Results 1 
9 of
9
Forward analysis for WSTS, part II: Complete WSTS
 In ICALP’09, volume 5556 of LNCS
, 2009
"... Abstract. We describe a simple, conceptual forward analysis procedure for ∞complete WSTS S. This computes the clover of a state s0, i.e., a finite description of the closure of the cover of s0. When S is the completion of a WSTS X, the clover in S is a finite description of the cover in X. We show ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a simple, conceptual forward analysis procedure for ∞complete WSTS S. This computes the clover of a state s0, i.e., a finite description of the closure of the cover of s0. When S is the completion of a WSTS X, the clover in S is a finite description of the cover in X. We show that this applies exactly when X is an ω 2WSTS, a new robust class of WSTS. We show that our procedure terminates in more cases than the generalized KarpMiller procedure on extensions of Petri nets. We characterize the WSTS where our procedure terminates as those that are cloverflattable. Finally, we apply this to wellstructured counter systems. 1
From Many Places to Few: Automatic Abstraction Refinement for Petri Nets
, 2008
"... Current algorithms for the automatic verification of Petri nets suffer from the explosion caused by the high dimensionality of the state spaces of practical examples. In this paper, we develop an abstract interpretation based analysis that reduces the dimensionality of state spaces that are explore ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
Current algorithms for the automatic verification of Petri nets suffer from the explosion caused by the high dimensionality of the state spaces of practical examples. In this paper, we develop an abstract interpretation based analysis that reduces the dimensionality of state spaces that are explored during verification. In our approach, the dimensionality is reduced by trying to gather places that may not be important for the property to establish. If the abstraction that is obtained is too coarse, an automatic refinement is performed and a more precise abstraction is obtained. The refinement is computed by taking into account information about the inconclusive analysis. The process is iterated until the property is proved to be true or false.
Efficient coverability analysis by proof minimization
 IN: CONCUR
"... We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, s ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, sound and complete yet empirically much improved solution to this problem. The key idea to achieve a compact search structure is to track uncoverability only for minimal uncoverable elements, even if these elements are not part of the original coverability query. To this end, our algorithm examines elements in the downward closure of elements backwardreachable from the initial queries. A downside is that the algorithm may unnecessarily explore elements that turn out coverable and thus fail to contribute to the proof minimization. We counter this effect using a forward search engine that simultaneously generates (a subset of all) coverable elements, e.g. a generalized KarpMiller procedure. We demonstrate in extensive experiments on C programs that our approach targeting minimal uncoverability proofs outperforms existing techniques by orders of magnitude.
Keeping a crowd safe: On the complexity of parameterized verification (invited talk
 STACS, volume 25 of LIPIcs
, 2014
"... ar ..."
(Show Context)
Evaluating the Risk of Cyber Attacks on SCADA Systems via Petri Net Analysis with Application to Hazardous Liquid Loading Operations
"... This paper develops an analytic technique for quantifying the risk of computer network operations (CNO) against supervisory control and data acquisition (SCADA) systems. We measure risk in terms of the extent to which an attacker can manipulate process control elements, the consequences due to disr ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
This paper develops an analytic technique for quantifying the risk of computer network operations (CNO) against supervisory control and data acquisition (SCADA) systems. We measure risk in terms of the extent to which an attacker can manipulate process control elements, the consequences due to disruption of the controlled physical process, and the vulnerability of the SCADA system to malicious intrusion. The technique constitutes a novel application of Petri net state coverability analysis coupled with process simulation. As such, this framework permits a formal assessment of candidate policies to manage risk by diminishing aspects of the network vulnerability to intrusion, where the objective is to prevent malicious induction of catastrophic process failure modes. We extend earlier work on Petri nets for attack analysis by developing a detailed methodology including: a new algorithm for the automatic generation of Petri nets from the description of a SCADA network and its vulnerabilities; metrics for quantifying risk as a function of a Petri net’s state; techniques for evaluating these metrics based on a Petri net’s minimal coverability set; and a method for coupling the Petri net representation of the SCADA network to the controlled processes for failure mode and effects assessment. The paper concludes by presenting an example application of the analysis technique to evaluate the security of a hazardous liquid loading process.
A Widening Approach to Multithreaded Program Verification
, 2014
"... Pthreadstyle multithreaded programs feature rich thread communication mechanisms, such as shared variables, signals, and broadcasts. In this article, we consider the automated verification of such programs where an unknown number of threads execute a given finitedata procedure in parallel. Such pr ..."
Abstract
 Add to MetaCart
(Show Context)
Pthreadstyle multithreaded programs feature rich thread communication mechanisms, such as shared variables, signals, and broadcasts. In this article, we consider the automated verification of such programs where an unknown number of threads execute a given finitedata procedure in parallel. Such procedures are typically obtained as predicate abstractions of recursionfree source code written in C or Java. Many safety problems over finitedata replicated multithreaded programs are decidable via a reduction to the coverability problem in certain types of wellordered infinitestate transition systems. On the other hand, in full generality, this problem is Ackermannhard, which seems to rule out efficient algorithmic treatment. We present a novel, sound, and complete yet empirically efficient solution. Our approach is to judiciously widen the original set of coverability targets by configurations that involve fewer threads and are thus easier to decide, and whose exploration may well be sufficient: if they turn out uncoverable, so are the original targets. To soften the impact of “bad guesses”—configurations that turn out coverable—the exploration is accompanied by a parallel engine that generates coverable configurations; none of these is ever selected for widening. Its job being merely to prevent bad widening choices, such an engine need not be complete for coverability analysis, which enables a range of existing partial (e.g., nonterminating) techniques. We present extensive experiments on multithreaded C programs, including device driver code from FreeBSD, Solaris,
Constructing Coverability Graphs for Time Basic Petri Nets
"... Abstract. TimeBasic Petri nets, is a powerful formalism for modeling realtime systems where time constraints are expressed through time functions of marking’s time description associated with transition, representing possible firing times. We introduce a technique for coverability analysis based ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. TimeBasic Petri nets, is a powerful formalism for modeling realtime systems where time constraints are expressed through time functions of marking’s time description associated with transition, representing possible firing times. We introduce a technique for coverability analysis based on the building of a finite graph. This technique further exploits the time anonymous concept [5,6], in order to deal with topologically unbounded nets, exploits the concept of a coverage of TA tokens, i.e., a sort of ω anonymous timestamp. Such a coverability analysis technique is able to construct coverability trees/graphs for unbounded TimeBasic Petri net models. The termination of the algorithm is guaranteed as long as, within the input model, tokens growing without limit, can be anonymized. This means that we are able to manage models that do not exhibit Zeno behavior and do not express actions depending on infinite past events. This is actually a reasonable limitation because, generally, realworld examples do not exhibit such a behavior.
IOS Press From Many Places to Few: Automatic Abstraction Refinement for
"... Abstract. Current algorithms for the automatic verification of Petri nets suffer from the explosion caused by the high dimensionality of the state spaces of practical examples. In this paper, we develop an abstract interpretation based analysis that reduces the dimensionality of state spaces that ar ..."
Abstract
 Add to MetaCart
Abstract. Current algorithms for the automatic verification of Petri nets suffer from the explosion caused by the high dimensionality of the state spaces of practical examples. In this paper, we develop an abstract interpretation based analysis that reduces the dimensionality of state spaces that are explored during verification. In our approach, the dimensionality is reduced by trying to gather places that may not be important for the property to establish. If the abstraction that is obtained is too coarse, an automatic refinement is performed and a more precise abstraction is obtained. The refinement is computed by taking into account information about the inconclusive analysis. The process is iterated until the property is proved to be true or false. 1.