Automated Synthesis: a Distributed Viewpoint

Distributed algorithms are inherently hard to get right, and a major challenge is to come up with automated techniques for error detection and recovery. The talk will survey recent results on the synthesis of distributed monitors and controllers

Static Analysis of Deterministic Negotiations

Negotiation diagrams are a model of concurrent computation akin to workflow Petri nets. Deterministic negotiation diagrams, equivalent to the much studied and used free-choice workflow Petri nets, are surprisingly amenable to verification. Soundness (a property close to deadlock-freedom) can be decided in PTIME. Further, other fundamental questions like computing summaries or the expected cost, can also be solved in PTIME for sound deterministic negotiation diagrams, while they are PSPACE-complete in the general case. In this paper we generalize and explain these results. We extend the classical "meet-over-all-paths" (MOP) formulation of static analysis problems to our concurrent setting, and introduce Mazurkiewicz-invariant analysis problems, which encompass the questions above and new ones. We show that any Mazurkiewicz-invariant analysis problem can be solved in PTIME for sound deterministic negotiations whenever it is in PTIME for sequential flow-graphs---even though the flow-graph of a deterministic negotiation diagram can be exponentially larger than the diagram itself. This gives a common explanation to the low-complexity of all the analysis questions studied so far. Finally, we show that classical gen/kill analyses are also an instance of our framework, and obtain a PTIME algorithm for detecting anti-patterns in free-choice workflow Petri nets. Our result is based on a novel decomposition theorem, of independent interest, showing that sound deterministic negotiation diagrams can be hierarchically decomposed into (possibly overlapping) smaller sound diagrams.Comment: To appear in the Proceedings of LICS 2017, IEEE Computer Societ

Verifying Recursive Active Documents with Positive Data Tree Rewriting

This paper proposes a data tree-rewriting framework for modeling evolving documents. The framework is close to Guarded Active XML, a platform used for handling XML repositories evolving through web services. We focus on automatic verification of properties of evolving documents that can contain data from an infinite domain. We establish the boundaries of decidability, and show that verification of a {\em positive} fragment that can handle recursive service calls is decidable. We also consider bounded model-checking in our data tree-rewriting framework and show that it is \nexptime-complete

Distributed Synthesis for Acyclic Architectures

The distributed synthesis problem is about constructing correct distributed systems, i.e., systems that satisfy a given specification. We consider a slightly more general problem of distributed control, where the goal is to restrict the behavior of a given distributed system in order to satisfy the specification. Our systems are finite state machines that communicate via rendez-vous (Zielonka automata). We show decidability of the synthesis problem for all omega-regular local specifications, under the restriction that the communication graph of the system is acyclic. This result extends a previous decidability result for a restricted form of local reachability specifications

Preface Volume 65, Issue 7

AbstractThis volume contains the Proceedings of the International Workshop Validation and Implementation of Scenario-based Specifications (VISS'2002) that was held as satellite event of the 5th European Joint Conferences on Theory and Practice of Software (ETAPS'2002) in Grenoble, France, April 7th, 2002.There is a strong need within systems engineering and software development to improve software design by applying general and flexible tools. Formal tools for describing systems are required for increasing the efficiency of the design process through automated error analysis, integration of specifications into existing tools, and automatical generation of intermediate descriptions.Graphical specification formalisms exhibit an increasing popularity in software development for industrial applications. The prototype of scenario-based, graphical languages is the ITU standardized notation of message sequence charts (MSC). Used for capturing early system requirements, MSCs are particularly suited for designing and validating distributed, reactive systems, in particular telecommunication protocols.The aim of the workshop is to gather a larger community of researchers interested in scenario-based notations for designing distributed systems and to outline new trends and problems in the field.The papers in this volume were reviewed by members of the programme committee: •Benoît Caillaud (IRISA, Rennes) co-chair•Kousha Etessami (Bell Labs, NJ)•Loïc Hélouët (FT R&D, Lannion)•Ferhat Khendek (Concordia, Montréal)•Ingolf Krüger (TUM, Munich)•Anca Muscholl (LIAFA, Paris) chair•Madhavan Mukund (Chennai Math. Inst., Chennai)•Doron Peled (Bell Labs, NJ)•Daniel Vincent (FT R&D, Lannion)We are very grateful to Manfred Broy (TU Munich) and Doron Peled (Texas at Austin) for their enlightening surveys. We also acknowledge the very efficient organization provided by the ETAPS'2002 local committee, in particular the assistance of Susanne Graf. Thanks are also due to IRISA/INRIA at Rennes, France, which has supplied the financial support.May 15th, 2002 Benoît Caillaud and Anca Muschol

Reachability Analysis of Communicating Pushdown Systems

The reachability analysis of recursive programs that communicate asynchronously over reliable FIFO channels calls for restrictions to ensure decidability. Our first result characterizes communication topologies with a decidable reachability problem restricted to eager runs (i.e., runs where messages are either received immediately after being sent, or never received). The problem is EXPTIME-complete in the decidable case. The second result is a doubly exponential time algorithm for bounded context analysis in this setting, together with a matching lower bound. Both results extend and improve previous work from La Torre et al

A Kleene theorem and model checking algorithms for existentially bounded communicating automata

AbstractThe behavior of a network of communicating automata is called existentially bounded if communication events can be scheduled in such a way that the number of messages in transit is always bounded by a value that depends only on the machine, not the run itself. We show a Kleene theorem for existentially bounded communicating automata, namely the equivalence between communicating automata, globally cooperative compositional message sequence graphs, and monadic second order logic. Our characterization extends results for universally bounded models, where for each and every possible scheduling of communication events, the number of messages in transit is uniformly bounded. As a consequence, we give solutions in spirit of Madhusudan (2001) for various model checking problems on networks of communicating automata that satisfy our optimistic restriction

Model-Checking Parametric Lock-Sharing Systems Against Regular Constraints

In parametric lock-sharing systems processes can spawn new processes to run in parallel, and can create new locks. The behavior of every process is given by a pushdown automaton. We consider infinite behaviors of such systems under strong process fairness condition. A result of a potentially infinite execution of a system is a limit configuration, that is a potentially infinite tree. The verification problem is to determine if a given system has a limit configuration satisfying a given regular property. This formulation of the problem encompasses verification of reachability as well as of many liveness properties. We show that this verification problem, while undecidable in general, is decidable for nested lock usage. We show Exptime-completeness of the verification problem. The main source of complexity is the number of parameters in the spawn operation. If the number of parameters is bounded, our algorithm works in Ptime for properties expressed by parity automata with a fixed number of ranks