Static Safety for an Actor Dedicated Process Calculus by Abstract Interpretation

The actor model eases the definition of concurrent programs with non uniform behaviors. Static analysis of such a model was previously done in a data-flow oriented way, with type systems. This approach was based on constraint set resolution and was not able to deal with precise properties for communications of behaviors. We present here a new approach, control-flow oriented, based on the abstract interpretation framework, able to deal with communication of behaviors. Within our new analyses, we are able to verify most of the previous properties we observed as well as new ones, principally based on occurrence counting

A Static Analyzer for Large Safety-Critical Software

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization, the symbolic manipulation of expressions to improve the precision of abstract transfer functions, the octagon, ellipsoid, and decision tree abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds, delayed) and the automatic determination of the parameters (parametrized packing)

Automatic Verification of Erlang-Style Concurrency

This paper presents an approach to verify safety properties of Erlang-style, higher-order concurrent programs automatically. Inspired by Core Erlang, we introduce Lambda-Actor, a prototypical functional language with pattern-matching algebraic data types, augmented with process creation and asynchronous message-passing primitives. We formalise an abstract model of Lambda-Actor programs called Actor Communicating System (ACS) which has a natural interpretation as a vector addition system, for which some verification problems are decidable. We give a parametric abstract interpretation framework for Lambda-Actor and use it to build a polytime computable, flow-based, abstract semantics of Lambda-Actor programs, which we then use to bootstrap the ACS construction, thus deriving a more accurate abstract model of the input program. We have constructed Soter, a tool implementation of the verification method, thereby obtaining the first fully-automatic, infinite-state model checker for a core fragment of Erlang. We find that in practice our abstraction technique is accurate enough to verify an interesting range of safety properties. Though the ACS coverability problem is Expspace-complete, Soter can analyse these verification problems surprisingly efficiently.Comment: 12 pages plus appendix, 4 figures, 1 table. The tool is available at http://mjolnir.cs.ox.ac.uk/soter

KaDE: A Tool to Compile Kappa Rules into (Reduced) ODE Models

Tools paper trackInternational audienceKappa is a formal language that can be used to model sys- tems of biochemical interactions among proteins. It offers several se- mantics to describe the behaviour of Kappa models at different levels of abstraction. Each Kappa model is a set of context-free rewrite rules. One way to understand the semantics of a Kappa model is to read its rules as an implicit description of a (potentially infinite) reaction net- work. KaDE is interpreting this definition to compile Kappa models into reaction networks (or equivalently into sets of ordinary differential equations). KaDE uses a static analysis that identifies pairs of sites that are indistinguishable from the rules point of view, to infer backward and forward bisimulations, hence reducing the size of the underlying reaction networks without having to generate them explicitly. In this paper, we describe the main current functionalities of KaDE and we give some benchmarks on case studies

Secrecy capacity of a class of orthogonal relay eavesdropper channels

The secrecy capacity of relay channels with orthogonal components is studied in the presence of an additional passive eavesdropper node. The relay and destination receive signals from the source on two orthogonal channels such that the destination also receives transmissions from the relay on its channel. The eavesdropper can overhear either one or both of the orthogonal channels. Inner and outer bounds on the secrecy capacity are developed for both the discrete memoryless and the Gaussian channel models. For the discrete memoryless case, the secrecy capacity is shown to be achieved by a partial decode-and-forward (PDF) scheme when the eavesdropper can overhear only one of the two orthogonal channels. Two new outer bounds are presented for the Gaussian model using recent capacity results for a Gaussian multi-antenna point-to-point channel with a multi-antenna eavesdropper. The outer bounds are shown to be tight for two sub-classes of channels. The first sub-class is one in which the source and relay are clustered and the and the eavesdropper receives signals only on the channel from the source and the relay to the destination, for which the PDF strategy is optimal. The second is a sub-class in which the source does not transmit to the relay, for which a noise-forwarding strategy is optimal.Comment: Submitted to Eurasip Journal on Wireless Communications and Networking special issue on Wireless physical layer security, Dec. 2008, Revised Jun. 200

Binary partition tree as a hyperspectral segmentation tool for tropical rainforests

International audienceIndividual tree crown delineation in tropical forests is of great interest for ecological applications. In this paper we propose a method for hyperspectral image segmentation based on binary tree partitioning. The initial partition is obtained from a watershed transformation in order to make the method computationally more efficient. Then we use a non-parametric region model based on histograms to characterize the regions and the diffusion distance to define the region merging order. The pruning strategy is based on the discontinuity of size increment observed when iteratively merging the regions. The segmentation quality is assessed visually and appears to perform well on most cases, but tree delineation could be improved by including structural information derived from LiDAR data

Rate Equations for Graphs

In this paper, we combine ideas from two different scientific traditions: 1) graph transformation systems (GTSs) stemming from the theory of formal languages and concurrency, and 2) mean field approximations (MFAs), a collection of approximation techniques ubiquitous in the study of complex dynamics. Using existing tools from algebraic graph rewriting, as well as new ones, we build a framework which generates rate equations for stochastic GTSs and from which one can derive MFAs of any order (no longer limited to the humanly computable). The procedure for deriving rate equations and their approximations can be automated. An implementation and example models are available online at https://rhz.github.io/fragger. We apply our techniques and tools to derive an expression for the mean velocity of a two-legged walker protein on DNA.Comment: to be presented at the 18th International Conference on Computational Methods in Systems Biology (CMSB 2020

Syntactic Markovian Bisimulation for Chemical Reaction Networks

In chemical reaction networks (CRNs) with stochastic semantics based on continuous-time Markov chains (CTMCs), the typically large populations of species cause combinatorially large state spaces. This makes the analysis very difficult in practice and represents the major bottleneck for the applicability of minimization techniques based, for instance, on lumpability. In this paper we present syntactic Markovian bisimulation (SMB), a notion of bisimulation developed in the Larsen-Skou style of probabilistic bisimulation, defined over the structure of a CRN rather than over its underlying CTMC. SMB identifies a lumpable partition of the CTMC state space a priori, in the sense that it is an equivalence relation over species implying that two CTMC states are lumpable when they are invariant with respect to the total population of species within the same equivalence class. We develop an efficient partition-refinement algorithm which computes the largest SMB of a CRN in polynomial time in the number of species and reactions. We also provide an algorithm for obtaining a quotient network from an SMB that induces the lumped CTMC directly, thus avoiding the generation of the state space of the original CRN altogether. In practice, we show that SMB allows significant reductions in a number of models from the literature. Finally, we study SMB with respect to the deterministic semantics of CRNs based on ordinary differential equations (ODEs), where each equation gives the time-course evolution of the concentration of a species. SMB implies forward CRN bisimulation, a recently developed behavioral notion of equivalence for the ODE semantics, in an analogous sense: it yields a smaller ODE system that keeps track of the sums of the solutions for equivalent species.Comment: Extended version (with proofs), of the corresponding paper published at KimFest 2017 (http://kimfest.cs.aau.dk/

Sharing Ghost Variables in a Collection of Abstract Domains

International audienceWe propose a framework in which we share ghost variables across a collection of abstract domains allowing precise proofs of complex properties. In abstract interpretation, it is often necessary to be able to express complex properties while doing a precise analysis. A way to achieve that is to combine a collection of domains, each handling some kind of properties, using a reduced product. Separating domains allows an easier and more modular implementation, and eases soundness and termination proofs. This way, we can add a domain for any kind of property that is interesting. The reduced product, or an approximation of it, is in charge of refining abstract states, making the analysis precise. In program verification, ghost variables can be used to ease proofs of properties by storing intermediate values that do not appear directly in the execution. We propose a reduced product of abstract domains that allows domains to use ghost variables to ease the representation of their internal state. Domains must be totally agnostic with respect to other existing domains. In particular the handling of ghost variables must be entirely decentralized while still ensuring soundness and termination of the analysis