Antti Siirtola

Algorithmic Verification with Multiple and Nested Parameters

We consider parameterised verification problem, where parameters are sets and relations over these sets, typically used to denote sets of identities of replicated components and connections between the components. A specification and a system are given as (multiply) parameterised labelled transition systems, parameter values are encoded using first-order logic and correctness is understood as the traces refinement. We provide an algorithm that reduces the (infinite) set of parameter values to a finite one without changing the answer to the verification task, which can be then solved with the aid of existing tools. To the best of our knowledge, the algorithm is the most general one that is both complete and applicable to systems with multiple and nested parameters.

Verifying parameterized taDOM+ lock managers

taDOM* protocols are designed to provide lock-based approach to handle multiple access to XML databases. The notion of ta-DOM+ protocol is formalized and generalized and a formal model of taDOM+ lock manager that is parameterized in the number of transactions and in the size of database is represented. An important class of safety properties of taDOM+ lock managers were proven to be checked by examining just a small number of finite-state instances of the parameterized model. Our results were applied to prove a generalized mutual exclusion property, known as repeatable-read, of taDOM2+ and taDOM3+ lock managers by model-checking.

Cut-Offs with Network Invariants

We consider the multi-parameterised process algebraic verification of safety properties. There is a cut-off result for such verification tasks, but it cannot be naturally applied to systems involving linear parts. We show how the limitation can be overcome by computing a network invariant for each linear part and including all the processes obtained during the computation in the system model.

Parameterised Process Algebraic Verification by Precongruence Reduction

Decidability of the parameterised verification problem is shown for a class of systems and safety properties given as (multiply) parameterised labelled transition systems with an (infinite) set of valuations representing the allowed parameter values. The idea is to reduce the set of valuations by exploiting the precongruence of the correctness relation (traces refinement). An algorithm based on the result is provided.

Bounds2: A Tool for Compositional Multi-parametrised Verification

Bounds2 is a two-part tool for parametrised verification. The instance generator inputs a parametrised system implementation and specification, computes cut-offs for the values of the parameters and outputs the specification and implementation instances up to the cut-offs. After that, the outputted instances are verified by using an instance checker. Bounds2 is unique since it lends support to compositional reasoning through three refinement-based notions of correctness and allows for parametrising not only the number of processes but also the size of data types as well as the structure of a system. Bounds2 provides a sound and complete approach to parametrised verification under explicit assumptions checked automatically by the tool. The decidable fragment covers, e.g., mutual exclusion properties of systems with shared resources.

Parametrised Compositional Verification with Multiple Process and Data Types

We present an LTS-based (Labelled Transition System) CSP-like (Communicating Sequential Processes) formalism for expressing parametrised systems. The parameters are process types, which determine the number of replicated components, and data types, which enable components with a parametrised state space. We prove that the formalism is compositional and show how to combine two existing results for parametrised verification in order to check trace refinement between parametrised processes. The combined approach gives upper bounds, i.e., cut-offs, for types such that a parametrised verification task collapses into finitely many checks solvable by using existing finite state refinement checking tools. We have implemented the approach and applied it to prove mutual exclusion properties of network protocols and systems with shared resources. To the best our knowledge, our technique is the only one that combines compositionality and completeness with support for multiple parametric process and data types.

Automated multiparameterised verification by cut-offs

We consider multiparameterised process algebraic verification, where parameters are sets and binary relations over these sets used to respectively denote the sets of the identities of replicated components and the topology of a system. There is a cut-off result that enables such a parameterised verification task to be reduced to a finite set of finite-state ones, but no practical way to perform reduction, i.e. to compute the parameter values up to the cut-offs. The first contribution of the paper is an improved formalism that enables parameterised systems and specifications to be expressed with fewer parameters than before. The second one is a search-tree-based algorithm for computing the parameter values up to the cut-offs. The algorithm detects and discards isomorphic parameter values and is equipped with a heuristic to prune a search tree. The algorithm is implemented and the relevance of the contributions is justified by practical computations.

Multi-parameterised compositional verification of safety properties

We introduce a fully automatic technique for the parameterised verification of safety properties. The technique combines compositionality and completeness with support to multiple parameters and it is implemented in a tool. We start with an LTS-based (Labelled Transition System) CSP-like (Concurrent Sequential Processes) formalism with parallel composition and hiding operators. First, we equip the formalism with types and variables which enable parameterising the structure of a system and prove that the formalism remains compositional. Next, we show how trace refinement between parameterised processes can be checked by computing structural cut-offs for types. This way, a parameterised verification task reduces to finitely many finite state refinement checks. We also provide an extension to the theory which allows for user definable universal relations. This enables parameterising system topology to some extent, too. Finally, we consider the assumptions related to the approach and show that each of them is necessary for decidability.

Parametrised Modal Interface Automata

Interface theories (ITs) enable us to analyse the compatibility interfaces and refine them while preserving their compatibility. However, most ITs are for finite state interfaces, whereas computing systems are often parametrised involving components, the number of which cannot be fixed. We present, to our knowledge, the first IT that allows us to specify a parametric number of interfaces. Moreover, we provide a fully algorithmic procedure, implemented in a tool, for checking the compatibility of and refinement between parametrised interfaces. Finally, we show that the restrictions of the technique are necessary; removing any of them renders the refinement checking problem undecidable.

Bounds: From Parameterised to Finite-State Verification

Bounds is a tool that enables parameterised verification by determining cut-offs for the values of parameters and generating the specification and system instances up to the cut-offs. After that, the verification can be completed by using an existing finite-state verification tool. A unique feature of Bounds is that it allows multiple and topology related parameters and terminates on every input.