A Scalable Incomplete Test for Message Buffer Overflow in Promela Models

Leue, Stefan; Mayr, Richard; Wei, Wei

doi:10.1007/978-3-540-24732-6_16

Cited by 12 publications

(11 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Jeron and Jard [24] propose a sufficient condition for testing unboundedness, which can be used as a decision procedure for checking reachability for CFSMs. In [26], the authors present an incomplete boundedness test for communication channels in Promela and UML RT models. They also provide a method to derive upper bound estimates for the maximal occupancy of each individual message buffer.…”

Section: Related Workmentioning

confidence: 99%

“…This means that, in general, verification techniques based on explicit state space exploration will not be sound for such systems. Analysis of asynchronously communicating systems has been investigated extensively during the last 30 years, e.g., [11,24,26,14,31]. A common approach used in analyzing asynchronously communicating systems is to bound the state space by bounding the number of cycles, peers, or buffers.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Compatibility Checking for Asynchronously Communicating Software

Ouederni

Salaün

Bultan

2014

Formal Aspects of Component Software

View full text Add to dashboard Cite

Abstract. Compatibility is a crucial problem that is encountered while constructing new software by reusing and composing existing components. A set of software components is called compatible if their composition preserves certain properties, such as deadlock freedom. However, checking compatibility for systems communicating asynchronously is an undecidable problem, and asynchronous communication is a common interaction mechanism used in building software systems. A typical approach in analyzing such systems is to bound the state space. In this paper, we take a different approach and do not impose any bounds on the number of participants or the sizes of the message buffers. Instead, we present a sufficient condition for checking compatibility of a set of asynchronously communicating components. Our approach relies on the synchronizability property which identifies systems for which interaction behavior remains the same when asynchronous communication is replaced with synchronous communication. Using the synchronizability property, we can check the compatibility of systems with unbounded message buffers by analyzing only a finite part of their behavior. We have implemented a prototype tool to automate our approach and we have applied it to many examples.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Compatibility Checking for Asynchronously Communicating Software

Ouederni

Salaün

Bultan

2014

Formal Aspects of Component Software

View full text Add to dashboard Cite

show abstract

“…For instance, Bandera (see e.g. [16]) allows for model extraction from Java programs and can output these models in different languages such as PROMELA ( [17], [18]). …”

Section: A Model Of the System And Requirementsmentioning

confidence: 99%

Software Maintenance through Supervisory Control

Gaudin

Bagnato

2011

2011 IEEE 34th Software Engineering Workshop

View full text Add to dashboard Cite

Abstract-This work considers the case of system maintenance where systems are already deployed and for which some faults or security issues were not detected during the testing phase. We propose an approach based on control theory that allows for automatic generation of maintenance fixes. This approach disables faulty or vulnerable system functionalities and requires to instrument the system before deployment so that it can later be monitored and interact with a supervisor at runtime. This supervisor ensures some property designed after deployment in order to avoid future executions of faulty or vulnerable system functionalities. This property corresponds to a set of safe behaviors described as a Finite State Machine. The computation of supervisors can be performed automatically, relying on a sound Supervisory Control Theory. We first introduce some basic notions of Supervisory Control theory, then we present and illustrate our approach which also relies on automatic models extraction and instrumentation.

show abstract

“…This observation underlies the conservative abstraction approach sketched below for our livelock freedom analysis. The same abstraction steps were also used in our previous work on buffer boundedness analysis, which are detailed in [14,13]. In particular [13] deals with specifics of abstracting Promela models.…”

Section: Abstractionmentioning

confidence: 99%

A Livelock Freedom Analysis for Infinite State Asynchronous Reactive Systems

Leue

Ştefănescu

Wei

2006

CONCUR 2006 – Concurrency Theory

Self Cite

View full text Add to dashboard Cite

We describe an incomplete but sound and efficient livelock freedom test for infinite state asynchronous reactive systems. The method abstracts a system into a set of simple control flow cycles labeled with their message passing effects. From these cycles, it constructs a homogeneous integer programming problem (IP) encoding a necessary condition for the existence of livelock runs. Livelock freedom is assured by the infeasibility of the generated homogeneous IP, which can be checked in polynomial time. In the case that livelock freedom cannot be proved, the method proposes a counterexample given as a set of cycles. We apply an automated cycle dependency analysis to counterexamples to check their spuriousness and to refine the abstraction. We illustrate the application of the method to Promela models using our prototype implementation named aLive.

show abstract

A Scalable Incomplete Test for Message Buffer Overflow in Promela Models

Cited by 12 publications

References 13 publications

Compatibility Checking for Asynchronously Communicating Software

Compatibility Checking for Asynchronously Communicating Software

Software Maintenance through Supervisory Control

A Livelock Freedom Analysis for Infinite State Asynchronous Reactive Systems

Contact Info

Product

Resources

About