Mean-Field Limits Beyond Ordinary Differential Equations

16th International School on Formal Methods for the Design of Computer, Communication, and Software Systems, SFM 2016, Bertinoro, Italy, June 20-24, 2016, Advanced LecturesInternational audienceWe study the limiting behaviour of stochastic models of populations of interacting agents, as the number of agents goes to infinity. Classical mean-field results have established that this limiting behaviour is described by an ordinary differential equation (ODE) under two conditions: (1) that the dynamics is smooth; and (2) that the population is composed of a finite number of homogeneous sub-populations, each containing a large number of agents. This paper reviews recent work showing what happens if these conditions do not hold. In these cases, it is still possible to exhibit a limiting regime at the price of replacing the ODE by a more complex dynamical system. In the case of non-smooth or uncertain dynamics, the limiting regime is given by a differential inclusion. In the case of multiple population scales, the ODE is replaced by a stochastic hybrid automaton

Performance Evaluation of Software using Formal Methods

Formal Methods (FMs) can be used in varied areas of applications and to solve critical and fundamental problems of Performance Evaluation (PE). Modelling and analysis techniques can be used for both system and software performance evaluation. The functional features and performance properties of modern software used for performance evaluation has become so intertwined. Traditional models and methods for performance evaluation has been studied widely which culminated into the modern models and methods for system and software engineering evaluation such as formal methods. Techniques have transcended from functionality to performance modeling and analysis. Formal models help in identifying faulty reasoning far earlier than in traditional design; and formal specification has proved useful even on already existing software and systems. Formal approach eliminates ambiguity. The basic and final goal of the performance evaluation technique is to come to a conclusion, whether the software and system are working in a good condition or satisfactorily

Language-based Abstractions for Dynamical Systems

Ordinary differential equations (ODEs) are the primary means to modelling dynamical systems in many natural and engineering sciences. The number of equations required to describe a system with high heterogeneity limits our capability of effectively performing analyses. This has motivated a large body of research, across many disciplines, into abstraction techniques that provide smaller ODE systems while preserving the original dynamics in some appropriate sense. In this paper we give an overview of a recently proposed computer-science perspective to this problem, where ODE reduction is recast to finding an appropriate equivalence relation over ODE variables, akin to classical models of computation based on labelled transition systems.Comment: In Proceedings QAPL 2017, arXiv:1707.0366

The Standard Problem

Crafting, adhering to, and maintaining standards is an ongoing challenge. This paper uses a framework based on common models to explore the standard problem: the impossibility of creating, implementing or maintain definitive common models in an open system. The problem arises from uncertainty driven by variations in operating context, standard quality, differences in implementation, and drift over time. Fitting work by conformance services repairs these gaps between a standard and what is required for interoperation, using several strategies: (a) Universal conformance (all agents access the same standard); (b) Mediated conformance (an interoperability layer supports heterogeneous agents) and (c) Localized conformance, (autonomous adaptive agents manage their own needs). Conformance methods include incremental design, modular design, adaptors, and creating interactive and adaptive agents. Machine learning should have a major role in adaptive fitting. Choosing a conformance service depends on the stability and homogeneity of shared tasks, and whether common models are shared ahead of time or are adjusted at task time. This analysis thus decouples interoperability and standardization. While standards facilitate interoperability, interoperability is achievable without standardization.Comment: Keywords: information standard, interoperability, machine learning, technology evaluation 25 Pages Main text word Count: 5108 Abstract word count: 206 Tables: 1 Figures: 7 Boxes: 2 Submitted to JAMI

A framework for modelling Molecular Interaction Maps

Metabolic networks, formed by a series of metabolic pathways, are made of intracellular and extracellular reactions that determine the biochemical properties of a cell, and by a set of interactions that guide and regulate the activity of these reactions. Most of these pathways are formed by an intricate and complex network of chain reactions, and can be represented in a human readable form using graphs which describe the cell cycle checkpoint pathways. This paper proposes a method to represent Molecular Interaction Maps (graphical representations of complex metabolic networks) in Linear Temporal Logic. The logical representation of such networks allows one to reason about them, in order to check, for instance, whether a graph satisfies a given property $\phi$, as well as to find out which initial conditons would guarantee $\phi$, or else how can the the graph be updated in order to satisfy $\phi$. Both the translation and resolution methods have been implemented in a tool capable of addressing such questions thanks to a reduction to propositional logic which allows exploiting classical SAT solvers.Comment: 31 pages, 12 figure

Verification of Shared-Reading Synchronisers

Synchronisation classes are an important building block for shared memory concurrent programs. Thus to reason about such programs, it is important to be able to verify the implementation of these synchronisation classes, considering atomic operations as the synchronisation primitives on which the implementations are built. For synchronisation classes controlling exclusive access to a shared resource, such as locks, a technique has been proposed to reason about their behaviour. This paper proposes a technique to verify implementations of both exclusive access and shared-reading synchronisers. We use permission-based Separation Logic to describe the behaviour of the main atomic operations, and the basis for our technique is formed by a specification for class AtomicInteger, which is commonly used to implement synchronisation classes in java.util.concurrent. To demonstrate the applicability of our approach, we mechanically verify the implementation of various synchronisation classes like Semaphore, CountDownLatch and Lock.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933

Quantitative Verification and Synthesis of Attack-Defence Scenarios

Attack-defence trees are a powerful technique for formally evaluating attack-defence scenarios. They represent in an intuitive, graphical way the interaction between an attacker and a defender who compete in order to achieve conflicting objectives. We propose a novel framework for the formal analysis of quantitative properties of complex attack-defence scenarios, using an extension of attack-defence trees which models temporal ordering of actions and allows explicit dependencies in the strategies adopted by attackers and defenders. We adopt a game-theoretic approach, translating attack-defence trees to two-player stochastic games, and then employ probabilistic model checking techniques to formally analyse these models. This provides a means to both verify formally specified security properties of the attack-defence scenarios and, dually, to synthesise strategies for attackers or defenders which guarantee or optimise some quantitative property, such as the probability of a successful attack, the expected cost incurred, or some multi-objective trade-off between the two. We implement our approach, building upon the PRISM-games model checker, and apply it to a case study of an RFID goods management system