110 research outputs found
Approaching the Coverability Problem Continuously
The coverability problem for Petri nets plays a central role in the
verification of concurrent shared-memory programs. However, its high
EXPSPACE-complete complexity poses a challenge when encountered in real-world
instances. In this paper, we develop a new approach to this problem which is
primarily based on applying forward coverability in continuous Petri nets as a
pruning criterion inside a backward coverability framework. A cornerstone of
our approach is the efficient encoding of a recently developed polynomial-time
algorithm for reachability in continuous Petri nets into SMT. We demonstrate
the effectiveness of our approach on standard benchmarks from the literature,
which shows that our approach decides significantly more instances than any
existing tool and is in addition often much faster, in particular on large
instances.Comment: 18 pages, 4 figure
Incremental, Inductive Coverability
We give an incremental, inductive (IC3) procedure to check coverability of
well-structured transition systems. Our procedure generalizes the IC3 procedure
for safety verification that has been successfully applied in finite-state
hardware verification to infinite-state well-structured transition systems. We
show that our procedure is sound, complete, and terminating for downward-finite
well-structured transition systems---where each state has a finite number of
states below it---a class that contains extensions of Petri nets, broadcast
protocols, and lossy channel systems.
We have implemented our algorithm for checking coverability of Petri nets. We
describe how the algorithm can be efficiently implemented without the use of
SMT solvers. Our experiments on standard Petri net benchmarks show that IC3 is
competitive with state-of-the-art implementations for coverability based on
symbolic backward analysis or expand-enlarge-and-check algorithms both in time
taken and space usage.Comment: Non-reviewed version, original version submitted to CAV 2013; this is
a revised version, containing more experimental results and some correction
Automatic Verification of Erlang-Style Concurrency
This paper presents an approach to verify safety properties of Erlang-style,
higher-order concurrent programs automatically. Inspired by Core Erlang, we
introduce Lambda-Actor, a prototypical functional language with
pattern-matching algebraic data types, augmented with process creation and
asynchronous message-passing primitives. We formalise an abstract model of
Lambda-Actor programs called Actor Communicating System (ACS) which has a
natural interpretation as a vector addition system, for which some verification
problems are decidable. We give a parametric abstract interpretation framework
for Lambda-Actor and use it to build a polytime computable, flow-based,
abstract semantics of Lambda-Actor programs, which we then use to bootstrap the
ACS construction, thus deriving a more accurate abstract model of the input
program. We have constructed Soter, a tool implementation of the verification
method, thereby obtaining the first fully-automatic, infinite-state model
checker for a core fragment of Erlang. We find that in practice our abstraction
technique is accurate enough to verify an interesting range of safety
properties. Though the ACS coverability problem is Expspace-complete, Soter can
analyse these verification problems surprisingly efficiently.Comment: 12 pages plus appendix, 4 figures, 1 table. The tool is available at
http://mjolnir.cs.ox.ac.uk/soter
History-Register Automata
Programs with dynamic allocation are able to create and use an unbounded
number of fresh resources, such as references, objects, files, etc. We propose
History-Register Automata (HRA), a new automata-theoretic formalism for
modelling such programs. HRAs extend the expressiveness of previous approaches
and bring us to the limits of decidability for reachability checks. The
distinctive feature of our machines is their use of unbounded memory sets
(histories) where input symbols can be selectively stored and compared with
symbols to follow. In addition, stored symbols can be consumed or deleted by
reset. We show that the combination of consumption and reset capabilities
renders the automata powerful enough to imitate counter machines, and yields
closure under all regular operations apart from complementation. We moreover
examine weaker notions of HRAs which strike different balances between
expressiveness and effectiveness.Comment: LMCS (improved version of FoSSaCS
On Restricted Nonnegative Matrix Factorization
Nonnegative matrix factorization (NMF) is the problem of decomposing a given
nonnegative matrix into a product of a nonnegative matrix and a nonnegative matrix . Restricted NMF
requires in addition that the column spaces of and coincide. Finding
the minimal inner dimension is known to be NP-hard, both for NMF and
restricted NMF. We show that restricted NMF is closely related to a question
about the nature of minimal probabilistic automata, posed by Paz in his seminal
1971 textbook. We use this connection to answer Paz's question negatively, thus
falsifying a positive answer claimed in 1974. Furthermore, we investigate
whether a rational matrix always has a restricted NMF of minimal inner
dimension whose factors and are also rational. We show that this holds
for matrices of rank at most and we exhibit a rank- matrix for which
and require irrational entries.Comment: Full version of an ICALP'16 pape
When is Agnostic Reinforcement Learning Statistically Tractable?
We study the problem of agnostic PAC reinforcement learning (RL): given a
policy class , how many rounds of interaction with an unknown MDP (with a
potentially large state and action space) are required to learn an
-suboptimal policy with respect to ? Towards that end, we
introduce a new complexity measure, called the \emph{spanning capacity}, that
depends solely on the set and is independent of the MDP dynamics. With a
generative model, we show that for any policy class , bounded spanning
capacity characterizes PAC learnability. However, for online RL, the situation
is more subtle. We show there exists a policy class with a bounded
spanning capacity that requires a superpolynomial number of samples to learn.
This reveals a surprising separation for agnostic learnability between
generative access and online access models (as well as between
deterministic/stochastic MDPs under online access). On the positive side, we
identify an additional \emph{sunflower} structure, which in conjunction with
bounded spanning capacity enables statistically efficient online RL via a new
algorithm called POPLER, which takes inspiration from classical importance
sampling methods as well as techniques for reachable-state identification and
policy evaluation in reward-free exploration.Comment: Accepted to NeurIPS 202
From RT-LOTOS to Time Petri Nets new foundations for a verification platform
The formal description technique RT-LOTOS has been selected as intermediate language to add formality to a real-time UML profile named TURTLE. For this sake, an RT-LOTOS verification platform has been developed for early detection of design errors in real-time system models. The paper discusses an extension of the platform by inclusion of verification tools developed for Time Petri Nets. The starting point is the definition of RT-LOTOS to TPN translation patterns. In particular, we introduce the concept of components embedding Time Petri Nets. The translation patterns are implemented in a prototype tool which takes as input an RT-LOTOS specification and outputs a TPN in the format admitted by the TINA tool. The efficiency of the proposed solution has been demonstrated on various case studies
- âŠ