102 research outputs found
Parallelizing Deadlock Resolution in Symbolic Synthesis of Distributed Programs
Previous work has shown that there are two major complexity barriers in the
synthesis of fault-tolerant distributed programs: (1) generation of fault-span,
the set of states reachable in the presence of faults, and (2) resolving
deadlock states, from where the program has no outgoing transitions. Of these,
the former closely resembles with model checking and, hence, techniques for
efficient verification are directly applicable to it. Hence, we focus on
expediting the latter with the use of multi-core technology.
We present two approaches for parallelization by considering different design
choices. The first approach is based on the computation of equivalence classes
of program transitions (called group computation) that are needed due to the
issue of distribution (i.e., inability of processes to atomically read and
write all program variables). We show that in most cases the speedup of this
approach is close to the ideal speedup and in some cases it is superlinear. The
second approach uses traditional technique of partitioning deadlock states
among multiple threads. However, our experiments show that the speedup for this
approach is small. Consequently, our analysis demonstrates that a simple
approach of parallelizing the group computation is likely to be the effective
method for using multi-core computing in the context of deadlock resolution
Variability Abstraction and Refinement for Game-Based Lifted Model Checking of Full CTL
One of the most promising approaches to fighting the configuration space explosion problem in lifted model checking are variability abstractions. In this work, we define a novel game-based approach for variability-specific abstraction and refinement for lifted model checking of the full CTL, interpreted over 3-valued semantics. We propose a direct algorithm for solving a 3-valued (abstract) lifted model checking game. In case the result of model checking an abstract variability model is indefinite, we suggest a new notion of refinement, which eliminates indefinite results. This provides an iterative incremental variability-specific abstraction and refinement framework, where refinement is applied only where indefinite results exist and definite results from previous iterations are reused. The practicality of this approach is demonstrated on several variability models
A Logical Verification Methodology for Service-Oriented Computing
We introduce a logical verification methodology for checking behavioural properties of service-oriented computing systems. Service properties are described by means of SocL, a branching-time temporal logic that we have specifically designed to express in an effective way distinctive aspects of services, such as, e.g., acceptance of a request, provision of a response, and correlation among service requests and responses. Our approach allows service properties to be expressed in such a way that
they can be independent of service domains and specifications. We show an instantiation of our general methodology that uses the formal language COWS to conveniently specify services and the expressly developed software tool CMC to assist the user in the task of verifying SocL formulae over service specifications. We demonstrate feasibility and effectiveness of our methodology by means of the specification and the analysis of a case study in the automotive domain
Coordination via Interaction Constraints I: Local Logic
Wegner describes coordination as constrained interaction. We take this
approach literally and define a coordination model based on interaction
constraints and partial, iterative and interactive constraint satisfaction. Our
model captures behaviour described in terms of synchronisation and data flow
constraints, plus various modes of interaction with the outside world provided
by external constraint symbols, on-the-fly constraint generation, and
coordination variables. Underlying our approach is an engine performing
(partial) constraint satisfaction of the sets of constraints. Our model extends
previous work on three counts: firstly, a more advanced notion of external
interaction is offered; secondly, our approach enables local satisfaction of
constraints with appropriate partial solutions, avoiding global synchronisation
over the entire constraints set; and, as a consequence, constraint satisfaction
can finally occur concurrently, and multiple parts of a set of constraints can
be solved and interact with the outside world in an asynchronous manner, unless
synchronisation is required by the constraints. This paper describes the
underlying logic, which enables a notion of local solution, and relates this
logic to the more global approach of our previous work based on classical
logic
Quantifier-Free Interpolation of a Theory of Arrays
The use of interpolants in model checking is becoming an enabling technology
to allow fast and robust verification of hardware and software. The application
of encodings based on the theory of arrays, however, is limited by the
impossibility of deriving quantifier- free interpolants in general. In this
paper, we show that it is possible to obtain quantifier-free interpolants for a
Skolemized version of the extensional theory of arrays. We prove this in two
ways: (1) non-constructively, by using the model theoretic notion of
amalgamation, which is known to be equivalent to admit quantifier-free
interpolation for universal theories; and (2) constructively, by designing an
interpolating procedure, based on solving equations between array updates.
(Interestingly, rewriting techniques are used in the key steps of the solver
and its proof of correctness.) To the best of our knowledge, this is the first
successful attempt of computing quantifier- free interpolants for a variant of
the theory of arrays with extensionality
A type reduction theory for systems with replicated components
The Parameterised Model Checking Problem asks whether an implementation
Impl(t) satisfies a specification Spec(t) for all instantiations of parameter
t. In general, t can determine numerous entities: the number of processes used
in a network, the type of data, the capacities of buffers, etc. The main theme
of this paper is automation of uniform verification of a subclass of PMCP with
the parameter of the first kind, i.e. the number of processes in the network.
We use CSP as our formalism. We present a type reduction theory, which, for a
given verification problem, establishes a function \phi that maps all
(sufficiently large) instantiations T of the parameter to some fixed type T^
and allows us to deduce that if Spec(T^) is refined by \phi(Impl(T)), then
(subject to certain assumptions) Spec(T) is refined by Impl(T). The theory can
be used in practice by combining it with a suitable abstraction method that
produces a t-independent process Abstr that is refined by {\phi}(Impl(T)) for
all sufficiently large T. Then, by testing (with a model checker) if the
abstract model Abstr refines Spec(T^), we can deduce a positive answer to the
original uniform verification problem. The type reduction theory relies on
symbolic representation of process behaviour. We develop a symbolic operational
semantics for CSP processes that satisfy certain normality requirements, and we
provide a set of translation rules that allow us to concretise symbolic
transition graphs. Based on this, we prove results that allow us to infer
behaviours of a process instantiated with uncollapsed types from known
behaviours of the same process instantiated with a reduced type. One of the
main advantages of our symbolic operational semantics and the type reduction
theory is their generality, which makes them applicable in a wide range of
settings
Software Model Checking with Explicit Scheduler and Symbolic Threads
In many practical application domains, the software is organized into a set
of threads, whose activation is exclusive and controlled by a cooperative
scheduling policy: threads execute, without any interruption, until they either
terminate or yield the control explicitly to the scheduler. The formal
verification of such software poses significant challenges. On the one side,
each thread may have infinite state space, and might call for abstraction. On
the other side, the scheduling policy is often important for correctness, and
an approach based on abstracting the scheduler may result in loss of precision
and false positives. Unfortunately, the translation of the problem into a
purely sequential software model checking problem turns out to be highly
inefficient for the available technologies. We propose a software model
checking technique that exploits the intrinsic structure of these programs.
Each thread is translated into a separate sequential program and explored
symbolically with lazy abstraction, while the overall verification is
orchestrated by the direct execution of the scheduler. The approach is
optimized by filtering the exploration of the scheduler with the integration of
partial-order reduction. The technique, called ESST (Explicit Scheduler,
Symbolic Threads) has been implemented and experimentally evaluated on a
significant set of benchmarks. The results demonstrate that ESST technique is
way more effective than software model checking applied to the sequentialized
programs, and that partial-order reduction can lead to further performance
improvements.Comment: 40 pages, 10 figures, accepted for publication in journal of logical
methods in computer scienc
Parallel symbolic state-space exploration is difficult, but what is the alternative?
State-space exploration is an essential step in many modeling and analysis
problems. Its goal is to find the states reachable from the initial state of a
discrete-state model described. The state space can used to answer important
questions, e.g., "Is there a dead state?" and "Can N become negative?", or as a
starting point for sophisticated investigations expressed in temporal logic.
Unfortunately, the state space is often so large that ordinary explicit data
structures and sequential algorithms cannot cope, prompting the exploration of
(1) parallel approaches using multiple processors, from simple workstation
networks to shared-memory supercomputers, to satisfy large memory and runtime
requirements and (2) symbolic approaches using decision diagrams to encode the
large structured sets and relations manipulated during state-space generation.
Both approaches have merits and limitations. Parallel explicit state-space
generation is challenging, but almost linear speedup can be achieved; however,
the analysis is ultimately limited by the memory and processors available.
Symbolic methods are a heuristic that can efficiently encode many, but not all,
functions over a structured and exponentially large domain; here the pitfalls
are subtler: their performance varies widely depending on the class of decision
diagram chosen, the state variable order, and obscure algorithmic parameters.
As symbolic approaches are often much more efficient than explicit ones for
many practical models, we argue for the need to parallelize symbolic
state-space generation algorithms, so that we can realize the advantage of both
approaches. This is a challenging endeavor, as the most efficient symbolic
algorithm, Saturation, is inherently sequential. We conclude by discussing
challenges, efforts, and promising directions toward this goal
Checking bounded reachability in asynchronous systems by symbolic event tracing
This report presents a new symbolic technique for checking reachability properties of asynchronous systems by reducing the problem to satisfiability in restrained difference logic. The analysis is bounded by fixing a finite set of potential events, each of which may occur at most once in any order. The events are specified using high-level Petri nets. The logic encoding describes the space of possible causal links between events rather than possible sequences of states as in Bounded Model Checking. Independence between events is exploited intrinsically without partial order reductions, and the handling of data is symbolic. On a family of benchmarks, the proposed approach is consistently faster than Bounded Model Checking. In addition, this report presents a compact encoding of the restrained subset of difference logic in propositional logic
Compositional reasoning for shared-variable concurrent programs
Scalable and automatic formal verification for concurrent systems is always
demanding. In this paper, we propose a verification framework to support
automated compositional reasoning for concurrent programs with shared
variables. Our framework models concurrent programs as succinct automata and
supports the verification of multiple important properties. Safety verification
and simulations of succinct automata are parallel compositional, and safety
properties of succinct automata are preserved under refinements. We generate
succinct automata from infinite state concurrent programs in an automated
manner. Furthermore, we propose the first automated approach to checking
rely-guarantee based simulations between infinite state concurrent programs. We
have prototyped our algorithms and applied our tool to the verification of
multiple refinements
- …