10,354 research outputs found
Model checking polygonal differential inclusions using invariance kernels
Polygonal hybrid systems are a subclass of planar hybrid
automata which can be represented by piecewise constant differential
inclusions. Here, we identify and compute an important object of such
systems’ phase portrait, namely invariance kernels. An invariant set is a
set of initial points of trajectories which keep rotating in a cycle forever
and the invariance kernel is the largest of such sets. We show that this
kernel is a non-convex polygon and we give a non-iterative algorithm for
computing the coordinates of its vertices and edges. Moreover, we present
a breadth-first search algorithm for solving the reachability problem for
such systems. Invariance kernels play an important role in the algorithm.peer-reviewe
Abstract Interpretation with Unfoldings
We present and evaluate a technique for computing path-sensitive interference
conditions during abstract interpretation of concurrent programs. In lieu of
fixed point computation, we use prime event structures to compactly represent
causal dependence and interference between sequences of transformers. Our main
contribution is an unfolding algorithm that uses a new notion of independence
to avoid redundant transformer application, thread-local fixed points to reduce
the size of the unfolding, and a novel cutoff criterion based on subsumption to
guarantee termination of the analysis. Our experiments show that the abstract
unfolding produces an order of magnitude fewer false alarms than a mature
abstract interpreter, while being several orders of magnitude faster than
solver-based tools that have the same precision.Comment: Extended version of the paper (with the same title and authors) to
appear at CAV 201
Succinct Representations for Abstract Interpretation
Abstract interpretation techniques can be made more precise by distinguishing
paths inside loops, at the expense of possibly exponential complexity.
SMT-solving techniques and sparse representations of paths and sets of paths
avoid this pitfall. We improve previously proposed techniques for guided static
analysis and the generation of disjunctive invariants by combining them with
techniques for succinct representations of paths and symbolic representations
for transitions based on static single assignment. Because of the
non-monotonicity of the results of abstract interpretation with widening
operators, it is difficult to conclude that some abstraction is more precise
than another based on theoretical local precision results. We thus conducted
extensive comparisons between our new techniques and previous ones, on a
variety of open-source packages.Comment: Static analysis symposium (SAS), Deauville : France (2012
Abstract Interpretation of Supermodular Games
Supermodular games find significant applications in a variety of models,
especially in operations research and economic applications of noncooperative
game theory, and feature pure strategy Nash equilibria characterized as fixed
points of multivalued functions on complete lattices. Pure strategy Nash
equilibria of supermodular games are here approximated by resorting to the
theory of abstract interpretation, a well established and known framework used
for designing static analyses of programming languages. This is obtained by
extending the theory of abstract interpretation in order to handle
approximations of multivalued functions and by providing some methods for
abstracting supermodular games, in order to obtain approximate Nash equilibria
which are shown to be correct within the abstract interpretation framework
Abstract Interpretation of Stateful Networks
Modern networks achieve robustness and scalability by maintaining states on
their nodes. These nodes are referred to as middleboxes and are essential for
network functionality. However, the presence of middleboxes drastically
complicates the task of network verification. Previous work showed that the
problem is undecidable in general and EXPSPACE-complete when abstracting away
the order of packet arrival.
We describe a new algorithm for conservatively checking isolation properties
of stateful networks. The asymptotic complexity of the algorithm is polynomial
in the size of the network, albeit being exponential in the maximal number of
queries of the local state that a middlebox can do, which is often small.
Our algorithm is sound, i.e., it can never miss a violation of safety but may
fail to verify some properties. The algorithm performs on-the fly abstract
interpretation by (1) abstracting away the order of packet processing and the
number of times each packet arrives, (2) abstracting away correlations between
states of different middleboxes and channel contents, and (3) representing
middlebox states by their effect on each packet separately, rather than taking
into account the entire state space. We show that the abstractions do not lose
precision when middleboxes may reset in any state. This is encouraging since
many real middleboxes reset, e.g., after some session timeout is reached or due
to hardware failure
- …