145 research outputs found
A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks
We address the problem of estimating the state of a differentially flat
system from measurements that may be corrupted by an adversarial attack. In
cyber-physical systems, malicious attacks can directly compromise the system's
sensors or manipulate the communication between sensors and controllers. We
consider attacks that only corrupt a subset of sensor measurements. We show
that the possibility of reconstructing the state under such attacks is
characterized by a suitable generalization of the notion of s-sparse
observability, previously introduced by some of the authors in the linear case.
We also extend our previous work on the use of Satisfiability Modulo Theory
solvers to estimate the state under sensor attacks to the context of
differentially flat systems. The effectiveness of our approach is illustrated
on the problem of controlling a quadrotor under sensor attacks.Comment: arXiv admin note: text overlap with arXiv:1412.432
Invariant Generation through Strategy Iteration in Succinctly Represented Control Flow Graphs
We consider the problem of computing numerical invariants of programs, for
instance bounds on the values of numerical program variables. More
specifically, we study the problem of performing static analysis by abstract
interpretation using template linear constraint domains. Such invariants can be
obtained by Kleene iterations that are, in order to guarantee termination,
accelerated by widening operators. In many cases, however, applying this form
of extrapolation leads to invariants that are weaker than the strongest
inductive invariant that can be expressed within the abstract domain in use.
Another well-known source of imprecision of traditional abstract interpretation
techniques stems from their use of join operators at merge nodes in the control
flow graph. The mentioned weaknesses may prevent these methods from proving
safety properties. The technique we develop in this article addresses both of
these issues: contrary to Kleene iterations accelerated by widening operators,
it is guaranteed to yield the strongest inductive invariant that can be
expressed within the template linear constraint domain in use. It also eschews
join operators by distinguishing all paths of loop-free code segments. Formally
speaking, our technique computes the least fixpoint within a given template
linear constraint domain of a transition relation that is succinctly expressed
as an existentially quantified linear real arithmetic formula. In contrast to
previously published techniques that rely on quantifier elimination, our
algorithm is proved to have optimal complexity: we prove that the decision
problem associated with our fixpoint problem is in the second level of the
polynomial-time hierarchy.Comment: 35 pages, conference version published at ESOP 2011, this version is
a CoRR version of our submission to Logical Methods in Computer Scienc
Local Search For SMT On Linear and Multilinear Real Arithmetic
Satisfiability Modulo Theories (SMT) has significant application in various
domains. In this paper, we focus on quantifier-free Satisfiablity Modulo Real
Arithmetic, referred to as SMT(RA), including both linear and non-linear real
arithmetic theories. As for non-linear real arithmetic theory, we focus on one
of its important fragments where the atomic constraints are multi-linear. We
propose the first local search algorithm for SMT(RA), called LocalSMT(RA),
based on two novel ideas. First, an interval-based operator is proposed to
cooperate with the traditional local search operator by considering the
interval information. Moreover, we propose a tie-breaking mechanism to further
evaluate the operations when the operations are indistinguishable according to
the score function. Experiments are conducted to evaluate LocalSMT(RA) on
benchmarks from SMT-LIB. The results show that LocalSMT(RA) is competitive with
the state-of-the-art SMT solvers, and performs particularly well on
multi-linear instances
CASP Solutions for Planning in Hybrid Domains
CASP is an extension of ASP that allows for numerical constraints to be added
in the rules. PDDL+ is an extension of the PDDL standard language of automated
planning for modeling mixed discrete-continuous dynamics.
In this paper, we present CASP solutions for dealing with PDDL+ problems,
i.e., encoding from PDDL+ to CASP, and extensions to the algorithm of the EZCSP
CASP solver in order to solve CASP programs arising from PDDL+ domains. An
experimental analysis, performed on well-known linear and non-linear variants
of PDDL+ domains, involving various configurations of the EZCSP solver, other
CASP solvers, and PDDL+ planners, shows the viability of our solution.Comment: Under consideration in Theory and Practice of Logic Programming
(TPLP
Verification of Sigmoidal Artificial Neural Networks using iSAT
This paper presents an approach for verifying the behaviour of nonlinear
Artificial Neural Networks (ANNs) found in cyber-physical safety-critical
systems. We implement a dedicated interval constraint propagator for the
sigmoid function into the SMT solver iSAT and compare this approach with a
compositional approach encoding the sigmoid function by basic arithmetic
features available in iSAT and an approximating approach. Our experimental
results show that the dedicated and the compositional approach clearly
outperform the approximating approach. Throughout all our benchmarks, the
dedicated approach showed an equal or better performance compared to the
compositional approach.Comment: In Proceedings SNR 2021, arXiv:2207.0439
- …