Sound Static Deadlock Analysis for C/Pthreads (Extended Version)

We present a static deadlock analysis approach for C/pthreads. The design of our method has been guided by the requirement to analyse real-world code. Our approach is sound (i.e., misses no deadlocks) for programs that have defined behaviour according to the C standard, and precise enough to prove deadlock-freedom for a large number of programs. The method consists of a pipeline of several analyses that build on a new context- and thread-sensitive abstract interpretation framework. We further present a lightweight dependency analysis to identify statements relevant to deadlock analysis and thus speed up the overall analysis. In our experimental evaluation, we succeeded to prove deadlock-freedom for 262 programs from the Debian GNU/Linux distribution with in total 2.6 MLOC in less than 11 hours

On the Complexity of the Equivalence Problem for Probabilistic Automata

Checking two probabilistic automata for equivalence has been shown to be a key problem for efficiently establishing various behavioural and anonymity properties of probabilistic systems. In recent experiments a randomised equivalence test based on polynomial identity testing outperformed deterministic algorithms. In this paper we show that polynomial identity testing yields efficient algorithms for various generalisations of the equivalence problem. First, we provide a randomized NC procedure that also outputs a counterexample trace in case of inequivalence. Second, we show how to check for equivalence two probabilistic automata with (cumulative) rewards. Our algorithm runs in deterministic polynomial time, if the number of reward counters is fixed. Finally we show that the equivalence problem for probabilistic visibly pushdown automata is logspace equivalent to the Arithmetic Circuit Identity Testing problem, which is to decide whether a polynomial represented by an arithmetic circuit is identically zero.Comment: technical report for a FoSSaCS'12 pape

Refined Probabilistic Abstraction

Network technology enables smarter and more adaptive computing devices in the context of vehicles, communication and energy networks. Performance and quality-of-service guarantees are vital concerns for such systems. Meaningful guarantees are typically of a probabilistic nature due to the use of randomized algorithms inside network protocols and other phenomena like message loss. Probabilistic verification provides methods and tools to quantify the performance and quality of service of systems. A central problem in probabilistic verification is to determine the probability that a system enters a particular set of goal states, e.g., states in which packages have been transmitted successfully. Despite the remarkable versatility of existing methods, they are inherently limited to systems with very small state spaces. This dissertation proposes new methods that solve the problem of probabilistic reach- ability for large or even infinite state spaces. The key is to automatically obtain small abstractions of a system. To this end, we start with a very coarse abstraction and successively refine it. The process is fully automatic and has been implemented in the tool Pass. Pass achieves significant performance improvements compared to previous methods and, further, applies to infinite-state systems which could previously not be handled by any existing automatic method

Refined Probabilistic Abstraction

Network technology enables smarter and more adaptive computing devices in the context of vehicles, communication and energy networks. Performance and quality-of-service guarantees are vital concerns for such systems. Meaningful guarantees are typically of a probabilistic nature due to the use of randomized algorithms inside network protocols and other phenomena like message loss. Probabilistic verification provides methods and tools to quantify the performance and quality of service of systems. A central problem in probabilistic verification is to determine the probability that a system enters a particular set of goal states, e.g., states in which packages have been transmitted successfully. Despite the remarkable versatility of existing methods, they are inherently limited to systems with very small state spaces. This dissertation proposes new methods that solve the problem of probabilistic reach- ability for large or even infinite state spaces. The key is to automatically obtain small abstractions of a system. To this end, we start with a very coarse abstraction and successively refine it. The process is fully automatic and has been implemented in the tool Pass. Pass achieves significant performance improvements compared to previous methods and, further, applies to infinite-state systems which could previously not be handled by any existing automatic method

The Spotlight Principle

Formal verification of safety and liveness properties of systems with a dynamically changing, unbounded number of interlinked processes and infinite-domain local data is challenging due to the two sources of infiniteness. The existing state abstraction-based approaches Data Type Reduction and Environment Abstraction each address one aspect, but the former doesn’t support infinite-domain local data and the latter doesn’t support links and is restricted to particular properties. The contribution of this paper is a combination of both which is obtained by first stating them in the framework of Canonical Abstraction. This new use of Canonical Abstraction, originally designed and used for the analysis of programs with heap-allocated data structures, furthermore unveils a formal connection between the two rather ad-hoc techniques