A Logic-Based Approach to Model Checking of Parameterized and Infinite-State Systems

The aim of this thesis is to investigate the problem of verification for concurrent systems. In particular, a major problem in verification is that of validating systems, e.g. protocols, which are parametric, in the sense that the number of entities taking part in a given run is not fixed a priori. Typically, such kind of systems are also infinite-state, in that they use data structures containing possibly unbounded data values. In this thesis we tackle the problem of verification using a logical approach. In particular, the leading thread of this work will be a specification language based on a fragment of Girard’s linear logic, which we will show to have direct connections with classical formalisms like high-level nets or rewriting. By combining the power of logical connectives with the flexibility of rewriting, we are able to nicely model local and global transitions, and to elegantly express new data generation. Reasoning on heterogeneous domains can also be achieved via specialized constraint solvers. We show how this language can be used both for the specification and the analysis of parametric systems. In particular, we present a verification procedure which resembles classical symbolic model checking algorithms for infinite-state systems, and is well-suited to study system properties like safety, e.g. mutual exclusion. Technically, our verification procedure uses a fixpoint computation strategy which is based on a new bottom-up semantics for a fragment of linear logic. We illustrate our methodology presenting different examples coming from concurrency theory, like a parameterized version of the ticket mutual-exclusion protocol, and from security, like authentication protocols.

[1]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[2]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[3]  Amir Pnueli,et al.  Liveness and Acceleration in Parameterized Verification , 2000, CAV.

[4]  Nicolas Halbwachs,et al.  Automatic verification of parameterized linear networks of processes , 1997, POPL '97.

[5]  A. Troelstra Lectures on linear logic , 1992 .

[6]  Alain Finkel,et al.  A Generalization of the Procedure of Karp and Miller to Well Structured Transition Systems , 1987, ICALP.

[7]  Giorgio Delzanno,et al.  Beyond Parameterized Verification , 2002, TACAS.

[8]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[9]  Giorgio Delzanno,et al.  An effective fixpoint semantics for linear logic programs , 2002, Theory Pract. Log. Program..

[10]  Michael J. Maher,et al.  Unification Revisited , 1988, Foundations of Deductive Databases and Logic Programming..

[11]  Gerard J. Holzmann Algorithms for automated protocol verification , 1990, AT&T Technical Journal.

[12]  Graham Higman,et al.  Ordering by Divisibility in Abstract Algebras , 1952 .

[13]  Giorgio Delzanno,et al.  A Linear Logic Specification for Chimera , 1997 .

[14]  Jean-Yves Girard,et al.  Linear Logic , 1987, Theor. Comput. Sci..

[15]  Viviana Mascardi,et al.  Logic Programming and Multi-Agent Systems: A Synergic Combination for Applications and Semantics , 1999, The Logic Programming Paradigm.

[16]  JEAN-MARC ANDREOLI,et al.  Logic Programming with Focusing Proofs in Linear Logic , 1992, J. Log. Comput..

[17]  Parosh Aziz Abdulla,et al.  Ensuring completeness of symbolic verification methods for infinite-state systems , 2001, Theor. Comput. Sci..

[18]  Giorgio Delzanno Automatic Verification of Parameterized Cache Coherence Protocols , 2000, CAV.

[19]  E. Pascal Gribomont,et al.  Automated Verification of Szymanski's Algorithm , 1998, TACAS.

[20]  Andrew William Roscoe,et al.  Proving security protocols with model checkers by data independence techniques , 1999 .

[21]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[22]  Giorgio Delzanno,et al.  Proofs as computations in linear logic , 2001, Theor. Comput. Sci..

[23]  Marcus Nilsson,et al.  Regular Model Checking , 2000, CAV.

[24]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[25]  Parosh Aziz Abdulla,et al.  Timed Petri Nets and BQOs , 2001, ICATPN.

[26]  Amir Pnueli,et al.  Symbolic Model Checking with Rich ssertional Languages , 1997, CAV.

[27]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[28]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[29]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[30]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[31]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[32]  Michael J. Maher,et al.  Constraint Logic Programming: A Survey , 1994, J. Log. Program..

[33]  Jonathan Millen A Necessarily Parallel Attack , 1999 .

[34]  James Harland,et al.  A Uniform Proof-Theoretic Investigation of Linear Logic Programming , 1994, J. Log. Comput..

[35]  Karsten Stahl,et al.  Abstracting WS1S Systems to Verify Parameterized Networks , 2000, TACAS.

[36]  Jorge Lobo,et al.  Theory of Disjunctive Logic Programs , 1991, Computational Logic - Essays in Honor of Alan Robinson.

[37]  Maurizio Gabbrielli,et al.  Observable Semantics for Constraint Logic Programs , 1995, J. Log. Comput..

[38]  Iliano Cervesato,et al.  Petri Nets as Multiset Rewriting Systems in a Linear Framework , 1994 .

[39]  Gavin Lowe Casper: a compiler for the analysis of security protocols , 1998 .

[40]  Michele Bugliesi,et al.  Object calculi in linear logic , 2000, J. Log. Comput..

[41]  Hélène Kirchner,et al.  ELAN: A logical framework based on computational systems , 1996, WRLA.

[42]  Jean-Marc Andreoli,et al.  Communication as fair distribution of knowledge , 1991, Conference on Object-Oriented Programming Systems, Languages, and Applications.

[43]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[44]  Frank Pfenning,et al.  A Linear Logical Framework , 2002, Inf. Comput..

[45]  P.A. Abdulla,et al.  Better is better than well: on efficient verification of infinite-state systems , 2000, Proceedings Fifteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.99CB36332).

[46]  Richard Gerber,et al.  Symbolic Model Checking of Infinite State Systems Using Presburger Arithmetic , 1997, CAV.

[47]  E. C. Milner Basic WQO- and BQO-Theory , 1985 .

[48]  Frank Pfenning,et al.  A Semi-Functional Implementation of a Higher-Order Logic Programming Language , 1990 .

[49]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[50]  Pierre Wolper,et al.  Verifying Properties of Large Sets of Processes with Network Invariants , 1990, Automatic Verification Methods for Finite State Systems.

[51]  Amir Pnueli,et al.  Parameterized Verification with Automatically Computed Inductive Assertions , 2001, CAV.

[52]  Amir Pnueli,et al.  Automatic Deductive Verification with Invisible Invariants , 2001, TACAS.

[53]  Catuscia Palamidessi,et al.  Encoding Transition Systems in Sequent Calculus , 2003, Linear Logic Tokyo Meeting.

[54]  Laurent Vigneron,et al.  Positive Deduction modulo Regular Theories , 1995, CSL.

[55]  Paul Syverson,et al.  Dolev-Yao is no better than Machiavelli , 2000 .

[56]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[57]  Hassen Saïdi,et al.  Abstraction of parameterized networks , 1997, INFINITY.

[58]  Somesh Jha,et al.  Model Checking for Security Protocols , 1997 .

[59]  Laurent Fribourg,et al.  Reachability sets of parameterized rings as regular languages , 1997, INFINITY.

[60]  Alberto Pettorossi,et al.  Verification of Sets of Infinite State Processes Using Program Transformation , 2001, LOPSTR.

[61]  Dale Miller,et al.  Logic programming in a fragment of intuitionistic linear logic , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[62]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[63]  Vijay A. Saraswat,et al.  Concurrent constraint programming , 1989, POPL '90.

[64]  Michael J. Maher A CLP View of Logic Programming , 1992, ALP.

[65]  M. Clavel,et al.  Principles of Maude , 1996, WRLA.

[66]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[67]  Dale Miller,et al.  Forum: A Multiple-Conclusion Specification Logic , 1996, Theor. Comput. Sci..

[68]  Laurent Fribourg,et al.  Constraint Logic Programming Applied to Model Checking , 1999, LOPSTR.

[69]  Frank Pfenning,et al.  Logical Frameworks , 2001, Handbook of Automated Reasoning.

[70]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[71]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[72]  Horatiu Cirstea Specifying Authentication Protocols Using Rewriting and Strategies , 2001, PADL.

[73]  Aziz Abdulla,et al.  Verifying Networks of Timed ProcessesParosh , 1998 .

[74]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[75]  Giorgio Delzanno,et al.  Attacking Symbolic State Explosion , 2001, CAV.

[76]  Lawrence C. Paulson,et al.  ML for the working programmer (2. ed.) , 1996 .

[77]  Elmar Eder Properties of Substitutions and Unifications , 1983, GWAI.

[78]  A. Scedrov,et al.  Interpreting Strands in Linear Logic , 2000 .

[79]  Parosh Aziz Abdulla,et al.  Handling Global Conditions in Parameterized System Verification , 1999, CAV.

[80]  Manuel Silva Suárez,et al.  Linear Algebraic and Linear Programming Techniques for the Analysis of Place or Transition Net Systems , 1996, Petri Nets.

[81]  Robert Harper,et al.  Programming in Standard ML , 2002 .

[82]  Richard M. Karp,et al.  Parallel Program Schemata , 1969, J. Comput. Syst. Sci..

[83]  Michael J. C. Gordon,et al.  Edinburgh LCF: A mechanised logic of computation , 1979 .

[84]  Giorgio Delzanno,et al.  A bottom-up semantics for linear logic programs , 2000, PPDP '00.

[85]  Michaël Rusinowitch,et al.  Automated deduction with associative-commutative operators , 1991, Applicable Algebra in Engineering, Communication and Computing.

[86]  F. S. deBoer,et al.  A Timed Concurrent Constraint Language , 2000 .

[87]  Jean-Marc Andreoli Coordination in LO , 1996 .

[88]  Alexey P. Kopylov Decidability of linear affine logic , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[89]  Giorgio Delzanno,et al.  An Effective Bottom-Up Semantics for First-Order Linear Logic Programs , 2001, FLOPS.

[90]  Mogens Nielsen,et al.  Decidability Issues for Petri Nets - a survey , 1994, Bull. EATCS.

[91]  Parosh Aziz Abdulla,et al.  Verifying Networks of Timed Processes (Extended Abstract) , 1998, TACAS.

[92]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murϕ , 1999, Formal Methods Syst. Des..

[93]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[94]  Chris Reade,et al.  ML for the Working Programmer (2nd edition) by L. C. Paulson, Cambridge University Press, 1996. A Practical Course in Functional Programming Using Standard ML by R. Bosworth, McGraw Hill, 1996. , 1997, Journal of Functional Programming.

[95]  Robin Milner,et al.  Edinburgh lcf: a mechanized logic of computation , 1978 .

[96]  Jawahar Chirimar,et al.  Proof theoretic approach to specification languages , 1995 .

[97]  Marcus Nilsson,et al.  Transitive Closures of Regular Relations for Verifying Infinite-State Systems , 2000, TACAS.

[98]  Glynn Winskel,et al.  Petri Nets as Models of Linear Logic , 1990 .

[99]  Dale Miller,et al.  Reasoning in a logic with definitions and induction , 1997 .

[100]  Iliano Cervesato Typed Multiset Rewriting Specifications of Security Protocols , 2000, Electron. Notes Theor. Comput. Sci..

[101]  Kenneth L. McMillan,et al.  Induction in Compositional Model Checking , 2000, CAV.

[102]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[103]  J. MeseguerComputer Protocol Speci cation and Analysis in Maude , 1998 .

[104]  Maurizio Gabbrielli,et al.  The s-Semantics Approach: Theory and Applications , 1994, J. Log. Program..

[105]  Joxan Jaffar,et al.  Constraint logic programming , 1987, POPL '87.

[106]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[107]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murphi , 1996, CAV.

[108]  Giorgio Delzanno Specifying and Debugging Security Protocols via Hereditary Harrop Formulas and \lambda Prolog - A Case-study , 2001, FLOPS.

[109]  L. Dickson Finiteness of the Odd Perfect and Primitive Abundant Numbers with n Distinct Prime Factors , 1913 .

[110]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[111]  Michael Winikoff,et al.  Making logic programs reactive , 1998 .

[112]  Tiziana Margaria,et al.  MOSEL: A FLexible Toolset for Monadic Second-Order Logic , 1997, TACAS.

[113]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[114]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[115]  Robert P. Kurshan,et al.  A structural induction theorem for processes , 1989, PODC.

[116]  Giorgio Delzanno,et al.  Model Checking in CLP , 1999, TACAS.

[117]  Parosh Aziz Abdulla,et al.  General decidability theorems for infinite-state systems , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[118]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[119]  Nils Klarlund,et al.  Mona: Monadic Second-Order Logic in Practice , 1995, TACAS.

[120]  José Meseguer,et al.  Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[121]  Krzysztof R. Apt,et al.  Logic Programming , 1990, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[122]  Giorgio Delzanno,et al.  On the Relations between Disjunctive and Linear Logic Programming , 2001, APPIA-GULP-PRODE.

[123]  Giorgio Delzanno,et al.  Constraint-Based Analysis of Broadcast Protocols , 1999, CSL.

[124]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[125]  Catuscia Palamidessi,et al.  Algebraic Properties of Idempotent Substitutions , 1990, ICALP.

[126]  Giorgio Levi,et al.  A Model-Theoretic Reconstruction of the Operational Semantics of Logic Programs , 1993, Inf. Comput..

[127]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[128]  Jonathan K. Millen,et al.  CAPSL: Common Authentication Protocol Specification Language , 1996, NSPW '96.

[129]  Alain Finkel,et al.  On the verification of broadcast protocols , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[130]  Jean-Marc Andreoli,et al.  True Concurrency Semantics for a Linear Logic Programming Language with Braodcast Communication , 1993, TAPSOFT.

[131]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[132]  Parosh Aziz Abdulla,et al.  Channel Representations in Protocol Verification , 2001, CONCUR.

[133]  Dale Miller The pi-Calculus as a Theory in Linear Logic: Preliminary Results , 1992, ELP.

[134]  Kedar S. Namjoshi,et al.  On model checking for non-deterministic infinite-state systems , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[135]  Iliano Cervesato,et al.  Petri Nets and Linear Logic: a Case Study for Logic Programming , 1995, GULP-PRODE.

[136]  Amir Pnueli,et al.  Symbolic model checking with rich assertional languages , 2001, Theor. Comput. Sci..

[137]  Gopalan Nadathur,et al.  Uniform Proofs as a Foundation for Logic Programming , 1991, Ann. Pure Appl. Log..

[138]  Y. Lafont From proof-nets to interaction nets , 1995 .