Results 11  20
of
32
Regular Model Checking
, 2000
"... We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving relation ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving relation on strings. Both sets of states and the transition relation are represented by regular sets. Major problems in the verification of parameterized and infinitestate systems are to compute the set of states that are reachable from some set of initial states, and to compute the transitive closure of the transition relation. We present an automatatheoretic construction for computing a nonfinite composition of regular relations, e.g., the transitive closure of a relation. The method is incomplete in general, but we give sufficient conditions under which it works. We show how to reduce model checking of ωregular properties of parameterized systems into a nonfinite composition of regular relations. We also report on an implementation of regular model checking, based on a new package for nondeterministic finite automata.
Inferring network invariants automatically
 In Proc. International Joint Conference on Automated Reasoning (IJCAR ’06), volume 4130 of LNAI
, 2006
"... Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reas ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reasoning about it, uniform verification with respect to the family P [1] ‖ · · · ‖ P [n] can be carried out. In this paper, we propose a procedure that searches systematically for a network invariant satisfying a given safety property. The search is based on algorithms for learning finite automata due to Angluin and Biermann. We optimize the search by combining both algorithms for improving successive possible invariants. We also show how to reduce the learning problem to SAT, allowing efficient SAT solvers to be used, which turns out to yield a very competitive learning algorithm. The overall search procedure finds a minimal such invariant, if it exists. 1
Liveness with incomprehensible ranking
 In Proc. 10 th Intl. Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04), LNCS
, 2004
"... Abstract. The methods of Invisible Invariants and Invisible Ranking were developed originally in order to verify temporal properties of parameterized systems in a fully automatic manner. These methods are based on an instantiateprojectandgeneralize heuristic for the automatic generation of auxilia ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
Abstract. The methods of Invisible Invariants and Invisible Ranking were developed originally in order to verify temporal properties of parameterized systems in a fully automatic manner. These methods are based on an instantiateprojectandgeneralize heuristic for the automatic generation of auxiliary constructs and a small model property implying that it is sufficient to check validity of a deductive rule premises using these constructs on small instantiations of the system. The previous version of the method of Invisible Ranking was restricted to cases where the helpful assertions and ranking functions for a process depended only on the local state of this process and not on any neighboring process, which seriously restricted the applicability of the method, and often required the introduction of auxiliary variables. In this paper we extend the method of Invisible Ranking to cases where the helpful assertions and ranking functions of a process may also refer to other processes. We first develop an enhanced version of the small model property, making it applicable to assertions that refer both to processes and their immediate neighbors. This enables us to apply the Invisible Ranking method to parameterized systems with ring topologies. For cases where the auxiliary assertions refer to all processes, we develop a novel proof rule which simplifies the selection of the next helpful transition, and enables the validation of the premises possible under the (old) small model theorem. 1
Fair Model Checking with Process Counter Abstraction
"... Abstract. Parameterized systems are characterized by the presence of a large (or even unbounded) number of behaviorally similar processes, and they often appear in distributed/concurrent systems. A common state space abstraction for checking parameterized systems involves not keeping track of proces ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Parameterized systems are characterized by the presence of a large (or even unbounded) number of behaviorally similar processes, and they often appear in distributed/concurrent systems. A common state space abstraction for checking parameterized systems involves not keeping track of process identifiers by grouping behaviorally similar processes. Such an abstraction, while useful, conflicts with the notion of fairness. Because process identifiers are lost in the abstraction, it is difficult to ensure fairness (in terms of progress in executions) among the processes. In this work, we study the problem of fair model checking with process counter abstraction. Even without maintaining the process identifiers, our onthefly checking algorithm enforces fairness by keeping track of the local states from where actions are enabled / executed within an execution trace. We enhance our homegrown PAT model checker with the technique and show its usability via the automated verification of several reallife protocols. 1
Deductive verification of parameterized faulttolerant systems: A case study
, 1997
"... . We present a methodology and a formal toolset for verifying faulttolerant systems, based upon the temporal verification system STeP. Our test case is the modeling and verification of a parameterized faulttolerant leaderelection algorithm recently proposed in [9]. Our methods settle the general ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
. We present a methodology and a formal toolset for verifying faulttolerant systems, based upon the temporal verification system STeP. Our test case is the modeling and verification of a parameterized faulttolerant leaderelection algorithm recently proposed in [9]. Our methods settle the general Nprocess correctness for the algorithm, which had been previously verified only for N = 3. We formulate the notion of Uniform Compassion to model progress in faulty systems more faithfully, and combine it with the more standard notions of fairness. We also show how the correctness proofs generalize to different channel models by a reduction to a simple channel model. 1 Introduction The analysis of distributed algorithms can be rather complex when a large and intertwined set of interactions is considered. If the algorithms have only a finite set of states this analysis can be carried out automatically using model checking tools [ 16 ] . This yields a practical way to debug parameterized sy...
On Verifying Fault Tolerance of Distributed Protocols
"... Abstract. Distributed systems are composed of processes connected in some network. Distributed systems may suffer from faults: processes may stop, may be interrupted, and may be maliciously attacked. Faulttolerant protocols are designed to be resistant to faults. Proving the resistance of protocols ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. Distributed systems are composed of processes connected in some network. Distributed systems may suffer from faults: processes may stop, may be interrupted, and may be maliciously attacked. Faulttolerant protocols are designed to be resistant to faults. Proving the resistance of protocols to faults is a very challenging problem, as it combines the parameterized setting that distributed systems are basedon, with the need to consider a hostile environment that produces the faults. Considering all the possible fault scenarios for a protocol is very difficult. Thus, reasoning about faulttolerance protocols utterly needs formal methods. In this paper we describe a framework for verifying the fault tolerance of (synchronous or asynchronous) distributed protocols. In addition to the description of the protocol and the desired behavior, the user provides the fault type (e.g., failstop, Byzantine,...) and its distribution (e.g., a strict minority of the processes are faulty,...). Our framework is based on augmenting the description of the configurations of the system by a mask describing which processes are faulty. We focus on regular model checking and show how it is possible to compile the input for the modelchecking problem to one that takes the faults and their distribution into an account, and perform regular modelchecking on the compiled input. We demonstrate the effectiveness of our framework and argue for its generality. 1
Invariant Generation for Parametrized Systems using SelfReflection
 SAS 2012
, 2012
"... We examine the problem of inferring invariants for parametrized systems. Parametrized systems are concurrent systems consisting of an a priori unbounded number of process instances running the same program. Such systems are commonly encountered in many situations including device drivers, distribu ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We examine the problem of inferring invariants for parametrized systems. Parametrized systems are concurrent systems consisting of an a priori unbounded number of process instances running the same program. Such systems are commonly encountered in many situations including device drivers, distributed systems, and robotic swarms. In this paper we describe a technique that enables leveraging offtheshelf invariant generators designed for sequential programs to infer invariants of parametrized systems. The central challenge in invariant inference for parametrized systems is that naïvely exploding the transition system with all interleavings is not just impractical but impossible. In our approach, the key enabler is the notion of a reflective abstraction that we prove has an important correspondence with inductive invariants. This correspondence naturally gives rise to an iterative invariant generation procedure that alternates between computing candidate invariants and creating reflective abstractions.
Verification of safety properties for parameterized regular systems
, 2005
"... We propose a combination of heuristic methods to prove properties of control signals for regular systems defined by means of affine recurrence equations (AREs). We benefit from the intrinsic regularity of the underlying polyhedral model to handle parameterized systems in a symbolic way. Our techniqu ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We propose a combination of heuristic methods to prove properties of control signals for regular systems defined by means of affine recurrence equations (AREs). We benefit from the intrinsic regularity of the underlying polyhedral model to handle parameterized systems in a symbolic way. Our techniques apply to safety properties. The general proof process consists in an iteration that alternates two heuristics. We are able to identify the cases when this iteration will stop in a finite number of steps. These techniques have been implemented in a high level synthesis environment based on the polyhedral model.
Cutoffs and Automata in Formal Verification of InfiniteState Systems
, 2006
"... In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this habilitation thesis, we discuss two complementary approaches to formal verification of infinitestate systems—namely, the use cutoffs and automatabased symbolic model checking (especially the socalled regular model checking). The thesis is based on extended versions of multiple conference and journal papers joint into a unified framework and accompanied with a significantly extended overview of other existing approaches. The presented original results include cutoffs for verification of parameterised networks of processes with shared resources, the approach of abstract regular model checking combining regular model checking with the counterexampleguided abstraction refinement (CEGAR) loop, a proposal of using language inference for regular model checking, techniques for an application of regular model checking to verification of programs manipulating dynamic linked data structures, the approach of abstract regular tree model checking as well as a proposal of a novel class of tree automata with size constraints with applications in verification of programs manipulating balanced tree structures.
Proofs That Count
"... Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While co ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Counting arguments are among the most basic proof methods in mathematics. Within the field of formal verification, they are useful for reasoning about programs with infinite control, such as programs with an unbounded number of threads, or (concurrent) programs with recursive procedures. While counting arguments are common in informal, handwritten proofs of such programs, there are no fully automated techniques to construct counting arguments. The key questions involved in automating counting arguments are: how to decide what should be counted?, and how to decide when a counting argument is valid? In this paper, we present a technique for automatically constructing and checking counting arguments, which includes novel solutions to these questions.