575,898 research outputs found
Towards model checking electrum specifications with LTSmin
Dissertação de mestrado integrado em Engenharia InformáticaModel checking é uma técnica comum de verificação; garante a consistência e integridade de
qualquer sistema fazendo uma exploração exaustiva de todos os possíveis estados. Devido à
grande quantidade de intercalações possíveis entre eventos, modelos de sistemas distribuídos
muitas vezes acabam por gerar um número de estados muito grande. Nesta dissertação
vamos explorar os efeitos de partial order reduction — uma técnica para mitigar os efeitos
da explosão de estados — implementando uma linguagem semelhante ao Electrum com
LTSmin. Vamos também propor um event layer por cima do Electrum e uma análise sintática
para extrair informação necessária para que esta técnica possa ser implementada.Model checking is a common verification technique to guarantee the consistency and integrity
of any system by an exhaustive exploration of all possible states. Due to the large amount of
interleavings, models on distributed systems often end up with a huge state-space. In this
dissertation we will explore the effects of partial order reduction — a technique to mitigate
the effects of this state-explosion problem — by implementing an electrum-like language
with LTSmin. We will also propose an event layer over Electrum and a syntactic analysis to
extract valuable information for this technique to be implemented.This work is financed by the ERDF – European Regional Development Fund through
the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020
Programme and by National Funds through the Portuguese funding agency, FCT - Fundação
para a Ciência e a Tecnologia, within project POCI-01-0145-FEDER-01682
Flux Analysis in Process Models via Causality
We present an approach for flux analysis in process algebra models of
biological systems. We perceive flux as the flow of resources in stochastic
simulations. We resort to an established correspondence between event
structures, a broadly recognised model of concurrency, and state transitions of
process models, seen as Petri nets. We show that we can this way extract the
causal resource dependencies in simulations between individual state
transitions as partial orders of events. We propose transformations on the
partial orders that provide means for further analysis, and introduce a
software tool, which implements these ideas. By means of an example of a
published model of the Rho GTP-binding proteins, we argue that this approach
can provide the substitute for flux analysis techniques on ordinary
differential equation models within the stochastic setting of process algebras
Symbolic Partial-Order Execution for Testing Multi-Threaded Programs
We describe a technique for systematic testing of multi-threaded programs. We
combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique
that tackles path explosion due to interleaving non-determinism, with symbolic
execution to handle data non-determinism. Our technique iteratively and
exhaustively finds all executions of the program. It represents program
executions using partial orders and finds the next execution using an
underlying unfolding semantics. We avoid the exploration of redundant program
traces using cutoff events. We implemented our technique as an extension of
KLEE and evaluated it on a set of large multi-threaded C programs. Our
experiments found several previously undiscovered bugs and undefined behaviors
in memcached and GNU sort, showing that the new method is capable of finding
bugs in industrial-size benchmarks.Comment: Extended version of a paper presented at CAV'2
Symbolic Reachability Analysis of B through ProB and LTSmin
We present a symbolic reachability analysis approach for B that can provide a
significant speedup over traditional explicit state model checking. The
symbolic analysis is implemented by linking ProB to LTSmin, a high-performance
language independent model checker. The link is achieved via LTSmin's PINS
interface, allowing ProB to benefit from LTSmin's analysis algorithms, while
only writing a few hundred lines of glue-code, along with a bridge between ProB
and C using ZeroMQ. ProB supports model checking of several formal
specification languages such as B, Event-B, Z and TLA. Our experiments are
based on a wide variety of B-Method and Event-B models to demonstrate the
efficiency of the new link. Among the tested categories are state space
generation and deadlock detection; but action detection and invariant checking
are also feasible in principle. In many cases we observe speedups of several
orders of magnitude. We also compare the results with other approaches for
improving model checking, such as partial order reduction or symmetry
reduction. We thus provide a new scalable, symbolic analysis algorithm for the
B-Method and Event-B, along with a platform to integrate other model checking
improvements via LTSmin in the future
Efficient Monitoring of Parametric Context Free Patterns
Recent developments in runtime verification and monitoring show that parametric regular and temporal logic specifications can be efficiently monitored against large programs. However, these logics reduce to ordinary finite automata, limiting their expressivity. For example, neither can specify structured properties that refer to the call stack of the program. While context-free grammars (CFGs) are expressive and well-understood, existing techniques of monitoring CFGs generate massive runtime overhead in real-life applications. This paper shows for the first time that monitoring parametric CFGs is practical (on the order of 10% or lower for average cases, several times faster than the state-of-the-art). We present a monitor synthesis algorithm for CFGs based on an LR(1) parsing algorithm, modified with stack cloning to account for good prefix matching. In addition, a logic-independent mechanism is introduced to support partial matching, allowing patterns to be checked against fragments of execution traces
Abstract Interpretation with Unfoldings
We present and evaluate a technique for computing path-sensitive interference
conditions during abstract interpretation of concurrent programs. In lieu of
fixed point computation, we use prime event structures to compactly represent
causal dependence and interference between sequences of transformers. Our main
contribution is an unfolding algorithm that uses a new notion of independence
to avoid redundant transformer application, thread-local fixed points to reduce
the size of the unfolding, and a novel cutoff criterion based on subsumption to
guarantee termination of the analysis. Our experiments show that the abstract
unfolding produces an order of magnitude fewer false alarms than a mature
abstract interpreter, while being several orders of magnitude faster than
solver-based tools that have the same precision.Comment: Extended version of the paper (with the same title and authors) to
appear at CAV 201
- …