Numerical Verification of Affine Systems with up to a Billion Dimensions

Affine systems reachability is the basis of many verification methods. With further computation, methods exist to reason about richer models with inputs, nonlinear differential equations, and hybrid dynamics. As such, the scalability of affine systems verification is a prerequisite to scalable analysis for more complex systems. In this paper, we improve the scalability of affine systems verification, in terms of the number of dimensions (variables) in the system. The reachable states of affine systems can be written in terms of the matrix exponential, and safety checking can be performed at specific time steps with linear programming. Unfortunately, for large systems with many state variables, this direct approach requires an intractable amount of memory while using an intractable amount of computation time. We overcome these challenges by combining several methods that leverage common problem structure. Memory is reduced by exploiting initial states that are not full-dimensional and safety properties (outputs) over a few linear projections of the state variables. Computation time is saved by using numerical simulations to compute only projections of the matrix exponential relevant for the verification problem. Since large systems often have sparse dynamics, we use Krylov-subspace simulation approaches based on the Arnoldi or Lanczos iterations. Our method produces accurate counter-examples when properties are violated and, in the extreme case with sufficient problem structure, can analyze a system with one billion real-valued state variables

Realization Theory for LPV State-Space Representations with Affine Dependence

In this paper we present a Kalman-style realization theory for linear parameter-varying state-space representations whose matrices depend on the scheduling variables in an affine way (abbreviated as LPV-SSA representations). We deal both with the discrete-time and the continuous-time cases. We show that such a LPV-SSA representation is a minimal (in the sense of having the least number of state-variables) representation of its input-output function, if and only if it is observable and span-reachable. We show that any two minimal LPV-SSA representations of the same input-output function are related by a linear isomorphism, and the isomorphism does not depend on the scheduling variable.We show that an input-output function can be represented by a LPV-SSA representation if and only if the Hankel-matrix of the input-output function has a finite rank. In fact, the rank of the Hankel-matrix gives the dimension of a minimal LPV-SSA representation. Moreover, we can formulate a counterpart of partial realization theory for LPV-SSA representation and prove correctness of the Kalman-Ho algorithm. These results thus represent the basis of systems theory for LPV-SSA representation.Comment: The main difference with respect to the previous version is as follows: typos have been fixe

Linearized analysis versus optimization-based nonlinear analysis for nonlinear systems

For autonomous nonlinear systems stability and input-output properties in small enough (infinitesimally small) neighborhoods of (linearly) asymptotically stable equilibrium points can be inferred from the properties of the linearized dynamics. On the other hand, generalizations of the S-procedure and sum-of-squares programming promise a framework potentially capable of generating certificates valid over quantifiable, finite size neighborhoods of the equilibrium points. However, this procedure involves multiple relaxations (unidirectional implications). Therefore, it is not obvious if the sum-of-squares programming based nonlinear analysis can return a feasible answer whenever linearization based analysis does. Here, we prove that, for a restricted but practically useful class of systems, conditions in sum-of-squares programming based region-of-attraction, reachability, and input-output gain analyses are feasible whenever linearization based analysis is conclusive. Besides the theoretical interest, such results may lead to computationally less demanding, potentially more conservative nonlinear (compared to direct use of sum-of-squares formulations) analysis tools

PrIC3: Property Directed Reachability for MDPs

IC3 has been a leap forward in symbolic model checking. This paper proposes PrIC3 (pronounced pricy-three), a conservative extension of IC3 to symbolic model checking of MDPs. Our main focus is to develop the theory underlying PrIC3. Alongside, we present a first implementation of PrIC3 including the key ingredients from IC3 such as generalization, repushing, and propagation

Accelerating Parametric Probabilistic Verification

We present a novel method for computing reachability probabilities of parametric discrete-time Markov chains whose transition probabilities are fractions of polynomials over a set of parameters. Our algorithm is based on two key ingredients: a graph decomposition into strongly connected subgraphs combined with a novel factorization strategy for polynomials. Experimental evaluations show that these approaches can lead to a speed-up of up to several orders of magnitude in comparison to existing approache

Answering Regular Path Queries on Workflow Provenance

This paper proposes a novel approach for efficiently evaluating regular path queries over provenance graphs of workflows that may include recursion. The approach assumes that an execution g of a workflow G is labeled with query-agnostic reachability labels using an existing technique. At query time, given g, G and a regular path query R, the approach decomposes R into a set of subqueries R1, ..., Rk that are safe for G. For each safe subquery Ri, G is rewritten so that, using the reachability labels of nodes in g, whether or not there is a path which matches Ri between two nodes can be decided in constant time. The results of each safe subquery are then composed, possibly with some small unsafe remainder, to produce an answer to R. The approach results in an algorithm that significantly reduces the number of subqueries k over existing techniques by increasing their size and complexity, and that evaluates each subquery in time bounded by its input and output size. Experimental results demonstrate the benefit of this approach

Bridging the Gap between Enumerative and Symbolic Model Checkers

We present a method to perform symbolic state space generation for languages with existing enumerative state generators. The method is largely independent from the chosen modelling language. We validated this on three different types of languages and tools: state-based languages (PROMELA), action-based process algebras (muCRL, mCRL2), and discrete abstractions of ODEs (Maple).\ud Only little information about the combinatorial structure of the\ud underlying model checking problem need to be provided. The key enabling data structure is the "PINS" dependency matrix. Moreover, it can be provided gradually (more precise information yield better results).\ud \ud Second, in addition to symbolic reachability, the same PINS matrix contains enough information to enable new optimizations in state space generation (transition caching), again independent from the chosen modelling language. We have also based existing optimizations, like (recursive) state collapsing, on top of PINS and hint at how to support partial order reduction techniques.\ud \ud Third, PINS allows interfacing of existing state generators to, e.g., distributed reachability tools. Thus, besides the stated novelties, the method we propose also significantly reduces the complexity of building modular yet still efficient model checking tools.\ud \ud Our experiments show that we can match or even outperform existing tools by reusing their own state generators, which we have linked into an implementation of our ideas