2,102 research outputs found
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers (Technical Report)
We consider the problem of verifying liveness for systems with a finite, but
unbounded, number of processes, commonly known as parameterised systems.
Typical examples of such systems include distributed protocols (e.g. for the
dining philosopher problem). Unlike the case of verifying safety, proving
liveness is still considered extremely challenging, especially in the presence
of randomness in the system. In this paper we consider liveness under arbitrary
(including unfair) schedulers, which is often considered a desirable property
in the literature of self-stabilising systems. We introduce an automatic method
of proving liveness for randomised parameterised systems under arbitrary
schedulers. Viewing liveness as a two-player reachability game (between
Scheduler and Process), our method is a CEGAR approach that synthesises a
progress relation for Process that can be symbolically represented as a
finite-state automaton. The method is incremental and exploits both
Angluin-style L*-learning and SAT-solvers. Our experiments show that our
algorithm is able to prove liveness automatically for well-known randomised
distributed protocols, including Lehmann-Rabin Randomised Dining Philosopher
Protocol and randomised self-stabilising protocols (such as the Israeli-Jalfon
Protocol). To the best of our knowledge, this is the first fully-automatic
method that can prove liveness for randomised protocols.Comment: Full version of CAV'16 pape
SAT Modulo Monotonic Theories
We define the concept of a monotonic theory and show how to build efficient
SMT (SAT Modulo Theory) solvers, including effective theory propagation and
clause learning, for such theories. We present examples showing that monotonic
theories arise from many common problems, e.g., graph properties such as
reachability, shortest paths, connected components, minimum spanning tree, and
max-flow/min-cut, and then demonstrate our framework by building SMT solvers
for each of these theories. We apply these solvers to procedural content
generation problems, demonstrating major speed-ups over state-of-the-art
approaches based on SAT or Answer Set Programming, and easily solving several
instances that were previously impractical to solve
Expectations or Guarantees? I Want It All! A crossroad between games and MDPs
When reasoning about the strategic capabilities of an agent, it is important
to consider the nature of its adversaries. In the particular context of
controller synthesis for quantitative specifications, the usual problem is to
devise a strategy for a reactive system which yields some desired performance,
taking into account the possible impact of the environment of the system. There
are at least two ways to look at this environment. In the classical analysis of
two-player quantitative games, the environment is purely antagonistic and the
problem is to provide strict performance guarantees. In Markov decision
processes, the environment is seen as purely stochastic: the aim is then to
optimize the expected payoff, with no guarantee on individual outcomes.
In this expository work, we report on recent results introducing the beyond
worst-case synthesis problem, which is to construct strategies that guarantee
some quantitative requirement in the worst-case while providing an higher
expected value against a particular stochastic model of the environment given
as input. This problem is relevant to produce system controllers that provide
nice expected performance in the everyday situation while ensuring a strict
(but relaxed) performance threshold even in the event of very bad (while
unlikely) circumstances. It has been studied for both the mean-payoff and the
shortest path quantitative measures.Comment: In Proceedings SR 2014, arXiv:1404.041
Weak Singular Hybrid Automata
The framework of Hybrid automata, introduced by Alur, Courcourbetis,
Henzinger, and Ho, provides a formal modeling and analysis environment to
analyze the interaction between the discrete and the continuous parts of
cyber-physical systems. Hybrid automata can be considered as generalizations of
finite state automata augmented with a finite set of real-valued variables
whose dynamics in each state is governed by a system of ordinary differential
equations. Moreover, the discrete transitions of hybrid automata are guarded by
constraints over the values of these real-valued variables, and enable
discontinuous jumps in the evolution of these variables. Singular hybrid
automata are a subclass of hybrid automata where dynamics is specified by
state-dependent constant vectors. Henzinger, Kopke, Puri, and Varaiya showed
that for even very restricted subclasses of singular hybrid automata, the
fundamental verification questions, like reachability and schedulability, are
undecidable. In this paper we present \emph{weak singular hybrid automata}
(WSHA), a previously unexplored subclass of singular hybrid automata, and show
the decidability (and the exact complexity) of various verification questions
for this class including reachability (NP-Complete) and LTL model-checking
(PSPACE-Complete). We further show that extending WSHA with a single
unrestricted clock or extending WSHA with unrestricted variable updates lead to
undecidability of reachability problem
- …