Results 1  10
of
22
EServices: A Look behind the Curtain
, 2003
"... The emerging paradigm of electronic services promises to bring to distributed computation and services the flexibility that the web has brought to the sharing of documents. An understanding of fundamental properties of eservice composition is required in order to take full advantage of the paradigm ..."
Abstract

Cited by 103 (5 self)
 Add to MetaCart
The emerging paradigm of electronic services promises to bring to distributed computation and services the flexibility that the web has brought to the sharing of documents. An understanding of fundamental properties of eservice composition is required in order to take full advantage of the paradigm. This paper examines proposals and standards for eservices from the perspectives of XML, data management, workflow, and process models. Key areas for study are identified, including behavioral service signatures, verification and synthesis techniques for composite services, analysis of service data manipulation commands, and XML analysis applied to service specifications. We give a sample of the relevant results and techniques in each of these areas.
Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs (Extended Abstract)
 In CAV'96. LNCS 1102
"... ) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the v ..."
Abstract

Cited by 82 (7 self)
 Add to MetaCart
) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the verification of properties of communication protocols modeled by a finite set of finitestate machines that communicate by exchanging messages via unbounded FIFO queues. It is wellknown that most interesting verification problems, such as deadlock detection, are undecidable for this class of systems. However, in practice, these verification problems may very well turn out to be decidable for a subclass containing most "real" protocols. Motivated by this optimistic (and, we claim, realistic) observation, we present an algorithm that may construct a finite and exact representation of the state space of a communication protocol, even if this state space is infinite. Our algorithm performs a loo...
The Power of QDDs
, 1997
"... . Queuecontent Decision Diagrams (QDDs) are finiteautomaton based data structures for representing (possibly infinite) sets of contents of a finite collection of unbounded FIFO queues. Their intended use is to serve as a symbolic representation of the possible queue contents that can occur in the ..."
Abstract

Cited by 56 (1 self)
 Add to MetaCart
. Queuecontent Decision Diagrams (QDDs) are finiteautomaton based data structures for representing (possibly infinite) sets of contents of a finite collection of unbounded FIFO queues. Their intended use is to serve as a symbolic representation of the possible queue contents that can occur in the state space of a protocol modeled by finitestate machines communicating through unbounded queues. This is done with the help of a loopfirst search, a statespace exploration technique that attempts whenever possible to compute symbolically the effect of repeatedly executing a loop any number of times, making it possible to analyze protocols with infinite state spaces though without the guarantee of termination. This paper first solves a key problem concerning the use of QDDs in this context: it precisely characterizes when, and shows how, the operations required by a loopfirst search can be applied to QDDs. Then, it addresses the problem of exploiting QDDs and loopfirst searches to broad...
WellAbstracted Transition Systems: Application to FIFO Automata
, 2000
"... this paper on symbolic representations for the computation of the reachability set of FIFO automata  a finite control with multiple unbounded FIFO channels. To the best of our knowledge, Pachl uses for the first time regular expressions to represent infinite sets of channel contents [31]. In [17] ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
this paper on symbolic representations for the computation of the reachability set of FIFO automata  a finite control with multiple unbounded FIFO channels. To the best of our knowledge, Pachl uses for the first time regular expressions to represent infinite sets of channel contents [31]. In [17], linear regular expressions have been defined and used. Boigelot et al. chosed a deterministic finite automata based representation, namely Queuecontent Decision Diagrams [4] and afterwards Bouajjani et al. added Pressburger formulas, namely Constrained QDDs [5]. Simple regular expressions have been introduced for lossy FIFO automata [1]
A Scalable Incomplete Test for the Boundedness of UML RT Models
 IN PROC. OF TACAS’04, VOLUME 2988 OF LNCS
, 2004
"... We describe a scalable incomplete boundedness test for the communication buffers in UML RT models. UML RT is a variant of the UML modeling language, tailored to describing asynchronous concurrent embedded systems. We reduce UML RT models to systems of communicating finite state machines (CFSMs) ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
We describe a scalable incomplete boundedness test for the communication buffers in UML RT models. UML RT is a variant of the UML modeling language, tailored to describing asynchronous concurrent embedded systems. We reduce UML RT models to systems of communicating finite state machines (CFSMs) . We propose a series of further abstractions that leaves us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on the overall message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. We discuss the complexity of this test and present experimental results using the IBOC system that we are implementing. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs that are derived from UML RT models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. While we focus on the analysis of UML RT models, the analysis can directly be applied to any type of CFSM models.
Checking Asynchronously Communicating Components Using Symbolic Transition Systems
 CoopIS, DOA, and ODBASE, volume 3291 of Lecture Notes in Computer Science
, 2004
"... Explicit behavioural interface description languages (BIDLs, protocols) are now recognized as a mandatory feature of component languages in order to address component reuse, coordination, adaptation and verification issues. Such protocol languages often deal with synchronous communication. However, ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
Explicit behavioural interface description languages (BIDLs, protocols) are now recognized as a mandatory feature of component languages in order to address component reuse, coordination, adaptation and verification issues. Such protocol languages often deal with synchronous communication. However, in the context of distributed systems, components communicating asynchronously through mailboxes are much more relevant. In this paper, we advocate for the use of Symbolic Transition Systems as a protocol language which may deal also with this kind of communication. We then present how this generic formalism, specialized with different mailbox protocols, may be used to address verification issues related to the component mailboxes. 1
Onthefly Verification of Finite Transition Systems
, 1993
"... The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure. It is straightforwardly applicable to many description languages and is actually implemented in several industrial tools. But one of the main limitations of today's v ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure. It is straightforwardly applicable to many description languages and is actually implemented in several industrial tools. But one of the main limitations of today's verification tools is the size of the memory needed to exhaustively build the state graphs of the programs. For numerous properties, it is not necessary to explicitly build this graph and an exhaustive depthfirst traversal is often sufficient. This leads to an online algorithms for computing Buchi acceptance (in the deterministic case) and behavioral equivalences: they are presented in detail. In order to avoid retraversing states, it is however important to store some of the already visited states in memory. To keep the memory size bounded (and avoid a performance falling down), visited states are randomly replaced. In most cases this depthfirst traversal with replacement ca...
Programs with quasistable channels are effectively recognizable
 Proc. of the 9 th Conference on ComputerAided Verication (CAV
, 1997
"... ..."
ModelChecking Of Infinite Graphs Defined By Graph Grammars
 In Proc. 1st International workshop on verification of infinite states systems, volume 6 of ENTCS
, 1996
"... : We propose here an algorithm that decides whether a state of an infinite graph defined by a graph grammar satisfies a given formula of the alternationfree calculus. We first show how graph grammars enable to finitely represent infinite transition systems. In particular, a connection is made betw ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
: We propose here an algorithm that decides whether a state of an infinite graph defined by a graph grammar satisfies a given formula of the alternationfree calculus. We first show how graph grammars enable to finitely represent infinite transition systems. In particular, a connection is made between a state of the graph grammar and the states of the infinite graph it represents. We then present succinctly the syntax and the standard semantics of the calculus. A nonstandard semantics, called assertionbased semantics is then proposed. That semantics makes possible to reduce the study of the semantics of an infinite graph to parts of that graph by using correct assertions. Our algorithm then determines transformers, for each state of the graph grammar, which, given the context, expressed by an assertion, of a state of the graph represented by a state of the graph grammar, decides whether a given formula is satisfied by that state of the graph, or not. Keywords: Infinitestate sys...
A Scalable Incomplete Test for Message Buffer Overflow in Promela Models
 IN PROC.OFSPIN’04, VOLUME 2989 OF LNCS
, 2004
"... In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buff ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buffer overflows can ever occur in a given system and what buffer lengths are sufficient to avoid them. We describe a scalable incomplete boundedness test for the communication buffers in Promela models, which is based on overapproximation and static analysis. We first reduce Promela models to systems of communicating finite state machines (CFSMs) and then apply further abstractions that leave us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on any message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. If no such linear combination exists then the system is bounded. We discuss the complexity of this test and present experimental results using our implementation in the IBOC system. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs derived from Promela models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. Previously, we have applied this approach to UML RT models, while in this paper we focus on the additional problems specific to Promela code: determining the potential message types of any chan...