Parameterized Verification of Safety Properties in Ad Hoc Network Protocols

We summarize the main results proved in recent work on the parameterized verification of safety properties for ad hoc network protocols. We consider a model in which the communication topology of a network is represented as a graph. Nodes represent states of individual processes. Adjacent nodes represent single-hop neighbors. Processes are finite state automata that communicate via selective broadcast messages. Reception of a broadcast is restricted to single-hop neighbors. For this model we consider a decision problem that can be expressed as the verification of the existence of an initial topology in which the execution of the protocol can lead to a configuration with at least one node in a certain state. The decision problem is parametric both on the size and on the form of the communication topology of the initial configurations. We draw a complete picture of the decidability and complexity boundaries of this problem according to various assumptions on the possible topologies.Comment: In Proceedings PACO 2011, arXiv:1108.145

Formal Verification of Industrial Software with Dynamic Memory Management

Tool-based analytic techniques such as formal verification may be used to justify the quality, correctness and dependability of software involved in digital control systems. This paper reports on the development and application of a tool-based methodology, the purpose of which is the formal verification of freedom from intrinsic software faults related to dynamic memory management. The paper introduces the operational and research context in the power generation industry, in which this work takes place. The theoretical framework and the tool at the cornerstone of the methodology are then presented. The paper also presents the practical aspects of the research: software under analysis, experimental results and lessons learned. The results are seen promising, as the methodology scales accurately in identified conditions of analysis, and has a number of perspectives which are currently under study in ongoing work

When Model-Checking Freeze LTL over Counter Machines Becomes Decidable

We study the decidability status of model-checking freeze LTL over various subclasses of counter machines for which the reachability problem is known to be decidable (reversal-bounded counter machines, vector additions systems with states, flat counter machines, one-counter machines). In freeze LTL, a register can store a counter value and at some future position an equality test can be done between a register and a counter value. Herein, we complete an earlier work started on one-counter machines by considering other subclasses of counter machines, and especially the class of reversal-bounded counter machines. This gives us the opportuniy to provide a systematic classification that distinguishes determinism vs. nondeterminism and we consider subclasses of formulae by restricting the set of atomic formulae or/and the polarity of the occurrences of the freeze operators, leading to the flat fragment

On the parameterized verification of abstract models of contact tracing protocols

We present an automata-based formal model of distributed systems specifically devised to formalise abstractions of Contact Tracing Protocols that combine Bluetooth and network communication. The model combines pure names, read/write operations on first-order and higher-order variables and synchronous communication primitives. The transition system models the interaction between devices in the same physical location and between a single device and a notification server. To automatically validate protocols in our formalism, we resort to an extension of the Cubicle SMT-based infinite-state model checker, in which the monotonic abstraction applied during the predecessor computation is strengthen by introducing abstract predicates obtained via Counting Abstraction

Verification of Contact Tracing Protocols via SMT-based Model Checking and Counting Abstraction

We present an automata-based model specifically devised to formalise abstractions of distributed protocols used by contact-tracing applications that combine Bluetooth and TCP/IP communication with a centralised server. The model provides pure names, store and read operations on both value and set variables, synchronous and asynchronous communication primitives for both kind of variables. A protocol configuration consists of the current state of a finite set of local states containing the states of individual devices. The transition system models the interaction between devices in the same physical location and between a single device and possible distributed servers. We will use the resulting model to specify the logic underlying contact tracing protocols. To automatically validate our formal models, we employ an extension of the Cubicle infinite-state model checker based on the Alt-Ergo SMT solver. To overcome spurious results due to the application of monotone abstraction, we propose to refine the predecessor computation adopted in Cubicle by combining predicates on the Theory of Arrays (as provided by Cubicle) with Presburger predicates inferred via a counting abstraction applied on a subset of control states of individual processes

Model Checking Freeze LTL over One-Counter Automata

We study complexity issues related to the model-checking problem for LTL with registers (a.k.a. freeze LTL) over one-counter automata. We consider several classes of one-counter automata (mainly deterministic vs. nondeterministic) and several syntactic fragments (restriction on the number of registers and on the use of propositional variables for control locations). The logic has the ability to store a counter value and to test it later against the current counter value. By introducing a non-trivial abstraction on counter values, we show that model checking LTL with registers over deterministic one-counter automata is PSpace-complete with infinite accepting runs. By constrast, we prove that model checking LTL with registers over nondeterministic one-counter automata is Σ1 1-complete Σ0 1 -complete] in the infinitary [resp. finitary] case even if only one register is used and with no propositional variable. This makes a difference with the facts that several verification problems for one-counter automata are known to be decidable with relatively low complexity, and that finitary satisfiability for LTL with a unique register is decidable. Our results pave the way for model-checking LTL with registers over other classes of operational models, such as reversal-bounded counter machines and deterministic pushdown systems

Equivalence between model-checking flat counter systems and Presburger arithmetic

We show that model-checking flat counter systems with the branching-time temporal logic CTL* extended with arithmetical constraints on counter values has the same worst-case complexity as the satisfiability problem for Presburger arithmetic. The lower bound already holds with strong restrictions: the logical language uses only the temporal operator EF and no arithmetical constraints, and the guards on the transitions are made of linear constraints. This work complements our understanding of model-checking flat counter systems with linear-time temporal logics, such as LTL, for which the problem is already known to be (only) NP-complete with guards restricted to the linear fragment

Taming Past LTL and Flat Counter Systems

Reachability and LTL model-checking problems for flat counter systems are known to be decidable but whereas the reachability problem can be shown in NP, the best known complexity upper bound for the latter problem is made of a tower of several exponentials. Herein, we show that the problem is only NP-complete even if LTL admits pasttime operators and arithmetical constraints on counters. Actually, the NP upper bound is shown by adequately combining a new stuttering theorem for Past LTL and the property of small integer solutions for quantifier-free Presburger formulae. Other complexity results are proved, for instance for restricted classes of flat counter systems

On the Complexity of Verifying Regular Properties on Flat Counter Systems

Among the approximation methods for the verification of counter systems, one of them consists in model-checking their flat unfoldings. Unfortunately, the complexity characterization of model-checking problems for such operational models is not always well studied except for reachability queries or for Past LTL. In this paper, we characterize the complexity of model-checking problems on flat counter systems for the specification languages including first-order logic, linear mu-calculus, infinite automata, and related formalisms. Our results span different complexity classes (mainly from PTime to PSpace) and they apply to languages in which arithmetical constraints on counter values are systematically allowed. As far as the proof techniques are concerned, we provide a uniform approach that focuses on the main issues