Results 11  20
of
47
Network invariants in action
 In 13th International Conference on Concurrency Theory (CONCUR02), volume 2421 of Lect. Notes in Comp. Sci
, 2002
"... ..."
Compositional Analysis for Verification of Parameterized Systems
 Theoretical Computer Science
, 2003
"... Many safetycritical systems that have been considered by the verification community are parameterized by the number of concurrent components in the system, and hence describe an infinite family of systems. Traditional model checking techniques can only be used to verify specific instances of this f ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
Many safetycritical systems that have been considered by the verification community are parameterized by the number of concurrent components in the system, and hence describe an infinite family of systems. Traditional model checking techniques can only be used to verify specific instances of this family. In this paper, we present a technique based on compositional model checking and program analysis for automatic verification of infinite families of systems. The technique views a parameterized system as an expression in a process algebra (CCS) and interprets this expression over a domain of formulas (modal mucalculus), considering a process as a property transformer. The transformers are constructed using partial model checking techniques. At its core, our technique solves the verification problem by finding the limit of a chain of formulas. We present a widening operation to find such a limit for properties expressible in a subset of modal mucalculus. We describe the verification of a number of parameterized systems using our technique to demonstrate its utility.
Modularization and Abstraction: The Keys to Practical Formal Verification
 LECTURE NOTES IN COMPUTER SCIENCE
, 1998
"... In spite of the impressive progress in the development of the two main methods for formal verification of reactive systems  Model Checking (in particular symbolic) and Deductive Verification, they are still limited in their ability to handle large systems. It is generally recognized that the only ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
In spite of the impressive progress in the development of the two main methods for formal verification of reactive systems  Model Checking (in particular symbolic) and Deductive Verification, they are still limited in their ability to handle large systems. It is generally recognized that the only way these methods can ever scale up is by the extensive use of abstraction and modularization, which breaks the task of verifying a large system into several smaller tasks of verifying simpler systems. In this methodological paper, we review the two main tools of compositionality and abstraction in the framework of linear temporal logic. We illustrate the application of these two methods for the reduction of an infinitestate system into a finitestate system that can then be verified using model checking. The modest technical contributions contained in this paper are a full formulation of abstraction when applied to a system with both weak and strong fairness requirements and to a general...
"Next" Heuristic For OnTheFly Model Checking
, 1999
"... . We present a new heuristic for onthefly enumerative invariant verification. The heuristic is based on a construct for temporal scaling, called next, that compresses a sequence of transitions leading to a given target set into a single metatransition. First, we give an onthefly algorithm to s ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
. We present a new heuristic for onthefly enumerative invariant verification. The heuristic is based on a construct for temporal scaling, called next, that compresses a sequence of transitions leading to a given target set into a single metatransition. First, we give an onthefly algorithm to search a process expression built using the constructs of hiding, parallel composition, and temporal scaling. Second, we show that as long the target set \Theta of transitions includes all transitions that access variables shared with the environment, the process next \Theta for P and P are equivalent according to the weaksimulation equivalence. As a result, to search the product of given processes, we can cluster processes into groups with as little communication among them as possible, and compose the groups only after applying appropriate hiding and temporal scaling operators. Applying this process recursively gives an expression that has multiple nested applications of next, and ha...
Verifying Determinism of Concurrent Systems Which Use Unbounded Arrays (Extended Abstract)
, 1998
"... ) Ranko Lazi'c y Bill Roscoe z To be presented at INFINITY '98 (Revised version. July 7, 1998.) Abstract Our main result says that determinism of a concurrent system which uses unbounded arrays (i.e. memories) can be verified by considering an appropriate finite array size. That ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
) Ranko Lazi'c y Bill Roscoe z To be presented at INFINITY '98 (Revised version. July 7, 1998.) Abstract Our main result says that determinism of a concurrent system which uses unbounded arrays (i.e. memories) can be verified by considering an appropriate finite array size. That is made possible by restricting the ways in which array indices and values can be used within the system. The restrictions are those of data independence: the system must not perform any operations on the indices and values, but it is only allowed to input them, store them, and output them. Equality tests between indices are also allowed. The restrictions are satisfied by many concurrent systems which use arrays to model memories or databases. As a case study, we have verified that a database system which allows users to lock, read and write records at multiple security levels is secure. 1 The Parameterised Verification Problem Concurrent systems are frequently infinitestate because they have...
Constraintbased Verification of ClientServer Protocols
, 2001
"... We show that existing constraint technology like Presburger [Omega,Pug92], and Boolean solvers [CUDD] incorporated in the paradigm of symbolic model checking with rich assertional languages proposed in [KMM + 97] can be successfully applied to the verification of clientserver protocols with arbitra ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
We show that existing constraint technology like Presburger [Omega,Pug92], and Boolean solvers [CUDD] incorporated in the paradigm of symbolic model checking with rich assertional languages proposed in [KMM + 97] can be successfully applied to the verification of clientserver protocols with arbitrary number of clients. Abstract interpretation [CC77] is the mathematical bridge between protocol specification and constraintbased verification methods working on heterogeneous data like the Action Language verifier of [Bul00] built on top of the Composite Symbolic Library [BGL00, YKTB01]. The method we propose is incomplete but fully automatic and sound for safety and liveness properties. The Action Language verified is, in fact, able to check full CTL temporal specifications. Sufficient conditions for the termination of the resulting verification algorithms can be derived using the general decidability results given in [ACJT96]. As a casestudy, we apply the method to check safety and liveness properties for a formal model given through communicating finitestate machines of the directorybased consistency protocol proposed in [Ger00, PRZ01].
Automated refinement checking for asynchronous processes
 In Proc. 3rd FMCAD, LNCS
, 2000
"... Abstract. We consider the problem of refinement checking for asynchronous processes where refinement corresponds to stutterclosed language inclusion. Since an efficient algorithmic solution to the refinement check demands the construction of a witness that defines the private specification variable ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the problem of refinement checking for asynchronous processes where refinement corresponds to stutterclosed language inclusion. Since an efficient algorithmic solution to the refinement check demands the construction of a witness that defines the private specification variables in terms of the implementation variables, we first propose a construction to extract a synchronous witness from the specification. This automatically reduces individual refinement checks to reachability analysis. Second, to alleviate the stateexplosion problem during search, we propose a reduction scheme that exploits the visibility information about transitions in a recursive manner based on the architectural hierarchy. Third, we establish compositional and assumeguarantee proof rules for decomposing the refinement check into subproblems. All these techniques work in synergy to reduce the computational requirements of refinement checking. We have integrated the proposed methodology based on an enumerative search in the model checker Mocha. We illustrate our approach on sample benchmarks.
Beyond Regular Model Checking
 In Proc. of FSTTCS’01, volume 2245 of LNCS
, 2001
"... In recent years, it has been established that regular model checking can be successfully applied to several parameterized verification problems. However, there are many parameterized verification problems that cannot be described by regular languages, and thus cannot be verified using regular mo ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
In recent years, it has been established that regular model checking can be successfully applied to several parameterized verification problems. However, there are many parameterized verification problems that cannot be described by regular languages, and thus cannot be verified using regular model checking. In this study we try to practice symbolic model checking using classes of languages more expressive than the regular languages. We provide three methods for the uniform verification of nonregular parameterized systems.
Z.: Verification of parameterized concurrent programs by modular reasoning about data and control
 In: POPL’12
, 2012
"... In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
In this paper, we consider the problem of verifying threadstate properties of multithreaded programs in which the number of active threads cannot be statically bounded. Our approach is based on decomposing the task into two modules, where one reasons about data and the other reasons about control. The data module computes threadstate invariants (e.g., linear constraints over global variables and local variables of one thread) using the thread interference information computed by the control module. The control module computes a representation of thread interference, as an incrementally constructed data flow graph, using the data invariants provided by the data module. These invariants are used to rule out patterns of thread interference that can not occur in a real program execution. The two modules are incorporated into a feedback loop, so that the abstractions of data and interference are iteratively coars
Verification of Boolean programs with unbounded thread creation
, 2007
"... Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol. 1885, Springer, 2000, pp. 113–130] are the most popular representation for these abstractions. Unfortunately, today’s symbolic software model checkers are limited to the analysis of sequential programs due to the fact that reachability in Boolean programs with unbounded thread creation is undecidable. We address this limitation with a novel algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. Although the Boolean programs are not of finite state, the algorithm always reaches a fixpoint. The fixed points are detected by projecting the state of the threads to the globally visible parts, which are finite.