20,114 research outputs found
Model Reduction Near Periodic Orbits of Hybrid Dynamical Systems
We show that, near periodic orbits, a class of hybrid models can be reduced
to or approximated by smooth continuous-time dynamical systems. Specifically,
near an exponentially stable periodic orbit undergoing isolated transitions in
a hybrid dynamical system, nearby executions generically contract
superexponentially to a constant-dimensional subsystem. Under a non-degeneracy
condition on the rank deficiency of the associated Poincare map, the
contraction occurs in finite time regardless of the stability properties of the
orbit. Hybrid transitions may be removed from the resulting subsystem via a
topological quotient that admits a smooth structure to yield an equivalent
smooth dynamical system. We demonstrate reduction of a high-dimensional
underactuated mechanical model for terrestrial locomotion, assess structural
stability of deadbeat controllers for rhythmic locomotion and manipulation, and
derive a normal form for the stability basin of a hybrid oscillator. These
applications illustrate the utility of our theoretical results for synthesis
and analysis of feedback control laws for rhythmic hybrid behavior
Generating non-conspiratorial executions
Avoiding conspiratorial executions is useful for debugging, model checking or refinement, and helps implement several wellknown
problems in faulty environments; furthermore, avoiding non-equivalence robust executions prevents conflicting
observations in a distributed setting from occurring. Our results prove that scheduling pairs of states and transitions in a strongly
fair manner suf-fices to prevent conspiratorial executions; we then establish a formal connection between conspiracies and
equivalence robustness; finally, we present a transformation scheme to implement our results and show how to build them into a
well-known distributed scheduler. Previous results were applicable to a subset of systems only, just attempted to characterise
potential conspiracies, or were tightly bound up with a particular interaction model.Comisión Interministerial de Ciencia y TecnologÃa TIC2003-02737-C0
Machine Assisted Proof of ARMv7 Instruction Level Isolation Properties
In this paper, we formally verify security properties of the ARMv7 Instruction Set Architecture (ISA) for user mode executions.
To obtain guarantees that arbitrary (and unknown) user processes are able to run isolated from privileged software and other user processes, instruction level noninterference and integrity properties are provided, along with proofs that transitions to privileged modes can only occur in a controlled manner.
This work establishes a main requirement for operating system and hypervisor verification, as demonstrated for the PROSPER separation kernel. The proof is performed in the HOL4 theorem prover, taking the Cambridge model of ARM as basis.
To this end, a proof tool has been developed, which assists the verification of relational state predicates semi-automatically
A Short Counterexample Property for Safety and Liveness Verification of Fault-tolerant Distributed Algorithms
Distributed algorithms have many mission-critical applications ranging from
embedded systems and replicated databases to cloud computing. Due to
asynchronous communication, process faults, or network failures, these
algorithms are difficult to design and verify. Many algorithms achieve fault
tolerance by using threshold guards that, for instance, ensure that a process
waits until it has received an acknowledgment from a majority of its peers.
Consequently, domain-specific languages for fault-tolerant distributed systems
offer language support for threshold guards.
We introduce an automated method for model checking of safety and liveness of
threshold-guarded distributed algorithms in systems where the number of
processes and the fraction of faulty processes are parameters. Our method is
based on a short counterexample property: if a distributed algorithm violates a
temporal specification (in a fragment of LTL), then there is a counterexample
whose length is bounded and independent of the parameters. We prove this
property by (i) characterizing executions depending on the structure of the
temporal formula, and (ii) using commutativity of transitions to accelerate and
shorten executions. We extended the ByMC toolset (Byzantine Model Checker) with
our technique, and verified liveness and safety of 10 prominent fault-tolerant
distributed algorithms, most of which were out of reach for existing
techniques.Comment: 16 pages, 11 pages appendi
Practical Distributed Control Synthesis
Classic distributed control problems have an interesting dichotomy: they are
either trivial or undecidable. If we allow the controllers to fully
synchronize, then synthesis is trivial. In this case, controllers can
effectively act as a single controller with complete information, resulting in
a trivial control problem. But when we eliminate communication and restrict the
supervisors to locally available information, the problem becomes undecidable.
In this paper we argue in favor of a middle way. Communication is, in most
applications, expensive, and should hence be minimized. We therefore study a
solution that tries to communicate only scarcely and, while allowing
communication in order to make joint decision, favors local decisions over
joint decisions that require communication.Comment: In Proceedings INFINITY 2011, arXiv:1111.267
PLTL Partitioned Model Checking for Reactive Systems under Fairness Assumptions
We are interested in verifying dynamic properties of finite state reactive
systems under fairness assumptions by model checking. The systems we want to
verify are specified through a top-down refinement process. In order to deal
with the state explosion problem, we have proposed in previous works to
partition the reachability graph, and to perform the verification on each part
separately. Moreover, we have defined a class, called Bmod, of dynamic
properties that are verifiable by parts, whatever the partition. We decide if a
property P belongs to Bmod by looking at the form of the Buchi automaton that
accepts the negation of P. However, when a property P belongs to Bmod, the
property f => P, where f is a fairness assumption, does not necessarily belong
to Bmod. In this paper, we propose to use the refinement process in order to
build the parts on which the verification has to be performed. We then show
that with such a partition, if a property P is verifiable by parts and if f is
the expression of the fairness assumptions on a system, then the property f =>
P is still verifiable by parts. This approach is illustrated by its application
to the chip card protocol T=1 using the B engineering design language
Query Stability in Monotonic Data-Aware Business Processes [Extended Version]
Organizations continuously accumulate data, often according to some business
processes. If one poses a query over such data for decision support, it is
important to know whether the query is stable, that is, whether the answers
will stay the same or may change in the future because business processes may
add further data. We investigate query stability for conjunctive queries. To
this end, we define a formalism that combines an explicit representation of the
control flow of a process with a specification of how data is read and inserted
into the database. We consider different restrictions of the process model and
the state of the system, such as negation in conditions, cyclic executions,
read access to written data, presence of pending process instances, and the
possibility to start fresh process instances. We identify for which facet
combinations stability of conjunctive queries is decidable and provide
encodings into variants of Datalog that are optimal with respect to the
worst-case complexity of the problem.Comment: This report is the extended version of a paper accepted at the 19th
International Conference on Database Theory (ICDT 2016), March 15-18, 2016 -
Bordeaux, Franc
- …