Results 1  10
of
12
Reachability analysis of multithreaded software with asynchronous communication
 In FSTTCS
, 2005
"... Abstract. We introduce asynchronous dynamic pushdown networks (ADPN), a new model for multithreaded programs in which pushdown systems communicate via shared memory. ADPN generalizes both CPS (concurrent pushdown systems) [7] and DPN (dynamic pushdown networks) [5]. We show that ADPN exhibit several ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce asynchronous dynamic pushdown networks (ADPN), a new model for multithreaded programs in which pushdown systems communicate via shared memory. ADPN generalizes both CPS (concurrent pushdown systems) [7] and DPN (dynamic pushdown networks) [5]. We show that ADPN exhibit several advantages as a program model. Since the reachability problem for ADPN is undecidable even in the case without dynamic creation of processes, we address the bounded reachability problem [7], which considers only those computation sequences where the (index of the) thread accessing the shared memory is changed at most a fixed given number of times. We provide efficient algorithms for both forward and backward reachability analysis. The algorithms are based on automata techniques for symbolic representation of sets of configurations. 1
Symbolic contextbounded analysis of multithreaded Java programs
 In Intl. SPIN Workshop on Model Checking Software
, 2008
"... Abstract. The reachability problem is undecidable for programs with both recursive procedures and multiple threads communicating through shared memory. Attempts to overcome this problem have been the focus of much recent research. One approach is to use contextbounded reachability, i.e. to consider ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The reachability problem is undecidable for programs with both recursive procedures and multiple threads communicating through shared memory. Attempts to overcome this problem have been the focus of much recent research. One approach is to use contextbounded reachability, i.e. to consider only those runs in which the active thread changes at most k times, where k is fixed. However, to the best of our knowledge, contextbounded reachability has not been implemented in any tool so far, primarily because its worstcase runtime is prohibitively high, i.e. O(n k), where n is the size of the shared memory. Moreover, existing algorithms for contextbounded reachability do not admit a meaningful symbolic implementation (e.g., using BDDs) to reduce the runtime in practice. In this paper, we propose an improvement that overcomes this problem. We have implemented our approach in the tool jMoped and report on experiments. 1
Name creation vs. Replication in Petri Net Systems
, 2008
"... We study the relationship between name creation and replication in a setting of infinitestate communicating automata. By name creation we mean the capacity of dynamically producing pure names, with no relation between them other than equality or inequality. By replication we understand the ability ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
(Show Context)
We study the relationship between name creation and replication in a setting of infinitestate communicating automata. By name creation we mean the capacity of dynamically producing pure names, with no relation between them other than equality or inequality. By replication we understand the ability of systems of creating new parallel identical threads, that can synchronize with each other. We have developed our study in the framework of Petri nets, by considering several extensions of P/T nets. In particular, we prove that in this setting name creation and replication are equivalent, but only when a garbage collection mechanism is added for idle threads. However, when simultaneously considering both extensions the obtained model is, a bit surprisingly, Turing complete and therefore, more expressive than when considered separately.
Rewriting models of Boolean programs
 In Proc. Intern. Conf. on Rewriting Techniques and Applications (RTA’06), volume 4098 of LNCS
, 2006
"... Abstract. We show that rewrite systems can be used to give semantics to imperative programs with boolean variables, a class of programs used in software modelchecking as over or underapproximations of real programs. We study the classes of rewrite systems induced by programs with different feature ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We show that rewrite systems can be used to give semantics to imperative programs with boolean variables, a class of programs used in software modelchecking as over or underapproximations of real programs. We study the classes of rewrite systems induced by programs with different features like procedures, concurrency, or dynamic thread creation, and survey a number of results on their word problem and their symbolic reachability problem. 1
Verification of Boolean programs with unbounded thread creation
, 2007
"... Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol. 1885, Springer, 2000, pp. 113–130] are the most popular representation for these abstractions. Unfortunately, today’s symbolic software model checkers are limited to the analysis of sequential programs due to the fact that reachability in Boolean programs with unbounded thread creation is undecidable. We address this limitation with a novel algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. Although the Boolean programs are not of finite state, the algorithm always reaches a fixpoint. The fixed points are detected by projecting the state of the threads to the globally visible parts, which are finite.
OverApproximating Boolean Programs with Unbounded Thread Creation
 In: Formal Methods in ComputerAided Design (FMCAD), IEEE
, 2006
"... This paper describes a symbolic algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. The fixpoint is detected by projecting the state of the threads to the globally visible parts, which are finite. Our algorithm models recursion by overapproximating the ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
This paper describes a symbolic algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. The fixpoint is detected by projecting the state of the threads to the globally visible parts, which are finite. Our algorithm models recursion by overapproximating the call stack that contains the return locations of recursive function calls, as reachability is undecidable in this case. The algorithm may obtain spurious counterexamples, which are removed iteratively by means of an abstraction refinement loop. Experiments show that the symbolic algorithm for unbounded thread creation scales to large abstract models.
Global ModelChecking of HigherOrder Pushdown Systems
, 2008
"... Pushdown systems equip a finite state system with an unbounded stack memory, and are thus infinite state. By recording the call history on the stack, these systems provide a natural model for recursive procedure calls. Modelchecking for pushdown systems has been wellstudied. The most successful im ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Pushdown systems equip a finite state system with an unbounded stack memory, and are thus infinite state. By recording the call history on the stack, these systems provide a natural model for recursive procedure calls. Modelchecking for pushdown systems has been wellstudied. The most successful implementation of these techniques is the tool Moped, which has become an important component of verification suites such as Terminator, SLAM and Blast. Higherorder pushdown systems allow a more complex memory structure: a higherorder stack is a stack of lowerorder stacks. These systems form a robust hierarchy closely related to the Caucal hierarchy and higherorder recursion schemes. This latter connection demonstrates their importance as models for programs with higherorder functions. We study the global modelchecking problem for higherorder pushdown systems. In particular, we show how to compute the winning regions of twoplayer games with reachability, Büchi and parity conditions. Our approach extends the saturation methods of Bouajjani, Esparza and Maler for order1 pushdown systems, and Bouajjani and Meyer for higherorder pushdown systems with a single control state. These techniques begin with an automaton recognising (higherorder) stacks,
Approximationbased Tree Regular
, 2009
"... HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract
 Add to MetaCart
(Show Context)
HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Approximationbased Tree Regular ModelChecking
, 2009
"... This paper addresses the following general problem of tree regular modelchecking: decide whetherR ∗ (L) ∩ Lp= ∅ whereR ∗ is the reflexive and transitive closure of a successor relation induced by a term rewriting systemR, and L and Lp are both regular tree languages. We develop an automatic approxim ..."
Abstract
 Add to MetaCart
This paper addresses the following general problem of tree regular modelchecking: decide whetherR ∗ (L) ∩ Lp= ∅ whereR ∗ is the reflexive and transitive closure of a successor relation induced by a term rewriting systemR, and L and Lp are both regular tree languages. We develop an automatic approximationbased technique to handle this – undecidable in general – problem in most practical cases, extending a recent work by Feuillade, Genet and Viet Triem Tong. We also make this approach fully automatic for practical validation of security protocols. Keywords: Verification, modelchecking, regular languages, security protocols. Computing Reviews Categories: D.2.4 and F.4.2.