Results 1  10
of
16
Slede: A domain specific verification framework for sensor network security protocol implementations
, 2007
"... Finding flaws in security protocol implementations is hard. Finding flaws in the implementations of sensor network security protocols is even harder because they are designed to protect against more system failures compared to traditional protocols. Formal verification techniques such as model check ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
(Show Context)
Finding flaws in security protocol implementations is hard. Finding flaws in the implementations of sensor network security protocols is even harder because they are designed to protect against more system failures compared to traditional protocols. Formal verification techniques such as model checking, theorem proving, etc, have been very successful in the past in detecting faults in security protocol specifications; however, they generally require that a formal description of the protocol, often called model, is developed before the verification can start. There are three factors that make model construction, and as a result, formal verification is hard. First, knowledge of the specialized language used to construct the model is necessary. Second, upfront effort is required to produce an artifact that is only useful during verification, which might be considered wasteful by some, and third, manual model construction is error prone and may lead
Inferring network invariants automatically
 In Proc. International Joint Conference on Automated Reasoning (IJCAR ’06), volume 4130 of LNAI
, 2006
"... Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reas ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reasoning about it, uniform verification with respect to the family P [1] ‖ · · · ‖ P [n] can be carried out. In this paper, we propose a procedure that searches systematically for a network invariant satisfying a given safety property. The search is based on algorithms for learning finite automata due to Angluin and Biermann. We optimize the search by combining both algorithms for improving successive possible invariants. We also show how to reduce the learning problem to SAT, allowing efficient SAT solvers to be used, which turns out to yield a very competitive learning algorithm. The overall search procedure finds a minimal such invariant, if it exists. 1
Learning meets verification
 In FMCO’07, LNCS 4709
, 2007
"... Abstract. In this paper, we give an overview on some algorithms for learning automata. Starting with Biermann’s and Angluin’s algorithms, we describe some of the extensions catering for specialized or richer classes of automata. Furthermore, we survey their recent application to verification problem ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we give an overview on some algorithms for learning automata. Starting with Biermann’s and Angluin’s algorithms, we describe some of the extensions catering for specialized or richer classes of automata. Furthermore, we survey their recent application to verification problems. 1
Verification of Boolean programs with unbounded thread creation
, 2007
"... Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Most symbolic software model checkers use abstraction techniques to reduce the verification of infinitestate programs to that of decidable classes. Boolean programs [T. Ball, S.K. Rajamani, Bebop: A symbolic model checker for Boolean programs, in: SPIN 00, in: Lecture Notes in Computer Science, vol. 1885, Springer, 2000, pp. 113–130] are the most popular representation for these abstractions. Unfortunately, today’s symbolic software model checkers are limited to the analysis of sequential programs due to the fact that reachability in Boolean programs with unbounded thread creation is undecidable. We address this limitation with a novel algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. Although the Boolean programs are not of finite state, the algorithm always reaches a fixpoint. The fixed points are detected by projecting the state of the threads to the globally visible parts, which are finite.
S.: Parameterized Model Checking of TokenPassing Systems. ArXiv eprints abs/1311.4425
, 2013
"... ar ..."
(Show Context)
Parameterized synthesis
 In TACAS, volume 7214 of LNCS
, 2012
"... www.lmcsonline.org ..."
(Show Context)
OverApproximating Boolean Programs with Unbounded Thread Creation
 In: Formal Methods in ComputerAided Design (FMCAD), IEEE
, 2006
"... This paper describes a symbolic algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. The fixpoint is detected by projecting the state of the threads to the globally visible parts, which are finite. Our algorithm models recursion by overapproximating the ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
This paper describes a symbolic algorithm for overapproximating reachability in Boolean programs with unbounded thread creation. The fixpoint is detected by projecting the state of the threads to the globally visible parts, which are finite. Our algorithm models recursion by overapproximating the call stack that contains the return locations of recursive function calls, as reachability is undecidable in this case. The algorithm may obtain spurious counterexamples, which are removed iteratively by means of an abstraction refinement loop. Experiments show that the symbolic algorithm for unbounded thread creation scales to large abstract models.
Towards Modeling and Model Checking FaultTolerant Distributed Algorithms
"... Abstract. Faulttolerant distributed algorithms are central for building reliable, spatially distributed systems. In order to ensure that these algorithms actually make systems more reliable, we must ensure that these algorithms are actually correct. Unfortunately, model checking stateoftheart fau ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Faulttolerant distributed algorithms are central for building reliable, spatially distributed systems. In order to ensure that these algorithms actually make systems more reliable, we must ensure that these algorithms are actually correct. Unfortunately, model checking stateoftheart faulttolerant distributed algorithms (such as Paxos) is currently out of reach except for very small systems. In order to be eventually able to automatically verify such faulttolerant distributed algorithms also in larger systems, several problems have to be addressed. In this paper, we consider modeling and verification of faulttolerant algorithms that basically only contain threshold guards to control the flow of the algorithm. As threshold guards are widely used in faulttolerant distributed algorithms (and also in Paxos) efficient methods to handle them bring us closer to the above mentioned goal. As case study we use the reliable broadcasting algorithm by Srikanth and Toueg that tolerates even Byzantine faults. We show how one can model this basic faulttolerant distributed algorithm in Promela such that safety and liveness properties can be efficiently verified in Spin. We provide experimental data also for other distributed algorithms. 1
Cutoffs and Automata in Formal Verification of InfiniteState Systems
, 2006
"... In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference and journal papers joint into a unified framework and accompanied with a significantly extended overview of other existing approaches. The presented original results include cutoffs for verification of parameterised networks of processes with shared resources, the approach of abstract regular model checking combining regular model checking with the counterexampleguided abstraction refinement (CEGAR) loop, a proposal of using language inference for regular model checking, techniques for an application of regular model checking to verification of programs manipulating dynamic linked data structures, the approach of abstract regular tree model checking as well as a proposal of a novel class of tree automata with size constraints with applications in verification of programs manipulating balanced tree structures.
Shared Memory Concurrent System Verification using Kronecker Algebra
, 2011
"... The verification of multithreaded software is still a challenge. This comes mainly from the fact that the number of thread interleavings grows exponentially in the number of threads. The idea that thread interleavings can be studied with a matrix calculus is a novel approach in this research area. ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
The verification of multithreaded software is still a challenge. This comes mainly from the fact that the number of thread interleavings grows exponentially in the number of threads. The idea that thread interleavings can be studied with a matrix calculus is a novel approach in this research area. Our sparse matrix representations of the program are manipulated using a lazy implementation of Kronecker algebra. One goal is the generation of a data structure called Concurrent Program Graph (CPG) which describes all possible interleavings and incorporates synchronization while preserving completeness. We prove that CPGs in general can be represented by sparse adjacency matrices. Thus the number of entries in the matrices is linear in their number of lines. Hence efficient algorithms can be applied to CPGs. In addition, due to synchronization only very small parts of the resulting matrix are actually needed, whereas the rest is unreachable in terms of automata. Thanks to the lazy implementation of the matrix operations the unreachable parts are never calculated. This speeds up processing significantly and shows that this approach is very promising. Various applications including data flow analysis can be performed on CPGs. Furthermore, the structure of the matrices can be used to prove properties of the underlying program for an arbitrary number of threads. For example, deadlock freedom is proved for a large class of programs.