@article{10861, abstract = {We introduce in this paper AMT2.0, a tool for qualitative and quantitative analysis of hybrid continuous and Boolean signals that combine numerical values and discrete events. The evaluation of the signals is based on rich temporal specifications expressed in extended signal temporal logic, which integrates timed regular expressions within signal temporal logic. The tool features qualitative monitoring (property satisfaction checking), trace diagnostics for explaining and justifying property violations and specification-driven measurement of quantitative features of the signal. We demonstrate the tool functionality on several running examples and case studies, and evaluate its performance.}, author = {Nickovic, Dejan and Lebeltel, Olivier and Maler, Oded and Ferrere, Thomas and Ulus, Dogan}, issn = {1433-2787}, journal = {International Journal on Software Tools for Technology Transfer}, keywords = {Information Systems, Software}, number = {6}, pages = {741--758}, publisher = {Springer Nature}, title = {{AMT 2.0: Qualitative and quantitative trace analysis with extended signal temporal logic}}, doi = {10.1007/s10009-020-00582-z}, volume = {22}, year = {2020}, } @phdthesis{8332, abstract = {Designing and verifying concurrent programs is a notoriously challenging, time consuming, and error prone task, even for experts. This is due to the sheer number of possible interleavings of a concurrent program, all of which have to be tracked and accounted for in a formal proof. Inventing an inductive invariant that captures all interleavings of a low-level implementation is theoretically possible, but practically intractable. We develop a refinement-based verification framework that provides mechanisms to simplify proof construction by decomposing the verification task into smaller subtasks. In a first line of work, we present a foundation for refinement reasoning over structured concurrent programs. We introduce layered concurrent programs as a compact notation to represent multi-layer refinement proofs. A layered concurrent program specifies a sequence of connected concurrent programs, from most concrete to most abstract, such that common parts of different programs are written exactly once. Each program in this sequence is expressed as structured concurrent program, i.e., a program over (potentially recursive) procedures, imperative control flow, gated atomic actions, structured parallelism, and asynchronous concurrency. This is in contrast to existing refinement-based verifiers, which represent concurrent systems as flat transition relations. We present a powerful refinement proof rule that decomposes refinement checking over structured programs into modular verification conditions. Refinement checking is supported by a new form of modular, parameterized invariants, called yield invariants, and a linear permission system to enhance local reasoning. In a second line of work, we present two new reduction-based program transformations that target asynchronous programs. These transformations reduce the number of interleavings that need to be considered, thus reducing the complexity of invariants. Synchronization simplifies the verification of asynchronous programs by introducing the fiction, for proof purposes, that asynchronous operations complete synchronously. Synchronization summarizes an asynchronous computation as immediate atomic effect. Inductive sequentialization establishes sequential reductions that captures every behavior of the original program up to reordering of coarse-grained commutative actions. A sequential reduction of a concurrent program is easy to reason about since it corresponds to a simple execution of the program in an idealized synchronous environment, where processes act in a fixed order and at the same speed. Our approach is implemented the CIVL verifier, which has been successfully used for the verification of several complex concurrent programs. In our methodology, the overall correctness of a program is established piecemeal by focusing on the invariant required for each refinement step separately. While the programmer does the creative work of specifying the chain of programs and the inductive invariant justifying each link in the chain, the tool automatically constructs the verification conditions underlying each refinement step.}, author = {Kragl, Bernhard}, issn = {2663-337X}, pages = {120}, publisher = {Institute of Science and Technology Austria}, title = {{Verifying concurrent programs: Refinement, synchronization, sequentialization}}, doi = {10.15479/AT:ISTA:8332}, year = {2020}, } @inproceedings{9202, abstract = {We propose a novel hybridization method for stability analysis that over-approximates nonlinear dynamical systems by switched systems with linear inclusion dynamics. We observe that existing hybridization techniques for safety analysis that over-approximate nonlinear dynamical systems by switched affine inclusion dynamics and provide fixed approximation error, do not suffice for stability analysis. Hence, we propose a hybridization method that provides a state-dependent error which converges to zero as the state tends to the equilibrium point. The crux of our hybridization computation is an elegant recursive algorithm that uses partial derivatives of a given function to obtain upper and lower bound matrices for the over-approximating linear inclusion. We illustrate our method on some examples to demonstrate the application of the theory for stability analysis. In particular, our method is able to establish stability of a nonlinear system which does not admit a polynomial Lyapunov function.}, author = {Garcia Soto, Miriam and Prabhakar, Pavithra}, booktitle = {2020 IEEE Real-Time Systems Symposium}, issn = {2576-3172}, location = {Houston, TX, USA }, pages = {244--256}, publisher = {IEEE}, title = {{Hybridization for stability verification of nonlinear switched systems}}, doi = {10.1109/RTSS49844.2020.00031}, year = {2020}, } @article{7426, abstract = {This paper presents a novel abstraction technique for analyzing Lyapunov and asymptotic stability of polyhedral switched systems. A polyhedral switched system is a hybrid system in which the continuous dynamics is specified by polyhedral differential inclusions, the invariants and guards are specified by polyhedral sets and the switching between the modes do not involve reset of variables. A finite state weighted graph abstracting the polyhedral switched system is constructed from a finite partition of the state–space, such that the satisfaction of certain graph conditions, such as the absence of cycles with product of weights on the edges greater than (or equal) to 1, implies the stability of the system. However, the graph is in general conservative and hence, the violation of the graph conditions does not imply instability. If the analysis fails to establish stability due to the conservativeness in the approximation, a counterexample (cycle with product of edge weights greater than or equal to 1) indicating a potential reason for the failure is returned. Further, a more precise approximation of the switched system can be constructed by considering a finer partition of the state–space in the construction of the finite weighted graph. We present experimental results on analyzing stability of switched systems using the above method.}, author = {Garcia Soto, Miriam and Prabhakar, Pavithra}, issn = {1751-570X}, journal = {Nonlinear Analysis: Hybrid Systems}, number = {5}, publisher = {Elsevier}, title = {{Abstraction based verification of stability of polyhedral switched systems}}, doi = {10.1016/j.nahs.2020.100856}, volume = {36}, year = {2020}, } @inproceedings{10877, abstract = {This report presents the results of a friendly competition for formal verification of continuous and hybrid systems with piecewise constant dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2019. In this third edition, six tools have been applied to solve five different benchmark problems in the category for piecewise constant dynamics: BACH, Lyse, Hy- COMP, PHAVer/SX, PHAVerLite, and VeriSiMPL. Compared to last year, a new tool has participated (HyCOMP) and PHAVerLite has replaced PHAVer-lite. The result is a snap- shot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results probably provide the most complete assessment of tools for the safety verification of continuous and hybrid systems with piecewise constant dynamics up to this date.}, author = {Frehse, Goran and Abate, Alessandro and Adzkiya, Dieky and Becchi, Anna and Bu, Lei and Cimatti, Alessandro and Giacobbe, Mirco and Griggio, Alberto and Mover, Sergio and Mufid, Muhammad Syifa'ul and Riouak, Idriss and Tonetta, Stefano and Zaffanella, Enea}, booktitle = {ARCH19. 6th International Workshop on Applied Verification of Continuous and Hybrid Systems}, editor = {Frehse, Goran and Althoff, Matthias}, issn = {2398-7340}, location = {Montreal, Canada}, pages = {1--13}, publisher = {EasyChair}, title = {{ARCH-COMP19 Category Report: Hybrid systems with piecewise constant dynamics}}, doi = {10.29007/rjwn}, volume = {61}, year = {2019}, } @inproceedings{6565, abstract = {In this paper, we address the problem of synthesizing periodic switching controllers for stabilizing a family of linear systems. Our broad approach consists of constructing a finite game graph based on the family of linear systems such that every winning strategy on the game graph corresponds to a stabilizing switching controller for the family of linear systems. The construction of a (finite) game graph, the synthesis of a winning strategy and the extraction of a stabilizing controller are all computationally feasible. We illustrate our method on an example.}, author = {Kundu, Atreyee and Garcia Soto, Miriam and Prabhakar, Pavithra}, booktitle = {5th Indian Control Conference Proceedings}, isbn = {978-153866246-5}, location = {Delhi, India}, publisher = {IEEE}, title = {{Formal synthesis of stabilizing controllers for periodically controlled linear switched systems}}, doi = {10.1109/INDIANCC.2019.8715598}, year = {2019}, } @inproceedings{6822, abstract = {In two-player games on graphs, the players move a token through a graph to produce an infinite path, which determines the qualitative winner or quantitative payoff of the game. In bidding games, in each turn, we hold an auction between the two players to determine which player moves the token. Bidding games have largely been studied with concrete bidding mechanisms that are variants of a first-price auction: in each turn both players simultaneously submit bids, the higher bidder moves the token, and pays his bid to the lower bidder in Richman bidding, to the bank in poorman bidding, and in taxman bidding, the bid is split between the other player and the bank according to a predefined constant factor. Bidding games are deterministic games. They have an intriguing connection with a fragment of stochastic games called randomturn games. We study, for the first time, a combination of bidding games with probabilistic behavior; namely, we study bidding games that are played on Markov decision processes, where the players bid for the right to choose the next action, which determines the probability distribution according to which the next vertex is chosen. We study parity and meanpayoff bidding games on MDPs and extend results from the deterministic bidding setting to the probabilistic one.}, author = {Avni, Guy and Henzinger, Thomas A and Ibsen-Jensen, Rasmus and Novotny, Petr}, booktitle = { Proceedings of the 13th International Conference of Reachability Problems}, isbn = {978-303030805-6}, issn = {0302-9743}, location = {Brussels, Belgium}, pages = {1--12}, publisher = {Springer}, title = {{Bidding games on Markov decision processes}}, doi = {10.1007/978-3-030-30806-3_1}, volume = {11674}, year = {2019}, } @inproceedings{6888, abstract = {In this paper, we design novel liquid time-constant recurrent neural networks for robotic control, inspired by the brain of the nematode, C. elegans. In the worm's nervous system, neurons communicate through nonlinear time-varying synaptic links established amongst them by their particular wiring structure. This property enables neurons to express liquid time-constants dynamics and therefore allows the network to originate complex behaviors with a small number of neurons. We identify neuron-pair communication motifs as design operators and use them to configure compact neuronal network structures to govern sequential robotic tasks. The networks are systematically designed to map the environmental observations to motor actions, by their hierarchical topology from sensory neurons, through recurrently-wired interneurons, to motor neurons. The networks are then parametrized in a supervised-learning scheme by a search-based algorithm. We demonstrate that obtained networks realize interpretable dynamics. We evaluate their performance in controlling mobile and arm robots, and compare their attributes to other artificial neural network-based control agents. Finally, we experimentally show their superior resilience to environmental noise, compared to the existing machine learning-based methods.}, author = {Lechner, Mathias and Hasani, Ramin and Zimmer, Manuel and Henzinger, Thomas A and Grosu, Radu}, booktitle = {Proceedings - IEEE International Conference on Robotics and Automation}, isbn = {9781538660270}, location = {Montreal, QC, Canada}, publisher = {IEEE}, title = {{Designing worm-inspired neural networks for interpretable robotic control}}, doi = {10.1109/icra.2019.8793840}, volume = {2019-May}, year = {2019}, } @inproceedings{6886, abstract = {In two-player games on graphs, the players move a token through a graph to produce an infinite path, which determines the winner of the game. Such games are central in formal methods since they model the interaction between a non-terminating system and its environment. In bidding games the players bid for the right to move the token: in each round, the players simultaneously submit bids, and the higher bidder moves the token and pays the other player. Bidding games are known to have a clean and elegant mathematical structure that relies on the ability of the players to submit arbitrarily small bids. Many applications, however, require a fixed granularity for the bids, which can represent, for example, the monetary value expressed in cents. We study, for the first time, the combination of discrete-bidding and infinite-duration games. Our most important result proves that these games form a large determined subclass of concurrent games, where determinacy is the strong property that there always exists exactly one player who can guarantee winning the game. In particular, we show that, in contrast to non-discrete bidding games, the mechanism with which tied bids are resolved plays an important role in discrete-bidding games. We study several natural tie-breaking mechanisms and show that, while some do not admit determinacy, most natural mechanisms imply determinacy for every pair of initial budgets. }, author = {Aghajohari, Milad and Avni, Guy and Henzinger, Thomas A}, location = {Amsterdam, Netherlands}, publisher = {Schloss Dagstuhl - Leibniz-Zentrum für Informatik}, title = {{Determinacy in discrete-bidding infinite-duration games}}, doi = {10.4230/LIPICS.CONCUR.2019.20}, volume = {140}, year = {2019}, } @inproceedings{6885, abstract = {A vector addition system with states (VASS) consists of a finite set of states and counters. A configuration is a state and a value for each counter; a transition changes the state and each counter is incremented, decremented, or left unchanged. While qualitative properties such as state and configuration reachability have been studied for VASS, we consider the long-run average cost of infinite computations of VASS. The cost of a configuration is for each state, a linear combination of the counter values. In the special case of uniform cost functions, the linear combination is the same for all states. The (regular) long-run emptiness problem is, given a VASS, a cost function, and a threshold value, if there is a (lasso-shaped) computation such that the long-run average value of the cost function does not exceed the threshold. For uniform cost functions, we show that the regular long-run emptiness problem is (a) decidable in polynomial time for integer-valued VASS, and (b) decidable but nonelementarily hard for natural-valued VASS (i.e., nonnegative counters). For general cost functions, we show that the problem is (c) NP-complete for integer-valued VASS, and (d) undecidable for natural-valued VASS. Our most interesting result is for (c) integer-valued VASS with general cost functions, where we establish a connection between the regular long-run emptiness problem and quadratic Diophantine inequalities. The general (nonregular) long-run emptiness problem is equally hard as the regular problem in all cases except (c), where it remains open. }, author = {Chatterjee, Krishnendu and Henzinger, Thomas A and Otop, Jan}, location = {Amsterdam, Netherlands}, publisher = {Schloss Dagstuhl - Leibniz-Zentrum für Informatik}, title = {{Long-run average behavior of vector addition systems with states}}, doi = {10.4230/LIPICS.CONCUR.2019.27}, volume = {140}, year = {2019}, }