@inproceedings{7348,
abstract = {The monitoring of event frequencies can be used to recognize behavioral anomalies, to identify trends, and to deduce or discard hypotheses about the underlying system. For example, the performance of a web server may be monitored based on the ratio of the total count of requests from the least and most active clients. Exact frequency monitoring, however, can be prohibitively expensive; in the above example it would require as many counters as there are clients. In this paper, we propose the efficient probabilistic monitoring of common frequency properties, including the mode (i.e., the most common event) and the median of an event sequence. We define a logic to express composite frequency properties as a combination of atomic frequency properties. Our main contribution is an algorithm that, under suitable probabilistic assumptions, can be used to monitor these important frequency properties with four counters, independent of the number of different events. Our algorithm samples longer and longer subwords of an infinite event sequence. We prove the almost-sure convergence of our algorithm by generalizing ergodic theory from increasing-length prefixes to increasing-length subwords of an infinite sequence. A similar algorithm could be used to learn a connected Markov chain of a given structure from observing its outputs, to arbitrary precision, for a given confidence. },
author = {Ferrere, Thomas and Henzinger, Thomas A and Kragl, Bernhard},
booktitle = {28th EACSL Annual Conference on Computer Science Logic},
isbn = {9783959771320},
issn = {1868-8969},
location = {Barcelona, Spain},
publisher = {Schloss Dagstuhl - Leibniz-Zentrum für Informatik},
title = {{Monitoring event frequencies}},
doi = {10.4230/LIPIcs.CSL.2020.20},
volume = {152},
year = {2020},
}
@inproceedings{7808,
abstract = {Quantization converts neural networks into low-bit fixed-point computations which can be carried out by efficient integer-only hardware, and is standard practice for the deployment of neural networks on real-time embedded devices. However, like their real-numbered counterpart, quantized networks are not immune to malicious misclassification caused by adversarial attacks. We investigate how quantization affects a network’s robustness to adversarial attacks, which is a formal verification question. We show that neither robustness nor non-robustness are monotonic with changing the number of bits for the representation and, also, neither are preserved by quantization from a real-numbered network. For this reason, we introduce a verification method for quantized neural networks which, using SMT solving over bit-vectors, accounts for their exact, bit-precise semantics. We built a tool and analyzed the effect of quantization on a classifier for the MNIST dataset. We demonstrate that, compared to our method, existing methods for the analysis of real-numbered networks often derive false conclusions about their quantizations, both when determining robustness and when detecting attacks, and that existing methods for quantized networks often miss attacks. Furthermore, we applied our method beyond robustness, showing how the number of bits in quantization enlarges the gender bias of a predictor for students’ grades.},
author = {Giacobbe, Mirco and Henzinger, Thomas A and Lechner, Mathias},
booktitle = {International Conference on Tools and Algorithms for the Construction and Analysis of Systems},
isbn = {9783030452360},
issn = {16113349},
location = {Dublin, Ireland},
pages = {79--97},
publisher = {Springer Nature},
title = {{How many bits does it take to quantize your neural network?}},
doi = {10.1007/978-3-030-45237-7_5},
volume = {12079},
year = {2020},
}
@inproceedings{8012,
abstract = {Asynchronous programs are notoriously difficult to reason about because they spawn computation tasks which take effect asynchronously in a nondeterministic way. Devising inductive invariants for such programs requires understanding and stating complex relationships between an unbounded number of computation tasks in arbitrarily long executions. In this paper, we introduce inductive sequentialization, a new proof rule that sidesteps this complexity via a sequential reduction, a sequential program that captures every behavior of the original program up to reordering of coarse-grained commutative actions. A sequential reduction of a concurrent program is easy to reason about since it corresponds to a simple execution of the program in an idealized synchronous environment, where processes act in a fixed order and at the same speed. We have implemented and integrated our proof rule in the CIVL verifier, allowing us to provably derive fine-grained implementations of asynchronous programs. We have successfully applied our proof rule to a diverse set of message-passing protocols, including leader election protocols, two-phase commit, and Paxos.},
author = {Kragl, Bernhard and Enea, Constantin and Henzinger, Thomas A and Mutluergil, Suha Orhun and Qadeer, Shaz},
booktitle = {Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation},
isbn = {9781450376136},
location = {London, United Kingdom},
pages = {227--242},
publisher = {Association for Computing Machinery},
title = {{Inductive sequentialization of asynchronous programs}},
doi = {10.1145/3385412.3385980},
year = {2020},
}
@inproceedings{8194,
abstract = {Fixed-point arithmetic is a popular alternative to floating-point arithmetic on embedded systems. Existing work on the verification of fixed-point programs relies on custom formalizations of fixed-point arithmetic, which makes it hard to compare the described techniques or reuse the implementations. In this paper, we address this issue by proposing and formalizing an SMT theory of fixed-point arithmetic. We present an intuitive yet comprehensive syntax of the fixed-point theory, and provide formal semantics for it based on rational arithmetic. We also describe two decision procedures for this theory: one based on the theory of bit-vectors and the other on the theory of reals. We implement the two decision procedures, and evaluate our implementations using existing mature SMT solvers on a benchmark suite we created. Finally, we perform a case study of using the theory we propose to verify properties of quantized neural networks.},
author = {Baranowski, Marek and He, Shaobo and Lechner, Mathias and Nguyen, Thanh Son and Rakamarić, Zvonimir},
booktitle = {Automated Reasoning},
isbn = {9783030510732},
issn = {16113349},
location = {Paris, France},
pages = {13--31},
publisher = {Springer Nature},
title = {{An SMT theory of fixed-point arithmetic}},
doi = {10.1007/978-3-030-51074-9_2},
volume = {12166},
year = {2020},
}
@inproceedings{8195,
abstract = {This paper presents a foundation for refining concurrent programs with structured control flow. The verification problem is decomposed into subproblems that aid interactive program development, proof reuse, and automation. The formalization in this paper is the basis of a new design and implementation of the Civl verifier.},
author = {Kragl, Bernhard and Qadeer, Shaz and Henzinger, Thomas A},
booktitle = {Computer Aided Verification},
isbn = {9783030532871},
issn = {0302-9743},
pages = {275--298},
publisher = {Springer Nature},
title = {{Refinement for structured concurrent programs}},
doi = {10.1007/978-3-030-53288-8_14},
volume = {12224},
year = {2020},
}