36 research outputs found
Quadratic Zonotopes:An extension of Zonotopes to Quadratic Arithmetics
Affine forms are a common way to represent convex sets of using
a base of error terms . Quadratic forms are an
extension of affine forms enabling the use of quadratic error terms .
In static analysis, the zonotope domain, a relational abstract domain based
on affine forms has been used in a wide set of settings, e.g. set-based
simulation for hybrid systems, or floating point analysis, providing relational
abstraction of functions with a cost linear in the number of errors terms.
In this paper, we propose a quadratic version of zonotopes. We also present a
new algorithm based on semi-definite programming to project a quadratic
zonotope, and therefore quadratic forms, to intervals. All presented material
has been implemented and applied on representative examples.Comment: 17 pages, 5 figures, 1 tabl
A Sums-of-Squares Extension of Policy Iterations
In order to address the imprecision often introduced by widening operators in
static analysis, policy iteration based on min-computations amounts to
considering the characterization of reachable value set of a program as an
iterative computation of policies, starting from a post-fixpoint. Computing
each policy and the associated invariant relies on a sequence of numerical
optimizations. While the early research efforts relied on linear programming
(LP) to address linear properties of linear programs, the current state of the
art is still limited to the analysis of linear programs with at most quadratic
invariants, relying on semidefinite programming (SDP) solvers to compute
policies, and LP solvers to refine invariants.
We propose here to extend the class of programs considered through the use of
Sums-of-Squares (SOS) based optimization. Our approach enables the precise
analysis of switched systems with polynomial updates and guards. The analysis
presented has been implemented in Matlab and applied on existing programs
coming from the system control literature, improving both the range of
analyzable systems and the precision of previously handled ones.Comment: 29 pages, 4 figure
Analyse statique d'un calcul d'acteurs par interprétation abstraite
The Actor model, introduced by HEWITT and AGHA in the late 80s, describes a concurrent communicating system as a set of autonomous agents, with non uniform interfaces and communicating by the use of labeled messages. The CAP process calculus, proposed by COLAÇO, is based on this model and allows to describe non trivial realistic systems, without the need of complex encodings. CAP is a higher-order calculus: messages can carry actor behaviors. Multiple works address the analysis of CAP properties, mainly by the use of inference-based type systems using behavioral types and sub-typing. Otherwise, more recent works, by VENET and later FERET, propose the use of abstract interpretation to analyze process calculi. These approaches allow to compute non-uniform properties. For example, they are able to differentiate recursive instances of the same thread. This thesis is at the crossroad of these two approaches, applying abstract interpretation to the analysis of CAP. Following the framework of FERET, CAP is firstly expressed in a non standard form, easing its analysis. The set of reachable states is then over-approximated via a sound by construction representation within existing abstract domains. New general abstract domains are then introduced in order to improve the accuracy of existing analyses or to represent local properties. CAP specific properties such as the linearity of terms or the absence of orphan messages, are then considered in this framework. Specific abstract domains are defined and used to check these properties. The proposed framework is able to relax any existing restriction of previous analyses such as constraints on the shape of terms or limitation in the use of CAP behavior passing. The whole analyses have been implemented in a prototype.Le modèle des Acteurs, introduit par HEWITT et AGHA à la fin des années 80, décrit un système concurrent comme un ensemble d'agents autonomes au comportement non uniforme et communiquant de façon point-à-point par l'envoi de messages étiquetés. Le calcul CAP, proposé par COLAÇO, est un calcul de processus basé sur ce modèle qui permet de décrire sans encodage complexe des systèmes réalistes non triviaux. Ce calcul permet, entre autre, la communication de comportements via les messages et est, en ce sens, un calcul d'ordre supérieur. L'analyse de propriétés sur ce calcul a déjà fait l'objet de plusieurs travaux, essentiellement par inférence de type en utilisant des types comportementaux et du sous-typage. Par ailleurs, des travaux plus récents, effectués par VENET puis FERET, proposent une utilisation de l'interprétation abstraite pour l'analyse de calculs de processus. Ces approches permettent de calculer des propriétés non uniformes : elles permettent, par exemple, de différencier les instances récursives d'un même processus. Cette thèse s'inscrit donc dans la suite de ces deux approches, en appliquant l'interprétation abstraite à l'analyse de CAP. Suivant le cadre proposé par FERET, CAP est, tout d'abord, exprimé dans une forme non standard facilitant les analyses. L'ensemble des configurations atteignables est ensuite sur-approximé via une représentation, correcte par construction, dans des domaines abstraits. Des domaines abstraits généraux sont ensuite introduits afin d'améliorer les analyses existantes ou de représenter des propriétés locales à un sous-terme. Des propriétés spécifiques à CAP, la linéarité des termes et l'absence de messages orphelins, sont alors étudiées dans ce cadre. Des domaines spécifiques sont définis et utilisés pour vérifier ces propriétés. Le cadre présenté permet de lever toutes les restrictions existantes des analyses précédentes quant à la forme des termes ou l'utilisation du passage de comportement. L'intégralité des analyses présentées a été implantée dans un prototype
A Framework to Formalise the MDE Foundations
International audienceDomain-Specific Language (DSL) are getting more and more popular and are being used in critical systems like aerospace and car industries. Methods for simulating and validating DSL models are now necessary in order to make the new software generation more reliable and less costly. Developing analysis tools for DSL requires the definition of models semantics. In this paper, we propose a framework to give a formal foundation of the Model-Driven Engineering (MDE) approach. We separate the usually common notions of models and modelling languages associating to each of them a different goal. In order to prove the consistency of our proposal we express a subset of EMOF, its static semantics and validate its meta-circularity
Essay on Semantics Definition in MDE. An Instrumented Approach for Model Verification
International audienceIn the context of MDE (Model-Driven Engineering), our objective is to define the semantics for a given DSL (Domain Specific Language) either to simulate its models or to check properties on them using model-checking techniques. In both cases, the purpose is to formalize the DSL semantics as it is known by the DSL designer but often in an informal way. After several experiments to define operational semantics on the one hand, and translational semantics on the other hand, we discuss both approaches and we specify in which cases these semantics seem to be judicious. As a second step, we introduce a pragmatic and instrumented approach to define a translational semantics and to validate it against a reference operational semantics expressed by the DSL designer. We apply this approach to the xSPEM process description language in order to verify process models
Reducing Collision Risk in Multi-Agent Path Planning: Application to Air traffic Management
To minimize collision risks in the multi-agent path planning problem with
stochastic transition dynamics, we formulate a Markov decision process
congestion game with a multi-linear congestion cost. Players within the game
complete individual tasks while minimizing their own collision risks. We show
that the set of Nash equilibria coincides with the first-order KKT points of a
non-convex optimization problem. Our game is applied to a historical flight
plan over France to reduce collision risks between commercial aircraft.Comment: 6 pages, 2 figure
A Property-Driven Approach to Formal Verification of Process Models
Enterprise Information Systems, 9th International Conference, ICEIS 2007, Funchal, Madeira, June 12-16, 2007, Revised Selected PapersInternational audienceMore and more, models, through Domain Specific Languages (DSL), tend to be the solution to define complex systems. Expressing properties specific to these metamodels, and checking them, appear as an urgent need. Until now, the only complete industrial solutions that are available consider structural properties such as the ones that could be expressed in OCL. There are although some attempts on behavioural properties for DSL. This paper addresses a method to specify and then check temporal properties over models. The case study is SimplePDL, a process metamodel. We propose a way to use a temporal extension of OCL, TOCL, to express properties. We specify a models transformation to Petri Nets and LTL formulae for both the process model and its associated temporal properties. We check these properties using a model checker and enrich the model with the analysis results. This work is a first step towards a generic framework to specify and effectively check temporal properties over arbitrary models
Set-based value operators for non-stationary Markovian environments
This paper analyzes finite state Markov Decision Processes (MDPs) with
uncertain parameters in compact sets and re-examines results from robust MDP
via set-based fixed point theory. To this end, we generalize the Bellman and
policy evaluation operators to contracting operators on the value function
space and denote them as \emph{value operators}. We lift these value operators
to act on \emph{sets} of value functions and denote them as \emph{set-based
value operators}. We prove that the set-based value operators are
\emph{contractions} in the space of compact value function sets. Leveraging
insights from set theory, we generalize the rectangularity condition in classic
robust MDP literature to a containment condition for all value operators, which
is weaker and can be applied to a larger set of parameter-uncertain MDPs and
contracting operators in dynamic programming. We prove that both the
rectangularity condition and the containment condition sufficiently ensure that
the set-based value operator's fixed point set contains its own extrema
elements. For convex and compact sets of uncertain MDP parameters, we show
equivalence between the classic robust value function and the supremum of the
fixed point set of the set-based Bellman operator. Under dynamically changing
MDP parameters in compact sets, we prove a set convergence result for value
iteration, which otherwise may not converge to a single value function.
Finally, we derive novel guarantees for probabilistic path-planning problems in
planet exploration and stratospheric station-keeping.Comment: 17 pages, 11 figures, 1 tabl