Dynamic Partitioning in Linear Relation Analysis. Application to the Verification of Synchronous Programs

We apply linear relation analysis [CH78, HPR97] to the verificationof declarative synchronous programs [Hal98]. In this approach,state partitioning plays an important role: on one hand the precision of the results highly depends on the fineness of the partitioning; on the other hand, a too much detailed partitioning may result in an exponential explosion of the analysis. In this paper we propose to consider very general partitions of the state space and to dynamically select a suitable partitioning according to the property to be proved. The presented approach is quite general and can be applied to other abstract interpretations.Keywords and Phrases: Abstract Interpretation, Partitioning,Linear Relation Analysis, Reactive Systems, Program Verificatio

Relational interprocedural analysis of concurrent programs

We extend the relational approach to interprocedural analysis of sequential programs to concurrent programs composed of a fixed number of threads. In the relational approach, a sequential program is analyzed by computing summaries of procedures, and by propagating reachability information using these summaries. We generalize this approach to concurrent programs by computing for each thread procedure summaries that takes into account the parallel execution of the other threads. Technically, we define our analysis method by instrumenting the operational semantics of programs, then by abstracting the call-stacks of the concurrent threads, and last by abstracting the program environments in order to lead to an effective analysis that always terminates. This method allows to extend to concurrent programs existing relational interprocedural analysis (e.g., numerical variables analysis, shape analysis). We implemented it for programs with scalar variables, and we experiment several classical synchronisation protocols in order to illustrate the precision of our technique, but also to analyze the approximations it performs

Analysis of Communicating Infinite State Machines using Lattice Automata

Communication protocols can be formally described by the Communicating Finite-State Machines~(CFSM) model. This model is expressive, but not expressive enough to deal with complex protocols that involve structured messages encapsulating integers or lists of integers. This is the reason why we propose an extension of this model : the Symbolic Communicating Machines (SCM). We also propose an approximate reachability analysis method, based on lattice automata. Lattice automata are finite automata, the transitions of which are labeled with elements of an atomic lattice. We tackle the problem of the determinization as well as the definition of a widening operator for these automata. We also show that lattice automata are useful for the interprocedural analysis

Efficient Encoding of SystemC/TLM in Promela

International audienceTo deal with the ever growing complexity of Systems-on-Chip, designers use models early in the design flow. SystemC is a commonly used tool to write such models. In order to verify these models, one thriving approach is to encode its semantics into a formal language, and then to verify it with verification tools. Various encodings of SystemC into formal lan- guages have already been proposed, with different performance implications. In this paper, we investigate a new, automatic, asynchronous means to formalize models. Our encoding supports the subset of the concurrency and communication constructs offered by SystemC used for high-level modeling. We increase the confidence in the fact that encoded programs have the same semantics as the original one by model-checking a set of properties. We give experimental results on our formalization and compare with previous works

Automatic Test Generation from Interprocedural Specifications

This paper adresses the generation of test cases for testing the conformance of a black-box implementation with respect to its specification, in the context of reactive systems. We aim at extending the principles and algorithms of model-based testing à la ioco for recursive specifications that can be modeled by Push-Down Systems (PDS). Such specifications may be more compact than non-recursive ones and are more expressive. The generated test cases are selected according to a test purpose, a (set of) scenario of interest that one wants to observe during test execution. The test generation method we propose in this paper is based on program transformations and a coreachability analysis, which allows to decide whether and how the test purpose can still be satisfied. However, despite the possibility to perform an exact analysis, the inability of test cases to inspect their own stack prevents it from using fully the coreachability information. We discuss this partial observation problem, its consequences, and how to minimize its impact

Model-Based Test Selection for Infinite-State Reactive Systems

International audienceThis paper addresses the problem of off-line selection of test cases for testing the conformance of a black-box implementation with respect to a specification, in the context of reactive systems. Efficient solutions to this problem have been proposed in the context of finite-state models, based on the ioco conformance testing theory. An extension of these is proposed in the context of infinite-state specifications, modelled as automata extended with variables. One considers the selection of test cases according to test purposes describing abstract scenarios that one wants to test. The selection of program test cases then consists in syntactical transformations of the specification model, using approximate analyses

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques. \\ Nous nous intéressons à l'analyse et à la vérification de systèmes communiquants, qui sont des systèmes formés de processus séquentiels communiquant par des files de communication non bornées. Nous proposons de suivre l'approche de l'interprétation abstraite, en définissant des représentations approchées pour les ensembles de configuration de files de communication. Dans le cadre de cet article, nous nous restreignons au cas où les processus sont d'état fini et l'alphabet des messages échangés est également fini. Nous étudions d'abord les systèmes avec une seule file de communication, pour lesquels nous proposons un treillis abstrait fondé sur les langages réguliers, puis généralisons notre proposition aux systèmes avec plusieurs files. En particulier nous définissons pour ces derniers deux treillis abstraits, le premier non-relationel et le second relationel, c'est-à-dire capable de représenter des propriétés liant deux files de communication différentes. Nous utiliserons ces treillis pour calculer une sur-approximation de l'ensemble d'atteignabilité d'un CFSM. Notre évaluation expérimentale montre que nous obtenons, sur certains protocoles, des résultats aussi bons que ceux obtenus par des méthodes exactes fondées sur des techniques d'accélération

Supervisory Control of Infinite Symbolic Systems using Abstract Interpretation

International audienceIn this paper, we investigate the control of infinite systems, modeled by symbolic transition system for safety properties. We first redefine the concept of controllability by applying it to the guards of symbolic transitions, instead of to the events. We then define synthesis algorithms based on symbolic transformations and abstract interpretation techniques so that we can ensure finiteness of the computations