800,112 research outputs found
Model checking polygonal differential inclusions using invariance kernels
Polygonal hybrid systems are a subclass of planar hybrid
automata which can be represented by piecewise constant differential
inclusions. Here, we identify and compute an important object of such
systems’ phase portrait, namely invariance kernels. An invariant set is a
set of initial points of trajectories which keep rotating in a cycle forever
and the invariance kernel is the largest of such sets. We show that this
kernel is a non-convex polygon and we give a non-iterative algorithm for
computing the coordinates of its vertices and edges. Moreover, we present
a breadth-first search algorithm for solving the reachability problem for
such systems. Invariance kernels play an important role in the algorithm.peer-reviewe
Fluid Model Checking
In this paper we investigate a potential use of fluid approximation
techniques in the context of stochastic model checking of CSL formulae. We
focus on properties describing the behaviour of a single agent in a (large)
population of agents, exploiting a limit result known also as fast simulation.
In particular, we will approximate the behaviour of a single agent with a
time-inhomogeneous CTMC which depends on the environment and on the other
agents only through the solution of the fluid differential equation. We will
prove the asymptotic correctness of our approach in terms of satisfiability of
CSL formulae and of reachability probabilities. We will also present a
procedure to model check time-inhomogeneous CTMC against CSL formulae
Quantifying Information Leaks Using Reliability Analysis
acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbolic Execution location: San Jose, CA, USA numpages: 4acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbolic Execution location: San Jose, CA, USA numpages: 4acmid: 2632367 keywords: Model Counting, Quantitative Information Flow, Reliability Analysis, Symbolic Execution location: San Jose, CA, USA numpages: 4We report on our work-in-progress into the use of reliability analysis to quantify information leaks. In recent work we have proposed a software reliability analysis technique that uses symbolic execution and model counting to quantify the probability of reaching designated program states, e.g. assert violations, under uncertainty conditions in the environment. The technique has many applications beyond reliability analysis, ranging from program understanding and debugging to analysis of cyber-physical systems. In this paper we report on a novel application of the technique, namely Quantitative Information Flow analysis (QIF). The goal of QIF is to measure information leakage of a program by using information-theoretic metrics such as Shannon entropy or Renyi entropy. We exploit the model counting engine of the reliability analyzer over symbolic program paths, to compute an upper bound of the maximum leakage over all possible distributions of the confidential data. We have implemented our approach into a prototype tool, called QILURA, and explore its effectiveness on a number of case studie
Variations of model checking
The logic ATCTL is a convenient logic to specify properties with actions and real-time. It is intended as a property language for Lightweight UML models [12], which consist mainly of simplified class diagrams and statecharts. ATCTL combines two known extensions of CTL, namely ACTL and TCTL. The reason to extend CTL with both actions and real time is that in LUML state¿transition diagrams, we specify states, actions and real time, and our properties refer to all of these elements. The analyst therefore needs a property language that contains constructs for all these elements. ATCTL can be reduced to ACTL as well as to TCTL, and therefore also to CTL. This gives us a choice of tools for model checking; we have used is Kronos [13], a TCTL model checker
Model-Checking Process Equivalences
Process equivalences are formal methods that relate programs and system
which, informally, behave in the same way. Since there is no unique notion of
what it means for two dynamic systems to display the same behaviour there are a
multitude of formal process equivalences, ranging from bisimulation to trace
equivalence, categorised in the linear-time branching-time spectrum.
We present a logical framework based on an expressive modal fixpoint logic
which is capable of defining many process equivalence relations: for each such
equivalence there is a fixed formula which is satisfied by a pair of processes
if and only if they are equivalent with respect to this relation. We explain
how to do model checking, even symbolically, for a significant fragment of this
logic that captures many process equivalences. This allows model checking
technology to be used for process equivalence checking. We show how partial
evaluation can be used to obtain decision procedures for process equivalences
from the generic model checking scheme.Comment: In Proceedings GandALF 2012, arXiv:1210.202
Model checking usage policies
We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy
- …