Results 1  10
of
58
Regular Model Checking
, 2000
"... . We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving re ..."
Abstract

Cited by 128 (20 self)
 Add to MetaCart
. We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving relation on strings. Major problems in the verification of parameterized and infinitestate systems are to compute the set of states that are reachable from some set of initial states, and to compute the transitive closure of the transition relation. We present two complementary techniques for these problems. One is a direct automatatheoretic construction, and the other is based on widening. Both techniques are incomplete in general, but we give sufficient conditions under which they work. We also present a method for verifying !regular properties of parameterized systems, by computation of the transitive closure of a transition relation. 1 Introduction This paper presents regular ...
Model Checking in CLP
, 1999
"... We show that Constraint Logic Programming (CLP) can serve as a conceptual basis and as a practical implementation platform for the model checking of infinitestate systems. Our contributions are: (1) a semanticspreserving translation of concurrent systems into CLP programs, (2) a method for verifyi ..."
Abstract

Cited by 90 (27 self)
 Add to MetaCart
We show that Constraint Logic Programming (CLP) can serve as a conceptual basis and as a practical implementation platform for the model checking of infinitestate systems. Our contributions are: (1) a semanticspreserving translation of concurrent systems into CLP programs, (2) a method for verifying safety and liveness properties on the CLP programs produced by the translation. We have implemented the method in a CLP system and verified wellknown examples of infinitestate programs over integers, using here linear constraints as opposed to Presburger arithmetic as in previous solutions.
Multiple counters automata, safety analysis and Presburger arithmetic
, 1998
"... We consider automata with counters whose values are updated according to signals sent by the environment. A transition can be fired only if the values of the counters satisfy some guards (the guards of the transition). We consider guards of the form y i #y j +c i;j where y i is either x 0 i or ..."
Abstract

Cited by 89 (1 self)
 Add to MetaCart
We consider automata with counters whose values are updated according to signals sent by the environment. A transition can be fired only if the values of the counters satisfy some guards (the guards of the transition). We consider guards of the form y i #y j +c i;j where y i is either x 0 i or x i , the values of the counter i respectively after and before the transition, and # is any relational symbol in f=; ; ; ?; !g. We show that the set of possible counter values which can be reached after any number of iterations of a loop is definable in the additive theory of N (or Z or R depending on the type of the counters). This result can be used for the safety analysis of multiple counters automata. 1 Introduction Finite state automata provide a nice framework for the verification of reactive systems. Their main advantage is the equivalence between recognizability and definability in some decidable logic (e.g. Monadic Second Order Logic or some of its fragments such as tempora...
Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs (Extended Abstract)
 In CAV'96. LNCS 1102
"... ) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the v ..."
Abstract

Cited by 83 (7 self)
 Add to MetaCart
) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the verification of properties of communication protocols modeled by a finite set of finitestate machines that communicate by exchanging messages via unbounded FIFO queues. It is wellknown that most interesting verification problems, such as deadlock detection, are undecidable for this class of systems. However, in practice, these verification problems may very well turn out to be decidable for a subclass containing most "real" protocols. Motivated by this optimistic (and, we claim, realistic) observation, we present an algorithm that may construct a finite and exact representation of the state space of a communication protocol, even if this state space is infinite. Our algorithm performs a loo...
OntheFly Analysis of Systems with Unbounded, Lossy FIFO Channels
 In CAV'98. LNCS 1427
, 1998
"... . We consider symbolic onthefly verification methods for systems of finitestate machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of proto ..."
Abstract

Cited by 71 (17 self)
 Add to MetaCart
. We consider symbolic onthefly verification methods for systems of finitestate machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of protocols with lossy FIFO channels. We show that the class of languages representable by SREs is exactly the class of downward closed languages that arise in the analysis of such protocols. We give methods for (i) computing inclusion between SREs, (ii) an SRE representing the set of states reachable by executing a single transition in a system, and (iii) an SRE representing the set of states reachable by an arbitrary number of executions of a control loop of a program. All these operations are rather simple and can be carried out in polynomial time. With these techniques, one can construct a semialgorithm which explores the set of reachable states of a protocol, in order to check variou...
The Power of QDDs
, 1997
"... . Queuecontent Decision Diagrams (QDDs) are finiteautomaton based data structures for representing (possibly infinite) sets of contents of a finite collection of unbounded FIFO queues. Their intended use is to serve as a symbolic representation of the possible queue contents that can occur in the ..."
Abstract

Cited by 57 (1 self)
 Add to MetaCart
. Queuecontent Decision Diagrams (QDDs) are finiteautomaton based data structures for representing (possibly infinite) sets of contents of a finite collection of unbounded FIFO queues. Their intended use is to serve as a symbolic representation of the possible queue contents that can occur in the state space of a protocol modeled by finitestate machines communicating through unbounded queues. This is done with the help of a loopfirst search, a statespace exploration technique that attempts whenever possible to compute symbolically the effect of repeatedly executing a loop any number of times, making it possible to analyze protocols with infinite state spaces though without the guarantee of termination. This paper first solves a key problem concerning the use of QDDs in this context: it precisely characterizes when, and shows how, the operations required by a loopfirst search can be applied to QDDs. Then, it addresses the problem of exploiting QDDs and loopfirst searches to broad...
Transitive Closures of Regular Relations for Verifying InfiniteState Systems
"... . We consider a model for representing infinitestate and parameterized systems, in which states are represented as strings over a finite alphabet. Actions are transformations on strings, in which the change can be characterized by an arbitrary finitestate transducer. This program model is able ..."
Abstract

Cited by 48 (3 self)
 Add to MetaCart
. We consider a model for representing infinitestate and parameterized systems, in which states are represented as strings over a finite alphabet. Actions are transformations on strings, in which the change can be characterized by an arbitrary finitestate transducer. This program model is able to represent programs operating on a variety of data structures, such as queues, stacks, integers, and systems with a parameterized linear topology. The main contribution of this paper is an effective derivation of a general and powerful transitive closure operation for this model. The transitive closure of an action represents the effect of executing the action an arbitrary number of times. For example, the transitive closure of an action which transmits a single message to a buffer will be an action which sends an arbitrarily long sequence of messages to the buffer. Using this transitive closure operation, we show how to model and automatically verify safety properties for severa...
An AutomataTheoretic Approach to Presburger Arithmetic Constraints (Extended Abstract)
 In Proc. Static Analysis Symposium, LNCS 983
, 1995
"... This paper introduces a finiteautomata based representation of Presburger arithmetic definable sets of integer vectors. The representation consists of concurrent automata operating on the binary encodings of the elements of the represented sets. This representation has several advantages. First, be ..."
Abstract

Cited by 46 (4 self)
 Add to MetaCart
This paper introduces a finiteautomata based representation of Presburger arithmetic definable sets of integer vectors. The representation consists of concurrent automata operating on the binary encodings of the elements of the represented sets. This representation has several advantages. First, being automatabased it is operational in nature and hence leads directly to algorithms, for instance all usual operations on sets of integer vectors translate naturally to operations on automata. Second, the use of concurrent automata makes it compact. Third, it is insensitive to the representation size of integers. Our representation can be used whenever arithmetic constraints are needed. To il...
Binary Reachability Analysis of Discrete Pushdown Timed Automata
 CAV'00, LNCS 1855
, 2000
"... . We introduce discrete pushdown timed automata that are timed automata with integervalued clocks augmented with a pushdown stack. A configuration of a discrete pushdown timed automaton includes a control state, finitely many clock values and a stack word. Using a pure automatatheoretic approa ..."
Abstract

Cited by 41 (29 self)
 Add to MetaCart
. We introduce discrete pushdown timed automata that are timed automata with integervalued clocks augmented with a pushdown stack. A configuration of a discrete pushdown timed automaton includes a control state, finitely many clock values and a stack word. Using a pure automatatheoretic approach, we show that the binary reachability (i.e., the set of all pairs of configurations (ff; fi), encoded as strings, such that ff can reach fi through 0 or more transitions) can be accepted by a nondeterministic pushdown machine augmented with reversalbounded counters (NPCM). Since discrete timed automata with integervalued clocks can be treated as discrete pushdown timed automata without the pushdown stack, we can show that the binary reachability of a discrete timed automaton can be accepted by a nondeterministic reversalbounded multicounter machine. Thus, the binary reachability is Presburger. By using the known fact that the emptiness problem is decidable for reversalbounded ...