Verification of Well-Structured Graph Transformation Systems

The aim of this thesis is the definition of a high-level framework for verifying concurrent and distributed systems. Verification in computer science is challenging, since models that are sufficiently expressive to describe real-life case studies suffer from the undecidability of interesting problems. This also holds for the graph transformation systems used in this thesis. To still be able to analyse these system we have to restrict either the class of systems we can model, the class of states we can express or the properties we can verify. In fact, in the framework we will present, all these limitations are possible and each allows to solve different verification problems. For modelling we use graphs as the states of the system and graph transformation rules to model state changes. More precisely, we use hypergraphs, where an edge may be incident to an arbitrary long sequence of nodes. As rule formalism we use the single pushout approach based on category theory. This provides us with a powerful formalisms that allows us to use a finite set of rules to describe an infinite transition system. To obtain decidability results while still maintaining an infinite state space we use the theory of well-structured transition systems (WSTS), the main source of decidability results in the infinite case. We need to equip our state space with a well-quasi-order (wqo) which is a simulation relation for the transition relation (this is also known as compatibility condition or monotonicity requirement). If a system can be seen as a WSTS and some additional conditions are satisfied, one can decide the coverability problem, i.e., the problem of verifying whether, from a given initial state one can reach a state that covers a final state, i.e. is larger than the final state with respect to a chosen order. This problem can be used for verification by giving a finite set of minimal error states that represent an infinite class of erroneous states (i.e. all larger states). By checking whether one of these minimal states is coverable, we verify whether an error is reachable. The theory of WSTS provides us with a generic backwards algorithm to solve this problem. For graphs we will introduce three orders, the minor ordering, the subgraph ordering and the induced subgraph ordering, and investigate which graph transformation systems form WSTS with these orders. Since only the minor ordering is a wqo on all graphs, we will first define so-called Q-restricted WSTS, where we only require that the chosen order is a wqo on the downward-closed class Q. We examine how this affects the decidability of the coverability problem and present appropriate classes Q such that the subgraph ordering and induced subgraph ordering form Q-restricted WSTS. Furthermore, we will prove the computability of the backward algorithm for these Q-restricted WSTS. More precisely, we will do this in the form of a framework and give necessary conditions for orders to be compatible with this framework. For the three mentioned orders we prove that they satisfy these conditions. Being compatible with different orders strengthens the framework in the following way: On the one hand error specifications have to be invariant wrt. the order, meaning that different orders can describe different properties. On the other hand, there is the following trade-off: coarser orders are wqos on larger sets of graphs, but fewer GTS are well-structured wrt. coarse orders (analogously the reverse holds for fine orders). Finally, we will present the tool Uncover which implements most of the theoretical framework defined in this thesis. The practical value of our approach is illustrated by several case studies and runtime results

Ten virtues of structured graphs

This paper extends the invited talk by the first author about the virtues of structured graphs. The motivation behind the talk and this paper relies on our experience on the development of ADR, a formal approach for the design of styleconformant, reconfigurable software systems. ADR is based on hierarchical graphs with interfaces and it has been conceived in the attempt of reconciling software architectures and process calculi by means of graphical methods. We have tried to write an ADR agnostic paper where we raise some drawbacks of flat, unstructured graphs for the design and analysis of software systems and we argue that hierarchical, structured graphs can alleviate such drawbacks

Parameterized Verification of Graph Transformation Systems with Whole Neighbourhood Operations

We introduce a new class of graph transformation systems in which rewrite rules can be guarded by universally quantified conditions on the neighbourhood of nodes. These conditions are defined via special graph patterns which may be transformed by the rule as well. For the new class for graph rewrite rules, we provide a symbolic procedure working on minimal representations of upward closed sets of configurations. We prove correctness and effectiveness of the procedure by a categorical presentation of rewrite rules as well as the involved order, and using results for well-structured transition systems. We apply the resulting procedure to the analysis of the Distributed Dining Philosophers protocol on an arbitrary network structure.Comment: Extended version of a submittion accepted at RP'14 Worksho

Modelling and Analysis Using GROOVE

In this paper we present case studies that describe how the graph transformation tool GROOVE has been used to model problems from a wide variety of domains. These case studies highlight the wide applicability of GROOVE in particular, and of graph transformation in general. They also give concrete templates for using GROOVE in practice. Furthermore, we use the case studies to analyse the main strong and weak points of GROOVE

A General Framework for Well-Structured Graph Transformation Systems

Graph transformation systems (GTSs) can be seen as wellstructured transition systems (WSTSs), thus obtaining decidability results for certain classes of GTSs. In earlier work it was shown that wellstructuredness can be obtained using the minor ordering as a well-quasiorder. In this paper we extend this idea to obtain a general framework in which several types of GTSs can be seen as (restricted) WSTSs. We instantiate this framework with the subgraph ordering and the induced subgraph ordering and apply it to analyse a simple access rights management system.Comment: Extended version (including proofs) of a paper accepted at CONCUR 201

A formal support to business and architectural design for service-oriented systems

Architectural Design Rewriting (ADR) is an approach for the design of software architectures developed within Sensoria by reconciling graph transformation and process calculi techniques. The key feature that makes ADR a suitable and expressive framework is the algebraic handling of structured graphs, which improves the support for specification, analysis and verification of service-oriented architectures and applications. We show how ADR is used as a formal ground for high-level modelling languages and approaches developed within Sensoria

Towards the specification and verification of modal properties for structured systems

System specification formalisms should come with suitable property specification languages and effective verification tools. We sketch a framework for the verification of quantified temporal properties of systems with dynamically evolving structure. We consider visual specification formalisms like graph transformation systems (GTS) where program states are modelled as graphs, and the program behavior is specified by graph transformation rules. The state space of a GTS can be represented as a graph transition system (GTrS), i.e. a transition system with states and transitions labelled, respectively, with a graph, and with a partial morphism representing the evolution of state components. Unfortunately, GTrSs are prohibitively large or infinite even for simple systems, making verification intractable and hence calling for appropriate abstraction techniques

Requirements modelling and formal analysis using graph operations

The increasing complexity of enterprise systems requires a more advanced analysis of the representation of services expected than is currently possible. Consequently, the specification stage, which could be facilitated by formal verification, becomes very important to the system life-cycle. This paper presents a formal modelling approach, which may be used in order to better represent the reality of the system and to verify the awaited or existing system’s properties, taking into account the environmental characteristics. For that, we firstly propose a formalization process based upon properties specification, and secondly we use Conceptual Graphs operations to develop reasoning mechanisms of verifying requirements statements. The graphic visualization of these reasoning enables us to correctly capture the system specifications by making it easier to determine if desired properties hold. It is applied to the field of Enterprise modelling