Search

Your search keyword '"Bernd Finkbeiner"' showing total 298 results
Start Over Author "Bernd Finkbeiner"

Refine your results

more »

more »

more »

more »
298 results on '"Bernd Finkbeiner"'

251. Uppaal/DMC – Abstraction-Based Heuristics for Directed Model Checking

Author

Klaus Dräger, Henning Dierks, Andreas Podelski, Jörg Hoffmann, Sebastian Kupferschmid, Bernd Finkbeiner, and Gerd Behrmann

Subjects
Model checking, Tree traversal, Theoretical computer science, Heuristic, Computer science, State space, Abstraction model checking, Abstraction, State (computer science), Heuristics, Algorithm
Abstract

UPPAAL/DMC is an extension of UPPAAL which provides generic heuristics for directed model checking. In this approach, the traversal of the state space is guided by a heuristic function which estimates the distance of a search state to the nearest error state. Our tool combines two recent approaches to design such estimation functions. Both are based on computing an abstraction of the system and using the error distance in this abstraction as the heuristic value. The abstractions, and thus the heuristic functions, are generated fully automatically and do not need any additional user input. UPPAAL/DMC needs less time and memory to find shorter error paths than UPPAAL's standard search methods.

Published
2007

252. Synthesis of Asynchronous Systems

Author

Sven Schewe and Bernd Finkbeiner

Subjects
Asynchronous system, Synchronizer, Asynchronous communication, Computer science, If and only if, Distributed computing, Asynchronous method invocation, Scheduling (computing), Proactor pattern, Decidability
Abstract

This paper addresses the problem of synthesizing an asynchronous system from a temporal specification. We show that the cost of synthesizing a single-process implementation is the same for synchronous and asynchronous systems (2EXPTIME-complete for CTL* and EXPTIME-complete for the µ-calculus) if we assume a full scheduler (i.e., a scheduler that allows every possible scheduling), and exponentially more expensive for asynchronous systems without this assumption (3EXPTIME-complete for CTL* and 2EXPTIME-complete for the µ-calculus). While multi-process synthesis for synchronous distributed systems is possible for certain architectures (like pipelines and rings), we show that the synthesis of asynchronous distributed systems is decidable if and only if at most one process implementation is unknown.

Published
2007

253. Uniform Distributed Synthesis

Author

Bernd Finkbeiner and Sven Schewe

Subjects
Discrete mathematics, Theoretical computer science, Finite-state machine, Distributed algorithm, Formal language, Algebraic specification, Directed graph, Specification language, Mathematics, Undecidable problem, Decidability
Abstract

We provide a uniform solution to the problem of synthesizing a finite-state distributed system. An instance of the synthesis problem consists of a system architecture and a temporal specification. The architecture is given as a directed graph, where the nodes represent processes (including the environment as a special process) that communicate synchronously through shared variables attached to the edges. The same variable may occur on multiple outgoing edges of a single node, allowing for the broadcast of data. A solution to the synthesis problem is a collection of finite-state programs for the processes in the architecture, such that the joint behavior of the programs satisfies the specification in an unrestricted environment. We define information forks, a comprehensive criterion that characterizes all architectures with an undecidable synthesis problem. The criterion is effective: for a given architecture with n processes and v variables, it can be determined in O(n/sup 2//spl middot/v) time whether the synthesis problem is decidable. We give a uniform synthesis algorithm for all decidable cases. Our algorithm works for all /spl omega/-regular tree specification languages, including the /spl mu/-calculus. The undecidability proof, on the other hand, uses only LTL or, alternatively, CTL as the specification language. Our results therefore hold for the entire range of specification languages from LTL/CTL to the /spl mu/-calculus.

Published
2006

254. Preface

Author

Howard Barringer, Bernd Finkbeiner, Yuri Gurevich, and Henny Sipma

Subjects
General Computer Science, Theoretical Computer Science, Computer Science(all)
Published
2006
Full Text
View/download PDF

255. Satisfiability and Finite Model Property for the Alternating-Time μ-Calculus

Author

Sven Schewe and Bernd Finkbeiner

Subjects
Discrete mathematics, Computer science, Finite model property, Upper and lower bounds, Satisfiability, Automaton, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Parity game, Deterministic automaton, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Computer Science::Logic in Computer Science, Logical programming, Representation (mathematics), Boolean satisfiability problem, Algorithm, Computer Science::Formal Languages and Automata Theory
Abstract

This paper presents a decision procedure for the alternating-time μ-calculus. The algorithm is based on a representation of alternating-time formulas as automata over concurrent game structures. We show that language emptiness of these automata can be checked in exponential time. The complexity of our construction meets the known lower bounds for deciding the satisfiability of the classic μ-calculus. It follows that the satisfiability problem is EXPTIME-complete for the alternating-time μ-calculus.

Published
2006

256. Directed Model Checking with Distance-Preserving Abstractions

Author

Andreas Podelski, Klaus Dräger, and Bernd Finkbeiner

Subjects
Model checking, Reduction (complexity), Tree traversal, Computer science, Concurrency, State space, Abstraction, Abstraction model checking, State (computer science), Algorithm
Abstract

In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distance-preserving abstraction for concurrent systems that allows one to compute an interesting estimate of the error distance without hitting the state explosion problem. Our experiments show a dramatic reduction both in the number of states explored by the model checker and in the total runtime.

Published
2006

257. Automatic Synthesis of Assumptions for Compositional Model Checking

Author

Matthias Brill, Sven Schewe, and Bernd Finkbeiner

Subjects
Model checking, Property (philosophy), Computer science, Deterministic automaton, Equivalence relation, Mutual exclusion, Construct (python library), Static analysis, Formal methods, Algorithm
Abstract

We present a new technique for automatically synthesizing the assumptions needed in compositional model checking. The compositional approach reduces the proof that a property is satisfied by the parallel composition of two processes to the simpler argument that the property is guaranteed by one process provided that the other process satisfies an assumption A. Finding A manually is a difficult task that requires detailed insight into how the processes cooperate to satisfy the property. Previous methods to construct A automatically were based on the learning algorithm L*, which represents A as a deterministic automaton and therefore has exponential worst-case complexity. Our new technique instead represents A as an equivalence relation on the states, which allows for a quasi-linear construction. The model checker can therefore apply compositional reasoning without risking an exponential penalty for computing A.

Published
2006

258. LOLA: Runtime Monitoring of Synchronous Systems

Author

Bernd Finkbeiner, W. Robinson, Sriram Sankaranarayanan, B. D'Angelo, César Sánchez, Zohar Manna, S. Mehrotra, and Henny B. Sipma

Subjects
Online and offline, Correctness, Computer engineering, Computer science, Programming language, Formal specification, Specification language, Online algorithm, System monitoring, computer.software_genre, computer, Memory controller, Partial evaluation
Abstract

We present a specification language and algorithms for the online and offline monitoring of synchronous systems including circuits and embedded systems. Such monitoring is useful not only for testing, but also under actual deployment. The specification language is simple and expressive; it can describe both correctness/failure assertions along with interesting statistical measures that are useful for system profiling and coverage analysis. The algorithm for online monitoring of queries in this language follows a partial evaluation strategy: it incrementally constructs output streams from input streams, while maintaining a store of partially evaluated expressions for forward references. We identify a class of specifications, characterized syntactically, for which the algorithm's memory requirement is independent of the length of the input streams. Being able to bound memory requirements is especially important in online monitoring of large input streams. We extend the concepts used in the online algorithm to construct an efficient offline monitoring algorithm for large traces. We have implemented our algorithm and applied it to two industrial systems, the PCI bus protocol and a memory controller. The results demonstrate that our algorithms are practical and that our specification language is sufficiently expressive to handle specifications of interest to industry.

Published
2005

259. Semi-automatic Distributed Synthesis

Author

Sven Schewe and Bernd Finkbeiner

Subjects
CTL, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Program analysis, Matching (graph theory), Computer science, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Realizability, EXPTIME, Tree automaton, Algorithm, Hardware_LOGICDESIGN, Automaton
Abstract

We propose a sound and complete compositional proof rule for distributed synthesis. Applying our proof rule only requires the manual strengthening of the specification into a conjunction of formulas that can be guaranteed by individual black-box processes. All premises of the proof rule can be checked automatically. For this purpose, we give an automata-theoretic synthesis algorithm for single processes in distributed architectures. The behavior of the local environment of a process is unknown in the process of synthesis and cannot be assumed to be maximal. We therefore consider reactive environments that have the power to disable some of their own actions, and provide methods for synthesis (and realizability checking) in this setting. We establish upper bounds for CTL (2EXPTIME) and CTL* (3EXPTIME) synthesis with incomplete information, matching the known lower bounds for these problems, and provide matching upper and lower bounds for μ-calculus synthesis (2EXPTIME) with complete or incomplete information. Synthesis in reactive environments is harder than synthesis in maximal environments, where CTL, CTL* and μ-calculus synthesis are EXPTIME, 2EXPTIME and EXPTIME complete, respectively.

Published
2005

260. An Update on STeP: Deductive-Algorithmic Verification of Reactive Systems

Author

Zohar Manna, Tomás E. Uribe, Henny B. Sipma, Nikolaj Bjørner, Anca Browne, Bernd Finkbeiner, Mark C. Pichora, and Michael Colón

Subjects
Model checking, Automated theorem proving, High-level verification, Theoretical computer science, Functional verification, Computer science, Automated proof checking, Runtime verification, Formal verification, Intelligent verification
Abstract

The Stanford Temporal Prover, STeP, is a tool for the computer-aided formal verification of reactive systems, including real-time and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem proving, automatic invariant generation, abstraction and modular reasoning. We describe the most recent version of STeP, Version 2.0.

Published
1999

261. 07011 Executive Summary – Runtime Verification

Author

Bernd Finkbeiner and Klaus Havelund and Grigore Rosu and Oleg Sokolsky, Finkbeiner, Bernd, Havelund, Klaus, Rosu, Grigore, Sokolsky, Oleg, Bernd Finkbeiner and Klaus Havelund and Grigore Rosu and Oleg Sokolsky, Finkbeiner, Bernd, Havelund, Klaus, Rosu, Grigore, and Sokolsky, Oleg

Abstract

From January 2 to January 6, 2007, the Dagstuhl Seminar 07011 "Runtime Verification" was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. Over the past few years, runtime verification has emerged as a focused subject in program analysis that bridges the gap between the complexity-haunted field of fully formal verification methods and the ad-hoc field of testing. Other terms for this subject are: program monitoring, dynamic program analysis, and runtime analysis. Thirty researchers participated in the seminar and discussed their recent work and recent trends in runtime verification.

Published
2008
Full Text
View/download PDF

262. Abstraction Refinement for Games with Incomplete Information

Author

Rayna Dimitrova and Bernd Finkbeiner, Dimitrova, Rayna, Finkbeiner, Bernd, Rayna Dimitrova and Bernd Finkbeiner, Dimitrova, Rayna, and Finkbeiner, Bernd

Abstract

Counterexample-guided abstraction refinement (CEGAR) is used in automated software analysis to find suitable finite-state abstractions of infinite-state systems. In this paper, we extend CEGAR to games with incomplete information, as they commonly occur in controller synthesis and modular verification. The challenge is that, under incomplete information, one must carefully account for the knowledge available to the player: the strategy must not depend on information the player cannot see. We propose an abstraction mechanism for games under incomplete information that incorporates the approximation of the players\' moves into a knowledge-based subset construction on the abstract state space. This abstraction results in a perfect-information game over a finite graph. The concretizability of abstract strategies can be encoded as the satisfiability of strategy-tree formulas. Based on this encoding, we present an interpolation-based approach for selecting new predicates and provide sufficient conditions for the termination of the resulting refinement loop.

Published
2008
Full Text
View/download PDF

263. 07011 Abstracts Collection – Runtime Verification

Author

Bernd Finkbeiner and Klaus Havelund and Grigore Rosu and Oleg Sokolsky, Finkbeiner, Bernd, Havelund, Klaus, Rosu, Grigore, Sokolsky, Oleg, Bernd Finkbeiner and Klaus Havelund and Grigore Rosu and Oleg Sokolsky, Finkbeiner, Bernd, Havelund, Klaus, Rosu, Grigore, and Sokolsky, Oleg

Abstract

From January 2--6 2007 the Dagstuhl Seminar 07011 {\em `Runtime Verification'} was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar have been put together in this paper. The first section is an executive summary that describes the seminar topics in general.

Published
2008
Full Text
View/download PDF

264. Abstraction and Modular Verification of Infinite-State Reactive Systems

Author

Henny B. Sipma, Michael Colón, Bernd Finkbeiner, Tomás E. Uribe, and Zohar Manna

Subjects
Model checking, High-level verification, Programming language, Computer science, business.industry, Modular design, computer.software_genre, Intelligent verification, Computer Science::Logic in Computer Science, Verification, business, computer, Reactive system, Software verification, Abstraction (linguistics)
Abstract

We review a number of temporal verification techniques for reactive systems using modularity and abstraction. Their use allows the verification of larger systems, and the incremental verification of systems as they are developed and refined. In particular, we show how deductive verification tools, and the combination of finite-state model checking and abstraction, allow the verification of infinite-state systems featuring data types commonly used in software specifications, including real-time and hybrid systems.

Published
1998

265. Deductive Verification of Modular Systems

Author

Zohar Manna, Bernd Finkbeiner, and Henny B. Sipma

Subjects
High-level verification, Theoretical computer science, Functional verification, Interface (Java), business.industry, Computer science, Programming language, Runtime verification, Modular design, computer.software_genre, Intelligent verification, Transition system, Mutual exclusion, business, computer
Abstract

Effective verification methods, both deductive and algorithmic, exist for the verification of global system properties. In this paper, we introduce a formal framework for the modular description and verification of parameterized fair transition systems. The framework allows us to apply existing global verification methods, such as verification rules and diagrams, in a modular setting. Transition systems and transition modules can be described by recursive module expressions, allowing the description of hierarchical systems of unbounded depth. Apart from the usual parallel composition, hiding and renaming operations, our module description language provides constructs to augment and restrict the module interface, capablilities that are essential for recursive descriptions. We present proof rules for property inheritance between modules. Finally, module abstraction and induction allow the verification of recursively defined systems. Our approach is illustrated with a recursively defined arbiter for which we verify mutual exclusion and eventual access.

Published
1998

266. Synthesising certificates in networks of timed automata

Author

Hans-Jörg Peter, Bernd Finkbeiner, and Sven Schewe

Subjects
Model checking, Theoretical computer science, ComputingMilieux_THECOMPUTINGPROFESSION, Computer science, Reachability, Iterative refinement, Component (UML), Automata theory, Certificate, Computer Graphics and Computer-Aided Design, Formal verification, Abstraction (linguistics)
Abstract

The authors present an automatic method for the synthesis of certificates for components in embedded real-time systems. A certificate is a small homomorphic abstraction that can transparently replace the component during model checking: if the verification with the certificate succeeds, then the component is guaranteed to be correct; if the verification with the certificate fails, then the component itself must be erroneous. The authors give a direct construction, based on a forward and backward reachability analysis of the timed system, and an iterative refinement process, which produces a series of successively smaller certificates. In their experiments, model checking the certificate is several orders of magnitude faster than model checking the original system.

Published
2010

267. The ‘Cash-Point’ Service: A Verification Case Study Using STeP

Author

Zohar Manna, Bernd Finkbeiner, Anca Browne, and Henny B. Sipma

Subjects
Model checking, Programming language, Computer science, Data domain, Runtime verification, Gas meter prover, computer.software_genre, Theoretical Computer Science, Formal specification, Verification, Formal verification, computer, Reactive system, Software
Abstract

STeP, the Stanford Temporal Prover, supports the computer-aided formal verification of concurrent and reactive systems based on temporal specifications [MBB99]. Automated model checking is combined with computer-aided deductive methods to allow for the verification of a broad class of systems, including parameterised ( N -component) circuit designs, parameterised ( N -process) programs, and programs with infinite data domains.

Published
2000

268. Collecting Statistics Over Runtime Executions.

Author

Bernd Finkbeiner, Sriram Sankaranarayanan, and Henny Sipma

Abstract

We present an extension to linear-time temporal logic (LTL) that combines the temporal specification with the collection of statistical data. By collecting statistics over runtime executions of a program we can answer complex queries, such as “what is the average number of packet transmissions'' in a communication protocol, or “how often does a particular process enter the critical section while another process remains waiting'' in a mutual exclusion algorithm. To decouple the evaluation strategy of the queries from the definition of the temporal operators, we introduce algebraic alternating automata as an automata-based intermediate representation. Algebraic alternating automata are an extension of alternating automata that produce a value instead of acceptance or rejection for each trace. Based on the translation of the formulas from the query language to algebraic alternating automata, we obtain a simple and efficient query evaluation algorithm. The approach is illustrated with examples and experimental results. [ABSTRACT FROM AUTHOR]

Published
2005

269. Checking Finite Traces Using Alternating Automata.

Author

Bernd Finkbeiner and Henny Sipma

Abstract

Alternating automata have been commonly used as a basis for static verification of reactive systems. In this paper we show how alternating automata can be used in runtime verification. We present three algorithms to check at runtime whether a reactive program satisfies a temporal specification, expressed by a linear-time temporal logic formula. The three methods start from the same alternating automaton but traverse the automaton in different ways: depth-first, breadth-first, and backwards, respectively. We then show how an extension of these algorithms, that collects statistical data while verifying the execution trace, can be used for a more detailed analysis of the runtime behavior. All three methods have been implemented and experimental results are presented. [ABSTRACT FROM AUTHOR]

Published
2004

270. Efficient monitoring of hyperproperties using prefix trees

Author

Bernd Finkbeiner, Leander Tentrup, Christopher Hahn, and Marvin Stenger

Subjects
FOS: Computer and information sciences, 050101 languages & linguistics, Computer Science - Logic in Computer Science, Monitoring, Computer science, Computation, MathematicsofComputing_GENERAL, 02 engineering and technology, Set (abstract data type), 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Temporal logic, Information flow (information theory), Hyperproperties, TRACE (psycholinguistics), 05 social sciences, Runtime verification, Logic in Computer Science (cs.LO), Range (mathematics), 020201 artificial intelligence & image processing, Algorithm, Software, Information Systems, Counterexample
Abstract

Hyperproperties, such as non-interference and observational determinism, relate multiple computation traces with each other and are thus not monitorable by tools that consider computations in isolation. We present the monitoring approach implemented in the latest version of RVHyper, a runtime verification tool for hyperproperties. The input to the tool are specifications given in the temporal logic HyperLTL, which extends linear-time temporal logic (LTL) with trace quantifiers and trace variables. RVHyper processes execution traces sequentially until a violation of the specification is detected. In this case, a counter example, in the form of a set of traces, is returned. RVHyper employs a range of optimizations: a preprocessing analysis of the specification and a procedure that minimizes the traces that need to be stored during the monitoring process. In this article, we introduce a novel trace storage technique that arranges the traces in a tree-like structure to exploit partially equal traces. We evaluate RVhyper on existing benchmarks on secure information-flow control, error correcting codes and symmetry in hardware designs. As an example application outside of security, we show how RVHyper can be used to detect spurious dependencies in hardware designs., Comment: arXiv admin note: text overlap with arXiv:1807.00758, arXiv:1906.00798

Full Text
View/download PDF

271. Synthesis from hyperproperties

Author

Leander Tentrup, Bernd Finkbeiner, Philip Lukert, Christopher Hahn, and Marvin Stenger

Subjects
Discrete mathematics, 050101 languages & linguistics, Trace (linear algebra), Computer Networks and Communications, 05 social sciences, 02 engineering and technology, Decidability, Undecidable problem, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Realizability, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, Theory of computation, 0202 electrical engineering, electronic engineering, information engineering, Original Article, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Temporal logic, Information flow (information theory), Software, Information Systems, Mathematics, Counterexample
Abstract

We study the reactive synthesis problem for hyperproperties given as formulas of the temporal logic HyperLTL. Hyperproperties generalize trace properties, i.e., sets of traces, to sets of sets of traces. Typical examples are information-flow policies like noninterference, which stipulate that no sensitive data must leak into the public domain. Such properties cannot be expressed in standard linear or branching-time temporal logics like LTL, CTL, or $$\hbox {CTL}^*$$CTL∗. Furthermore, HyperLTL subsumes many classical extensions of the LTL realizability problem, including realizability under incomplete information, distributed synthesis, and fault-tolerant synthesis. We show that, while the synthesis problem is undecidable for full HyperLTL, it remains decidable for the $$\exists ^*$$∃∗, $$\exists ^*\forall ^1$$∃∗∀1, and the $${{ linear }}\;\forall ^*$$linear∀∗ fragments. Beyond these fragments, the synthesis problem immediately becomes undecidable. For universal HyperLTL, we present a semi-decision procedure that constructs implementations and counterexamples up to a given bound. We report encouraging experimental results obtained with a prototype implementation on example specifications with hyperproperties like symmetric responses, secrecy, and information flow.

Full Text
View/download PDF

272. Directed model checking with distance-preserving abstractions

Author

Bernd Finkbeiner, Andreas Podelski, and Klaus Dräger

Subjects
Model checking, Reduction (complexity), Tree traversal, Theoretical computer science, Computer science, Theory of computation, State space, Abstraction model checking, Mutual exclusion, State (computer science), Software, Information Systems
Abstract

In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distance-preserving abstraction for concurrent systems that allows one to compute an interesting estimate of the error distance without hitting the state explosion problem. Our experiments show a dramatic reduction both in the number of states explored by the model checker and in the total runtime.

Full Text
View/download PDF

273. Self-Consistent Modelling of Pulsar Magnetospheres

Author

Thomas Ertl, Heinz Herold, Bernd Finkbeiner, and Hanns Ruder

Subjects
Physics, Röntgenpulsar , Magnetosphäre , Mathematische Modellierung, Computer simulation, Astrophysics::High Energy Astrophysical Phenomena, Magnetosphere, Vacuum solution, Radiation, Self consistent, Physics::Classical Physics, Charged particle, Computational physics, Neutron star, Classical mechanics, Pulsar, Physics::Space Physics, Astrophysics::Solar and Stellar Astrophysics
Abstract

The magnetosphere of a rapidly rotating, strongly magnetized neutron star with aligned magnetic and rotational axes (parallel rotator) is modelled numerically. Including the radiation of the particles accelerated to relativistic energies as an efficient damping mechanism, we obtain a quasi-stationary self-consistent solution to this classical problem. The numerical simulation, which was started from the well-known vacuum solution, yields a global magnetospheric structure that can be characterized by two regions of oppositely charged particles, which eventually produce a relativistic pulsar wind, separated by a vacuum gap of considerable extent.

Published
1989

274. Synthesizing Approximate Implementations for Unrealizable Specifications

Author

Bernd Finkbeiner, Rayna Dimitrova, and Hazem Torfah

Subjects
FOS: Computer and information sciences, Computer Science - Logic in Computer Science, 050101 languages & linguistics, Theoretical computer science, Computer science, 05 social sciences, Arbiter, 02 engineering and technology, Logic in Computer Science (cs.LO), Bounded function, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Implementation
Abstract

The unrealizability of a specification is often due to the assumption that the behavior of the environment is unrestricted. In this paper, we present algorithms for synthesis in bounded environments, where the environment can only generate input sequences that are ultimately periodic words (lassos) with finite representations of bounded size. We provide automata-theoretic and symbolic approaches for solving this synthesis problem, and also study the synthesis of approximative implementations from unrealizable specifications. Such implementations may violate the specification in general, but are guaranteed to satisfy the specification on at least a specified portion of the bounded-size lassos. We evaluate the algorithms on different arbiter specifications., Comment: Published at CAV 2019

Full Text
View/download PDF

275. The Complexity of Monitoring Hyperproperties

Author

Borzoo Bonakdarpour and Bernd Finkbeiner

Subjects
Polynomial hierarchy, Model checking, FOS: Computer and information sciences, Computer Science - Logic in Computer Science, Theoretical computer science, Computer science, Kripke structure, Runtime verification, 020207 software engineering, 02 engineering and technology, 16. Peace & justice, Logic in Computer Science (cs.LO), Prefix, Quantifier (logic), TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, TheoryofComputation_LOGICSANDMEANINGSOFPROGRAMS, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Temporal logic, TRACE (psycholinguistics)
Abstract

We study the runtime verification of hyperproperties, expressed in the temporal logic HyperLTL, as a means to inspect a system with respect to security polices. Runtime monitors for hyperproperties analyze trace logs that are organized by common prefixes in the form of a tree-shaped Kripke structure, or are organized both by common prefixes and by common suffixes in the form of an acyclic Kripke structure. Unlike runtime verification techniques for trace properties, where the monitor tracks the state of the specification but usually does not need to store traces, a monitor for hyperproperties repeatedly model checks the growing Kripke structure. This calls for a rigorous complexity analysis of the model checking problem over tree-shaped and acyclic Kripke structures. We show that for trees, the complexity in the size of the Kripke structure is L-complete independently of the number of quantifier alternations in the HyperLTL formula. For acyclic Kripke structures, the complexity is PSPACE-complete (in the level of the polynomial hierarchy that corresponds to the number of quantifier alternations). The combined complexity in the size of the Kripke structure and the length of the HyperLTL formula is PSPACE-complete for both trees and acyclic Kripke structures, and is as low as NC for the relevant case of trees and alternation-free HyperLTL formulas. Thus, the size and shape of both the Kripke structure and the formula have significant impact on the complexity of the model checking problem.

Full Text
View/download PDF

276. MGHyper: Checking Satisfiability of HyperLTL Formulas Beyond the $$\exists ^*\forall ^*$$∃∗∀∗ Fragment

Author

Bernd Finkbeiner, Christopher Hahn, and Tobias Hans

Subjects
Discrete mathematics, Computer science, Computation, 020207 software engineering, 02 engineering and technology, Determinism, Satisfiability, Decidability, Fragment (logic), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Symmetry (geometry), Hamming code, Counterexample
Abstract

Hyperproperties are properties that refer to multiple computation traces. This includes many information-flow security policies, such as observational determinism, (generalized) noninterference, and noninference, and other system properties like symmetry or Hamming distances between in error-resistant codes. We introduce MGHyper, a tool for automatic satisfiability checking and model generation for hyperproperties expressed in HyperLTL. Unlike previous satisfiability checkers, MGHyper is not limited to the decidable \(\exists ^*\forall ^*\) fragment of HyperLTL, but provides a semi-decision procedure for the full logic. An important application of MGHyper is to automatically check equivalences between different hyperproperties (and different formalizations of the same hyperproperty) and to build counterexamples that disprove a certain claimed implication. We describe the semi-decisionprocedure implemented in MGHyper and report on experimental results obtained both with typical hyperproperties from the literature and with randomly generated HyperLTL formulas.

Full Text
View/download PDF

277. Approximate Automata for Omega-Regular Languages

Author

Bernd Finkbeiner, Hazem Torfah, and Rayna Dimitrova

Subjects
050101 languages & linguistics, Class (set theory), TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES, Theoretical computer science, Computer science, 05 social sciences, 02 engineering and technology, Type (model theory), Nonlinear Sciences::Cellular Automata and Lattice Gases, Determinism, Automaton, Nondeterministic algorithm, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Regular language, 0202 electrical engineering, electronic engineering, information engineering, Automata theory, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Representation (mathematics), Computer Science::Formal Languages and Automata Theory
Abstract

Automata over infinite words, also known as omega-automata, play a key role in the verification and synthesis of reactive systems. The spectrum of omega-automata is defined by two characteristics: the acceptance condition (e.g. B\"uchi or parity) and the determinism (e.g., deterministic or nondeterministic) of an automaton. These characteristics play a crucial role in applications of automata theory. For example, certain acceptance conditions can be handled more efficiently than others by dedicated tools and algorithms. Furthermore, some applications, such as synthesis and probabilistic model checking, require that properties are represented as some type of deterministic omega-automata. However, properties cannot always be represented by automata with the desired acceptance condition and determinism. In this paper we study the problem of approximating linear-time properties by automata in a given class. Our approximation is based on preserving the language up to a user-defined precision given in terms of the size of the finite lasso representation of infinite executions that are preserved. We study the state complexity of different types of approximating automata, and provide constructions for the approximation within different automata classes, for example, for approximating a given automaton by one with a simpler acceptance condition.

Full Text
View/download PDF

278. Causality-Based Game Solving

Author

Bernd Finkbeiner, Florian Funke, Norine Coenen, Simon Jantsch, Julian Siber, and Christel Baier

Subjects
Theoretical computer science, Computer science, Formalism (philosophy), ComputingMilieux_PERSONALCOMPUTING, 020207 software engineering, Craig interpolation, 02 engineering and technology, Causality (physics), Range (mathematics), Order (exchange), Reachability, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), 020201 artificial intelligence & image processing, Program synthesis
Abstract

We present a causality-based algorithm for solving two-player reachability games represented by logical constraints. These games are a useful formalism to model a wide array of problems arising, e.g., in program synthesis. Our technique for solving these games is based on the notion of subgoals, which are slices of the game that the reachability player necessarily needs to pass through in order to reach the goal. We use Craig interpolation to identify these necessary sets of moves and recursively slice the game along these subgoals. Our approach allows us to infer winning strategies that are structured along the subgoals. If the game is won by the reachability player, this is a strategy that progresses through the subgoals towards the final goal; if the game is won by the safety player, it is a permissive strategy that completely avoids a single subgoal. We evaluate our prototype implementation on a range of different games. On multiple benchmark families, our prototype scales dramatically better than previously available tools.

Full Text
View/download PDF

279. Model Checking Branching Properties on Petri Nets with Transits

Author

Ernst-Rüdiger Olderog, Bernd Finkbeiner, Manuel Gieseking, and Jesko Hecking-Harbusch

Subjects
Model checking, 050101 languages & linguistics, Correctness, Theoretical computer science, Computer science, 05 social sciences, 02 engineering and technology, Petri net, ENCODE, Automaton, Data flow diagram, Branching (version control), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Time complexity
Abstract

To model check concurrent systems, it is convenient to distinguish between the data flow and the control. Correctness is specified on the level of data flow whereas the system is configured on the level of control. Petri nets with transits and Flow-LTL are a corresponding formalism. In Flow-LTL, both the correctness of the data flow and assumptions on fairness and maximality for the control are expressed in linear time. So far, branching behavior cannot be specified for Petri nets with transits. In this paper, we introduce Flow- Open image in new window to express the intended branching behavior of the data flow while maintaining LTL for fairness and maximality assumptions on the control. We encode physical access control with policy updates as Petri nets with transits and give standard requirements in Flow- Open image in new window . For model checking, we reduce the model checking problem of Petri nets with transits against Flow- Open image in new window via automata constructions to the model checking problem of Petri nets against LTL. Thereby, physical access control with policy updates under fairness assumptions for an unbounded number of people can be verified.

Full Text
View/download PDF

280. Vehicle Platooning Simulations with Functional Reactive Programming

Author

Mark Santolucito, Ruzica Piskac, Felix Klein, and Bernd Finkbeiner

Subjects
FOS: Computer and information sciences, 0209 industrial biotechnology, Functional programming, Computer Science - Programming Languages, Interface (Java), Programming language, Computer science, 020206 networking & telecommunications, 02 engineering and technology, 16. Peace & justice, computer.software_genre, 020901 industrial engineering & automation, Vehicle platooning, 0202 electrical engineering, electronic engineering, information engineering, Haskell, computer, Reactive system, Functional reactive programming, Programming Languages (cs.PL), computer.programming_language
Abstract

Functional languages have provided major benefits to the verification community. Although features such as purity, a strong type system, and computational abstractions can help guide programmers away from costly errors, these can present challenges when used in a reactive system. Functional Reactive Programming is a paradigm that allows users the benefits of functional languages and an easy interface to a reactive environment. We present a tool for building autonomous vehicle controllers in FRP using Haskell., Comment: SCAV@CPSWeek 2017

Full Text
View/download PDF

281. The Density of Linear-Time Properties

Author

Hazem Torfah and Bernd Finkbeiner

Subjects
Pure mathematics, Property (philosophy), Oscillation, 020207 software engineering, 02 engineering and technology, Space (mathematics), Omega, Distribution (mathematics), Bounded function, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Special case, Time complexity, Mathematics
Abstract

Finding models for linear-time properties is a central problem in verification and planning. We study the distribution of linear-time models by investigating the density of linear-time properties over the space of ultimately periodic words. The density of a property over a bound n is the ratio of the number of lasso-shaped words of length n, that satisfy the property, to the total number of lasso-shaped words of length n. We investigate the problem of computing the density for both linear-time properties in general and for the important special case of \(\omega \)-regular properties. For general linear-time properties, the density is not necessarily convergent and can oscillates indefinitely for certain properties. However, we show that the oscillation is bounded by the growth of the sets of bad- and good-prefix of the property. For \(\omega \)-regular properties, we show that the density is always convergent and provide a general algorithm for computing the density of \(\omega \)-regular properties as well as more specialized algorithms for certain sub-classes and their combinations.

Full Text
View/download PDF

282. Explainable Reactive Synthesis

Author

Hazem Torfah, Tom Baumeister, and Bernd Finkbeiner

Subjects
050101 languages & linguistics, Computer science, Programming language, 05 social sciences, Process (computing), 02 engineering and technology, computer.software_genre, Range (mathematics), Simple (abstract algebra), Reactive synthesis, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Temporal logic, computer, Reactive system, Counterexample
Abstract

Reactive synthesis transforms a specification of a reactive system, given in a temporal logic, into an implementation. The main advantage of synthesis is that it is automatic. The main disadvantage is that the implementation is usually very difficult to understand. In this paper, we present a new synthesis process that explains the synthesized implementation to the user. The process starts with a simple version of the specification and a corresponding simple implementation. Then, desired properties are added one by one, and the corresponding transformations, repairing the implementation, are explained in terms of counterexample traces. We present SAT-based algorithms for the synthesis of repairs and explanations. The algorithms are evaluated on a range of examples including benchmarks taken from the SYNTCOMP competition.

Full Text
View/download PDF

284. Preface

Author

Bernd Finkbeiner, Yuri Gurevich, and Alexander K. Petrenko

Subjects
General Computer Science, Theoretical Computer Science, Computer Science(all)
Full Text
View/download PDF

296. On the Generalized Membership Problem in Relatively Hyperbolic Groups

Author

Pascal Weil, Olga Kharlampovich, Department of Mathematics and Statistics [Hunter College], Hunter College [CUNY, New York], City University of New York [New York] (CUNY)-City University of New York [New York] (CUNY), Laboratoire Bordelais de Recherche en Informatique (LaBRI), Université de Bordeaux (UB)-Centre National de la Recherche Scientifique (CNRS)-École Nationale Supérieure d'Électronique, Informatique et Radiocommunications de Bordeaux (ENSEIRB), Research Lab in Computer Science (ReLaX), Institute of Mathematical Sciences [Chennai] (IMSc)-Chennai Mathematical Institute [Inde]-Université de Bordeaux (UB)-Centre National de la Recherche Scientifique (CNRS)-Ecole Normale Supérieure Paris-Saclay (ENS Paris Saclay), Andreas Blass, Patrick Cégielski, Nachum Dershowitz, Manfred Droste, Bernd Finkbeiner, and ANR-16-CE40-0007,DELTA,DÉfis pour la Logique, les Transducteurs et les Automates(2016)

Subjects
Pure mathematics, Mathematics::Dynamical Systems, Membership problem, 010201 computation theory & mathematics, 010102 general mathematics, Structure (category theory), 0102 computer and information sciences, 0101 mathematics, 01 natural sciences, [MATH.MATH-GR]Mathematics [math]/Group Theory [math.GR], Mathematics, Decidability
Abstract

International audience; The aim of this short note is to provide a proof of the decidability of the generalized membership problem for relatively quasi-convex subgroups of finitely presented relatively hyperbolic groups, under some reasonably mild conditions on the peripheral structure of these groups. These hypotheses are satisfied, in particular, by toral relatively hyperbolic groups.

Published
2020

297. Neural Predictive Monitoring

Author

Luca Bortolussi, Scott D. Stoller, Nicola Paoletti, Scott A. Smolka, Francesca Cairoli, Springer, Cham, Bernd Finkbeiner, Leonardo Mariani, Bortolussi, Luca, Cairoli, Francesca, Paoletti, Nicola, Smolka, Scott A., and Stoller, Scott D.

Subjects
050101 languages & linguistics, business.industry, Active learning (machine learning), Computer science, Computation, Deep learning, Reliability (computer networking), 05 social sciences, predictive monitoring, Word error rate, deep learning, 02 engineering and technology, conformal predictions, Automaton, Reachability, active learning, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Artificial intelligence, State (computer science), business, Algorithm
Abstract

Neural State Classification (NSC) is a recently proposed method for runtime predictive monitoring of Hybrid Automata (HA) using deep neural networks (DNNs). NSC trains a DNN as an approximate reachability predictor that labels a given HA state x as positive if an unsafe state is reachable from x within a given time bound, and labels x as negative otherwise. NSC predictors have very high accuracy, yet are prone to prediction errors that can negatively impact reliability. To overcome this limitation, we present Neural Predictive Monitoring (NPM), a technique based on NSC and conformal prediction that complements NSC predictions with statistically sound estimates of uncertainty. This yields principled criteria for the rejection of predictions likely to be incorrect, without knowing the true reachability values. We also present an active learning method that significantly reduces both the NSC predictor’s error rate and the percentage of rejected predictions. Our approach is highly efficient, with computation times on the order of milliseconds, and effective, managing in our experimental evaluation to successfully reject almost all incorrect predictions.

Published
2019

298. Verification of an AFDX infrastructure using simulation and probabilities

Author

Basu, Ananda, Bensalem, Saddek, Bozga, Marius, Delahaye, Benoît, Legay, Axel, Sifakis, Emmanuel, VERIMAG (VERIMAG - IMAG), Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique de Grenoble (INPG)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Université Joseph Fourier - Grenoble 1 (UJF), System synthesis and supervision, scenarios (S4), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria), Howard Barringer, Yli{è}s Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon J. Pace, Grigore Rosu, Oleg Sokolsky and Nikolai Tillmann, European Project: 215543,EC:FP7:ICT,FP7-ICT-2007-1,COMBEST(2008), Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), and Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Rennes – Bretagne Atlantique

Subjects
compositional verification, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, statistical abstraction, statistical-model checking
Abstract

International audience; Until recently, there was not a strong need for networking inside aircrafts. Indeed, the communications were mainly cabled and handled by etherned protocols. The evolution of avionics embedded systems and the number of integrated functions in civilian aircrafts has changed the situation. Indeed, those functionalities implies a huge increase in the quantity of data exchanged and thus in the number of connections between functions. Among the available mechanisms provided to handle this new complexity, one find Avionics Full Duplex Switched Ethernet (AFDX), a protocol that allows to simulate a point-to-point network between a source and one or more destinations. The core idea in AFDX is the one of Virtual Links (VL) that are used to simulate point-to-point communication between devices. One of the main challenge is to show that the total delivery time for packets on VL is bounded by some predefined value. This is a difficult problem that also requires to provide a formal, but quite evolutive, model of the AFDX network. In this paper, we propose to use a component-based design methodology to describe the behavior of the model. We then propose a stochastic abstraction that allows not only to simplify the complexity of the verification process but also to provide quantitative information on the protocol.

Published
2010

Catalog

Books, media, physical & digital resources
See catalog results