43 research outputs found
How Fast Can You Escape a Compact Polytope?
The Continuous Polytope Escape Problem (CPEP) asks whether every trajectory of a linear differential equation initialised within a convex polytope eventually escapes the polytope. We provide a polynomial-time algorithm to decide CPEP for compact polytopes. We also establish a quantitative uniform upper bound on the time required for every trajectory to escape the given polytope. In addition, we establish iteration bounds for termination of discrete linear loops via reduction to the continuous case
Probabilistic Disclosure: Maximisation vs. Minimisation
We consider opacity questions where an observation function provides
to an external attacker a view of the states along executions and
secret executions are those visiting some state from a fixed
subset. Disclosure occurs when the observer can deduce from a finite
observation that the execution is secret, the epsilon-disclosure
variant corresponding to the execution being secret with probability
greater than 1 - epsilon. In a probabilistic and non deterministic
setting, where an internal agent can choose between actions, there
are two points of view, depending on the status of this agent: the
successive choices can either help the attacker trying to disclose
the secret, if the system has been corrupted, or they can prevent
disclosure as much as possible if these choices are part of the
system design. In the former situation, corresponding to a worst
case, the disclosure value is the supremum over the strategies of
the probability to disclose the secret (maximisation), whereas in
the latter case, the disclosure is the infimum (minimisation). We
address quantitative problems (comparing the optimal value with a
threshold) and qualitative ones (when the threshold is zero or one)
related to both forms of disclosure for a fixed or finite
horizon. For all problems, we characterise their decidability status
and their complexity. We discover a surprising asymmetry: on the one
hand optimal strategies may be chosen among deterministic ones in
maximisation problems, while it is not the case for minimisation. On
the other hand, for the questions addressed here, more minimisation
problems than maximisation ones are decidable
Simple Priced Timed Games Are Not That Simple
Priced timed games are two-player zero-sum games played on priced timed
automata (whose locations and transitions are labeled by weights modeling the
costs of spending time in a state and executing an action, respectively). The
goals of the players are to minimise and maximise the cost to reach a target
location, respectively. We consider priced timed games with one clock and
arbitrary (positive and negative) weights and show that, for an important
subclass of theirs (the so-called simple priced timed games), one can compute,
in exponential time, the optimal values that the players can achieve, with
their associated optimal strategies. As side results, we also show that
one-clock priced timed games are determined and that we can use our result on
simple priced timed games to solve the more general class of so-called
reset-acyclic priced timed games (with arbitrary weights and one-clock)
Diagnosis in Infinite-State Probabilistic Systems
In a recent work, we introduced four variants of diagnosability
(FA, IA, FF, IF) in (finite) probabilistic
systems (pLTS) depending whether one considers (1) finite or
infinite runs and (2) faulty or all runs. We studied their
relationship and established that the corresponding decision
problems are PSPACE-complete. A key ingredient of the decision
procedures was a characterisation of diagnosability by the fact that
a random run almost surely lies in an open set whose specification
only depends on the qualitative behaviour of the pLTS. Here we
investigate similar issues for infinite pLTS. We first show that
this characterisation still holds for FF-diagnosability but
with a G-delta set instead of an open set and also for IF-
and IA-diagnosability when pLTS are finitely branching. We also
prove that surprisingly FA-diagnosability cannot be
characterised in this way even in the finitely branching case. Then
we apply our characterisations for a partially observable
probabilistic extension of visibly pushdown automata (POpVPA),
yielding EXPSPACE procedures for solving diagnosability problems.
In addition, we establish some computational lower bounds and show
that slight extensions of POpVPA lead to undecidability
Model Checking Linear Dynamical Systems under Floating-point Rounding
We consider linear dynamical systems under floating-point rounding. In these
systems, a matrix is repeatedly applied to a vector, but the numbers are
rounded into floating-point representation after each step (i.e., stored as a
fixed-precision mantissa and an exponent). The approach more faithfully models
realistic implementations of linear loops, compared to the exact
arbitrary-precision setting often employed in the study of linear dynamical
systems.
Our results are twofold: We show that for non-negative matrices there is a
special structure to the sequence of vectors generated by the system: the
mantissas are periodic and the exponents grow linearly. We leverage this to
show decidability of -regular temporal model checking against
semialgebraic predicates. This contrasts with the unrounded setting, where even
the non-negative case encompasses the long-standing open Skolem and positivity
problems.
On the other hand, when negative numbers are allowed in the matrix, we show
that the reachability problem is undecidable by encoding a two-counter machine.
Again, this is in contrast to the unrounded setting where point-to-point
reachability is known to be decidable in polynomial time
On the Complexity of the Escape Problem for Linear Dynamical Systems over Compact Semialgebraic Sets
We study the computational complexity of the Escape Problem for discrete-time linear dynamical systems over compact semialgebraic sets, or equivalently the Termination Problem for affine loops with compact semialgebraic guard sets. Consider the fragment of the theory of the reals consisting of negation-free ? ?-sentences without strict inequalities. We derive several equivalent characterisations of the associated complexity class which demonstrate its robustness and illustrate its expressive power. We show that the Compact Escape Problem is complete for this class
Configuring Timing Parameters to Ensure Execution-Time Opacity in Timed Automata
Timing information leakage occurs whenever an attacker successfully deduces
confidential internal information by observing some timed information such as
events with timestamps. Timed automata are an extension of finite-state
automata with a set of clocks evolving linearly and that can be tested or
reset, making this formalism able to reason on systems involving concurrency
and timing constraints. In this paper, we summarize a recent line of works
using timed automata as the input formalism, in which we assume that the
attacker has access (only) to the system execution time. First, we address the
following execution-time opacity problem: given a timed system modeled by a
timed automaton, given a secret location and a final location, synthesize the
execution times from the initial location to the final location for which one
cannot deduce whether the secret location was visited. This means that for any
such execution time, the system is opaque: either the final location is not
reachable, or it is reachable with that execution time for both a run visiting
and a run not visiting the secret location. We also address the full
execution-time opacity problem, asking whether the system is opaque for all
execution times; we also study a weak counterpart. Second, we add timing
parameters, which are a way to configure a system: we identify a subclass of
parametric timed automata with some decidability results. In addition, we
devise a semi-algorithm for synthesizing timing parameter valuations
guaranteeing that the resulting system is opaque. Third, we report on problems
when the secret has itself an expiration date, thus defining expiring
execution-time opacity problems. We finally show that our method can also apply
to program analysis with configurable internal timings.Comment: In Proceedings TiCSA 2023, arXiv:2310.18720. This invited paper
mainly summarizes results on opacity from two recent works published in ToSEM
(2022) and at ICECCS 2023, providing unified notations and concept names for
the sake of consistency. In addition, we prove a few original results absent
from these work
Porous Invariants
AbstractWe introduce the notion of porous invariants for multipath (or branching/nondeterministic) affine loops over the integers; these invariants are not necessarily convex, and can in fact contain infinitely many âholesâ. Nevertheless, we show that in many cases such invariants can be automatically synthesised, and moreover can be used to settle (non-)reachability questions for various interesting classes of affine loops and target sets.
</jats:p
Model Checking Linear Dynamical Systems under Floating-point Rounding
We consider linear dynamical systems under floating-point rounding. In these systems, a matrix is repeatedly applied to a vector, but the numbers are rounded into floating-point representation after each step (i.e., stored as a fixed-precision mantissa and an exponent). The approach more faithfully models realistic implementations of linear loops, compared to the exact arbitrary-precision setting often employed in the study of linear dynamical systems
Reachability in Dynamical Systems with Rounding
We consider reachability in dynamical systems with discrete linear updates,
but with fixed digital precision, i.e., such that values of the system are
rounded at each step. Given a matrix , an
initial vector , a granularity and a
rounding operation projecting a vector of onto
another vector whose every entry is a multiple of , we are interested in the
behaviour of the orbit , i.e.,
the trajectory of a linear dynamical system in which the state is rounded after
each step. For arbitrary rounding functions with bounded effect, we show that
the complexity of deciding point-to-point reachability---whether a given target
belongs to ---is PSPACE-complete for
hyperbolic systems (when no eigenvalue of has modulus one). We also
establish decidability without any restrictions on eigenvalues for several
natural classes of rounding functions.Comment: To appear at FSTTCS'2