Gennaro Parlato

Gennaro Parlato
Università degli Studi del Molise | Università del Molise · Department of Biosciences and Territory

PhD in Computer Science

About

74
Publications
13,557
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,661
Citations
Citations since 2016
20 Research Items
1019 Citations
2016201720182019202020212022050100150200250300
2016201720182019202020212022050100150200250300
2016201720182019202020212022050100150200250300
2016201720182019202020212022050100150200250300
Additional affiliations
October 2018 - present
Università degli Studi del Molise
Position
  • Professor (Associate)
October 2016 - present
University of Southampton
Position
  • Professor (Associate)
May 2011 - August 2021
University of Southampton
Position
  • Lecturer
Education
October 2002 - March 2006
Università degli Studi di Salerno
Field of study
  • Computer Science

Publications

Publications (74)
Conference Paper
Full-text available
Reasoning about data structures requires powerful logics supporting the combination of structural and data properties. We define a new logic called Mso-D (Monadic Second-Order logic with Data) as an extension of standard Mso on trees with predicates of the desired data logic. We also define a new class of symbolic data tree automata (Sdtas) to deal...
Chapter
Full-text available
Reasoning about data structures requires powerful logics supporting the combination of structural and data properties. We define a new logic called Mso-D (Monadic Second-Order logic with Data) as an extension of standard Mso on trees with predicates of the desired data logic. We also define a new class of symbolic data tree automata ( Sdta s) to de...
Article
Full-text available
Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a non...
Article
Full-text available
Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a non...
Article
A multi-stack pushdown system is a natural model of concurrent programs. The basic verification problems are in general undecidable (two stacks suffice to encode a Turing machine), and in the last years, there have been some successful approaches based on under-approximating the system behaviors. In this paper, we propose a restriction of the seman...
Conference Paper
Full-text available
Concurrency poses a major challenge for program verification, but it can also offer an opportunity to scale when subproblems can be analysed in parallel. We exploit this opportunity here and use a parametrizable code-to-code translation to generate a set of simpler program instances, each capturing a reduced set of the original program’s interleavi...
Conference Paper
Full-text available
Sequentialization translates concurrent programs into equivalent nondeterministic sequential programs so that the different concurrent schedules no longer need to be handled explicitly. However, existing sequentializations assume sequential consistency, which modern hardware architectures no longer guarantee. Here we describe a new approach to embe...
Conference Paper
Full-text available
Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an...
Conference Paper
Full-text available
Lazy sequentialization has proven to be one of the most effective techniques for concurrent program verification. The Lazy-CSeq sequentialization tool performs a “lazy” code-to-code translation from a concurrent program into an equivalent non-deterministic sequential program, i.e., it preserves the valuations of the program variables along its exec...
Conference Paper
Full-text available
Lazy sequentialization has emerged as one of the most effective techniques to find bugs in concurrent programs. However, the size of the shared global and thread-local state still poses a problem for further scaling. We therefore use abstract interpretation to minimize the representation of the concurrent program’s state variables. More specificall...
Conference Paper
Full-text available
Lazy sequentialization has emerged as one of the most effective techniques to find bugs in concurrent programs. However, the size of the shared global and thread-local state still poses a problem for further scaling. We there- fore use abstract interpretation to minimize the representation of the concurrent program’s state variables. More specifica...
Conference Paper
Lazy sequentialization has emerged as one of the most promising approaches for concurrent program analysis but the only efficient implementation given so far works just for bounded programs. This restricts the approach to bug-finding purposes. In this paper, we describe and evaluate a new lazy sequentialization translation that does not unwind loop...
Conference Paper
Full-text available
Lazy sequentialization is one of the most effective approaches for the bounded verification of concurrent programs. Existing tools assume sequential consistency (SC), thus the feasibility of lazy sequentializations for weak memory models (WMMs) remains untested. Here, we describe the first lazy sequentialization approach for the total store order (...
Article
Sequentialization is one of the most promising approaches for the symbolic analysis of concurrent programs. However, existing sequentializations assume sequential consistency, which modern hardware architectures no longer guarantee. In this paper we describe an approach to embed weak memory models within eager sequentializations (a la Lal/Reps). Ou...
Article
We consider the feasibility problem of integer linear programming (ILP). We show that solutions of any ILP instance can be naturally represented by an FO-definable class of graphs. For each solution there may be many graphs representing it. However, one of these graphs is of path-width at most 2n, where n is the number of variables in the instance....
Conference Paper
We present the MU-CSeq tool for the verification of multi-threaded C programs with dynamic thread creation, dynamic memory allocation, and pointer arithmetic. It is based on sequentializing the programs over the new notion of individual memory location unwinding (IMU). IMU is derived from the notion of memory unwinding that has been implemented in...
Article
We describe an approach to design static analysis and verification tools for concurrent programs that separates intra-thread computation from inter- thread communication by means of a shared memory abstraction (SMA). We formally characterize the concept of thread-asynchronous transition systems that underpins our approach and that allows us to desi...
Article
We study the formal language theory of multistack pushdown automata (MPA) restricted to computations where a symbol can be popped from a stack S only if it was pushed within a bounded number of contexts of S (scoped MPA). We show that scoped MPA are indeed a robust model of computation, by focusing on the corresponding theory of visibly MPA (MVPA)....
Article
Full-text available
Sequentialization translates concurrent programs into (under certain assumptions) equivalent nondeterministic sequential programs and so reduces concurrent verification to its sequential counterpart. In previous work, we have developed and implemented in the Lazy-CSeq tool a lazy sequentialization schema for bounded programs that introduces very sm...
Conference Paper
Full-text available
Lazy-CSeq is a context-bounded verification tool for sequentially consistent C programs using POSIX threads. It first translates a multi-threaded C program into a bounded nondeterministic sequential C program that preserves bounded reachability for all round-robin schedules up to a given number of rounds. It then reuses existing high-performance bo...
Conference Paper
Full-text available
We describe a new CSeq module that implements improved algorithms for the verification of multi-threaded C programs with dynamic thread creation. It is based on sequentializing the programs according to a guessed sequence of write operations in the shared memory (memory unwinding, MU). The original algorithm (implemented in MU-CSeq 0.1) stores the...
Conference Paper
Full-text available
We describe a new CSeq module for the verification of multi-threaded C programs with dynamic thread creation. This module implements a variation of the lazy sequentialization algorithm implemented in Lazy-CSeq. The main novelty is that we do not bound here the number of round-robin schedules in an execution and the loops that do not contain a threa...
Conference Paper
Full-text available
We describe a new sequentialization-based approach to the symbolic verification of multi-threaded programs with shared memory and dynamic thread creation. Its main novelty is the idea of memory unwinding, i.e., an explicit representation of the sequence of write operations into the shared memory. For the verification, we nondeterministically guess...
Conference Paper
Full-text available
We describe a version of the lazy sequentialization schema by La Torre, Madhusudan, and Parlato that is optimized for bounded programs, and avoids the re-computation of the local state of each process at each context switch. Lazy-CSeq implements this sequentialization schema for sequentially consistent C programs using POSIX threads. Experiments sh...
Article
Full-text available
We consider the feasibility problem of integer linear programming (ILP). We show that solutions of any ILP instance can be naturally represented by an FO-definable class of graphs. For each solution there may be many graphs representing it. However, one of these graphs is of path-width at most 2n, where n is the number of variables in the instance....
Conference Paper
Full-text available
We give a general approach to show the closure under com-plement and decide the emptiness for many classes of multistack visibly pushdown automata (Mvpa). A central notion in our approach is the vis-ibly path-tree, i.e., a stack tree with the encoding of a path that denotes a linear ordering of the nodes. We show that the set of all such trees with...
Conference Paper
Full-text available
We study the formal language theory of multistack pushdown automata (Mpa) restricted to computations where a symbol can be popped from a stack S only if it was pushed within a bounded number of contexts of S (scoped Mpa). We contribute to show that scoped Mpa are indeed a robust model of computation, by focusing on the corresponding theory of visib...
Conference Paper
Full-text available
Bounded model checking (BMC) has successfully been used for many practical program verification problems, but concurrency still poses a challenge. Here we describe a new approach to BMC of sequen-tially consistent C programs using POSIX threads. Our approach first translates a multi-threaded C program into a nondeterministic sequen-tial C program t...
Technical Report
Full-text available
We propose a generalization of results on the decidability of emptiness for several restricted classes of sequential a nd distributed automata with auxiliary storage (stacks, queu es) that have recently been proved. Our generalization relies o n reducing emptiness of these automata to finite-stategraph automata (without storage) defined on monadic...
Conference Paper
Full-text available
In this paper we present Vac, an automatic tool for ver-ifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in sev-eral software. Automatic security analysis of administrative RBAC sys-tems is...
Article
Full-text available
Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today's organizations for enforcing security. For every model, it is necessary to analyze and prove that the corresponding system is secure. Such...
Book
Full-text available
We address the state reachability problem in concurrent pro-grams running over the TSO weak memory model. This problem has been shown to be decidable with non-primitive recursive complexity in the case of finite-state threads. For recursive threads this problem is unde-cidable. The aim of this paper is to provide under-approximate analyses for TSO...
Conference Paper
Full-text available
We implement a new sequentialization algorithm for multi-threaded C programs with dynamic thread creation as a new CSeq module. The novel basic idea of this algorithm is to fix (by a nondeterministic guess) the sequence of write operations in the shared memory and then simulate the behavior of the program according to any scheduling that respects t...
Conference Paper
Full-text available
We describe a version of the lazy sequentialization schema by La Torre, Madhusudan, and Parlato that is optimized for bounded programs, and avoids the re-computation of the local state of each process at each context switch. Lazy-CSeq implements this sequentialization schema for sequentially consistent C programs using POSIX threads. Experiments sh...
Conference Paper
Full-text available
Sequentialization translates concurrent programs into equivalent nondeterministic sequential programs so that the different concurrent schedules no longer need to be handled explicitly. It can thus be used as a concurrency preprocessing technique for automated sequential program verification tools. Our CSeq tool implements a novel sequentialization...
Conference Paper
Full-text available
We propose a new approach to heap analysis through an abstract domain of automata, called automatic shapes. The abstract domain uses a particular kind of automata, called quantified data automata on skinny trees (QSDAs), that allows to define universally quantified properties of singly-linked lists. To ensure convergence of the abstract fixed-point...
Article
We contribute to the theory of formal languages of visibly multistack pushdown automata (MVPA). First, we show closure under the main operations and decidability of the main decision problems for the class of MVPA restricted to computations where a symbol can be popped out of a stack S only if it was pushed within the last k contexts of S, for a g...
Conference Paper
Full-text available
Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the analysis of ARBAC policies without separate admi...
Conference Paper
Full-text available
Sequentialization translates concurrent programs into equivalent non-deterministic sequential programs so that the different concurrent schedules no longer need to be handled explicitly. It can thus be used as a concurrency pre-processor for many sequential program verification techniques. CSeq implements sequentialization for C and uses ESBMC as s...
Article
We present a novel framework to reason about programs based on encodings of computations as graphs. The main insight here is to rearrange the programs such that given a bound k, each computation can be explored according to any tree decomposition of width k of the corresponding behaviour graph. This produces under-approximations parameterized on k,...
Conference Paper
Full-text available
We present a novel fixed-point algorithm to solve reachability of multi-stack pushdown systems restricted to runs where matching push and pop transitions happen within a bounded number of context switches. The followed approach is compositional, in the sense that the runs of the system are summarized by bounded-size interfaces. Moreover, it is suit...
Conference Paper
Full-text available
We exhibit assertion-preserving (reachability preserving) transformations from parameterized concurrent shared-memory programs, under a k-round scheduling of processes, to sequential programs. The salient feature of the sequential program is that it tracks the local variables of only one thread at any point, and uses only O(k) copies of shared vari...
Conference Paper
Full-text available
Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and de...
Article
Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and de...
Conference Paper
Full-text available
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction-based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC p...
Conference Paper
Full-text available
We propose an approach for reducing the TSO reachability analysis of concurrent programs to their SC reachability analysis, under some conditions on the explored behaviors. First, we propose a linear code-to-code translation that takes as input a concurrent program P and produces a concurrent program P′ such that, running P′ under SC yields the sam...
Conference Paper
Full-text available
We propose a general framework for compositional underapproximate concurrent program analyses by reduction to sequential program analyses—so-called sequentializations. We notice the existing sequentializations—based on bounding the number of execution contexts, execution rounds, or delays from a deterministic task-schedule—rely on three key feature...
Conference Paper
Full-text available
We define a new logic, STRAND, that allows reasoning with heap-manipulating programs using deductive verification and SMT solvers. STRAND logic ("STRucture ANd Data" logic) formulas express constraints involving heap structures and the data they contain; they are defined over a class of pointer-structures R defined using MSO-defined relations over...
Conference Paper
Full-text available
We propose a generalization of results on the decidability of emptiness for several restricted classes of sequential and distributed automata with auxiliary storage (stacks, queues) that have recently been proved. Our generalization relies on reducing emptiness of these automata to finite-state graph automata (without storage) restricted to monadic...
Article
Full-text available
Given an undirected and vertex weighted graph G = (V,E,w), the Weighted Feedback Vertex Problem (WFVP) consists of finding a subset F ⊆ V of vertices of minimum weight such that each cycle in G contains at least one vertex in F. The WFVP on general graphs is known to be NP-hard and to be polynomially solvable on some special classes of graphs (e.g....
Conference Paper
Full-text available
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program veri?cation. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC po...
Conference Paper
Full-text available
We consider the verification of parameterized Boolean programs— abstractions of shared-memory concurrent programs with an unbounded number of threads. We propose that such programs can be model-checked by iteratively considering the program under k-round schedules, for increasing values of k, using a novel compositional construct called linear inte...
Conference Paper
Full-text available
Concurrent compositions of recursive programs with finite data are a natural abstraction model for concurrent programs. Since reachability is undecidable for this class, a restricted form of reachabil- ity has become popular in the formal verification literature, where the set of states reached within k context-switches, for a fixed small con- stan...
Conference Paper
Full-text available
We give a translation from concurrent programs to sequential programs that reduces the context-bounded reachability problem in the concurrent program to a reachability problem in the sequential one. The translation has two salient features: (a) the sequential program tracks, at any time, the local state of only one thread (though it does track mult...
Conference Paper
Full-text available
We show that recursive programs where variables range over fi- nite domains can be effectively and efficiently analyzed by describ- ing the analysis algorithm using a formula in a fixed-point calcu- lus. In contrast with programming in traditional languages, a fixed- point calculus serves as a high-level programming language to eas- ily, correctly,...
Article
Full-text available
We show that recursive programs where variables range over finite domains can be effectively and efficiently analyzed by describing the analysis algorithm using a formula in a fixed-point calculus. In contrast with programming in traditional languages, a fixed-point calculus serves as a high-level programming language to easily, correctly, and succ...
Article
In this paper we study optimization problems with verifiable one-parameter selfish agents introduced by Auletta et al. (ICALP 2004). Our goal is to allocate load among the agents, provided that the secret data of each agent is a single positive real number: the cost they incur per unit load. In such a setting the payment is given after the load com...
Conference Paper
Full-text available
Infinite-state automata are a new invention: they are automata that have an infinite number of states represented by words, transitions defined using rewriting, and with sets of initial and final states. Infinite-state automata have gained recent interest due to a remarkable result by Morvan and Stirling, which shows that automata with transitions...
Article
Full-text available
A hierarchical state machine (Hsm) is a finite state machine where a vertex can either expand to another hierarchical state machine (box) or be a basic vertex (node). Each node is labeled with atomic propositions. We study an extension of such model which allows atomic propositions to label also boxes (Shsm). We show that Shsms can be exponentially...
Conference Paper
Full-text available
We show that the bounded context-switching reachability problem for concurrent finite systems communicating using unbounded FIFO queues is decidable, where in each context a process reads from only one queue (but is allowed to write onto all other queues). Our result also holds when individual processes are finite-state recursive programs provided...
Conference Paper
Full-text available
We define a new class of languages defined by multi-stack automata that forms a robust subclass of context-sensitive languages, with decidable emptiness and closure under boolean operations. This class, called multi-stack visibly pushdown languages (MVPLs), is defined using multi-stack pushdown automata with two restrictions: (a) the pushdown autom...
Conference Paper
Full-text available
Recursive state machines (rsms) are models for programs with recursive procedural calls. While Ltl model-checking is Exptime-complete on such models, on finite-state machines, it is Pspace-complete in general and becomes Np-complete for interesting fragments. In this paper, we systematically study the computational complexity of model-checking rsms...
Conference Paper
Full-text available
A hierarchical state machine (HSM) is a flnite state machine where a vertex can either expand to another hierarchical state machine (box) or be a basic vertex (node). Each node is labeled with atomic propositions. We study an extension of such model which allows atomic propositions to label also boxes (SHSM). We show that SHSMs can be exponentially...
Article
Full-text available
In this paper we study optimization problems with verifiable one-parameter selfish agents introduced by Auletta et al. (ICALP 2004). Our goal is to allocate load among the agents, provided that the secret data of each agent is a single positive rational number: the cost they incur per unit load. In such a setting the payment is given after the load...
Article
Full-text available
Given an undirected and vertex weighted graph G, the Weighted Feedback Vertex Problem (WFVP) consists in finding a subset F⊆V of vertices of minimum weight such that each cycle in G contains at least one vertex in F. The WFVP on general graphs is known to be NP-hard. In this paper we introduce a new class of graphs, namely the diamond graphs, and g...