41 research outputs found
Enhancing Approximations for Regular Reachability Analysis
This paper introduces two mechanisms for computing over-approximations of
sets of reachable states, with the aim of ensuring termination of state-space
exploration. The first mechanism consists in over-approximating the automata
representing reachable sets by merging some of their states with respect to
simple syntactic criteria, or a combination of such criteria. The second
approximation mechanism consists in manipulating an auxiliary automaton when
applying a transducer representing the transition relation to an automaton
encoding the initial states. In addition, for the second mechanism we propose a
new approach to refine the approximations depending on a property of interest.
The proposals are evaluated on examples of mutual exclusion protocols
Attenuation Regulation as a Term Rewriting System
The classical attenuation regulation of gene expression in bacteria is
considered. We propose to represent the secondary RNA structure in the leader
region of a gene or an operon by a term, and we give a probabilistic term
rewriting system modeling the whole process of such a regulation.Comment: to appea
On computing fixpoints in well-structured regular model checking, with applications to lossy channel systems
We prove a general finite convergence theorem for "upward-guarded" fixpoint
expressions over a well-quasi-ordered set. This has immediate applications in
regular model checking of well-structured systems, where a main issue is the
eventual convergence of fixpoint computations. In particular, we are able to
directly obtain several new decidability results on lossy channel systems.Comment: 16 page
Abstract Regular Tree Model Checking
International audienceRegular (tree) model checking (RMC) is a promising generic method for formal verification of infinite-state systems. It encodes configurations of systems as words or trees over a suitable alphabet, possibly infinite sets of configurations as finite word or tree automata, and operations of the systems being examined as finite word or tree transducers. The reachability set is then computed by a repeated application of the transducers on the automata representing the currently known set of reachable configurations. In order to facilitate termination of RMC, various acceleration schemas have been proposed. One of them is a combination of RMC with the abstract-check-refine paradigm yielding the so-called abstract regular model checking (ARMC). ARMC has originally been proposed for word automata and transducers only and thus for dealing with systems with linear (or easily linearisable) structure. In this paper, we propose a generalisation of ARMC to the case of dealing with trees which arise naturally in a lot of modelling and verification contexts. In particular, we first propose abstractions of tree automata based on collapsing their states having an equal language of trees up to some bounded height. Then, we propose an abstraction based on collapsing states having a non-empty intersection (and thus "satisfying") the same bottom-up tree "predicate" languages. Finally, we show on several examples that the methods we propose give us very encouraging verification results
Using Flow Specifications of Parameterized Cache Coherence Protocols for Verifying Deadlock Freedom
We consider the problem of verifying deadlock freedom for symmetric cache
coherence protocols. In particular, we focus on a specific form of deadlock
which is useful for the cache coherence protocol domain and consistent with the
internal definition of deadlock in the Murphi model checker: we refer to this
deadlock as a system- wide deadlock (s-deadlock). In s-deadlock, the entire
system gets blocked and is unable to make any transition. Cache coherence
protocols consist of N symmetric cache agents, where N is an unbounded
parameter; thus the verification of s-deadlock freedom is naturally a
parameterized verification problem. Parametrized verification techniques work
by using sound abstractions to reduce the unbounded model to a bounded model.
Efficient abstractions which work well for industrial scale protocols typically
bound the model by replacing the state of most of the agents by an abstract
environment, while keeping just one or two agents as is. However, leveraging
such efficient abstractions becomes a challenge for s-deadlock: a violation of
s-deadlock is a state in which the transitions of all of the unbounded number
of agents cannot occur and so a simple abstraction like the one above will not
preserve this violation. In this work we address this challenge by presenting a
technique which leverages high-level information about the protocols, in the
form of message sequence dia- grams referred to as flows, for constructing
invariants that are collectively stronger than s-deadlock. Efficient
abstractions can be constructed to verify these invariants. We successfully
verify the German and Flash protocols using our technique
Learning to Prove Safety over Parameterised Concurrent Systems (Full Version)
We revisit the classic problem of proving safety over parameterised
concurrent systems, i.e., an infinite family of finite-state concurrent systems
that are represented by some finite (symbolic) means. An example of such an
infinite family is a dining philosopher protocol with any number n of processes
(n being the parameter that defines the infinite family). Regular model
checking is a well-known generic framework for modelling parameterised
concurrent systems, where an infinite set of configurations (resp. transitions)
is represented by a regular set (resp. regular transducer). Although verifying
safety properties in the regular model checking framework is undecidable in
general, many sophisticated semi-algorithms have been developed in the past
fifteen years that can successfully prove safety in many practical instances.
In this paper, we propose a simple solution to synthesise regular inductive
invariants that makes use of Angluin's classic L* algorithm (and its variants).
We provide a termination guarantee when the set of configurations reachable
from a given set of initial configurations is regular. We have tested L*
algorithm on standard (as well as new) examples in regular model checking
including the dining philosopher protocol, the dining cryptographer protocol,
and several mutual exclusion protocols (e.g. Bakery, Burns, Szymanski, and
German). Our experiments show that, despite the simplicity of our solution, it
can perform at least as well as existing semi-algorithms.Comment: Full version of FMCAD'17 pape
Omega-Regular Model Checking
peer reviewed"Regular model checking" is the name of a family of techniques for analyzing infinite-state systems in which states are represented by words or trees, sets of states by finite automata on these objects, and transitions by finite automata operating on pairs of state encodings, i.e. finite-state transducers. In this context, the central problem is then to compute the iterative closure of a finite-state transducer. This paper addresses the use of regular model-checking like techniques for systems whose states are represented by infinite (omega) words. Its main motivation is to show the feasibility and usefulness of this approach through a combination of the necessary theoretical developments, implementation, and experimentation. The iteration technique that is used is adapted from recent work of the authors on the iteration of finite-word transducers. It proceeds by comparing successive elements of a sequence of approximations of the iteration, detecting an "increment" that is added to move from one approximation to the next, and extrapolating the sequence by allowing arbitrary repetitions of this increment. By restricting oneself to weak deterministic Buchi automata, and using a number of implementation optimizations, examples of significant size can be handled. The proposed transducer iteration technique can just as well be exploited to compute the closure of a given set of states by the transducer iteration, which has proven to be a very effective way of using the technique. Examples such as a leaking gas burner in which time is modeled by real variables have been handled completely within the automata-theoretic setting