Safety Verification of Communicating One-Counter Machines

In order to verify protocols that tag messages with integer values, we investigate the decidability of the reachability problem for systems of communicating one-counter machines. These systems consist of local one-counter machines that asynchronously communicate by exchanging the value of their counters via, a priori unbounded, FIFO channels. This model extends communicating finite-state machines (CFSM) by infinite-state local processes and an infinite message alphabet. The main result of the paper is a complete characterization of the communication topologies that have a solvable reachability question. As already CFSM exclude the possibility of automatic verification in presence of mutual communication, we also consider an under-approximative approach to the reachability problem, based on rendezvous synchronization

Iterated Regret Minimization in Game Graphs

Iterated regret minimization has been introduced recently by J.Y. Halpern and R. Pass in classical strategic games. For many games of interest, this new solution concept provides solutions that are judged more reasonable than solutions offered by traditional game concepts -- such as Nash equilibrium --. Although computing iterated regret on explicit matrix game is conceptually and computationally easy, nothing is known about computing the iterated regret on games whose matrices are defined implicitly using game tree, game DAG or, more generally game graphs. In this paper, we investigate iterated regret minimization for infinite duration two-player quantitative non-zero sum games played on graphs. We consider reachability objectives that are not necessarily antagonist. Edges are weighted by integers -- one for each player --, and the payoffs are defined by the sum of the weights along the paths. Depending on the class of graphs, we give either polynomial or pseudo-polynomial time algorithms to compute a strategy that minimizes the regret for a fixed player. We finally give algorithms to compute the strategies of the two players that minimize the iterated regret for trees, and for graphs with strictly positive weights only.Comment: 19 pages. Bug in introductive example fixed

Tree Regular Model Checking for Lattice-Based Automata

Tree Regular Model Checking (TRMC) is the name of a family of techniques for analyzing infinite-state systems in which states are represented by terms, and sets of states by Tree Automata (TA). The central problem in TRMC is to decide whether a set of bad states is reachable. The problem of computing a TA representing (an over- approximation of) the set of reachable states is undecidable, but efficient solutions based on completion or iteration of tree transducers exist. Unfortunately, the TRMC framework is unable to efficiently capture both the complex structure of a system and of some of its features. As an example, for JAVA programs, the structure of a term is mainly exploited to capture the structure of a state of the system. On the counter part, integers of the java programs have to be encoded with Peano numbers, which means that any algebraic operation is potentially represented by thousands of applications of rewriting rules. In this paper, we propose Lattice Tree Automata (LTAs), an extended version of tree automata whose leaves are equipped with lattices. LTAs allow us to represent possibly infinite sets of interpreted terms. Such terms are capable to represent complex domains and related operations in an efficient manner. We also extend classical Boolean operations to LTAs. Finally, as a major contribution, we introduce a new completion-based algorithm for computing the possibly infinite set of reachable interpreted terms in a finite amount of time.Comment: Technical repor

Extrapolation-based Path Invariants for Abstraction Refinement of Fifo Systems

Rapport de Recherche RR-1459-09 LaBRIThe technique of counterexample-guided abstraction refinement (Cegar) has been successfully applied in the areas of software and hardware verification. Automatic abstraction refinement is also desirable for the safety verification of complex infinite-state models. This paper investigates Cegar in the context of formal models of network protocols, in our case, the verification of fifo systems. Our main contribution is the introduction of extrapolation-based path invariants for abstraction refinement. We develop a range of algorithms that are based on this novel theoretical notion, and which are parametrized by different extrapolation operators. These are utilized as subroutines in the refinement step of our Cegar semi-algorithm that is based on recognizable partition abstractions. We give suffcient conditions for the termination of Cegar by constraining the extrapolation operator. Our empirical evaluation confirms the benefit of extrapolation-based path invariants

Symbolic Supervisory Control of Distributed Systems with Communications

We consider the control of distributed systems composed of subsystems communicating asynchronously; the aim is to build local controllers that restrict the behavior of a distributed system in order to satisfy a global state avoidance property. We model distributed systems as \emph{communicating finite state machines} with reliable unbounded FIFO queues between subsystems. Local controllers can only observe the behavior of their proper subsystem and do not see the queue contents. To refine their control policy, controllers can use the FIFO queues to communicate by piggy-backing extra information (some timestamps and their state estimates) to the messages sent by the subsystems. We provide an algorithm that computes, for each local subsystem (and thus for each controller), during the execution of the system, an estimate of the current global state of the distributed system. We then define a synthesis algorithm to compute local controllers. Our method relies on the computation of (co-)reachable states. Since the reachability problem is undecidable in our model, we use abstract interpretation techniques to obtain overapproximations of (co-)reachable states. An implementation of our algorithms provides an empirical evaluation of our method

Synthesis of Communicating Controllers for Distributed Systems

International audienceWe consider the control of distributed systems composed of subsystems communicating asynchronously; the aim is to build local controllers that restrict the behavior of a distributed system in order to satisfy a global state avoidance property. We model our distributed systems as communicating finite state machines with reliable unbounded FIFO queues between subsystems. Local controllers can only observe their proper local subsystems and do not observe the queues. To refine their control policy, they can use the FIFO queues to communicate by piggybacking extra information to the messages sent by the subsystems. We define synthesis algorithms allowing to compute the local controllers. We explain how we can ensure the termination of this control algorithm by using abstract interpretation techniques, to overapproximate queue contents by regular languages. An implementation of our algorithms provides an empirical evaluation of our method

Analysis of Communicating Infinite State Machines using Lattice Automata

Communication protocols can be formally described by the Communicating Finite-State Machines~(CFSM) model. This model is expressive, but not expressive enough to deal with complex protocols that involve structured messages encapsulating integers or lists of integers. This is the reason why we propose an extension of this model : the Symbolic Communicating Machines (SCM). We also propose an approximate reachability analysis method, based on lattice automata. Lattice automata are finite automata, the transitions of which are labeled with elements of an atomic lattice. We tackle the problem of the determinization as well as the definition of a widening operator for these automata. We also show that lattice automata are useful for the interprocedural analysis

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques. \\ Nous nous intéressons à l'analyse et à la vérification de systèmes communiquants, qui sont des systèmes formés de processus séquentiels communiquant par des files de communication non bornées. Nous proposons de suivre l'approche de l'interprétation abstraite, en définissant des représentations approchées pour les ensembles de configuration de files de communication. Dans le cadre de cet article, nous nous restreignons au cas où les processus sont d'état fini et l'alphabet des messages échangés est également fini. Nous étudions d'abord les systèmes avec une seule file de communication, pour lesquels nous proposons un treillis abstrait fondé sur les langages réguliers, puis généralisons notre proposition aux systèmes avec plusieurs files. En particulier nous définissons pour ces derniers deux treillis abstraits, le premier non-relationel et le second relationel, c'est-à-dire capable de représenter des propriétés liant deux files de communication différentes. Nous utiliserons ces treillis pour calculer une sur-approximation de l'ensemble d'atteignabilité d'un CFSM. Notre évaluation expérimentale montre que nous obtenons, sur certains protocoles, des résultats aussi bons que ceux obtenus par des méthodes exactes fondées sur des techniques d'accélération

Supervisory Control of Infinite Symbolic Systems using Abstract Interpretation

International audienceIn this paper, we investigate the control of infinite systems, modeled by symbolic transition system for safety properties. We first redefine the concept of controllability by applying it to the guards of symbolic transitions, instead of to the events. We then define synthesis algorithms based on symbolic transformations and abstract interpretation techniques so that we can ensure finiteness of the computations