Results 1  10
of
19
A model checking language for concurrent valuepassing systems
 Proc. of FM’2008, LNCS
, 2008
"... Abstract. Modal µcalculus is an expressive specification formalism for temporal properties of concurrent programs represented as Labeled Transition Systems (Ltss). However, its practical use is hampered by the complexity of the formulas, which makes the specification task difficult and errorpron ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Modal µcalculus is an expressive specification formalism for temporal properties of concurrent programs represented as Labeled Transition Systems (Ltss). However, its practical use is hampered by the complexity of the formulas, which makes the specification task difficult and errorprone. In this paper, we propose Mcl (Model Checking Language), an enhancement of modal µcalculus with highlevel operators aimed at improving expressiveness and conciseness of formulas. The main Mcl ingredients are parameterized fixed points, action patterns extracting data values from Lts actions, modalities on transition sequences described using extended regular expressions and programming language constructs, and an infinite looping operator specifying fairness. We also present a method for onthefly model checking of Mcl formulas on finite Ltss, based on the local resolution of boolean equation systems, which has a lineartime complexity for alternationfree and fairness formulas. Mcl is supported by the Evaluator 4.0 model checker developed within the Cadp verification toolbox. 1
Implementing Influence Analysis using Parameterised Boolean Equation Systems
 In: Proceedings of the 2nd International Symposium on Leveraging Applications of Formal Methods, Verification and Validation ISOLA’06 (Paphos, Cyprus), IEEE Computer Society Press
, 2006
"... Abstract — The wellknown problem of state space explosion in model checking is even more critical when applying this technique to programming languages, mainly due to the presence of complex data structures. One recent and promising approach and correct representation of the global program state al ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
(Show Context)
Abstract — The wellknown problem of state space explosion in model checking is even more critical when applying this technique to programming languages, mainly due to the presence of complex data structures. One recent and promising approach and correct representation of the global program state allowing to match visited states during program model exploration. In particular, one powerful method to implement abstract matching is to fill the state vector with a minimal amount of relevant variables for each program point. In this paper, we combine the onthefly model checking approach (incremental construction of the program state space) and the static analysis method called influence analysis (extraction of significant variables for each program point) in order to automatically construct an abstract matching function. Firstly, we describe the problem as an alternationfree valuebased µcalculus formula, whose validity can be checked on the program model expressed as a labeled transition system (LTS). Secondly, we translate the analysis into the local resolution of a parameterised boolean equation system (PBES), whose representation enables a more efficient construction of the resulting abstract matching function. Finally, we show how our proposal has been elegantly integrated into CADP, a generic framework for both the design and analysis of distributed systems and the development of verification tools. I.
Equivalence checking for infinite systems using parameterized boolean equation systems
 In Proc. CONCUR’07, LNCS 4703
, 2007
"... Abstract. In this paper, we provide a transformation from the branching bisimulation problem for infinite, concurrent, dataintensive systems in linear process format, into solving Parameterized Boolean Equation Systems. We prove correctness and illustrate the approach with two examples. We also pro ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we provide a transformation from the branching bisimulation problem for infinite, concurrent, dataintensive systems in linear process format, into solving Parameterized Boolean Equation Systems. We prove correctness and illustrate the approach with two examples. We also provide small adaptations to obtain similar transformations for strong and weak bisimulations and simulation equivalences. 1
Instantiation for parameterised boolean equation systems
 In Proceedings of ICTAC’08
, 2008
"... Abstract. Verification problems for finite and infinitestate processes, like model checking and equivalence checking, can effectively be encoded in Parameterised Boolean Equation Systems (PBESs). Solving the PBES solves the encoded problem. The decidability of solving a PBES depends on the data so ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Verification problems for finite and infinitestate processes, like model checking and equivalence checking, can effectively be encoded in Parameterised Boolean Equation Systems (PBESs). Solving the PBES solves the encoded problem. The decidability of solving a PBES depends on the data sorts that occur in the PBES. We describe a manipulation for transforming a given PBES to a simpler PBES that may admit solution methods that are not applicable to the original one. Depending on whether the data sorts occurring in the PBES are finite or countable, the resulting PBES can be a Boolean Equation System (BES) or an Infinite Boolean Equation System (IBES). Computing the solution to a BES is decidable. Computing the global solution to an IBES is still undecidable, but for partial solutions (which suffices for e.g. local model checking), effective tooling is possible. We give examples that illustrate the efficacy of our techniques. 1
Architecting security with Paradigm
 Architecting Dependable Systems VI
"... Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through Paradigm, a coordination modeling language based on dynamic constraints. As it is argued, this fits well with security issues. A smaller example introduces the architectural approach towards implementing security policies. A larger casestudy illustrates the use of Paradigm in analyzing the FOO voting scheme. In addition, translating the Paradigm models into process algebra brings model checking within reach. Security properties of the examples discussed, are formally verified with the model checker mCRL2. 1
An Overview of the mCRL2 Toolset and its Recent Advances
"... Abstract. The analysis of complex distributed systems requires dedicated software tools. The mCRL2 language and toolset have been developed to support such analysis. We highlight changes and improvements made to the toolset in recent years. On the one hand, these affect the scope of application, whi ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The analysis of complex distributed systems requires dedicated software tools. The mCRL2 language and toolset have been developed to support such analysis. We highlight changes and improvements made to the toolset in recent years. On the one hand, these affect the scope of application, which has been broadened with extended support for data structures like infinite sets and functions. On the other hand, considerable progress has been made regarding the performance of our tools for state space generation and model checking, due to improvements in symbolic reduction techniques and due to a shift towards parity gamebased solving. We also discuss the software architecture of the toolset, which was well suited to accommodate the above changes, and we address a number of case studies to illustrate the approach. 1
BreadthBounded Model Checking
"... Abstract. Model checking large concurrent systems is a difficult task, due to the infamous state space explosion problem. To combat this problem, a technique called Bounded Model Checking has been proposed. This techniques relies on restricting the level of unfoldings of the transition relation of a ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Model checking large concurrent systems is a difficult task, due to the infamous state space explosion problem. To combat this problem, a technique called Bounded Model Checking has been proposed. This techniques relies on restricting the level of unfoldings of the transition relation of a given specification. This technique is quite effective for verifying requirements that are relatively close to the initial state of the system’s behaviour. Unfortunately, this technique is not adequate for disproving requirements which occur at levels that are relatively deep within the system. In this paper, we study an alternative approach to BMC by restricting the breadth of the transition relation, based on a Highway simulation. This allows us to find violations to (1) properties that lurk deep in a specification, and (2) properties that require lengthy counterexamples. Our experiments show that the method is complementary to BMC, and is effective in many practical applications. 1
Parc Scientifique de la Haute Borne
"... Abstract. ToolBus allows to connect tools via a software bus. Programming is done using the scripting language Tscript, which is based on the process algebra ACP. In previous work we presented a method for analyzing a Tscript by translating it to the process algebraic language mCRL2, and then applyi ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. ToolBus allows to connect tools via a software bus. Programming is done using the scripting language Tscript, which is based on the process algebra ACP. In previous work we presented a method for analyzing a Tscript by translating it to the process algebraic language mCRL2, and then applying model checking to verify certain behavioral properties. We have implemented a prototype based on this approach. As a case study, we have applied it on a standard example from the ToolBus distribution, distributed auction, and detected a number of behavioral irregularities in this auction Tscript. 1
Parameterised anonymity
, 2008
"... We introduce the notion of parameterised anonymity, to formalize the anonymity property of protocols with an arbitrary number of participants. This definition is an extension of the well known CSP anonymity formalization of Schneider and Sidiropoulos [23]. Using recently developed invariant techniq ..."
Abstract
 Add to MetaCart
(Show Context)
We introduce the notion of parameterised anonymity, to formalize the anonymity property of protocols with an arbitrary number of participants. This definition is an extension of the well known CSP anonymity formalization of Schneider and Sidiropoulos [23]. Using recently developed invariant techniques for solving parameterised boolean equation systems, we then show that the Dining Cryptographers protocol guarantees parameterised anonymity with respect to outside observers. We also argue that although the question whether a protocol guarantees parameterised anonymity is in general undecidable, there are practical subclasses where anonymity can be decided for any group of processes.