Results 1  10
of
26
Automatic Verification of Parameterized Cache Coherence Protocols
, 2000
"... We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets ..."
Abstract

Cited by 89 (6 self)
 Add to MetaCart
We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets of global states of a multiprocessor system with many identical caches. In preliminary experiments using symbolic model checkers for infinitestate systems based on real arithmetics (HyTech [HHW97] and DMC [DP99]) we have automatically verified safety properties for parameterized versions of widely implemented writeinvalidate and writeupdate cache coherence policies like the Mesi, Berkeley, Illinois, Firey and Dragon protocols [Han93]. With this application, we show that symbolic model checking tools originally designed for hybrid and concurrent systems can be applied successfully to a new class of infinitestate systems of practical interest.
Verifying Safety Properties of Concurrent Java Programs Using 3Valued Logic
 In Proc. of 27th POPL
, 2001
"... We provide a parametric framework for verifying safety properties of concurrent Java programs. The framework combines threadscheduling information with information about the shape of the heap. This leads to errordetection algorithms that are more precise than existing techniques. The framework als ..."
Abstract

Cited by 83 (6 self)
 Add to MetaCart
We provide a parametric framework for verifying safety properties of concurrent Java programs. The framework combines threadscheduling information with information about the shape of the heap. This leads to errordetection algorithms that are more precise than existing techniques. The framework also provides the most precise shapeanalysis algorithm for concurrent programs. In contrast to existing verification techniques, we do not put a bound on the number of allocated objects. The framework even produces interesting results when analyzing Java programs with an unbounded number of threads. The framework is applied to successfully verify the following properties of a concurrent program:
Compositional Analysis for Verification of Parameterized Systems
 Theoretical Computer Science
, 2003
"... Many safetycritical systems that have been considered by the verification community are parameterized by the number of concurrent components in the system, and hence describe an infinite family of systems. Traditional model checking techniques can only be used to verify specific instances of this f ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
(Show Context)
Many safetycritical systems that have been considered by the verification community are parameterized by the number of concurrent components in the system, and hence describe an infinite family of systems. Traditional model checking techniques can only be used to verify specific instances of this family. In this paper, we present a technique based on compositional model checking and program analysis for automatic verification of infinite families of systems. The technique views a parameterized system as an expression in a process algebra (CCS) and interprets this expression over a domain of formulas (modal mucalculus), considering a process as a property transformer. The transformers are constructed using partial model checking techniques. At its core, our technique solves the verification problem by finding the limit of a chain of formulas. We present a widening operation to find such a limit for properties expressible in a subset of modal mucalculus. We describe the verification of a number of parameterized systems using our technique to demonstrate its utility.
A generic framework for reasoning about dynamic networks of infinitestate processes
 In TACAS’07, volume 4424 of Lecture Notes in Computer Science
, 2007
"... Abstract. We propose a framework for reasoning about unbounded dynamic networks of infinitestate processes. We propose Constrained Petri Nets (CPN) as generic models for these networks. They can be seen as Petri nets where tokens (representing occurrences of processes) are colored by values over so ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Abstract. We propose a framework for reasoning about unbounded dynamic networks of infinitestate processes. We propose Constrained Petri Nets (CPN) as generic models for these networks. They can be seen as Petri nets where tokens (representing occurrences of processes) are colored by values over some potentially infinite data domain such as integers, reals, etc. Furthermore, we define a logic, called CML (colored markings logic), for the description of CPN configurations. CML is a firstorder logic over tokens allowing to reason about their locations and their colors. Both CPNs and CML are parametrized by a color logic allowing to express constraints on the colors (data) associated with tokens. We investigate the decidability of the satisfiability problem of CML and its applications in the verification of CPNs. We identify a fragment of CML for which the satisfiability problem is decidable (whenever it is the case for the underlying color logic), and which is closed under the computations of post and pre images for CPNs. These results can be used for several kinds of analysis such as invariance checking, prepost condition reasoning, and bounded reachability analysis. 1.
Automated Inductive Verification of Parameterized Protocols
 In CAV 2001
, 2001
"... A parameterized concurrent system represents an infinite family (of finite state systems) parameterized by a recursively... ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
A parameterized concurrent system represents an infinite family (of finite state systems) parameterized by a recursively...
Symbolic Reachability Analysis for Parameterized Administrative Role Based Access Control
, 2009
"... Role based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role based access control (ARBAC) policy specifies how each administrator may change the RBAC policy. It is often difficult to f ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Role based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role based access control (ARBAC) policy specifies how each administrator may change the RBAC policy. It is often difficult to fully understand the effect of an ARBAC policy by simple inspection, because sequences of changes by different administrators may interact in unexpected ways. ARBAC policy analysis algorithms can help by answering questions, such as userrole reachability, which asks whether a given user can be assigned to given roles by given administrators. Allowing roles and permissions to have parameters significantly enhances the scalability, flexibility, and expressiveness of ARBAC policies. This paper defines PARBAC, which extends the classic ARBAC97 model to support parameters, and presents an analysis algorithm for PARBAC. To the best of our knowledge, this is the first analysis algorithm specifically for parameterized ARBAC policies. We evaluate its efficiency by analyzing its parameterized complexity and benchmarking it on case studies and synthetic policies.
Verification of Consistency Protocols via Infinitestate Symbolic Model Checking  A Case Study
"... We apply infinitestate model checking to verify safety properties of a parameterized formulation of the IEEE Futurebus+ coherence protocol modeled at the behavior level in a system with split transaction. This casestudy shows that verification techniques previously applied to hybrid and realtime ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
We apply infinitestate model checking to verify safety properties of a parameterized formulation of the IEEE Futurebus+ coherence protocol modeled at the behavior level in a system with split transaction. This casestudy shows that verification techniques previously applied to hybrid and realtime systems can be used as tools for validating parameterized protocols. This technology transfer is achieved by combining abstraction techniques, symbolic representation via constraints, efficient operations based on real arithmetics, and reachability algorithms. To our knowledge this is the first time that safety properties for a parameterized version of the Futurebus+ protocol have been automatically verified.
Verifying Safety of a Token Coherence Implementation by Parametric Compositional Refinement
 In Proceedings of VMCAI
, 2005
"... ..."
(Show Context)
LTL Model Checking for Systems with Unbounded Number of Dynamically Created Threads and Objects
, 2001
"... . One of the stumbling blocks to applying model checking to a concurrent language such as Java is that a program's data structures (as well as the number of threads) can grow and shrink dynamically, with no fixed upper bound on their size or number. This paper presents a method for verifying LT ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
(Show Context)
. One of the stumbling blocks to applying model checking to a concurrent language such as Java is that a program's data structures (as well as the number of threads) can grow and shrink dynamically, with no fixed upper bound on their size or number. This paper presents a method for verifying LTL properties of programs written in such a language. It uses a powerful abstraction mechanism based on 3valued logic, and handles dynamic allocation of objects (including thread objects) and references to objects. This allows us to verify many programs that dynamically allocate thread objects, and even programs that create an unbounded number of threads. 1
Behavioural models for group communications
 In in proceedings of the International Workshop on Component and Service Interoperability, WICS’10, Malaga
, 2010
"... Group communication is becoming a more and more popular infrastructure for efficient distributed applications. It consists in representing locally a group of remote objects as a single object accessed in a single step; communications are then broadcasted to all members. This paper provides models fo ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Group communication is becoming a more and more popular infrastructure for efficient distributed applications. It consists in representing locally a group of remote objects as a single object accessed in a single step; communications are then broadcasted to all members. This paper provides models for automatic verification of groupbased applications, typically for detecting deadlocks or checking message ordering. We show how to encode group communication, together with different forms of synchronisation for group results. The proposed models are parametric such that, for example, different group sizes or group members could be experimented with the minimum modification of the original model. 1