Static Provenance Verification for Message Passing Programs

  • Rupak Majumdar
  • Roland Meyer
  • Zilong Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7935)


Provenance information records the source and ownership history of an object. We study the problem of provenance tracking in concurrent programs, in which several principals execute concurrent processes and exchange messages over unbounded but unordered channels. The provenance of a message, roughly, is a function of the sequence of principals that have transmitted the message in the past. The provenance verification problem is to statically decide, given a message passing program and a set of allowed provenances, whether the provenance of all messages in all possible program executions, belongs to the allowed set.

We formalize the provenance verification problem abstractly in terms of well-structured provenance domains, and show a general decidability result for it. In particular, we show that if the provenance of a message is a sequence of principals who have sent the message, and a provenance query asks if the provenance lies in a regular set, the problem is decidable and EXPSPACE-complete.

While the theoretical complexity is high, we show an implementation of our technique that performs efficiently on a set of Javascript examples tracking provenances in Firefox extensions. Our experiments show that many browser extensions store and transmit user information although the user sets the browser to the private mode.


Health Question Provenance Information Partial Order Reduction Static Provenance Appointment Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdulla, P.A., Cerans, K., Jonsson, B., Tsay, Y.-K.: General decidability theorems for infinite-state systems. In: LICS 1996, pp. 313–321. IEEE (1996)Google Scholar
  2. 2.
    Barth, A., Mitchell, J., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: CSF, pp. 279–294. IEEE (2007)Google Scholar
  3. 3.
    Buneman, P., Khanna, S., Tan, W.-C.: Why and where: A characterization of data provenance. In: Van den Bussche, J., Vianu, V. (eds.) ICDT 2001. LNCS, vol. 1973, pp. 316–330. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Chaki, S., Rajamani, S., Rehof, J.: Types as models: model checking message-passing programs. In: POPL, pp. 45–57. ACM (2002)Google Scholar
  5. 5.
    Cheney, J., Ahmed, A., Acar, U.: Provenance as dependency analysis. Math. Struct. in Computer Science 21, 1301–1337 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  6. 6.
    Cui, Y., Widom, J., Wiener, J.: Tracing the lineage of view data in a warehousing environment. ACM TODS 25, 179–227 (2000)CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Finkel, A., Schnoebelen, P.: Well-structured transition systems everywhere! Theoretical Computer Science 256(1-2), 63–92 (2001)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Ganty, P., Raskin, J.-F., Begin, L.V.: From many places to few: Automatic abstraction refinement for Petri nets. Fund. Informaticae 88(3), 275–305 (2008)zbMATHGoogle Scholar
  10. 10.
    Geeraerts, G., Raskin, J.-F., Van Begin, L.: Expand, enlarge and check: new algorithms for the coverability problem of WSTS. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 287–298. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Godefroid, P. (ed.): Partial-Order Methods for the Verification of Concurrent Systems. LNCS, vol. 1032. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Green, T., Karvounarakis, G., Tannen, V.: Provenance semirings. In: PODS, pp. 31–40. ACM (2007)Google Scholar
  13. 13.
    Higman, G.: Ordering by divisibility in abstract algebras. Proc. London Math. Soc (3) 2, 326–336 (1952)Google Scholar
  14. 14.
    Holzmann, G.: The Spin model checker. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Huang, Y.-W., Yu, F., Hang, C., Tsai, C.-H., Lee, D.-T., Kuo, S.-Y.: Securing web application code by static analysis and runtime protection. In: WWW, pp. 40–52 (2004)Google Scholar
  16. 16.
    Janák, J.: Issue tracking systems. Diplomová práce, Masarykova univerzita, Fakulta informatiky (2009)Google Scholar
  17. 17.
    Jhala, R., Majumdar, R.: Interprocedural analysis of asynchronous programs. In: POPL 2007, pp. 339–350. ACM (2007)Google Scholar
  18. 18.
    Lipton, R.: The reachability problem is exponential-space hard. Technical Report 62, Department of Computer Science, Yale University (1976)Google Scholar
  19. 19.
    Livshits, B., Lam, M.: Finding security errors in Java programs with static analysis. In: Usenix Security Symposium, pp. 271–286 (2005)Google Scholar
  20. 20.
    Lomazova, I.A., Schnoebelen, P.: Some decidability results for nested Petri nets. In: Bjorner, D., Broy, M., Zamulin, A.V. (eds.) PSI 1999. LNCS, vol. 1755, pp. 208–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Meyer, R., Strazny, T.: Petruchio: From dynamic networks to nets. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 175–179. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Minsky, M.: Finite and Infinite Machines. Prentice-Hall (1967)Google Scholar
  23. 23.
    Pnueli, A., Xu, J., Zuck, L.D.: Liveness with (0,1, ∞ )-counter abstraction. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 107–122. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Rackoff, C.: The covering and boundedness problems for vector addition systems. Theoretical Computer Science 6(2), 223–231 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  25. 25.
    Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21, 5–19 (2003)CrossRefGoogle Scholar
  26. 26.
    Schnoebelen, P.: Revisiting Ackermann-hardness for lossy counter machines and reset Petri nets. In: Hliněný, P., Kučera, A. (eds.) MFCS 2010. LNCS, vol. 6281, pp. 616–628. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Souilah, I., Francalanza, A., Sassone, V.: A formal model of provenance in distributed systems. In: Workshop on the Theory and Practice of Provenance (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Rupak Majumdar
    • 1
  • Roland Meyer
    • 2
  • Zilong Wang
    • 1
  1. 1.MPI-SWSGermany
  2. 2.University of KaiserslauternGermany

Personalised recommendations