Model Checking Guarded Protocols
نویسندگان
چکیده
The Parameterized Model Checking Problem (PMCP) is to decide whether a temporal property holds for a uniform family of systems, , comprised of a control process, , and finitely, but arbitrarily, many copies of a user process, , executing concurrently with interleaving semantics. We delineate the decidability/undecidability boundary of the PMCP for all possible systems that arise by letting processes coordinate using different subsets of the following communication primitives: conjunctive boolean guards, disjunctive boolean guards, pairwise rendezvous, asynchronous rendezvous and broadcast actions. Our focus will be on the following linear time properties: (p1) LTL X formulae over , (p2) LTL formulae over , (p3) regular properties specified as regular automata, and (p4) -regular properties specified as -regular automata. We also establish a hierarchy based on the relative expressive power of the primitives by showing that disjunctive guards and pairwise rendezvous are equally expressive, in that we can reduce the PMCP for regular and -regular properties for systems with disjunctive guards to ones with pairwise rendezvous and vice versa, but that each of asynchronous rendezvous and broadcasts is strictly more expressive than pairwise rendezvous (and disjunctive guards). Moreover, for systems with conjunctive guards, we give a simple characterization of the decidability/undecidability boundary of the PMCP by showing that allowing stuttering sensitive properties bridges the gap between decidability (for p1) and undecidability (for p2). A broad framework for modeling snoopy cache protocols is also presented for which the PMCP for p3 is decidable and that can model all snoopy cache protocols given in [13] thereby overcoming the undecidability results. This work was supported in part by NSF grant CCR-009-8141 & ITR-CCR-020-5483, and SRC contract 2002-TJ-1026. Contact: emerson,kahlon @cs.utexas.edu
منابع مشابه
Tight Cutoffs for Guarded Protocols with Fairness
Guarded protocols were introduced in a seminal paper by Emerson and Kahlon (2000), and describe systems of processes whose transitions are enabled or disabled depending on the existence of other processes in certain local states. We study parameterized model checking and synthesis of guarded protocols, both aiming at formal arguments for correctness of systems with any number of processes. Cuto...
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملHandling Global Conditions in
We consider symbolic veriication for a class of parameterized systems, where a system consists of a linear array of processes, and where an action of a process may in general be guarded by both local conditions restricting the state of the process about to perform the action, and global conditions deening the context in which the action is enabled. Such actions are present, e.g., in idealized v...
متن کاملRegular Model Checking without Transducers
We give a simple and efficient method to prove safety properties for parameterized systems with linear topologies. A process in the system is a finite-state automaton, where the transitions are guarded by both local and global conditions. Processes may communicate via broadcast, rendez-vous and shared variables. The method derives an overapproximation of the induced transition system, which all...
متن کاملHandling Global Conditions in Parameterized System Verification
We consider symbolic veriication for a class of parametrized systems, where a system consists of a linear array of processes, and where an action of a process may in general be guarded by both local conditions restricting the state of the process about to perform the action, and global conditions deening the context in which the action is enabled. Such a model captures the behaviour, e.g., of i...
متن کامل