@article{13234, abstract = {Neural-network classifiers achieve high accuracy when predicting the class of an input that they were trained to identify. Maintaining this accuracy in dynamic environments, where inputs frequently fall outside the fixed set of initially known classes, remains a challenge. We consider the problem of monitoring the classification decisions of neural networks in the presence of novel classes. For this purpose, we generalize our recently proposed abstraction-based monitor from binary output to real-valued quantitative output. This quantitative output enables new applications, two of which we investigate in the paper. As our first application, we introduce an algorithmic framework for active monitoring of a neural network, which allows us to learn new classes dynamically and yet maintain high monitoring performance. As our second application, we present an offline procedure to retrain the neural network to improve the monitor’s detection performance without deteriorating the network’s classification accuracy. Our experimental evaluation demonstrates both the benefits of our active monitoring framework in dynamic scenarios and the effectiveness of the retraining procedure.}, author = {Kueffner, Konstantin and Lukina, Anna and Schilling, Christian and Henzinger, Thomas A}, issn = {1433-2787}, journal = {International Journal on Software Tools for Technology Transfer}, pages = {575--592}, publisher = {Springer Nature}, title = {{Into the unknown: Active monitoring of neural networks (extended version)}}, doi = {10.1007/s10009-023-00711-4}, volume = {25}, year = {2023}, } @inproceedings{12171, abstract = {We propose an algorithmic approach for synthesizing linear hybrid automata from time-series data. Unlike existing approaches, our approach provides a whole family of models with the same discrete structure but different dynamics. Each model in the family is guaranteed to capture the input data up to a precision error ε, in the following sense: For each time series, the model contains an execution that is ε-close to the data points. Our construction allows to effectively choose a model from this family with minimal precision error ε. We demonstrate the algorithm’s efficiency and its ability to find precise models in two case studies.}, author = {Garcia Soto, Miriam and Henzinger, Thomas A and Schilling, Christian}, booktitle = {20th International Symposium on Automated Technology for Verification and Analysis}, isbn = {9783031199912}, issn = {1611-3349}, location = {Virtual}, pages = {337--353}, publisher = {Springer Nature}, title = {{Synthesis of parametric hybrid automata from time series}}, doi = {10.1007/978-3-031-19992-9_22}, volume = {13505}, year = {2022}, } @inproceedings{9200, abstract = {Formal design of embedded and cyber-physical systems relies on mathematical modeling. In this paper, we consider the model class of hybrid automata whose dynamics are defined by affine differential equations. Given a set of time-series data, we present an algorithmic approach to synthesize a hybrid automaton exhibiting behavior that is close to the data, up to a specified precision, and changes in synchrony with the data. A fundamental problem in our synthesis algorithm is to check membership of a time series in a hybrid automaton. Our solution integrates reachability and optimization techniques for affine dynamical systems to obtain both a sufficient and a necessary condition for membership, combined in a refinement framework. The algorithm processes one time series at a time and hence can be interrupted, provide an intermediate result, and be resumed. We report experimental results demonstrating the applicability of our synthesis approach.}, author = {Garcia Soto, Miriam and Henzinger, Thomas A and Schilling, Christian}, booktitle = {HSCC '21: Proceedings of the 24th International Conference on Hybrid Systems: Computation and Control}, isbn = {9781450383394}, keywords = {hybrid automaton, membership, system identification}, location = {Nashville, TN, United States}, pages = {2102.12734}, publisher = {Association for Computing Machinery}, title = {{Synthesis of hybrid automata with affine dynamics from time-series data}}, doi = {10.1145/3447928.3456704}, year = {2021}, } @inproceedings{10206, abstract = {Neural-network classifiers achieve high accuracy when predicting the class of an input that they were trained to identify. Maintaining this accuracy in dynamic environments, where inputs frequently fall outside the fixed set of initially known classes, remains a challenge. The typical approach is to detect inputs from novel classes and retrain the classifier on an augmented dataset. However, not only the classifier but also the detection mechanism needs to adapt in order to distinguish between newly learned and yet unknown input classes. To address this challenge, we introduce an algorithmic framework for active monitoring of a neural network. A monitor wrapped in our framework operates in parallel with the neural network and interacts with a human user via a series of interpretable labeling queries for incremental adaptation. In addition, we propose an adaptive quantitative monitor to improve precision. An experimental evaluation on a diverse set of benchmarks with varying numbers of classes confirms the benefits of our active monitoring framework in dynamic scenarios.}, author = {Lukina, Anna and Schilling, Christian and Henzinger, Thomas A}, booktitle = {21st International Conference on Runtime Verification}, isbn = {9-783-0308-8493-2}, issn = {1611-3349}, keywords = {monitoring, neural networks, novelty detection}, location = {Virtual}, pages = {42--61}, publisher = {Springer Nature}, title = {{Into the unknown: active monitoring of neural networks}}, doi = {10.1007/978-3-030-88494-9_3}, volume = {12974 }, year = {2021}, } @inproceedings{8572, abstract = {We present the results of the ARCH 2020 friendly competition for formal verification of continuous and hybrid systems with linear continuous dynamics. In its fourth edition, eight tools have been applied to solve eight different benchmark problems in the category for linear continuous dynamics (in alphabetical order): CORA, C2E2, HyDRA, Hylaa, Hylaa-Continuous, JuliaReach, SpaceEx, and XSpeed. This report is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results provide one of the most complete assessments of tools for the safety verification of continuous and hybrid systems with linear continuous dynamics up to this date.}, author = {Althoff, Matthias and Bak, Stanley and Bao, Zongnan and Forets, Marcelo and Frehse, Goran and Freire, Daniel and Kochdumper, Niklas and Li, Yangge and Mitra, Sayan and Ray, Rajarshi and Schilling, Christian and Schupp, Stefan and Wetzlinger, Mark}, booktitle = {EPiC Series in Computing}, pages = {16--48}, publisher = {EasyChair}, title = {{ARCH-COMP20 Category Report: Continuous and hybrid systems with linear dynamics}}, doi = {10.29007/7dt2}, volume = {74}, year = {2020}, } @inproceedings{8571, abstract = {We present the results of a friendly competition for formal verification of continuous and hybrid systems with nonlinear continuous dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2020. This year, 6 tools Ariadne, CORA, DynIbex, Flow*, Isabelle/HOL, and JuliaReach (in alphabetic order) participated. These tools are applied to solve reachability analysis problems on six benchmark problems, two of them featuring hybrid dynamics. We do not rank the tools based on the results, but show the current status and discover the potential advantages of different tools.}, author = {Geretti, Luca and Alexandre Dit Sandretto, Julien and Althoff, Matthias and Benet, Luis and Chapoutot, Alexandre and Chen, Xin and Collins, Pieter and Forets, Marcelo and Freire, Daniel and Immler, Fabian and Kochdumper, Niklas and Sanders, David and Schilling, Christian}, booktitle = {EPiC Series in Computing}, pages = {49--75}, publisher = {EasyChair}, title = {{ARCH-COMP20 Category Report: Continuous and hybrid systems with nonlinear dynamics}}, doi = {10.29007/zkf6}, volume = {74}, year = {2020}, } @inproceedings{7505, abstract = {Neural networks have demonstrated unmatched performance in a range of classification tasks. Despite numerous efforts of the research community, novelty detection remains one of the significant limitations of neural networks. The ability to identify previously unseen inputs as novel is crucial for our understanding of the decisions made by neural networks. At runtime, inputs not falling into any of the categories learned during training cannot be classified correctly by the neural network. Existing approaches treat the neural network as a black box and try to detect novel inputs based on the confidence of the output predictions. However, neural networks are not trained to reduce their confidence for novel inputs, which limits the effectiveness of these approaches. We propose a framework to monitor a neural network by observing the hidden layers. We employ a common abstraction from program analysis - boxes - to identify novel behaviors in the monitored layers, i.e., inputs that cause behaviors outside the box. For each neuron, the boxes range over the values seen in training. The framework is efficient and flexible to achieve a desired trade-off between raising false warnings and detecting novel inputs. We illustrate the performance and the robustness to variability in the unknown classes on popular image-classification benchmarks.}, author = {Henzinger, Thomas A and Lukina, Anna and Schilling, Christian}, booktitle = {24th European Conference on Artificial Intelligence}, location = {Santiago de Compostela, Spain}, pages = {2433--2440}, publisher = {IOS Press}, title = {{Outside the box: Abstraction-based monitoring of neural networks}}, doi = {10.3233/FAIA200375}, volume = {325}, year = {2020}, } @inproceedings{8750, abstract = {Efficiently handling time-triggered and possibly nondeterministic switches for hybrid systems reachability is a challenging task. In this paper we present an approach based on conservative set-based enclosure of the dynamics that can handle systems with uncertain parameters and inputs, where the uncertainties are bound to given intervals. The method is evaluated on the plant model of an experimental electro-mechanical braking system with periodic controller. In this model, the fast-switching controller dynamics requires simulation time scales of the order of nanoseconds. Accurate set-based computations for relatively large time horizons are known to be expensive. However, by appropriately decoupling the time variable with respect to the spatial variables, and enclosing the uncertain parameters using interval matrix maps acting on zonotopes, we show that the computation time can be lowered to 5000 times faster with respect to previous works. This is a step forward in formal verification of hybrid systems because reduced run-times allow engineers to introduce more expressiveness in their models with a relatively inexpensive computational cost.}, author = {Forets, Marcelo and Freire, Daniel and Schilling, Christian}, booktitle = {18th ACM-IEEE International Conference on Formal Methods and Models for System Design}, isbn = {9781728191485}, location = {Virtual Conference}, publisher = {IEEE}, title = {{Efficient reachability analysis of parametric linear hybrid systems with time-triggered transitions}}, doi = {10.1109/MEMOCODE51338.2020.9314994}, year = {2020}, } @inproceedings{8287, abstract = {Reachability analysis aims at identifying states reachable by a system within a given time horizon. This task is known to be computationally expensive for linear hybrid systems. Reachability analysis works by iteratively applying continuous and discrete post operators to compute states reachable according to continuous and discrete dynamics, respectively. In this paper, we enhance both of these operators and make sure that most of the involved computations are performed in low-dimensional state space. In particular, we improve the continuous-post operator by performing computations in high-dimensional state space only for time intervals relevant for the subsequent application of the discrete-post operator. Furthermore, the new discrete-post operator performs low-dimensional computations by leveraging the structure of the guard and assignment of a considered transition. We illustrate the potential of our approach on a number of challenging benchmarks.}, author = {Bogomolov, Sergiy and Forets, Marcelo and Frehse, Goran and Potomkin, Kostiantyn and Schilling, Christian}, booktitle = {Proceedings of the International Conference on Embedded Software}, keywords = {reachability, hybrid systems, decomposition}, location = {Virtual }, title = {{Reachability analysis of linear hybrid systems via block decomposition}}, year = {2020}, } @article{8790, abstract = {Reachability analysis aims at identifying states reachable by a system within a given time horizon. This task is known to be computationally expensive for linear hybrid systems. Reachability analysis works by iteratively applying continuous and discrete post operators to compute states reachable according to continuous and discrete dynamics, respectively. In this article, we enhance both of these operators and make sure that most of the involved computations are performed in low-dimensional state space. In particular, we improve the continuous-post operator by performing computations in high-dimensional state space only for time intervals relevant for the subsequent application of the discrete-post operator. Furthermore, the new discrete-post operator performs low-dimensional computations by leveraging the structure of the guard and assignment of a considered transition. We illustrate the potential of our approach on a number of challenging benchmarks.}, author = {Bogomolov, Sergiy and Forets, Marcelo and Frehse, Goran and Potomkin, Kostiantyn and Schilling, Christian}, issn = {19374151}, journal = {IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems}, number = {11}, pages = {4018--4029}, publisher = {IEEE}, title = {{Reachability analysis of linear hybrid systems via block decomposition}}, doi = {10.1109/TCAD.2020.3012859}, volume = {39}, year = {2020}, } @inproceedings{7576, abstract = {We present the results of a friendly competition for formal verification of continuous and hybrid systems with nonlinear continuous dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2019. In this year, 6 tools Ariadne, CORA, DynIbex, Flow*, Isabelle/HOL, and JuliaReach (in alphabetic order) participated. They are applied to solve reachability analysis problems on four benchmark problems, one of them with hybrid dynamics. We do not rank the tools based on the results, but show the current status and discover the potential advantages of different tools.}, author = {Immler, Fabian and Althoff, Matthias and Benet, Luis and Chapoutot, Alexandre and Chen, Xin and Forets, Marcelo and Geretti, Luca and Kochdumper, Niklas and Sanders, David P. and Schilling, Christian}, booktitle = {EPiC Series in Computing}, issn = {23987340}, location = {Montreal, Canada}, pages = {41--61}, publisher = {EasyChair Publications}, title = {{ARCH-COMP19 Category Report: Continuous and hybrid systems with nonlinear dynamics}}, doi = {10.29007/m75b}, volume = {61}, year = {2019}, } @inproceedings{8570, abstract = {This report presents the results of a friendly competition for formal verification of continuous and hybrid systems with linear continuous dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2019. In its third edition, seven tools have been applied to solve six different benchmark problems in the category for linear continuous dynamics (in alphabetical order): CORA, CORA/SX, HyDRA, Hylaa, JuliaReach, SpaceEx, and XSpeed. This report is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results provide one of the most complete assessments of tools for the safety verification of continuous and hybrid systems with linear continuous dynamics up to this date.}, author = {Althoff, Matthias and Bak, Stanley and Forets, Marcelo and Frehse, Goran and Kochdumper, Niklas and Ray, Rajarshi and Schilling, Christian and Schupp, Stefan}, booktitle = {EPiC Series in Computing}, issn = {23987340}, location = {Montreal, Canada}, pages = {14--40}, publisher = {EasyChair}, title = {{ARCH-COMP19 Category Report: Continuous and hybrid systems with linear continuous dynamics}}, doi = {10.29007/bj1w}, volume = {61}, year = {2019}, } @inproceedings{6042, abstract = {Static program analyzers are increasingly effective in checking correctness properties of programs and reporting any errors found, often in the form of error traces. However, developers still spend a significant amount of time on debugging. This involves processing long error traces in an effort to localize a bug to a relatively small part of the program and to identify its cause. In this paper, we present a technique for automated fault localization that, given a program and an error trace, efficiently narrows down the cause of the error to a few statements. These statements are then ranked in terms of their suspiciousness. Our technique relies only on the semantics of the given program and does not require any test cases or user guidance. In experiments on a set of C benchmarks, we show that our technique is effective in quickly isolating the cause of error while out-performing other state-of-the-art fault-localization techniques.}, author = {Christakis, Maria and Heizmann, Matthias and Mansur, Muhammad Numair and Schilling, Christian and Wüstholz, Valentin}, booktitle = {25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems }, location = {Prague, Czech Republic}, pages = {226--243}, publisher = {Springer Nature}, title = {{Semantic fault localization and suspiciousness ranking}}, doi = {10.1007/978-3-030-17462-0_13}, volume = {11427}, year = {2019}, } @inproceedings{6035, abstract = {We present JuliaReach, a toolbox for set-based reachability analysis of dynamical systems. JuliaReach consists of two main packages: Reachability, containing implementations of reachability algorithms for continuous and hybrid systems, and LazySets, a standalone library that implements state-of-the-art algorithms for calculus with convex sets. The library offers both concrete and lazy set representations, where the latter stands for the ability to delay set computations until they are needed. The choice of the programming language Julia and the accompanying documentation of our toolbox allow researchers to easily translate set-based algorithms from mathematics to software in a platform-independent way, while achieving runtime performance that is comparable to statically compiled languages. Combining lazy operations in high dimensions and explicit computations in low dimensions, JuliaReach can be applied to solve complex, large-scale problems.}, author = {Bogomolov, Sergiy and Forets, Marcelo and Frehse, Goran and Potomkin, Kostiantyn and Schilling, Christian}, booktitle = {Proceedings of the 22nd International Conference on Hybrid Systems: Computation and Control}, isbn = {9781450362825}, keywords = {reachability analysis, hybrid systems, lazy computation}, location = {Montreal, QC, Canada}, pages = {39--44}, publisher = {ACM}, title = {{JuliaReach: A toolbox for set-based reachability}}, doi = {10.1145/3302504.3311804}, volume = {22}, year = {2019}, } @inproceedings{6493, abstract = {We present two algorithmic approaches for synthesizing linear hybrid automata from experimental data. Unlike previous approaches, our algorithms work without a template and generate an automaton with nondeterministic guards and invariants, and with an arbitrary number and topology of modes. They thus construct a succinct model from the data and provide formal guarantees. In particular, (1) the generated automaton can reproduce the data up to a specified tolerance and (2) the automaton is tight, given the first guarantee. Our first approach encodes the synthesis problem as a logical formula in the theory of linear arithmetic, which can then be solved by an SMT solver. This approach minimizes the number of modes in the resulting model but is only feasible for limited data sets. To address scalability, we propose a second approach that does not enforce to find a minimal model. The algorithm constructs an initial automaton and then iteratively extends the automaton based on processing new data. Therefore the algorithm is well-suited for online and synthesis-in-the-loop applications. The core of the algorithm is a membership query that checks whether, within the specified tolerance, a given data set can result from the execution of a given automaton. We solve this membership problem for linear hybrid automata by repeated reachability computations. We demonstrate the effectiveness of the algorithm on synthetic data sets and on cardiac-cell measurements.}, author = {Garcia Soto, Miriam and Henzinger, Thomas A and Schilling, Christian and Zeleznik, Luka}, booktitle = {31st International Conference on Computer-Aided Verification}, isbn = {9783030255398}, issn = {0302-9743}, keywords = {Synthesis, Linear hybrid automaton, Membership}, location = {New York City, NY, USA}, pages = {297--314}, publisher = {Springer}, title = {{Membership-based synthesis of linear hybrid automata}}, doi = {10.1007/978-3-030-25540-4_16}, volume = {11561}, year = {2019}, } @inproceedings{1134, abstract = {Hybrid systems have both continuous and discrete dynamics and are useful for modeling a variety of control systems, from air traffic control protocols to robotic maneuvers and beyond. Recently, numerous powerful and scalable tools for analyzing hybrid systems have emerged. Several of these tools implement automated formal methods for mathematically proving a system meets a specification. This tutorial session will present three recent hybrid systems tools: C2E2, HyST, and TuLiP. C2E2 is a simulated-based verification tool for hybrid systems, and uses validated numerical solvers and bloating of simulation traces to verify systems meet specifications. HyST is a hybrid systems model transformation and translation tool, and uses a canonical intermediate representation to support most of the recent verification tools, as well as automated sound abstractions that simplify verification of a given hybrid system. TuLiP is a controller synthesis tool for hybrid systems, where given a temporal logic specification to be satisfied for a system (plant) model, TuLiP will find a controller that meets a given specification. © 2016 IEEE.}, author = {Duggirala, Parasara and Fan, Chuchu and Potok, Matthew and Qi, Bolun and Mitra, Sayan and Viswanathan, Mahesh and Bak, Stanley and Bogomolov, Sergiy and Johnson, Taylor and Nguyen, Luan and Schilling, Christian and Sogokon, Andrew and Tran, Hoang and Xiang, Weiming}, booktitle = {2016 IEEE Conference on Control Applications}, location = {Buenos Aires, Argentina }, publisher = {IEEE}, title = {{Tutorial: Software tools for hybrid systems verification transformation and synthesis C2E2 HyST and TuLiP}}, doi = {10.1109/CCA.2016.7587948}, year = {2016}, } @inproceedings{1227, abstract = {Many biological systems can be modeled as multiaffine hybrid systems. Due to the nonlinearity of multiaffine systems, it is difficult to verify their properties of interest directly. A common strategy to tackle this problem is to construct and analyze a discrete overapproximation of the original system. However, the conservativeness of a discrete abstraction significantly determines the level of confidence we can have in the properties of the original system. In this paper, in order to reduce the conservativeness of a discrete abstraction, we propose a new method based on a sufficient and necessary decision condition for computing discrete transitions between states in the abstract system. We assume the state space partition of a multiaffine system to be based on a set of multivariate polynomials. Hence, a rectangular partition defined in terms of polynomials of the form (xi − c) is just a simple case of multivariate polynomial partition, and the new decision condition applies naturally. We analyze and demonstrate the improvement of our method over the existing methods using some examples.}, author = {Kong, Hui and Bartocci, Ezio and Bogomolov, Sergiy and Grosu, Radu and Henzinger, Thomas A and Jiang, Yu and Schilling, Christian}, location = {Grenoble, France}, pages = {128 -- 144}, publisher = {Springer}, title = {{Discrete abstraction of multiaffine systems}}, doi = {10.1007/978-3-319-47151-8_9}, volume = {9957}, year = {2016}, } @misc{1500, abstract = {In this poster, we present methods for randomly generating hybrid automata with affine differential equations, invariants, guards, and assignments. Selecting an arbitrary affine function from the set of all affine functions results in a low likelihood of generating hybrid automata with diverse and interesting behaviors, as there are an uncountable number of elements in the set of all affine functions. Instead, we partition the set of all affine functions into potentially interesting classes and randomly select elements from these classes. For example, we partition the set of all affine differential equations by using restrictions on eigenvalues such as those that yield stable, unstable, etc. equilibrium points. We partition the components describing discrete behavior (guards, assignments, and invariants) to allow either time-dependent or state-dependent switching, and in particular provide the ability to generate subclasses of piecewise-affine hybrid automata. Our preliminary experimental results with a prototype tool called HyRG (Hybrid Random Generator) illustrate the feasibility of this generation method to automatically create standard hybrid automaton examples like the bouncing ball and thermostat.}, author = {Nguyen, Luan V and Christian Schilling and Sergiy Bogomolov and Johnson, Taylor T}, booktitle = {HSCC: Hybrid Systems - Computation and Control}, pages = {289 -- 290}, publisher = {Springer}, title = {{Poster: HyRG: A random generation tool for affine hybrid automata}}, doi = {10.1145/2728606.2728650}, year = {2015}, } @inproceedings{1605, abstract = {Multiaffine hybrid automata (MHA) represent a powerful formalism to model complex dynamical systems. This formalism is particularly suited for the representation of biological systems which often exhibit highly non-linear behavior. In this paper, we consider the problem of parameter identification for MHA. We present an abstraction of MHA based on linear hybrid automata, which can be analyzed by the SpaceEx model checker. This abstraction enables a precise handling of time-dependent properties. We demonstrate the potential of our approach on a model of a genetic regulatory network and a myocyte model.}, author = {Bogomolov, Sergiy and Schilling, Christian and Bartocci, Ezio and Batt, Grégory and Kong, Hui and Grosu, Radu}, location = {Haifa, Israel}, pages = {19 -- 35}, publisher = {Springer}, title = {{Abstraction-based parameter synthesis for multiaffine systems}}, doi = {10.1007/978-3-319-26287-1_2}, volume = {9434}, year = {2015}, }