Results 1  10
of
46
Modeling and Verifying Systems using a Logic of Counter Arithmetic with Lambda Expressions and Uninterpreted Functions
, 2002
"... In this paper, we present the logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU). CLU generalizes the logic of equality with uninterpreted functions (EUF) with constrained lambda expressions, ordering, and successor and predecessor functions. In addition to mod ..."
Abstract

Cited by 142 (43 self)
 Add to MetaCart
In this paper, we present the logic of Counter arithmetic with Lambda expressions and Uninterpreted functions (CLU). CLU generalizes the logic of equality with uninterpreted functions (EUF) with constrained lambda expressions, ordering, and successor and predecessor functions. In addition to modeling pipelined processors that EUF has proved useful for, CLU can be used to model many infinitestate systems including those with infinite memories, finite and infinite queues including lossy channels, and networks of identical processes. Even with this richer expressive power, the validity of a CLU formula can be efficiently decided by translating it to a propositional formula, and then using Boolean methods to check validity. We give theoretical and empirical evidence for the efficiency of our decision procedure. We also describe verification techniques that we have used on a variety of systems, including an outoforder execution unit and the loadstore unit of an industrial microprocessor.
Regular Model Checking
, 2000
"... . We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving re ..."
Abstract

Cited by 128 (20 self)
 Add to MetaCart
. We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving relation on strings. Major problems in the verification of parameterized and infinitestate systems are to compute the set of states that are reachable from some set of initial states, and to compute the transitive closure of the transition relation. We present two complementary techniques for these problems. One is a direct automatatheoretic construction, and the other is based on widening. Both techniques are incomplete in general, but we give sufficient conditions under which they work. We also present a method for verifying !regular properties of parameterized systems, by computation of the transitive closure of a transition relation. 1 Introduction This paper presents regular ...
EServices: A Look behind the Curtain
, 2003
"... The emerging paradigm of electronic services promises to bring to distributed computation and services the flexibility that the web has brought to the sharing of documents. An understanding of fundamental properties of eservice composition is required in order to take full advantage of the paradigm ..."
Abstract

Cited by 103 (5 self)
 Add to MetaCart
The emerging paradigm of electronic services promises to bring to distributed computation and services the flexibility that the web has brought to the sharing of documents. An understanding of fundamental properties of eservice composition is required in order to take full advantage of the paradigm. This paper examines proposals and standards for eservices from the perspectives of XML, data management, workflow, and process models. Key areas for study are identified, including behavioral service signatures, verification and synthesis techniques for composite services, analysis of service data manipulation commands, and XML analysis applied to service specifications. We give a sample of the relevant results and techniques in each of these areas.
Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs (Extended Abstract)
 In CAV'96. LNCS 1102
"... ) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the v ..."
Abstract

Cited by 83 (7 self)
 Add to MetaCart
) Bernard Boigelot Universit'e de Li`ege Institut Montefiore, B28 4000 Li`ege SartTilman, Belgium Email: boigelot@montefiore.ulg.ac.be Patrice Godefroid Lucent Technologies  Bell Laboratories 1000 E. Warrenville Road Naperville, IL 60566, U.S.A. Email: god@belllabs.com Abstract We study the verification of properties of communication protocols modeled by a finite set of finitestate machines that communicate by exchanging messages via unbounded FIFO queues. It is wellknown that most interesting verification problems, such as deadlock detection, are undecidable for this class of systems. However, in practice, these verification problems may very well turn out to be decidable for a subclass containing most "real" protocols. Motivated by this optimistic (and, we claim, realistic) observation, we present an algorithm that may construct a finite and exact representation of the state space of a communication protocol, even if this state space is infinite. Our algorithm performs a loo...
OntheFly Analysis of Systems with Unbounded, Lossy FIFO Channels
 In CAV'98. LNCS 1427
, 1998
"... . We consider symbolic onthefly verification methods for systems of finitestate machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of proto ..."
Abstract

Cited by 71 (17 self)
 Add to MetaCart
. We consider symbolic onthefly verification methods for systems of finitestate machines that communicate by exchanging messages via unbounded and lossy FIFO queues. We propose a novel representation formalism, called simple regular expressions (SREs), for representing sets of states of protocols with lossy FIFO channels. We show that the class of languages representable by SREs is exactly the class of downward closed languages that arise in the analysis of such protocols. We give methods for (i) computing inclusion between SREs, (ii) an SRE representing the set of states reachable by executing a single transition in a system, and (iii) an SRE representing the set of states reachable by an arbitrary number of executions of a control loop of a program. All these operations are rather simple and can be carried out in polynomial time. With these techniques, one can construct a semialgorithm which explores the set of reachable states of a protocol, in order to check variou...
On Model Checking for NonDeterministic InfiniteState Systems
, 1998
"... We demonstrate that many known algorithms for model checking infinitestate systems can be derived uniformly from a reachability procedure that generates a "covering graph", a generalization of the KarpMiller graph for Petri Nets. Each node of the covering graph has an associated nonempty set of re ..."
Abstract

Cited by 56 (4 self)
 Add to MetaCart
We demonstrate that many known algorithms for model checking infinitestate systems can be derived uniformly from a reachability procedure that generates a "covering graph", a generalization of the KarpMiller graph for Petri Nets. Each node of the covering graph has an associated nonempty set of reachable states, which makes it possible to model check safety properties of the system on the covering graph. For systems with a wellquasiordered simulation relation, each infinite fair computation has a finite witness, which may be detected using the covering graph and combinatorial properties of the specific infinite state system. These results explain many known decidability results in a simple, uniform manner. This is a strong indication that the covering graph construction is appropriate for the analysis of infinite state systems. We also consider the new application domain of parameterized broadcast protocols, and indicate how to apply the construction in this domain. This application is illustrated on an invalidationbased cache coherency protocol, for which many safety properties can be proved fully automatically for an arbitrary number of processes. 1
Transitive Closures of Regular Relations for Verifying InfiniteState Systems
"... . We consider a model for representing infinitestate and parameterized systems, in which states are represented as strings over a finite alphabet. Actions are transformations on strings, in which the change can be characterized by an arbitrary finitestate transducer. This program model is able ..."
Abstract

Cited by 48 (3 self)
 Add to MetaCart
. We consider a model for representing infinitestate and parameterized systems, in which states are represented as strings over a finite alphabet. Actions are transformations on strings, in which the change can be characterized by an arbitrary finitestate transducer. This program model is able to represent programs operating on a variety of data structures, such as queues, stacks, integers, and systems with a parameterized linear topology. The main contribution of this paper is an effective derivation of a general and powerful transitive closure operation for this model. The transitive closure of an action represents the effect of executing the action an arbitrary number of times. For example, the transitive closure of an action which transmits a single message to a buffer will be an action which sends an arbitrarily long sequence of messages to the buffer. Using this transitive closure operation, we show how to model and automatically verify safety properties for severa...
How to compose PresburgerAccelerations: Applications to Broadcast Protocols
 IN PROC. 22ND CONF. FOUND. OF SOFTWARE TECHNOLOGY AND THEOR. COMP. SCI. (FST&TCS'2002), KANPUR
, 2002
"... Finite linear systems are finite sets of linear functions whose guards are de fined by Presburger formulas, and whose the squares matrice associated generate a finite multiplicative monoid. We prove that for finite linear systems, the accelerations of sequences of transitions always produce an effec ..."
Abstract

Cited by 48 (17 self)
 Add to MetaCart
Finite linear systems are finite sets of linear functions whose guards are de fined by Presburger formulas, and whose the squares matrice associated generate a finite multiplicative monoid. We prove that for finite linear systems, the accelerations of sequences of transitions always produce an effective Presburgerdefinable relation. We then show how to choose the good sequences of length n whose number is polynomial in n although the total number of cycles of length n is exponential in n. We implement these theoretical results in the tool FAST [FAS] (Fast Acceleration of Symbolic Transition systems). FAST computes in few seconds the minimal deterministic finite automata that represent the reachability sets of 8 wellknown broadcast protocols.
Symbolic Verification of Lossy Channel Systems: Application to the Bounded Retransmission Protocol
 In TACAS'99. LNCS 1579
, 1999
"... We consider the problem of verifying automatically infinitestate systems that are systems of finite machines that communicate by exchanging messages through unbounded lossy fifo channels. In a previous work [1], we proposed an algorithmic approach based on constructing a symbolic representation ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
We consider the problem of verifying automatically infinitestate systems that are systems of finite machines that communicate by exchanging messages through unbounded lossy fifo channels. In a previous work [1], we proposed an algorithmic approach based on constructing a symbolic representation of the set of reachable configurations of a system by means of a class of regular expressions (SREs). The construction of such a representation consists of an iterative computation with an acceleration technique which enhance the chance of convergence. This technique is based on the analysis of the effect of iterating control loops. In the work we present here, we experiment our approach and show how it can be effectively applied. For that, we developed a tool prototype based on the results in [1]. Using this tool, we provide a fully automatic verification of (the parameterized version of) the Bounded Retransmission Protocol, for arbitrary values of the size of the transmitted files, and the allowed number of retransmissions. ? Contact author. 1 1
Composite Model Checking: Verification with TypeSpecific Symbolic Representations
 ACM Transactions on Software Engineering and Methodology
, 2000
"... In recent years, there has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic mode ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
In recent years, there has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic model checking, in which large finitestate machines are encoded into compact data structures such as binary decision diagrams (BDDs)  and are then checked for safety and liveness properties. However, these techniques have not realized the same success on software systems. One limitation is their inability to deal with infinitestate programs  even those with a single unbounded integer. A second problem is that of finding efficient representations for various variable types. We recently proposed a model checker for integerbased systems that uses arithmetic constraints as the underlying state representation. While this approach easily verified some subtle, infinitestate concurrency problems...