Olga Kouchnarenko

Reduction of Workflow Nets for Generalised Soundness Verification

This paper proposes a reduction method to verify the generalised soundness of large workflows described as workflow nets–a suited class of Petri nets. The proposed static analysis method is based on the application of six novel reduction transformations that transform a workflow net into a smaller one while preserving generalised soundness. The soundness of the method is proved. As practical contributions, this paper presents convincing experimental results obtained using a dedicated tool, developed to validate and demonstrate the effectiveness, efficiency and scalability of this method over a large set of industrial workflow nets.

Approximating Event System Abstractions by Covering Their States and Transitions

In event systems, contrarily to sequential ones, the control flow is implicit. Consequently, their abstraction may give rise to disconnected and unreachable paths. This paper presents an algorithmic method for computing a reachable and connected under-approximation of the abstraction of a system specified as an event system. We compute the under-approximation with concrete instances of the abstract transitions, that cover all the states and transitions of the predicate-based abstraction. To be of interest, these concrete transitions have to be reachable and connected to each other. We propose an algorithmic method that instantiates each of the abstract transitions, with heuristics to favour their connectivity. The idea is to prolong whenever possible the already reached sequences of concrete transitions, and to parameterize the order in which the states and actions occur. The paper also reports on an implementation, which permits to provide experimental results confirming the interest of the approach with related heuristics.

The emptiness problem for tree automata with at least one global disequality constraint is NP-hard

The model of tree automata with equality and disequality constraints was introduced in 2007 by Filiot, Talbot and Tison. In this paper we show that if there is at least one disequality constraint, the emptiness problem is NP-hard.

Preserving opacity on Interval Markov Chains under simulation

Given a probabilistic transition system (PTS) A partially observed by an attacker, and an ω-regular predicate φ over the traces of A, measuring the disclosure of the secret φ in A means computing the probability that an attacker who observes a run of A can ascertain that its trace belongs to φ. We consider specifications given as Interval Markov Chains (IMCs), which are underspecified Markov chains where probabilities on edges are only required to belong to intervals. Scheduling an IMC S produces a concrete implementation as a PTS and we define the worst case disclosure of secret φ in S as the maximal disclosure of φ over all PTSs thus produced. We compute this value for a subclass of IMCs and we prove that simulation between specifications can only improve the opacity of implementations.

Practical Analysis Framework for Component Systems with Dynamic Reconfigurations

Dynamic reconfigurations that modify the architecture of component-based systems without incurring any system downtime need to preserve the architectural consistency. In this context, we propose a reconfiguration model based on Hoare logic using sequences and (unlike most of the related work on reconfigurations) the alternative and the repetitive constructs.Using primitive reconfiguration operations as building blocks, this model takes advantage of the predicate-based semantics of programming language constructs and weakest preconditions to treat dynamic reconfigurations in a manner that preserves configuration consistency. Then, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, a conformance relation is exploited to validate component systems’ implementations within the environment supporting the Fractal and FraSCAti frameworks. A practical contribution consists of promising experimental results obtained thanks to our implementations, notably on a cloud-based multi-tier hosting environment model managed as a component system.

An Approximation-Based Approach for the Random Exploration of Large Models

System modeling is a classical approach to ensure their reliability since it is suitable both for a formal verification and for software testing techniques. In the context of model-based testing an approach combining random testing and coverage based testing has been recently introduced [9]. However, this approach is not tractable on quite large models. In this paper we show how to use statistical approximations to make the approach work on larger models. Experimental results, on models of communicating protocols, are provided; they are very promising, both for the computation time and for the quality of the generated test suites.

Test Generation from Event System Abstractions to Cover Their States and Transitions

Model-based testing of event systems can take advantage of considering abstractions rather than explicit models, for controlling their size. When abstracting still a test has to be a concrete connected and reachable event sequence. This paper presents a test generation method based on computing a reachable and connected under-approximation of the abstraction of an event system. We compute the under-approximation with concrete instances of the abstract transitions, that cover all the states and transitions of the predicatebased abstraction. We propose an algorithmic method that instantiates each of the abstract transitions, and maintains for widening it a frontier of concretely reached states. We present heuristics to favour the instances connectivity. The idea is to prolong whenever possible the already reached sequences of concrete transitions, and to parameterize the order in which the states and actions occur. This concrete under-approximation ends up covering partially (at best totally) the reachable abstract transitions. The computed tests are paths of the under-approximation. The paper also reports on an implementation, which permits to provide experimental results confirming the interest of the approach with related heuristics.

Opacity for Linear Constraint Markov Chains

On a partially observed system, a secret φ is opaque if an observer cannot ascertain that its trace belongs to φ. We consider specifications given as Constraint Markov Chains (CMC), which are underspecified Markov chains where probabilities on edges are required to belong to some set. The nondeterminism is resolved by a scheduler, and opacity on this model is defined as a worst case measure over all implementations obtained by scheduling. This measures the information obtained by a passive observer when the system is controlled by the smartest scheduler in coalition with the observer. When restricting to the subclass of Linear CMC, we compute (or approximate) this measure and prove that refinement of a specification can only improve opacity.

Component-Based Systems Reconfigurations Using Graph Transformations with GROOVE

Component-based systems permit standardisation and re-usability of code through the use of components. The architecture of component-based systems can be modified thanks to dynamic reconfigurations, which contribute to systems’ (self-)adaptation by adding or removing components without incurring any system downtime. In this context, the present article describes a formal model for dynamic reconfigurations of component-based systems. It provides a way of expressing runtime reconfigurations of a system and proving their correctness according to a static invariant for consistency constraints and/or a user-provided post-condition. Guarded reconfigurations allow us to build reconfigurations based on primitive reconfiguration operations using sequences of reconfigurations and the alternative and the repetitive constructs, while preserving configuration consistency. A practical contribution consists of the implementation of a component-based model using the GROOVE graph transformation tool. This implementation is illustrated on a cloud-based multi-tier application hosting environment managed as a component-based system. In addition, after enriching the model with interpreted configurations and reconfigurations in a consistency compatible manner, component systems’ implementations are related to their specifications by a simulation relation.