1,980 research outputs found
Exploiting Deep Semantics and Compositionality of Natural Language for Human-Robot-Interaction
We develop a natural language interface for human robot interaction that
implements reasoning about deep semantics in natural language. To realize the
required deep analysis, we employ methods from cognitive linguistics, namely
the modular and compositional framework of Embodied Construction Grammar (ECG)
[Feldman, 2009]. Using ECG, robots are able to solve fine-grained reference
resolution problems and other issues related to deep semantics and
compositionality of natural language. This also includes verbal interaction
with humans to clarify commands and queries that are too ambiguous to be
executed safely. We implement our NLU framework as a ROS package and present
proof-of-concept scenarios with different robots, as well as a survey on the
state of the art
Rehearsal: A Configuration Verification Tool for Puppet
Large-scale data centers and cloud computing have turned system configuration
into a challenging problem. Several widely-publicized outages have been blamed
not on software bugs, but on configuration bugs. To cope, thousands of
organizations use system configuration languages to manage their computing
infrastructure. Of these, Puppet is the most widely used with thousands of
paying customers and many more open-source users. The heart of Puppet is a
domain-specific language that describes the state of a system. Puppet already
performs some basic static checks, but they only prevent a narrow range of
errors. Furthermore, testing is ineffective because many errors are only
triggered under specific machine states that are difficult to predict and
reproduce. With several examples, we show that a key problem with Puppet is
that configurations can be non-deterministic.
This paper presents Rehearsal, a verification tool for Puppet configurations.
Rehearsal implements a sound, complete, and scalable determinacy analysis for
Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use
several analyses to shrink our models to a tractable size, and (3) frame
determinism-checking as decidable formulas for an SMT solver. Rehearsal then
leverages the determinacy analysis to check other important properties, such as
idempotency. Finally, we apply Rehearsal to several real-world Puppet
configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language
Design and Implementation (PLDI) 201
A true positives theorem for a static race detector
RacerD is a static race detector that has been proven to be effective in engineering practice: it has seen thousands of data races fixed by developers before reaching production, and has supported the migration of Facebook's Android app rendering infrastructure from a single-threaded to a multi-threaded architecture. We prove a True Positives Theorem stating that, under certain assumptions, an idealized theoretical version of the analysis never reports a false positive. We also provide an empirical evaluation of an implementation of this analysis, versus the original RacerD.
The theorem was motivated in the first case by the desire to understand the observation from production that RacerD was providing remarkably accurate signal to developers, and then the theorem guided further analyzer design decisions. Technically, our result can be seen as saying that the analysis computes an under-approximation of an over-approximation, which is the reverse of the more usual (over of under) situation in static analysis. Until now, static analyzers that are effective in practice but unsound have often been regarded as ad hoc; in contrast, we suggest that, in the future, theorems of this variety might be generally useful in understanding, justifying and designing effective static analyses for bug catching
Proving termination using abstract interpretation
PhDOne way to develop more robust software is to use formal program verification. Formal program
verification requires the construction of a formal mathematical proof of the programs correctness.
In the past ten years or so there has been much progress in the use of automated tools
to formally prove properties of programs. However many such tools focus on proving safety
properties: that something bad does not happen. Liveness properties, where we try to prove
that something good will happen, have received much less attention. Program termination is
an example of a liveness property. It has been known for a long time that to prove program
termination we need to discover some function which maps program states to a well-founded
set. Essentially we need to find one global argument for why the program terminates. Finding
such an argument which overapproximates the entire program is very difficult. Recently, Podelski
and Rybalchenko discovered a more compositional proof rule to find disjunctive termination
arguments. Disjunctive termination arguments requires a series of termination arguments that
individually may only cover part of the program but when put together give a reason for why
the entire program will terminate. Thus we do not need to search for one overall reason for
termination but we can break the problem down and focus on smaller parts of the program.
This thesis develops a series of abstract interpreters for proving the termination of imperative
programs. We make three contributions, each of which makes use of the Podelski-Rybalchenko
result.
Firstly we present a technique to re-use domains and operators from abstract interpreters for
safety properties to produce termination analysers. This technique produces some very fast
termination analysers, but is limited by the underlying safety domain used.
We next take the natural step forward: we design an abstract domain for termination. This
abstract domain is built from ranking functions: in essence the abstract domain only keeps track
of the information necessary to prove program termination. However, the abstract domain is
limited to proving termination for language with iteration.
In order to handle recursion we use metric spaces to design an abstract domain which can handle
recursion over the unit type. We define a framework for designing abstract interpreters for liveness
properties such as termination. The use of metric spaces allows us to model the semantics
of infinite computations for programs with recursion over the unit type so that we can design
an abstract interpreter in a systematic manner. We have to ensure that the abstract interpreter is
well-behaved with respect to the metric space semantics, and our framework gives a way to do
this
Static Analysis of Run-Time Errors in Embedded Real-Time Parallel C Programs
We present a static analysis by Abstract Interpretation to check for run-time
errors in parallel and multi-threaded C programs. Following our work on
Astr\'ee, we focus on embedded critical programs without recursion nor dynamic
memory allocation, but extend the analysis to a static set of threads
communicating implicitly through a shared memory and explicitly using a finite
set of mutual exclusion locks, and scheduled according to a real-time
scheduling policy and fixed priorities. Our method is thread-modular. It is
based on a slightly modified non-parallel analysis that, when analyzing a
thread, applies and enriches an abstract set of thread interferences. An
iterator then re-analyzes each thread in turn until interferences stabilize. We
prove the soundness of our method with respect to the sequential consistency
semantics, but also with respect to a reasonable weakly consistent memory
semantics. We also show how to take into account mutual exclusion and thread
priorities through a partitioning over an abstraction of the scheduler state.
We present preliminary experimental results analyzing an industrial program
with our prototype, Th\'es\'ee, and demonstrate the scalability of our
approach
Cross-entropy optimisation of importance sampling parameters for statistical model checking
Statistical model checking avoids the exponential growth of states associated
with probabilistic model checking by estimating properties from multiple
executions of a system and by giving results within confidence bounds. Rare
properties are often very important but pose a particular challenge for
simulation-based approaches, hence a key objective under these circumstances is
to reduce the number and length of simulations necessary to produce a given
level of confidence. Importance sampling is a well-established technique that
achieves this, however to maintain the advantages of statistical model checking
it is necessary to find good importance sampling distributions without
considering the entire state space.
Motivated by the above, we present a simple algorithm that uses the notion of
cross-entropy to find the optimal parameters for an importance sampling
distribution. In contrast to previous work, our algorithm uses a low
dimensional vector of parameters to define this distribution and thus avoids
the often intractable explicit representation of a transition matrix. We show
that our parametrisation leads to a unique optimum and can produce many orders
of magnitude improvement in simulation efficiency. We demonstrate the efficacy
of our methodology by applying it to models from reliability engineering and
biochemistry.Comment: 16 pages, 8 figures, LNCS styl
- …