15 research outputs found
Guessing Winning Policies in LTL Synthesis by Semantic Learning
We provide a learning-based technique for guessing a winning strategy in a
parity game originating from an LTL synthesis problem. A cheaply obtained guess
can be useful in several applications. Not only can the guessed strategy be
applied as best-effort in cases where the game's huge size prohibits rigorous
approaches, but it can also increase the scalability of rigorous LTL synthesis
in several ways. Firstly, checking whether a guessed strategy is winning is
easier than constructing one. Secondly, even if the guess is wrong in some
places, it can be fixed by strategy iteration faster than constructing one from
scratch. Thirdly, the guess can be used in on-the-fly approaches to prioritize
exploration in the most fruitful directions.
In contrast to previous works, we (i)~reflect the highly structured logical
information in game's states, the so-called semantic labelling, coming from the
recent LTL-to-automata translations, and (ii)~learn to reflect it properly by
learning from previously solved games, bringing the solving process closer to
human-like reasoning
On the Automated Synthesis of Enterprise Integration Patterns to Adapt Choreography-based Distributed Systems
The Future Internet is becoming a reality, providing a large-scale computing
environments where a virtually infinite number of available services can be
composed so to fit users' needs. Modern service-oriented applications will be
more and more often built by reusing and assembling distributed services. A key
enabler for this vision is then the ability to automatically compose and
dynamically coordinate software services. Service choreographies are an
emergent Service Engineering (SE) approach to compose together and coordinate
services in a distributed way. When mismatching third-party services are to be
composed, obtaining the distributed coordination and adaptation logic required
to suitably realize a choreography is a non-trivial and error prone task.
Automatic support is then needed. In this direction, this paper leverages
previous work on the automatic synthesis of choreography-based systems, and
describes our preliminary steps towards exploiting Enterprise Integration
Patterns to deal with a form of choreography adaptation.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694
A Flexible and Efficient Temporal Logic Tool for Python: PyTeLo
Temporal logic is an important tool for specifying complex behaviors of
systems. It can be used to define properties for verification and monitoring,
as well as goals for synthesis tools, allowing users to specify rich missions
and tasks. Some of the most popular temporal logics include Metric Temporal
Logic (MTL), Signal Temporal Logic (STL), and weighted STL (wSTL), which also
allow the definition of timing constraints. In this work, we introduce PyTeLo,
a modular and versatile Python-based software that facilitates working with
temporal logic languages, specifically MTL, STL, and wSTL. Applying PyTeLo
requires only a string representation of the temporal logic specification and,
optionally, the dynamics of the system of interest. Next, PyTeLo reads the
specification using an ANTLR-generated parser and generates an Abstract Syntax
Tree (AST) that captures the structure of the formula. For synthesis, the AST
serves to recursively encode the specification into a Mixed Integer Linear
Program (MILP) that is solved using a commercial solver such as Gurobi. We
describe the architecture and capabilities of PyTeLo and provide example
applications highlighting its adaptability and extensibility for various
research problems
Scope-Bounded Reachability in Valence Systems
Multi-pushdown systems are a standard model for concurrent recursive programs, but they have an undecidable reachability problem. Therefore, there have been several proposals to underapproximate their sets of runs so that reachability in this underapproximation becomes decidable. One such underapproximation that covers a relatively high portion of runs is scope boundedness. In such a run, after each push to stack i, the corresponding pop operation must come within a bounded number of visits to stack i.
In this work, we generalize this approach to a large class of infinite-state systems. For this, we consider the model of valence systems, which consist of a finite-state control and an infinite-state storage mechanism that is specified by a finite undirected graph. This framework captures pushdowns, vector addition systems, integer vector addition systems, and combinations thereof. For this framework, we propose a notion of scope boundedness that coincides with the classical notion when the storage mechanism happens to be a multi-pushdown.
We show that with this notion, reachability can be decided in PSPACE for every storage mechanism in the framework. Moreover, we describe the full complexity landscape of this problem across all storage mechanisms, both in the case of (i) the scope bound being given as input and (ii) for fixed scope bounds. Finally, we provide an almost complete description of the complexity landscape if even a description of the storage mechanism is part of the input
Runtime Enforcement with Reordering, Healing, and Suppression
International audienceRuntime enforcement analyses an execution trace, detects when this execution deviates from its expected behaviour with respect to a given property, and corrects the trace to make it satisfy the property. In this paper, we present new enforcement techniques that reorder actions when necessary, inject actions to the application to ensure progress of the property, and discard actions to avoid storing too many unnecessary actions. At any step of the enforcement, we provide a verdict, called enforcement trend in this work, which takes its value in a 4-valued truth domain. Our approach has been implemented in a tool and validated on several application examples. Experimental results show that our techniques better preserve the application actions, hence ensuring better service continuity
Explanation of the Model Checker Verification Results
Immer wenn neue Anforderungen an ein System gestellt werden, müssen die Korrektheit und Konsistenz der Systemspezifikation überprüft werden, was in der Praxis in der Regel manuell erfolgt. Eine mögliche Option, um die Nachteile dieser manuellen Analyse zu überwinden, ist das sogenannte Contract-Based Design. Dieser Entwurfsansatz kann den Verifikationsprozess zur Überprüfung, ob die Anforderungen auf oberster Ebene konsistent verfeinert wurden, automatisieren. Die Verifikation kann somit iterativ durchgeführt werden, um die Korrektheit und Konsistenz des Systems angesichts jeglicher Änderung der Spezifikationen sicherzustellen.
Allerdings ist es aufgrund der mangelnden Benutzerfreundlichkeit und der Schwierigkeiten bei der Interpretation von Verifizierungsergebnissen immer noch eine Herausforderung, formale Ansätze in der Industrie einzusetzen. Stellt beispielsweise der Model Checker bei der Verifikation eine Inkonsistenz fest, generiert er ein Gegenbeispiel (Counterexample) und weist gleichzeitig darauf hin, dass die gegebenen Eingabespezifikationen inkonsistent sind. Hier besteht die gewaltige Herausforderung darin, das generierte Gegenbeispiel zu verstehen, das oft sehr lang, kryptisch und komplex ist. Darüber hinaus liegt es in der Verantwortung der Ingenieurin bzw. des Ingenieurs, die inkonsistente Spezifikation in einer potenziell großen Menge von Spezifikationen zu identifizieren.
Diese Arbeit schlägt einen Ansatz zur Erklärung von Gegenbeispielen (Counterexample Explanation Approach) vor, der die Verwendung von formalen Methoden vereinfacht und fördert, indem benutzerfreundliche Erklärungen der Verifikationsergebnisse der Ingenieurin bzw. dem Ingenieur präsentiert werden. Der Ansatz zur Erklärung von Gegenbeispielen wird mittels zweier Methoden evaluiert: (1) Evaluation anhand verschiedener Anwendungsbeispiele und (2) eine Benutzerstudie in Form eines One-Group Pretest-Posttest Experiments.Whenever new requirements are introduced for a system, the correctness and consistency of the system specification must be verified, which is often done manually in industrial settings. One viable option to traverse disadvantages of this manual analysis is to employ the contract-based design, which can automate the verification process to determine whether the refinements of top-level requirements are consistent. Thus, verification can be performed iteratively to ensure the system’s correctness and consistency in the face of any change in specifications.
Having said that, it is still challenging to deploy formal approaches in industries due to their lack of usability and their difficulties in interpreting verification results. For instance, if the model checker identifies inconsistency during the verification, it generates a counterexample while also indicating that the given input specifications are inconsistent. Here, the formidable challenge is to comprehend the generated counterexample, which is often lengthy, cryptic, and complex. Furthermore, it is the engineer’s responsibility to identify the inconsistent specification among a potentially huge set of specifications.
This PhD thesis proposes a counterexample explanation approach for formal methods that simplifies and encourages their use by presenting user-friendly explanations of the verification results. The proposed counterexample explanation approach identifies and explains relevant information from the verification result in what seems like a natural language statement. The counterexample explanation approach extracts relevant information by identifying inconsistent specifications from among the set of specifications, as well as erroneous states and variables from the counterexample. The counterexample explanation approach is evaluated using two methods: (1) evaluation with different application examples, and (2) a user-study known as one-group pretest and posttest experiment
First international Competition on Runtime Verification: rules, benchmarks, tools, and final results of CRV 2014
The first international Competition on Runtime Verification (CRV) was held in September 2014, in Toronto, Canada, as a satellite event of the 14th international conference on Runtime Verification (RV’14). The event was organized in three tracks: (1) offline monitoring, (2) online monitoring of C programs, and (3) online monitoring of Java programs. In this paper, we report on the phases and rules, a description of the participating teams and their submitted benchmark, the (full) results, as well as the lessons learned from the competition.ICT COST ActionFFG HARMONIAAustrian Science Fund (FWF)31704
Satisfiability Checking of Multi-Variable TPTL with Unilateral Intervals Is PSPACE-Complete
We investigate the decidability of the fragment of Timed
Propositional Temporal Logic (TPTL). We show that the satisfiability checking
of TPTL is PSPACE-complete. Moreover, even its 1-variable fragment
(1-TPTL) is strictly more expressive than Metric Interval Temporal
Logic (MITL) for which satisfiability checking is EXPSPACE complete. Hence, we
have a strictly more expressive logic with computationally easier
satisfiability checking. To the best of our knowledge, TPTL is the
first multi-variable fragment of TPTL for which satisfiability checking is
decidable without imposing any bounds/restrictions on the timed words (e.g.
bounded variability, bounded time, etc.). The membership in PSPACE is obtained
by a reduction to the emptiness checking problem for a new "non-punctual"
subclass of Alternating Timed Automata with multiple clocks called Unilateral
Very Weak Alternating Timed Automata (VWATA) which we prove to be
in PSPACE. We show this by constructing a simulation equivalent
non-deterministic timed automata whose number of clocks is polynomial in the
size of the given VWATA.Comment: Accepted in Concur 202