18,117 research outputs found

    Hidden-Markov Program Algebra with iteration

    Full text link
    We use Hidden Markov Models to motivate a quantitative compositional semantics for noninterference-based security with iteration, including a refinement- or "implements" relation that compares two programs with respect to their information leakage; and we propose a program algebra for source-level reasoning about such programs, in particular as a means of establishing that an "implementation" program leaks no more than its "specification" program. This joins two themes: we extend our earlier work, having iteration but only qualitative, by making it quantitative; and we extend our earlier quantitative work by including iteration. We advocate stepwise refinement and source-level program algebra, both as conceptual reasoning tools and as targets for automated assistance. A selection of algebraic laws is given to support this view in the case of quantitative noninterference; and it is demonstrated on a simple iterated password-guessing attack

    Proving termination using abstract interpretation

    Get PDF
    PhDOne way to develop more robust software is to use formal program verification. Formal program verification requires the construction of a formal mathematical proof of the programs correctness. In the past ten years or so there has been much progress in the use of automated tools to formally prove properties of programs. However many such tools focus on proving safety properties: that something bad does not happen. Liveness properties, where we try to prove that something good will happen, have received much less attention. Program termination is an example of a liveness property. It has been known for a long time that to prove program termination we need to discover some function which maps program states to a well-founded set. Essentially we need to find one global argument for why the program terminates. Finding such an argument which overapproximates the entire program is very difficult. Recently, Podelski and Rybalchenko discovered a more compositional proof rule to find disjunctive termination arguments. Disjunctive termination arguments requires a series of termination arguments that individually may only cover part of the program but when put together give a reason for why the entire program will terminate. Thus we do not need to search for one overall reason for termination but we can break the problem down and focus on smaller parts of the program. This thesis develops a series of abstract interpreters for proving the termination of imperative programs. We make three contributions, each of which makes use of the Podelski-Rybalchenko result. Firstly we present a technique to re-use domains and operators from abstract interpreters for safety properties to produce termination analysers. This technique produces some very fast termination analysers, but is limited by the underlying safety domain used. We next take the natural step forward: we design an abstract domain for termination. This abstract domain is built from ranking functions: in essence the abstract domain only keeps track of the information necessary to prove program termination. However, the abstract domain is limited to proving termination for language with iteration. In order to handle recursion we use metric spaces to design an abstract domain which can handle recursion over the unit type. We define a framework for designing abstract interpreters for liveness properties such as termination. The use of metric spaces allows us to model the semantics of infinite computations for programs with recursion over the unit type so that we can design an abstract interpreter in a systematic manner. We have to ensure that the abstract interpreter is well-behaved with respect to the metric space semantics, and our framework gives a way to do this

    Global rates of convergence for nonconvex optimization on manifolds

    Full text link
    We consider the minimization of a cost function ff on a manifold MM using Riemannian gradient descent and Riemannian trust regions (RTR). We focus on satisfying necessary optimality conditions within a tolerance ε\varepsilon. Specifically, we show that, under Lipschitz-type assumptions on the pullbacks of ff to the tangent spaces of MM, both of these algorithms produce points with Riemannian gradient smaller than ε\varepsilon in O(1/ε2)O(1/\varepsilon^2) iterations. Furthermore, RTR returns a point where also the Riemannian Hessian's least eigenvalue is larger than −ε-\varepsilon in O(1/ε3)O(1/\varepsilon^3) iterations. There are no assumptions on initialization. The rates match their (sharp) unconstrained counterparts as a function of the accuracy ε\varepsilon (up to constants) and hence are sharp in that sense. These are the first deterministic results for global rates of convergence to approximate first- and second-order Karush-Kuhn-Tucker points on manifolds. They apply in particular for optimization constrained to compact submanifolds of Rn\mathbb{R}^n, under simpler assumptions.Comment: 33 pages, IMA Journal of Numerical Analysis, 201
    • …
    corecore