Mihaela Sighireanu

Efficient on-the-fly model-checking for regular alternation-free mu-calculus

Model-checking is a successful technique for automatically verifying concurrent finite-state systems. When designing a model-checker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the model-checking problem, and the user-friendliness of the interface. We present a temporal logic and an associated model-checking method that attempt to fulfill these criteria. The logic is an extension of the alternation-free µ-calculus with ACTL-like action formulas and PDL-like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The model-checking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal formulas. This method is at the heart of the EVALUATOR 3.0 model-checker that we implemented within the CADP toolbox using the generic OPEN/CAESAR environment for on-the-fly verification.

TReX: A Tool for Reachability Analysis of Complex Systems

Finite-state model-checkers such as Smv [13] and Spin [11] do not allow to deal with important aspects that appear in modelling and analysing complex systems, e.g., communication protocols. Among these aspects: real-time constraints, manipulation of unbounded data structures like counters, communication through unbounded channels, parametric reasoning, etc.

Rewriting Systems with Data

We introduce a uniform framework for reasoning about infinite-state systems with unbounded control structures and unbounded data domains. Our framework is based on constrained rewriting systems on words over an infinite alphabet. We consider several rewriting semantics: factor, prefix, and multiset rewriting. Constraints are expressed in a logic on such words which is parametrized by a first-order theory on the considered data domain. We show that our framework is suitable for reasoning about various classes of systems such as recursive sequential programs, multithreaded programs, parametrized and dynamic networks of processes, etc. Then, we provide generic results (1) for the decidability of the satisfiability problem of the fragment ? * ? * of this logic provided that the underlying logic on data is decidable, and (2) for proving inductive invariance and for carrying out Hoare style reasoning within this fragment. We also show that the reachability problem is decidable for a class of prefix rewriting systems with integer data.

Verification of the Link layer protocol of the IEEE-1394 serial bus (FireWire): an experiment with E-LOTOS

This paper deals with the description in E-LOTOS of the asynchronous LINK layer protocol of the IEEE-1394 Standard and its verification using model-checking. The E-LOTOS descriptions are based on both the standard and the mu-CRL description written by Luttik. The verifications are performed using the CADP (CAESAR/ALDEBARAN) toolbox. We translate the E-LOTOS descriptions in LOTOS using the TRAIAN tool, and then we generate the underlying LTS models corresponding to various scenarios using the CAESAR compiler. We formally express in the ACTL temporal logic the five correctness properties of the LINK layer protocol stated in natural language by Luttik and we verify them on the LTS models using the XTL model-checker. We detect and correct a potential deadlock caused by the ambiguous semantics of the state machines given in the standard, which can be misleading for implementors of the IEEE-1394 protocol.

A Logic-Based Framework for Reasoning about Composite Data Structures

We define a logic, called CSL, for the specification of complex data structures, and we show its use in program verification. Our framework allows to handle programs with dynamic linked structures and arrays carrying unbounded data, as well as the composition of these structures. The formulas in CSL allow a limited form of alternation between existential and universal quantifiers and they can express (1) constraints on reachability between positions in the heap following some pointer fields, (2) linear constraints on the lengths of the lists and the indexes of the arrays, and (3) constraints on the values of the data attached to these positions. For data constraints, the logic CSL is parameterized by a first-order logic over the considered data domain. We prove that the satisfiability problem of CSL is decidable whenever the underlying data logic is decidable and that CSL is closed under the computation of the strongest post-condition in the considered class of programs.

Abstract domains for automated reasoning about list-manipulating programs with infinite data

We describe a framework for reasoning about programs with lists carrying integer numerical data. We use abstract domains to describe and manipulate complex constraints on configurations of these programs mixing constraints on the shape of the heap, sizes of the lists, on the multisets of data stored in these lists, and on the data at their different positions. Moreover, we provide powerful techniques for automatic validation of Hoare-triples and invariant checking, as well as for automatic synthesis of invariants and procedure summaries using modular inter-procedural analysis. The approach has been implemented in a tool called Celia and experimented successfully on a large benchmark of programs.

Accurate invariant checking for programs manipulating lists and arrays with infinite data

We propose a logic-based framework for automated reasoning about sequential programs manipulating singly-linked lists and arrays with unbounded data. We introduce the logic

On inter-procedural analysis of programs with lists and data

\textsf{SLAD}

A generic framework for reasoning about dynamic networks of infinite-state processes

, which allows combining shape constraints, written in a fragment of Separation Logic, with data and size constraints. We address the problem of checking the entailment between

A Generic Framework for Reasoning about Dynamic Networks of Infinite-State Processes

\textsf{SLAD}