelot Sven Jo¨rges Nir Piterman Benedikt Bollig Line Juhl Lorenzo Platania Edoardo Bonta` Yan Jurski Vinayak Prabhu Go¨tz Botterweck Vineet Kahlon Polyvios Pratikakis Bouyer Patricia Joost-Pieter Katoen Shaz Qadeer Marco Bozzano Mark Kattenbelt Harald Raffelt Aaron Bradley Katya Kisyova Sylvain Rampacek Roberto Bruttomesso Naoki Kobayashi Arend Rensink V´eronique Bruy`ere Piotr Kordy Thomas Reps Sebastian Burckhardt Daniel Kroening Pierre-Alain Reynier PavolCerny Shuvendu Lahiri Noam Rinetzky Krishnendu Chatterjee Anna-Lena Lamprecht Christophe Ringeissen Vivien Chinnapongse Fr´ed´eric Lang Marco Roveri Gianfranco Ciardo Rom Langerak Oliver Ru¨thing Pedro R. D’Argenio Etienne Lantreibecq Theo Ruys Alexandre David Mikkel Larsen Pedersen Vadim Ryvchin Jed Davis Jerome Leroux Sriram Leonardo de Moura Shuhao Li Sankaranarayanan St´ephane Demri Gavin Lowe Bastian Schlich Peter Dillinger Maik Merten John Schommer Nikhil Dinesh Andrea Micheli Viktor Schuppan Markus Doedt Marius Mikucionis Roberto Sebastiani Susanna Donatelli Ralf Mitsching Olivier Serre Laurent Doyen David Monniaux Wendelin Serwe Constantin Enea Sergio Mover Sarai Sheinvald Ansgar Fehnker Andrzej Murawski Sharon Shoham Jeff Fischer Ralf Nagel Mihaela Sighireanu PascalFontaine Wonhong Nam Nishant Sinha Anders Franzen K. Narayan Kumar Jeremy Sproston Pierre Ganty Johannes Neubauer Sudarshan Srinivasan Hubert Garavel Thomas Noll Jan Stoecker Amit Goel Gethin Norman Andrei Tchaltsev Marco Gribaudo Ulrik Nyman Claus Thrane Organization XI Nick Tinnemeier Arie van Deursen Anton Wijs Ashish Tiwari Martin Vechev Thomas Wilk Stefano Tonetta Jacques Verriet Stephan Windmu¨ller Tayssir Touili Yakir Vizel Christoph Wintersteiger Ashutosh Trivedi Tomas Vojnar Avi Yadgar Aliaksei Tsitovich Thomas Wahl Karen Yorav Aaron Turon Michael Weber Nobuko Yoshida Viktor Vafeiadis Georg Weissenbacher