We present an algorithm for the repair of parameterized systems. The repair problem is, for a given process implementation, to find a refinement such that a given property is satisfied by the resulting parameterized system, and deadlocks are avoided. Our algorithm employs a constraint-based search for candidate repairs, and uses a parameterized model checker to determine their correctness and update the constraint system in case errors are reachable. We apply this algorithm on systems that can be represented as well-structured transition systems (WSTS), including disjunctive systems, pairwise rendezvous systems, and broadcast protocols. Moreover, we show that parameterized deadlock detection can be decided in NEXPTIME for disjunctive systems, vastly improving on the best known lower bound, and that it is in general undecidable for broadcast protocols.Contributions. Our main contribution is a counterexample-guided parameterized repair approach, based on model checking of well-structured transition systems (WSTS) [1,30]. We investigate which information a parameterized model checker needs to provide to guide the search for candidate repairs, and how this information can be encoded into propositional constraints. Moreover, we investigate how to systematically avoid deadlocks in the repaired system. Our repair algorithm supports many classes of systems, including guarded protocols with disjunctive guards [20], rendezvous systems [33] and broadcast protocols [24].Since existing model checking algorithms for WSTS do not support deadlock detection, our approach has a subprocedure to solve this problem, which relies on new theoretical results: for disjunctive systems, we provide a novel deadlock detection algorithm that vastly improves on the complexity of the best known solution, while for broadcast protocols we prove that deadlock detection is in general undecidable, so approximate methods have to be used. We evaluate an implementation of our algorithm on benchmarks from different application domains, including a distributed lock service and a robot-flocking protocol.This paper is organized as follows. In Sect. 2 we present our basic system model for disjunctive systems. In Sect. 3 we define the parameterized repair problem, propose a solution, and highlight three research challenges. In Sect. 4 we develop algorithms for parameterized model checking and deadlock detection that provide information on error paths for our repair approach. In Sect. 5 we introduce our parameterized repair algorithm, and in Sect. 6 we extend it to more general properties and systems. We provide our experimental evaluation in Sect. 7, followed by a discussion of related work in Sect. 8, and our conclusion and discussion of future work in Sect. 9.
System ModelIn the following, let Q be a finite set of states.Processes. A process template is a transition system U = (Q U , init U , G U , δ U ), where Q U ⊆ Q is a finite set of states including the initial state init U , G U ⊆ P(Q) is a set of guards, and δ U :We denote by t U a transition of U ,...