Results 1  10
of
22
A generic framework for reasoning about dynamic networks of infinitestate processes
 In TACAS’07, volume 4424 of Lecture Notes in Computer Science
, 2007
"... Abstract. We propose a framework for reasoning about unbounded dynamic networks of infinitestate processes. We propose Constrained Petri Nets (CPN) as generic models for these networks. They can be seen as Petri nets where tokens (representing occurrences of processes) are colored by values over so ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We propose a framework for reasoning about unbounded dynamic networks of infinitestate processes. We propose Constrained Petri Nets (CPN) as generic models for these networks. They can be seen as Petri nets where tokens (representing occurrences of processes) are colored by values over some potentially infinite data domain such as integers, reals, etc. Furthermore, we define a logic, called CML (colored markings logic), for the description of CPN configurations. CML is a firstorder logic over tokens allowing to reason about their locations and their colors. Both CPNs and CML are parametrized by a color logic allowing to express constraints on the colors (data) associated with tokens. We investigate the decidability of the satisfiability problem of CML and its applications in the verification of CPNs. We identify a fragment of CML for which the satisfiability problem is decidable (whenever it is the case for the underlying color logic), and which is closed under the computations of post and pre images for CPNs. These results can be used for several kinds of analysis such as invariance checking, prepost condition reasoning, and bounded reachability analysis. 1.
Graph Grammar Modeling and Verification of Ad Hoc Routing Protocols (Extended Version)
"... Abstract. We present a technique for modeling and automatic verification of network protocols, based on graph transformation. It is suitable for protocols with a potentially unbounded number of nodes, in which the structure and topology of the network is a central aspect, such as routing protocols f ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Abstract. We present a technique for modeling and automatic verification of network protocols, based on graph transformation. It is suitable for protocols with a potentially unbounded number of nodes, in which the structure and topology of the network is a central aspect, such as routing protocols for ad hoc networks. Safety properties are specified as a set of undesirable global configurations. We verify that there is no undesirable configuration which is reachable from an initial configuration, by means of symbolic backward reachability analysis. In general, the reachability problem is undecidable. We implement the technique in a graph grammar analysis tool, and automatically verify several interesting nontrivial examples. Notably, we prove loop freedom for the DYMO ad hoc routing protocol. DYMO is currently on the IETF standards track, to potentially become an Internet standard. 1
Behavioral Automata Composition for Automatic Topology Independent Verification of Parameterized Systems
"... Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the prope ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Verifying correctness properties of parameterized systems is a longstanding problem. The challenge lies in the lack of guarantee that the property is satisfied for all instances of the parameterized system. Existing work on addressing this challenge aims to reduce this problem to checking the properties on smaller systems with a bound on the parameter referred to as the cutoff. A property satisfied on the system with the cutoff ensures that it is satisfied for systems with any larger parameter. The major problem with these techniques is that they only work for certain classes of systems with a specific communication topology such as ring topology, thus leaving other interesting classes of systems unverified. We contribute an automated technique for finding the cutoff of the parameterized system that works for systems defined with any topology. Given the specification and the topology of the system, our technique is able to automatically generate the cutoff specific to this system. We prove the soundness of our technique and demonstrate its effectiveness and practicality by applying it to several canonical examples where in some cases, our technique obtains smaller cutoff values than those presented in the existing literature.
MONOTONIC ABSTRACTION (ON EFFICIENT VERIFICATION OF PARAMETERIZED SYSTEMS)
, 2009
"... We introduce the simple and efficient method of monotonic abstraction to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We introduce the simple and efficient method of monotonic abstraction to prove safety properties for parameterized systems with linear topologies. A process in the system is a finitestate automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via broadcast, rendezvous and shared variables over finite domains. The method of monotonic abstraction derives an overapproximation of the induced transition system that allows the use of a simple class of regular expressions as a symbolic representation. Compared to traditional regular model checking methods, the analysis does not require the manipulation of transducers, and hence its simplicity and efficiency. We have implemented a prototype that works well on several mutual exclusion algorithms and cache coherence protocols. 1.
Universality Analysis for OneClock Timed Automata
, 2009
"... This paper is concerned with the universality problem for timed automata: given a timed automaton A, does A accept all timed words? Alur and Dill have shown that the universality problem is undecidable if A has two clocks, but they left open the status of the problem when A has a single clock. In t ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This paper is concerned with the universality problem for timed automata: given a timed automaton A, does A accept all timed words? Alur and Dill have shown that the universality problem is undecidable if A has two clocks, but they left open the status of the problem when A has a single clock. In this paper we close this gap for timed automata over infinite words by showing that the oneclock universality problem is undecidable. For timed automata over finite words we show that the oneclock universality problem is decidable with nonprimitive recursive complexity. This reveals a surprising divergence between the theory of timed automata over finite words and over infinite words. We also show that if εtransitions or nonsingular postconditions are allowed, then the oneclock universality problem is undecidable over both finite and infinite words. Furthermore, we present a zonebased algorithm for solving the universality problem for singleclock timed automata. We apply the theory of better quasiorderings, a refinement of the theory of well quasiorderings, to prove termination of the algorithm. We have implemented a prototype tool based on our method, and checked universality for a number of timed automata. Comparisons with a regionbased prototype tool confirm that zones are a more succinct representation, and hence allow a much more efficient implementation of the universality algorithm.
VERIFYING INFINITE STATE SYSTEMS BY SPECIALIZING CONSTRAINT LOGIC PROGRAMS
"... We propose a method for the specification and the automated verification of temporal properties of infinite state reactive systems. Given a reactive system K and a formula ϕ of the branching time temporal logic CTL, we construct a locally stratified constraint logic program PK[ϕ] such that the syste ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We propose a method for the specification and the automated verification of temporal properties of infinite state reactive systems. Given a reactive system K and a formula ϕ of the branching time temporal logic CTL, we construct a locally stratified constraint logic program PK[ϕ] such that the system K verifies ϕ if and only if prop ∈ M(PK[ϕ]), where prop is a predicate symbol defined in PK[ϕ] and M(PK[ϕ]) is the perfect model of PK[ϕ]. Then we check whether or not prop ∈ M(PK[ϕ]) by specializing the program PK[ϕ] w.r.t. prop and deriving a new program Psp containing either the fact prop ← (in which case the temporal formula ϕ is verified by the system) or no clause for prop (in which case the temporal formula ϕ is not verified by the system). Our specialization method makes use of: (i) a set of specialization rules that preserve the perfect model of constraint logic programs, and (ii) an automatic strategy that guides the application of these rules for deriving the specialized program Psp. Our strategy always terminates and is sound for verifying CTL formulas. Due to the undecidability of CTL formulas in the case of infinite state systems, our strategy is incomplete, that is, we may derive a specialized program Psp containing a clause for prop different from the fact prop ←. However, as indicated by the
Automated analysis of datadependent programs with dynamic memory
 In ATVA
, 2009
"... Abstract. We present a new approach for automatic verification of datadependent programs manipulating dynamic heaps. A heap is encoded by a graph where the nodes represent the cells, and the edges reflect the pointer structure between the cells of the heap. Each cell contains a set of variables whi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We present a new approach for automatic verification of datadependent programs manipulating dynamic heaps. A heap is encoded by a graph where the nodes represent the cells, and the edges reflect the pointer structure between the cells of the heap. Each cell contains a set of variables which range over the natural numbers. Our method relies on standard backward reachability analysis, where the main idea is to use a simple set of predicates, called signatures, in order to represent bad sets of heaps. Examples of bad heaps are those which contain either garbage, lists which are not wellformed, or lists which are not sorted. We present the results for the case of programs with a single nextselector, and where variables may be compared for (in)equality. This allows us to verify for instance that a program, like bubble sort or insertion sort, returns a list which is wellformed and sorted, or that the merging of two sorted lists is a new sorted list. We report on the result of running a prototype based on the method on a number of programs. 1
Forcing Monotonicity in Parameterized Verification: From Multisets to Words
"... Abstract. We present a tutorial on verification of safety properties for parameterized systems. Such a system consists of an arbitrary number of processes; the aim is to prove correctness of the system regardless of the number of processes inside the system. First, we consider a class of parameteriz ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. We present a tutorial on verification of safety properties for parameterized systems. Such a system consists of an arbitrary number of processes; the aim is to prove correctness of the system regardless of the number of processes inside the system. First, we consider a class of parameterized systems whose behaviours can be captured exactly as Petri nets using counter abstraction. This allows analysis using the framework of monotonic transition systems introduced in [1]. Then, we consider parameterized systems for which there is no natural ordering which allows monotonicity. We describe the method of monotonic abstraction which provides an overapproximation of the transition system. We consider both systems where the overapproximation gives rise to reset Petri nets, and systems where the abstract transition relation is a set of rewriting rules on words over a finite alphabet. 1
Systematic Acceleration in Regular Model Checking
"... Abstract. Regular model checking is a form of symbolic model checking technique for systems whose states can be represented as finite words over a finite alphabet, where regular sets are used as symbolic representation. A major problem in symbolic model checking of parameterized and infinitestate s ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Regular model checking is a form of symbolic model checking technique for systems whose states can be represented as finite words over a finite alphabet, where regular sets are used as symbolic representation. A major problem in symbolic model checking of parameterized and infinitestate systems is that fixpoint computations to generate the set of reachable states or the set of reachable loops do not terminate in general. Therefore, acceleration techniques have been developed, which calculate the effect of arbitrarily long sequences of transitions generated by some action. We present a systematic method for using acceleration in regular model checking, for the case where each transition changes at most one position in the word; this includes many parameterized algorithms and algorithms on data structures. The method extracts a maximal (in a certain sense) set of actions from a transition relation. These actions, and systematically obtained compositions of them, are accelerated to speed up a fixpoint computation. The extraction can be done on any representation of the transition relation, e.g., as a union of actions or as a single monolithic transducer. Using this approach, we are for the first time able to verify completely automatically both safety and absence of starvation properties for a collection of parameterized synchronization protocols from the literature; for some protocols, we obtain significant improvements in verification time. The results show that symbolic statespace exploration, without using abstractions, is a viable alternative for verification of parameterized systems with a linear topology. 1
Monotonic Abstraction in Action (Automatic Verification of Distributed Mutex Algorithms)
"... Abstract. We consider verification of safety properties for parameterized distributed protocols. Such a protocol consists of an arbitrary number of (infinitestate) processes that communicate asynchronously over FIFO channels. The aim is to perform parameterized verification, i.e., showing correctne ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. We consider verification of safety properties for parameterized distributed protocols. Such a protocol consists of an arbitrary number of (infinitestate) processes that communicate asynchronously over FIFO channels. The aim is to perform parameterized verification, i.e., showing correctness regardless of the number of processes inside the system. We consider two nontrivial case studies: the distributed Lamport and RicartAgrawala mutual exclusion protocols. We adapt the method of monotonic abstraction that considers an overapproximation of the system, in which the behavior is monotonic with respect to a given preorder on the set of configurations. We report on an implementation which is able to fully automatically verify mutual exclusion for both protocols. 1