22 research outputs found
IST Austria Thesis
Hybrid automata combine finite automata and dynamical systems, and model the interaction of digital with physical systems. Formal analysis that can guarantee the safety of all behaviors or rigorously witness failures, while unsolvable in general, has been tackled algorithmically using, e.g., abstraction, bounded model-checking, assisted theorem proving.
Nevertheless, very few methods have addressed the time-unbounded reachability analysis of hybrid automata and, for current sound and automatic tools, scalability remains critical. We develop methods for the polyhedral abstraction of hybrid automata, which construct coarse overapproximations and tightens them incrementally, in a CEGAR fashion. We use template polyhedra, i.e., polyhedra whose facets are normal to a given set of directions.
While, previously, directions were given by the user, we introduce (1) the first method
for computing template directions from spurious counterexamples, so as to generalize and
eliminate them. The method applies naturally to convex hybrid automata, i.e., hybrid
automata with (possibly non-linear) convex constraints on derivatives only, while for linear
ODE requires further abstraction. Specifically, we introduce (2) the conic abstractions,
which, partitioning the state space into appropriate (possibly non-uniform) cones, divide
curvy trajectories into relatively straight sections, suitable for polyhedral abstractions.
Finally, we introduce (3) space-time interpolation, which, combining interval arithmetic
and template refinement, computes appropriate (possibly non-uniform) time partitioning
and template directions along spurious trajectories, so as to eliminate them.
We obtain sound and automatic methods for the reachability analysis over dense
and unbounded time of convex hybrid automata and hybrid automata with linear ODE.
We build prototype tools and compare—favorably—our methods against the respective
state-of-the-art tools, on several benchmarks
On the Trade-off Between Efficiency and Precision of Neural Abstraction
Neural abstractions have been recently introduced as formal approximations of
complex, nonlinear dynamical models. They comprise a neural ODE and a certified
upper bound on the error between the abstract neural network and the concrete
dynamical model. So far neural abstractions have exclusively been obtained as
neural networks consisting entirely of activation functions, resulting
in neural ODE models that have piecewise affine dynamics, and which can be
equivalently interpreted as linear hybrid automata. In this work, we observe
that the utility of an abstraction depends on its use: some scenarios might
require coarse abstractions that are easier to analyse, whereas others might
require more complex, refined abstractions. We therefore consider neural
abstractions of alternative shapes, namely either piecewise constant or
nonlinear non-polynomial (specifically, obtained via sigmoidal activations). We
employ formal inductive synthesis procedures to generate neural abstractions
that result in dynamical models with these semantics. Empirically, we
demonstrate the trade-off that these different neural abstraction templates
have vis-a-vis their precision and synthesis time, as well as the time required
for their safety verification (done via reachability computation). We improve
existing synthesis techniques to enable abstraction of higher-dimensional
models, and additionally discuss the abstraction of complex neural ODEs to
improve the efficiency of reachability analysis for these models.Comment: To appear at QEST 202
LNCS
Quantization converts neural networks into low-bit fixed-point computations which can be carried out by efficient integer-only hardware, and is standard practice for the deployment of neural networks on real-time embedded devices. However, like their real-numbered counterpart, quantized networks are not immune to malicious misclassification caused by adversarial attacks. We investigate how quantization affects a network’s robustness to adversarial attacks, which is a formal verification question. We show that neither robustness nor non-robustness are monotonic with changing the number of bits for the representation and, also, neither are preserved by quantization from a real-numbered network. For this reason, we introduce a verification method for quantized neural networks which, using SMT solving over bit-vectors, accounts for their exact, bit-precise semantics. We built a tool and analyzed the effect of quantization on a classifier for the MNIST dataset. We demonstrate that, compared to our method, existing methods for the analysis of real-numbered networks often derive false conclusions about their quantizations, both when determining robustness and when detecting attacks, and that existing methods for quantized networks often miss attacks. Furthermore, we applied our method beyond robustness, showing how the number of bits in quantization enlarges the gender bias of a predictor for students’ grades
Formal Synthesis of Lyapunov Neural Networks
We propose an automatic and formally sound method for synthesising Lyapunov
functions for the asymptotic stability of autonomous non-linear systems.
Traditional methods are either analytical and require manual effort or are
numerical but lack of formal soundness. Symbolic computational methods for
Lyapunov functions, which are in between, give formal guarantees but are
typically semi-automatic because they rely on the user to provide appropriate
function templates. We propose a method that finds Lyapunov functions fully
automaticallyusing machine learningwhile also providing formal
guaranteesusing satisfiability modulo theories (SMT). We employ a
counterexample-guided approach where a numerical learner and a symbolic
verifier interact to construct provably correct Lyapunov neural networks
(LNNs). The learner trains a neural network that satisfies the Lyapunov
criteria for asymptotic stability over a samples set; the verifier proves via
SMT solving that the criteria are satisfied over the whole domain or augments
the samples set with counterexamples. Our method supports neural networks with
polynomial activation functions and multiple depth and width, which display
wide learning capabilities. We demonstrate our method over several non-trivial
benchmarks and compare it favourably against a numerical optimisation-based
approach, a symbolic template-based approach, and a cognate LNN-based approach.
Our method synthesises Lyapunov functions faster and over wider spatial domains
than the alternatives, yet providing stronger or equal guarantees
LNCS
Template polyhedra generalize intervals and octagons to polyhedra whose facets are orthogonal to a given set of arbitrary directions. They have been employed in the abstract interpretation of programs and, with particular success, in the reachability analysis of hybrid automata. While previously, the choice of directions has been left to the user or a heuristic, we present a method for the automatic discovery of directions that generalize and eliminate spurious counterexamples. We show that for the class of convex hybrid automata, i.e., hybrid automata with (possibly nonlinear) convex constraints on derivatives, such directions always exist and can be found using convex optimization. We embed our method inside a CEGAR loop, thus enabling the time-unbounded reachability analysis of an important and richer class of hybrid automata than was previously possible. We evaluate our method on several benchmarks, demonstrating also its superior efficiency for the special case of linear hybrid automata
LNCS
Despite researchers’ efforts in the last couple of decades, reachability analysis is still a challenging problem even for linear hybrid systems. Among the existing approaches, the most practical ones are mainly based on bounded-time reachable set over-approximations. For the purpose of unbounded-time analysis, one important strategy is to abstract the original system and find an invariant for the abstraction. In this paper, we propose an approach to constructing a new kind of abstraction called conic abstraction for affine hybrid systems, and to computing reachable sets based on this abstraction. The essential feature of a conic abstraction is that it partitions the state space of a system into a set of convex polyhedral cones which is derived from a uniform conic partition of the derivative space. Such a set of polyhedral cones is able to cut all trajectories of the system into almost straight segments so that every segment of a reach pipe in a polyhedral cone tends to be straight as well, and hence can be over-approximated tightly by polyhedra using similar techniques as HyTech or PHAVer. In particular, for diagonalizable affine systems, our approach can guarantee to find an invariant for unbounded reachable sets, which is beyond the capability of bounded-time reachability analysis tools. We implemented the approach in a tool and experiments on benchmarks show that our approach is more powerful than SpaceEx and PHAVer in dealing with diagonalizable systems
Quantitative Verification with Neural Networks
We present a data-driven approach to the quantitative verification of
probabilistic programs and stochastic dynamical models. Our approach leverages
neural networks to compute tight and sound bounds for the probability that a
stochastic process hits a target condition within finite time. This problem
subsumes a variety of quantitative verification questions, from the
reachability and safety analysis of discrete-time stochastic dynamical models,
to the study of assertion-violation and termination analysis of probabilistic
programs. We rely on neural networks to represent supermartingale certificates
that yield such probability bounds, which we compute using a
counterexample-guided inductive synthesis loop: we train the neural certificate
while tightening the probability bound over samples of the state space using
stochastic optimisation, and then we formally check the certificate's validity
over every possible state using satisfiability modulo theories; if we receive a
counterexample, we add it to our set of samples and repeat the loop until
validity is confirmed. We demonstrate on a diverse set of benchmarks that,
thanks to the expressive power of neural networks, our method yields smaller or
comparable probability bounds than existing symbolic methods in all cases, and
that our approach succeeds on models that are entirely beyond the reach of such
alternative techniques.Comment: The conference version of this manuscript appeared at CONCUR 202
Model checking the evolution of gene regulatory networks
The behaviour of gene regulatory networks (GRNs) is typically analysed using simulation-based statistical testing-like methods. In this paper, we demonstrate that we can replace this approach by a formal verification-like method that gives higher assurance and scalability. We focus on Wagner’s weighted GRN model with varying weights, which is used in evolutionary biology. In the model, weight parameters represent the gene interaction strength that may change due to genetic mutations. For a property of interest, we synthesise the constraints over the parameter space that represent the set of GRNs satisfying the property. We experimentally show that our parameter synthesis procedure computes the mutational robustness of GRNs—an important problem of interest in evolutionary biology—more efficiently than the classical simulation method. We specify the property in linear temporal logic. We employ symbolic bounded model checking and SMT solving to compute the space of GRNs that satisfy the property, which amounts to synthesizing a set of linear constraints on the weights