Verification of programs with half-duplex communication

AbstractWe consider the analysis of infinite half-duplex systems made of finite state machines that communicate over unbounded channels. The half-duplex property for two machines and two channels (one in each direction) says that each reachable configuration has at most one channel non-empty. We prove in this paper that such half-duplex systems have a recognizable reachability set. We show how to compute, in polynomial time, a symbolic representation of this reachability set and how to use that description to solve several verification problems. Furthermore, though the model of communicating finite state machines is Turing-powerful, we prove that membership of the class of half-duplex systems is decidable. Unfortunately, the natural generalization to systems with more than two machines is Turing-powerful. We also prove that the model-checking of those systems against PLTL (Propositional Linear Temporal Logic) or CTL (Computational Tree Logic) is undecidable. Finally, we show how to apply the previous decidability results to the Regular Model Checking. We propose a new symbolic reachability semi-algorithm with accelerations which successfully terminates on half-duplex systems of two machines and some interesting non-half-duplex systems

Reachability Analysis of Communicating Pushdown Systems

The reachability analysis of recursive programs that communicate asynchronously over reliable FIFO channels calls for restrictions to ensure decidability. Our first result characterizes communication topologies with a decidable reachability problem restricted to eager runs (i.e., runs where messages are either received immediately after being sent, or never received). The problem is EXPTIME-complete in the decidable case. The second result is a doubly exponential time algorithm for bounded context analysis in this setting, together with a matching lower bound. Both results extend and improve previous work from La Torre et al

Parameterized Verification of Safety Properties in Ad Hoc Network Protocols

We summarize the main results proved in recent work on the parameterized verification of safety properties for ad hoc network protocols. We consider a model in which the communication topology of a network is represented as a graph. Nodes represent states of individual processes. Adjacent nodes represent single-hop neighbors. Processes are finite state automata that communicate via selective broadcast messages. Reception of a broadcast is restricted to single-hop neighbors. For this model we consider a decision problem that can be expressed as the verification of the existence of an initial topology in which the execution of the protocol can lead to a configuration with at least one node in a certain state. The decision problem is parametric both on the size and on the form of the communication topology of the initial configurations. We draw a complete picture of the decidability and complexity boundaries of this problem according to various assumptions on the possible topologies.Comment: In Proceedings PACO 2011, arXiv:1108.145

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

Collective Phenomena and Non-Finite State Computation in a Human Social System

We investigate the computational structure of a paradigmatic example of distributed social interaction: that of the open-source Wikipedia community. We examine the statistical properties of its cooperative behavior, and perform model selection to determine whether this aspect of the system can be described by a finite-state process, or whether reference to an effectively unbounded resource allows for a more parsimonious description. We find strong evidence, in a majority of the most-edited pages, in favor of a collective-state model, where the probability of a "revert" action declines as the square root of the number of non-revert actions seen since the last revert. We provide evidence that the emergence of this social counter is driven by collective interaction effects, rather than properties of individual users.Comment: 23 pages, 4 figures, 3 tables; to appear in PLoS ON

TRACTABLE DATA-FLOW ANALYSIS FOR DISTRIBUTED SYSTEMS

Automated behavior analysis is a valuable technique in the development and maintainence of distributed systems. In this paper, we present a tractable dataflow analysis technique for the detection of unreachable states and actions in distributed systems. The technique follows an approximate approach described by Reif and Smolka, but delivers a more accurate result in assessing unreachable states and actions. The higher accuracy is achieved by the use of two concepts: action dependency and history sets. Although the technique, does not exhaustively detect all possible errors, it detects nontrivial errors with a worst-case complexity quadratic to the system size. It can be automated and applied to systems with arbitrary loops and nondeterministic structures. The technique thus provides practical and tractable behavior analysis for preliminary designs of distributed systems. This makes it an ideal candidate for an interactive checker in software development tools. The technique is illustrated with case studies of a pump control system and an erroneous distributed program. Results from a prototype implementation are presented

Distribution of Behaviour into Parallel Communicating Subsystems

The process of decomposing a complex system into simpler subsystems has been of interest to computer scientists over many decades, for instance, for the field of distributed computing. In this paper, motivated by the desire to distribute the process of active automata learning onto multiple subsystems, we study the equivalence between a system and the total behaviour of its decomposition which comprises subsystems with communication between them. We show synchronously- and asynchronously-communicating decompositions that maintain branching bisimilarity, and we prove that there is no decomposition operator that maintains divergence-preserving branching bisimilarity over all LTSs.Comment: In Proceedings EXPRESS/SOS 2019, arXiv:1908.0821