Towards parallelization of simulation-based reachability

To check bounded time invariant properties of models with nonlinear dynamics, one promising method is called simulation-based verification. This involves: (a) generating numerical simulations of the ODE from a finite set of representative initial states that cover the whole (uncountably many) initial set, say, (b) bloating each of these simulations by some factor such that the bloated tubes together over-approximate the reachable states from, and (c) checking if this computed over-approximation is adequate for proving invariance; otherwise, add more representative initial states to obtain a more precise over-approximation and repeat from (a). Compare-Execute-Check-Engine (C2E2) is such a tool for verifying bounded time dynamical and hybrid systems models using simulation-based reachability analysis. To make the reachable set computation more accurate, it is preferable to start from smaller initial sets, which requires C2E2 to partition large initial sets into smaller covers at first. However, the number of initial covers will increase exponentially with dimensionality of the system and the fidelity of each cover. Currently, C2E2 does invariant checking for the reachable sets from each cover sequentially, which makes the running time increase proportionally to the initial covers. Simulation-based approaches are naturally parallelizable due to the fact that simulations and reachable set computation for each initial condition considered can be computed independently. In this paper, we introduce the parallelization of C2E2 to utilize the computational power of multi-core CPU and improve the efficiency of tools. The parallel algorithm is implemented using thread library OPENMP. We evaluate the improvement of performance on four different models. Comparison with the sequential counterpart shows a maximum speedup of 7.3x on a four core Intel CPU I7-4790K processor.Ope

Algorithmic Verification of Continuous and Hybrid Systems

We provide a tutorial introduction to reachability computation, a class of computational techniques that exports verification technology toward continuous and hybrid systems. For open under-determined systems, this technique can sometimes replace an infinite number of simulations.Comment: In Proceedings INFINITY 2013, arXiv:1402.661

Numerical Verification of Affine Systems with up to a Billion Dimensions

Affine systems reachability is the basis of many verification methods. With further computation, methods exist to reason about richer models with inputs, nonlinear differential equations, and hybrid dynamics. As such, the scalability of affine systems verification is a prerequisite to scalable analysis for more complex systems. In this paper, we improve the scalability of affine systems verification, in terms of the number of dimensions (variables) in the system. The reachable states of affine systems can be written in terms of the matrix exponential, and safety checking can be performed at specific time steps with linear programming. Unfortunately, for large systems with many state variables, this direct approach requires an intractable amount of memory while using an intractable amount of computation time. We overcome these challenges by combining several methods that leverage common problem structure. Memory is reduced by exploiting initial states that are not full-dimensional and safety properties (outputs) over a few linear projections of the state variables. Computation time is saved by using numerical simulations to compute only projections of the matrix exponential relevant for the verification problem. Since large systems often have sparse dynamics, we use Krylov-subspace simulation approaches based on the Arnoldi or Lanczos iterations. Our method produces accurate counter-examples when properties are violated and, in the extreme case with sufficient problem structure, can analyze a system with one billion real-valued state variables

Sapo: Reachability Computation and Parameter Synthesis of Polynomial Dynamical Systems

Sapo is a C++ tool for the formal analysis of polynomial dynamical systems. Its main features are: 1) Reachability computation, i.e., the calculation of the set of states reachable from a set of initial conditions, and 2) Parameter synthesis, i.e., the refinement of a set of parameters so that the system satisfies a given specification. Sapo can represent reachable sets as unions of boxes, parallelotopes, or parallelotope bundles (symbolic representation of polytopes). Sets of parameters are represented with polytopes while specifications are formalized as Signal Temporal Logic (STL) formulas

Symbolic models for nonlinear control systems without stability assumptions

Finite-state models of control systems were proposed by several researchers as a convenient mechanism to synthesize controllers enforcing complex specifications. Most techniques for the construction of such symbolic models have two main drawbacks: either they can only be applied to restrictive classes of systems, or they require the exact computation of reachable sets. In this paper, we propose a new abstraction technique that is applicable to any smooth control system as long as we are only interested in its behavior in a compact set. Moreover, the exact computation of reachable sets is not required. The effectiveness of the proposed results is illustrated by synthesizing a controller to steer a vehicle.Comment: 11 pages, 2 figures, journa

Interpolant-Based Transition Relation Approximation

In predicate abstraction, exact image computation is problematic, requiring in the worst case an exponential number of calls to a decision procedure. For this reason, software model checkers typically use a weak approximation of the image. This can result in a failure to prove a property, even given an adequate set of predicates. We present an interpolant-based method for strengthening the abstract transition relation in case of such failures. This approach guarantees convergence given an adequate set of predicates, without requiring an exact image computation. We show empirically that the method converges more rapidly than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure