To get informed of current and future exposés via our mailing list, please
contact
.
| 23/05/2012 | Ross Duncan
(ULB)
Verifying the one-way quantum computer
Nobody understands quantum
mechanics, but it is easy to see why the verification of quantum programs is
difficult: the state of an N particle quantum system live in a Hilbert space whose
dimension is exponential in n. Fortunately there is way out of Hilbert's hotel. In
this talk I'll introduce _categorical_quantum_mechanics_, an approach which replaces
the Hilbert space with a simpler, more abstract, structure which is still rich
enough to do quantum computing. Even better, because this theory is based on
monoidal categories, everything can be done in a simple graphical notation, and
proofs can essentially be reduced to graph rewriting. I'll demonstrate this
approach by consider a one particular design of quantum computer, the one-way model,
and one particular question: is my program deterministic?
This talk will be totally self-contained. No prior knowledge of quantum computing
or category theory is assumed.
|
| 21/05/2012 | Simoni
Shah
(STCS/TIFR)
Unambiguity and Unaryness in Time
Metric Temporal Logic (MTL) is one of the most widely- studied
timed logics. However, the satisfiability problem of MTL[U,S] over
pointwise models is undecidable. In a quest to find useful fragments of
MTL with better decidability complexities, restrictions such as
non-punctuality, bounded interval constraints etc. have been studied in
the past. We shall investigate the Unary fragment of Metric Interval
Temporal Logic ( MITL[F,P] ) which allows only non-punctual interval
constraints.
Several real-time properties of systems may be specified by using the
unary future and past modalities alone. Moreover, in the untimed case of
finite words, the unary fragment of logic LTL[U,S] has a special
position: the unary temporal logic LTL[F,P] has NP-complete
satisfiability and expresses exactly the unambiguous star-free languages
(UL) which are characterized by Partially ordered 2-Way Deterministic
Automata (po2dfa). Hence there is a strong connection between the unary
logic, and the unambiguity inherent in the language class UL.
With this being the motivation, two key unary fragments of metric
interval temporal logic namely MITL[F_\infty, P_\infty] which has unary
modalities with only lower-bound constraints and MITL[F_b, P_b] having
unary modalities with only bounded intervals, are investigated. Unaryness
and unambiguity are related in the timed world too: it can be shown by two
way reductions, that MITL[F_\infty,P_\infty] is (surprisingly)
expressively complete for Partially Ordered 2Way Deterministic Timed
Automata (po2DTA) and the reduction from logic to automaton gives its
NP-complete satisfiability for the logic. On the other hand, MITL[F_b,
P_b] having unary modalities with only bounded intervals has
NEXPTIME-complete satisfiability. But strangely, MITL[F_b, P_b] is
strictly less expressive than MITL[F_\infty, P_\infty]. We shall provide a
comprehensive picture of the decidability and expressiveness of various
unary fragments of MITL.
|
| 16/05/2012 | Émilie Charlier
(ULB)
Introduction to abstract numeration systems
Abstract numeration systems were introduced in 2001 by P. Lecomte and M. Rigo. This new way to represent numbers generalizes that of usual positional numeration systems such as integer base numeration systems and linear numeration systems. Some standard properties are preserved in this wider framework though some others are not. Yet, the advantages of these systems stem from their great generality: current research on this subject strives to highlight the properties that are independent of the target numeration system, such as properties related to the complexity of the numeration language. In this talk I will introduce this topic. In particular, I will present many open questions in the area and highlight the connections with combinatorics on words.
|
| 09/05/2012 |
Hans-Jörg
Peter
(Universität Saarbrücken)
Template-based Controller Synthesis for Timed Systems
We present an effective controller synthesis method for real-
time systems modeled as timed automata with safety requirements.
Under the realistic assumption of partial observability, the problem is
undecidable in general, and prohibitively expensive (2ExpTime-complete)
if a bound on the granularity of the controller is set in advance. We
investigate the synthesis of controllers from templates, given as timed
automata with parametric control structure. Template-based synthesis is
significantly cheaper (PSpace-complete) than standard synthesis
and produces much simpler controllers. We present an efficient symbolic
synthesis algorithm based on automatic abstraction refinement and report
on encouraging experimental results from an implementation in the
timed verification and synthesis tool Synthia.
|
| 24/04 2012 |
Pavol Černý
(IST Austria)
Streaming string transducers
We introduce streaming string transducers that map input strings
to output strings in a single left-to-right pass. The transducer
uses a finite set of states, and a finite set of variables
ranging over strings. At every step, it can make decisions based
on the next input symbol, updating its state, and updating
string variables by concatenating string variables and new
symbols from the output alphabet. We establish that the problems
of checking functional equivalence of two streaming transducers,
and of checking whether a streaming transducer satisfies
pre/post verification conditions specified by streaming
acceptors over input/output strings, are in PSPACE. There is a
robust and well-studied class of ``regular'' transductions on
finite alphabets. This class of transductions can be defined by
two-way deterministic finite-state transducers and it has a
logical MSO-based characterization. We establish that the
streaming string transducers capture exactly the class of
regular transductions.
For applications to program
verification, we define data streaming string transducers
(DSSTs) that operate on data strings. Data strings are
(unbounded) sequences of data values, tagged with symbols from a
finite set, over a potentially infinite data domain that
supports only the operations of equality and ordering. We
identify a class of imperative and a class of functional
programs, manipulating lists of data items, which can be
effectively translated to DSSTs. The imperative programs
dynamically modify a singly-linked heap by changing
next-pointers of heap-nodes and by adding new nodes. The main
restriction specifies how the next-pointers can be used for
traversal. We also identify an expressively equivalent fragment
of functional programs that traverse a list using syntactically
restricted recursive calls. Our results lead to algorithms for
assertion checking and for checking functional equivalence of
two programs, written possibly in different programming styles,
for commonly used routines such as insert, delete, and
reverse.
This is joint work with Rajeev Alur.
|
| 23/04 2012 |
Sanjit A. Seshia
(UC Berkeley)
Verification and Synthesis by Sciduction
Even with impressive advances in automated formal methods, certain
problems in system verification and synthesis remain challenging.
Examples include the verification of quantitative properties of
software involving constraints on timing and energy consumption, and
the automatic synthesis of systems from specifications. The
challenges mainly arise from three sources: environment modeling,
incompleteness in specifications, and the complexity of underlying
decision problems.
In this talk, I will present SCIDUCTION, a methodology to tackle
these challenges. Sciduction combines inductive inference (learning
from examples), deductive reasoning (such as SAT/SMT solving), and
structure hypotheses. We have demonstrated several applications of
sciduction including timing analysis of embedded software, synthesis
of loop-free programs, synthesis from temporal logic (LTL),
term-level verification of hardware (RTL) designs, and switching
logic synthesis of hybrid systems. This talk will present some core
theory, a couple of illustrative applications, and directions for
future work.
|
| 18/04 2012 |
Mickael
Randour
(UMons)
Strategy Synthesis for
Multi-dimensional Quantitative Objectives
Multi-dimensional mean-payoff and energy games provide the mathematical foundation for the quantitative study of reactive systems, and play a central role in the emerging quantitative theory of verification and synthesis. In this work, we study the strategy synthesis problem for games with such multi-dimensional objectives along with a parity condition, a canonical way to express \omega-regular conditions. While in general, the winning strategies in such games may require infinite memory, for synthesis the most relevant problem is the construction of a finite-memory winning strategy (if one exists). Our main contributions are as follows. First, we show a tight exponential bound (matching upper and lower bounds) on the memory required for finite-memory winning strategies in both multi-dimensional mean-payoff and energy games along with parity objectives, significantly improving the triple exponential upper bound that could be derived from results in literature for multi-dimensional energy games. Second, we present an optimal symbolic and incremental algorithm to compute a finite-memory winning strategy (if one exists) in such games. Finally, we give a complete characterization of when finite memory of strategies can be traded off for randomness. In particular, we show that for one-dimension mean-payoff parity games, randomized memoryless strategies are as powerful as their pure finite-memory counterparts.
|
| 14/03 2012 |
Michael
Emmi (LIAFA)
Bounded Phase Analysis of Message-Passing
Programs
We describe a novel technique for bounded analysis of asynchronous
message-passing programs with ordered message queues. Our bounding
parameter does not limit the number of pending messages, nor the number
of "contexts-switches" between processes. Instead, we limit the number
of process communication cycles, in which an unbounded number of
messages are sent to an unbounded number of processes across an
unbounded number of contexts. We show that remarkably, despite the
potential for such vast exploration, our bounding scheme gives rise to a
simple and efficient program analysis by reduction to sequential
programs. As our reduction avoids explicitly representing message
queues, our analysis scales irrespectively of queue content and
variation.
|
| 07/03 2012 |
Mahsa Shirmohammadi
(ULB)
Synchronization for MDPs
We complete the presentation of our last seminar
talk (13/10/11: "Infinite Synchronizing Words for Probabilistic Automata")
and enhance towards several new results on MDP synchronization.
|
| 29/02 2012 |
Karin Quaas
(Universität Leipzig)
Weighted Timed Automata
We present a general model of weighted timed automata that
allows for the modelling of continuous resource consumption of
real-time systems. A timed automaton is a finite automaton
extended with finitely many real-valued clocks that measure the
time. We additionally equip the transitions of a timed automaton
with weights coming from a semiring. Also, the states are
assigned a weight function determining the weight that arises
while being in a state. A weighted timed automaton recognizes a
timed series, i.e., a function that maps each timed word to a
coefficient in the semiring, namely its weight. We present
closure properties of recognizable timed series and investigate
weighted extensions of classical decision problems like the
emptiness or equivalence problem. Also we provide
characterizations of recognizable timed series in terms of logic
and generalizations of the well-known regular expressions.
|
| 22/02 2012 |
Alexander
Heußner (ULB)
Queue-Dispatch Asynchronous Systems
To make the development of efficient multi-core applications
easier, libraries, such as Grand Central Dispatch (GCD), have been
proposed. In GCD, the programmer separtes its code into
chunks, i.e., functionally separate units, so-called blocks,
and dispatches them,
using synchronous or asynchronous calls, to several types of
waiting queues. A OS-level scheduler is then responsible for
dispatching those blocks on the available cores. In addition to
synchronization by synchronous calls,
all running blocks can synchronize via
global memory. Thus, GCD and similar libraries permit complex
patterns of causal interaction between concurrently running
blocks and stronlgy require the help of formal methods to
assure correctness criteria for GCD-based programs.
Before
proposing Queue-Dispatch Asynchronous Systems (QDAS)
as a mathematical
model that faithfully formalizes the synchronization mechanisms
and the behavior of the scheduler in those systems, we give a
brief introduction into
the GCD library and its possiblities with respect to known
parallel and asynchronous programming patterns. Then, we study in
detail QDAS'
relationship to classical formalisms such as pushdown systems,
Petri nets, fifo systems, and counter systems. Our main
technical contributions are precise worst-case complexity results
for the Parikh coverability problem for several subclasses of our
model.
This is joint work with Gilles Geeraerts and Jean-François
Raskin.
|
| 22/02 2012 |
Lauren
Doyen
(ENS Cachan)
Energy and Mean-Payoff Parity Markov Decision
Processes
We consider Markov Decision Processes (MDPs) with mean-payoff
parity and energy parity objectives. In system design, the parity
objective is used to encode omega-regular specifications, while
the mean-payoff and energy objectives can be used to model
quantitative resource constraints. The energy condition requires
that the resource level never drops below 0, and the mean-payoff
condition requires that the limit-average value of the resource
consumption is within a threshold.
While these two (energy
and mean-payoff) classical conditions are equivalent for
two-player games, we show that they differ for MDPs. We show that
the problem of deciding whether a state is almost-sure winning
(i.e., winning with probability 1) in energy parity MDPs is in NP
intersected with coNP, while for mean-payoff parity MDPs, the
problem is solvable in polynomial time.
|
| 01/02 2012 |
Mathieu Sassolas
(ULB)
Channel Synthesis for Finite Transducers
We investigate how two agents can communicate through a noisy
medium modeled as a finite transducer. In terms of security, this
communication -- if unintended by the system's designer -- can be
seen as an information leak through the system.
The sender and
the receiver are also described by finite transducers which can
respectively encode and decode binary messages. When the
communication is reliable, modulo some transmission delay or
errors, we call the encoder/decoder pair a channel.
We study
the channel synthesis problem, which asks whether, given a system,
such sender and receiver exist and builds them if the answer is
positive. We prove that the problem is undecidable. However, when
the transducer is functional, we obtain a synthesis procedure based
on a structural property.
This is joint work with Gilles
Benattar, Béatrice Bérard, Didier Lime, John Mullins
and Olivier H. Roux.
|
| 25/01 2012 | Raphaël
Jungers
(UCLouvain)
Automata, LMIs, and stability of hybrid
systems
In recent years, LMI techniques have imposed themselves as one of
the most popular tools to study the stability of hybrid systems.
It all started with a straightforward generalization of the well
known Lyapunov equation, but then other methods were proposed,
providing less conservative criteria. We show that all these
techniques, which appeared independently in the literature, are
particular cases of a more general method that we introduce. This
method relies on automata theory and allowed us to propose many
more criteria, some of which are provably better than the ones
previously introduced in the literature. This automata
interpretation not only allows us to bring new efficient criteria,
but also to provide more understanding on the LMI methods in
general. It allowed us to characterize the set of all LMIs that
are a valid stability criterion, and to prove that it is
PSPACE-hard to recognize such LMIs.
Joint work with A. Ahmadi, P. Parrilo and M. Roozbehani (MIT).
|
| 18/01 2012 |
Giang Nguyen
(ULB)
Markov processes with denumberably infinite state
spaces
The modeling and simulation of real-life systems very often require
Markov processes with denumerably infinite state spaces. Unless
these Markov processes have special structures, it is difficult to
compute various performance measures. In such cases, one has to
approximate the infinitely-many-state systems by considering their
truncated (and possibly augmented) versions and increasing the
truncation size until relevant convergence is observed. Even where
the sequence of numerical property obtained from the truncated
versions converges, there is no guarantee that this limit coincides
with the corresponding value of the originally infinite system. In
fact, there are established cases in the literature that attest to
this lack of continuity, one of which is the tandem Jackson network
(Kroese et al. 2004).
We investigate the question of whether there is a congruity between
the properties of infinite systems and their finite approximations,
in two main topics: Quasi-Birth-and-Death processes with both the
level and the phase being infinite, and branching processes with
infinitely many phases. We focus, in the former, on the convergence
of the decay rate of the stationary distribution, and, in the
latter, on the convergence of the extinction criteria and the
extinction probability vectors. This is joint work with Guy
Latouche, Peter Taylor, and Sophie Hautphenne.
|
| 11/01 2012 |
Christina Jansen
(RWTH Aachen)
Verifying Pointer Programs Using Hyperedge Replacement Grammars
The verification of programs that use pointers to implement dynamic
data structures is a highly challenging and important task, as e.g.
memory leaks or dereferencing null pointers can cause great damage
especially when software reliability is at stake. But with object
creation at runtime, dynamic data structures induce a possibly
infinite state space and therefore cannot be handled by standard
verification algorithms.
A common approach to solve this problem is
to apply abstraction techniques. In this talk I will present you an
abstraction technique based on hyperedge replacement grammars,
which can be used to partially abstract and concretise heap
structures. We will investigate some requirements that have to be
met in order to guarantee a correct abstraction technique.
Furthermore I will give you a short introduction to our
verification tool "Juggrnaut" as well as some experimental results.
|
| 14/12/2011 |
Rémi
Bonnet
(ENS Cachan)
Reachability for Vector Addition Systems with One
Zero-Test
We'll present a quick summary of the new reachability proof for
Vector Addition Systems, designed by J. Leroux in POPL'11. Then,
we'll consider a variation of Vector Addition Systems where one
counter can be tested for zero, and extend the proof of Leroux to
this model. This provides an alternate, and hopefully simpler way to
understand the proof of the reachability problem that was originally
proved by Reinhardt.
We'll end the talk by an overview of the various problems that are
known to be decidable for Vector Addition Systems with one
zero-test. The presentation is based on work published in MFCS'11.
|
| 30/11/2011 |
GASICS
workshop (30/11/2011–01/12/2011)
|
| 16/11/2011 | Srivathsan Balaguru
(LaBRI):
Using non-convex approximations for efficient analysis of timed
automata
The reachability problem for timed automata asks if there exists a path from its
initial state to a final state. A standard solution to this problem involves
computing a search tree whose nodes are approximations of the so-called zones. For
reasons of efficiency, only convex approximations have been implemented in tools.
We provide efficient techniques to incorporate some non-convex approximations that
subsume existing convex ones. The structure of our new algorithm also permits to
calculate approximating parameters on-the-fly during exploration of the zone graph,
yielding further improvement.
Joint work with Frédéric Herbreteau, Dileep Kini and Igor Walukiewicz.
|
| 09/11/2011 |
Alexander
Heußner (ULB):
Introduction to Existential Graphs - A Diagrammatic First
Order Logic
Today, the predominant representation of logic is based on a compositional,
algebraic notation and relies on a Hilbert or Gentzen style deductive proof
calculus. However, human reasoning (including science itself) often applies
diagrammatic representations (e.g., the omnipresent box and arrow diagrams, or
Euler diagrams). Charles Sanders Peirce introduced existential graphs
(EG), a sound and complete formalization of logical reasoning
that was shown to be equivalent to the first order
predicate calculus (FOPC). EG includes a purely diagrammatic(!) deduction system
that allows to easily derive well-known basic axioms/theorems of FOPC, as well as
to reason in a given practical domain.
In this presentation, I will give a basic introduction to the rich formal system of
EG, including Peirce's endoporeutic/game-theoretical semantics and a comparison
to the well-known algebraic approach of the FOPC.
Further, I want to highlight some aspects that could be of interest in our field
of formal methods.
|
| 19/10/2011 |
Gilles Geeraerts
(ULB):
Event-Clock Automata: From Theory to Practice
Event clock automata (ECA) are a model for timed languages that has been introduced
by Alur, Fix and Henzinger as an alternative to timed automata, with better
theoretical properties (for instance, ECA are determinizable while timed automata
are not). In this paper, we revisit and extend the theory of ECA. We first prove
that no finite time abstract language equivalence exists for ECA, thereby
disproving a claim in the original work on ECA. This means in particular that
regions do not form a time abstract bisimulation. Nevertheless, we show that
regions can still be used to build a finite automaton recognizing the untimed
language of an ECA. Then, we extend the classical notions of zones and DBMs to let
them handle event clocks instead of plain clocks (as in timed automata) by
introducing event zones and Event DBMs (EDBMs). We discuss algorithms to handle
event zones represented as EDBMs, as well as (semi-) algorithms based on EDBMs to
decide language emptiness of ECA.
|
| 18/10/2011 |
Eugene Feinberg
(State Univ. of NY):
Switching on and off the full capacity of
and m/m/omega queue
(joint seminar with stochastic modelling group)
This paper studies optimal switching on and off the capacity of an
M/M/omega queue with holding, running and switching costs. The goal
is to minimize average costs per unit time. The main result is that
an optimal policy either always runs the system or is defined by
two thresholds M and N, such that the system is switched on upon an
arrival epoch when the number of customers in the system
accumulates to N and it is switched off upon a departure epoch when
the number of customers in the system decreases to M
|
| 13/10/2011 |
Mahsa Shirmohammadi
(ULB):
Infinite Synchronizing Words for Probabilistic Automata
Probabilistic automata are finite-state automata where the transitions are chosen
according to fixed probability distributions. We consider a semantics where on an
input word the automaton produces a sequence of probability distributions over
states. An infinite word is accepted if the produced sequence is synchronizing,
i.e. the sequence of the highest probability in the distributions tends to 1. We
show that this semantics generalizes the classical notion of synchronizing words
for deterministic automata. We consider the emptiness problem, which asks whether
some word is accepted by a given probabilistic automaton, and the universality
problem, which asks whether all words are accepted. We provide reductions to
establish the PSPACE-completeness of the two problems.
|
| 05/10/2011 |
Markus Lindström
(ULB):
A faster exact multiprocessor schedulability test for sporadic
tasks
Baker and Cirinei introduced an exact but naive algorithm, based on solving a state reachability problem in a finite automaton, to check whether sets of sporadic hard real-time tasks are schedulable on identical multiprocessor platforms. However, the algorithm suffered from poor performance due to the exponential size of the automaton relative to the size of the task set. In this paper, we successfully apply techniques developed by the formal verification community, specifically antichain algorithms, by defining and proving the correctness of a simulation relation on Baker and Cirinei's automaton. We show our improved algorithm yields dramatically improved performance for the schedulability test and opens for many further improvements.
|
| 21/09/2011 |
Mathieu Sassolas
(Lip6):
Real Time Properties for Interrupt Timed Automata
Interrupt Timed Automata (ITA) allow to explicitly model interruptions that occur in real-time
processors. They handle stopwatches : a clock is associated with each process and stops evolving,
although keeping its value, when the process is interrupted. When the process is resumed, so is
the associated clock. While this feature usually yields equivalence with hybrid automata and thus
undecidability of most verification problems, we propose a model where the clocks are organized
in strictly increasing levels, exactly one at each level. As a result, there is at most one
active clock at any moment. In this case, an extended region automaton can be built, yielding
regularity of the corresponding untimed language. In this talk we investigate the problem of
model-checking timed temporal logics on the model of ITA. We show that the model-checking of
State-Clock Logic (a fragment of MITL) is undecidable and identify two fragments of Timed CTL on
which the model-checking is decidable. The results presented are based on joint work with
Béatrice Bérard and Serge Haddad.
|