14,091 research outputs found
A Case Study in Automated Verification Based on Trace Abstractions
In [14], we proposed a framework for the automatic verification of reactivesystems. Our main tool is a decision procedure, Mona, for MonadicSecond-order Logic (M2L) on finite strings. Mona translates a formula inM2L into a finite-state automaton. We show in [14] how traces, i.e. finiteexecutions, and their abstractions can be described behaviorally. Thesestate-less descriptions can be formulated in terms of customized temporallogic operators or idioms.In the present paper, we give a self-contained, introductory account ofour method applied to the RPC-memory specification problem of the 1994Dagstuhl Seminar on Specification and Refinement of Reactive Systems.The purely behavioral descriptions that we formulate from the informalspecifications are formulas that may span 10 pages or more.Such descriptions are a couple of magnitudes larger than usual temporallogic formulas found in the literature on verification. To securelywrite these formulas, we introduce Fido [16] as a reactive system descriptionlanguage. Fido is designed as a high-level symbolic language forexpressing regular properties about recursive data structures.All of our descriptions have been verified automatically by Mona fromM2L formulas generated by Fido.Our work shows that complex behaviors of reactive systems can beformulated and reasoned about without explicit state-based programming.With Fido, we can state temporal properties succinctly while enjoyingautomated analysis and verification
Bug Hunting with False Negatives Revisited
Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation
StocHy: automated verification and synthesis of stochastic processes
StocHy is a software tool for the quantitative analysis of discrete-time
stochastic hybrid systems (SHS). StocHy accepts a high-level description of
stochastic models and constructs an equivalent SHS model. The tool allows to
(i) simulate the SHS evolution over a given time horizon; and to automatically
construct formal abstractions of the SHS. Abstractions are then employed for
(ii) formal verification or (iii) control (policy, strategy) synthesis. StocHy
allows for modular modelling, and has separate simulation, verification and
synthesis engines, which are implemented as independent libraries. This allows
for libraries to be easily used and for extensions to be easily built. The tool
is implemented in C++ and employs manipulations based on vector calculus, the
use of sparse matrices, the symbolic construction of probabilistic kernels, and
multi-threading. Experiments show StocHy's markedly improved performance when
compared to existing abstraction-based approaches: in particular, StocHy beats
state-of-the-art tools in terms of precision (abstraction error) and
computational effort, and finally attains scalability to large-sized models (12
continuous dimensions). StocHy is available at www.gitlab.com/natchi92/StocHy
Abstracting Asynchronous Multi-Valued Networks: An Initial Investigation
Multi-valued networks provide a simple yet expressive qualitative state based
modelling approach for biological systems. In this paper we develop an
abstraction theory for asynchronous multi-valued network models that allows the
state space of a model to be reduced while preserving key properties of the
model. The abstraction theory therefore provides a mechanism for coping with
the state space explosion problem and supports the analysis and comparison of
multi-valued networks. We take as our starting point the abstraction theory for
synchronous multi-valued networks which is based on the finite set of traces
that represent the behaviour of such a model. The problem with extending this
approach to the asynchronous case is that we can now have an infinite set of
traces associated with a model making a simple trace inclusion test infeasible.
To address this we develop a decision procedure for checking asynchronous
abstractions based on using the finite state graph of an asynchronous
multi-valued network to reason about its trace semantics. We illustrate the
abstraction techniques developed by considering a detailed case study based on
a multi-valued network model of the regulation of tryptophan biosynthesis in
Escherichia coli.Comment: Presented at MeCBIC 201
Compositional nonblocking verificationusing generalised nonblocking abstractions
This paper proposes a method for compositional verification of the standard and generalized nonblocking properties of large discrete event systems. The method is efficient as it avoids the explicit construction of the complete state space by considering and simplifying individual subsystems before they are composed further. Simplification is done using a set of abstraction rules preserving generalized nonblocking equivalence, which are shown to be correct and computationally feasible. Experimental results demonstrate the suitability of the method to verify several large-scale discrete event systems models both for standard and generalized nonblocking
Compositional Falsification of Cyber-Physical Systems with Machine Learning Components
Cyber-physical systems (CPS), such as automotive systems, are starting to
include sophisticated machine learning (ML) components. Their correctness,
therefore, depends on properties of the inner ML modules. While learning
algorithms aim to generalize from examples, they are only as good as the
examples provided, and recent efforts have shown that they can produce
inconsistent output under small adversarial perturbations. This raises the
question: can the output from learning components can lead to a failure of the
entire CPS? In this work, we address this question by formulating it as a
problem of falsifying signal temporal logic (STL) specifications for CPS with
ML components. We propose a compositional falsification framework where a
temporal logic falsifier and a machine learning analyzer cooperate with the aim
of finding falsifying executions of the considered model. The efficacy of the
proposed technique is shown on an automatic emergency braking system model with
a perception component based on deep neural networks
Compositional nonblocking verification with always enabled events and selfloop-only events
This paper proposes to improve compositional nonblocking verification through the use of always enabled and selfloop-only events. Compositional verification involves abstraction to simplify parts of a system during verification. Normally, this abstraction is based on the set of events not used in the remainder of the system, i.e., in the part of the system not being simplified. Here, it is proposed to exploit more knowledge about the system and abstract events even though they are used in the remainder of the system. Abstraction rules from previous work are generalised, and experimental results demonstrate the applicability of the resulting algorithm to verify several industrial-scale discrete event system models, while achieving better state-space reduction than before
Symmetry Reduction Enables Model Checking of More Complex Emergent Behaviours of Swarm Navigation Algorithms
The emergent global behaviours of robotic swarms are important to achieve
their navigation task goals. These emergent behaviours can be verified to
assess their correctness, through techniques like model checking. Model
checking exhaustively explores all possible behaviours, based on a discrete
model of the system, such as a swarm in a grid. A common problem in model
checking is the state-space explosion that arises when the states of the model
are numerous. We propose a novel implementation of symmetry reduction, in the
form of encoding navigation algorithms relatively with respect to a reference,
based on the symmetrical properties of swarms in grids. We applied the relative
encoding to a swarm navigation algorithm, Alpha, modelled for the NuSMV model
checker. A comparison of the state-space and verification results with an
absolute (or global) and a relative encoding of the Alpha algorithm highlights
the advantages of our approach, allowing model checking larger grid sizes and
number of robots, and consequently, verifying more complex emergent behaviours.
For example, a property was verified for a grid with 3 robots and a maximum
allowed size of 8x8 cells in a global encoding, whereas this size was increased
to 16x16 using a relative encoding. Also, the time to verify a property for a
swarm of 3 robots in a 6x6 grid was reduced from almost 10 hours to only 7
minutes. Our approach is transferable to other swarm navigation algorithms.Comment: Accepted for presentation in Towards Autonomous Robotic Systems
(TAROS) 2015, Liverpool, U
- ā¦