---
_id: '11362'
abstract:
- lang: eng
text: "Deep learning has enabled breakthroughs in challenging computing problems
and has emerged as the standard problem-solving tool for computer vision and natural
language processing tasks.\r\nOne exception to this trend is safety-critical tasks
where robustness and resilience requirements contradict the black-box nature of
neural networks. \r\nTo deploy deep learning methods for these tasks, it is vital
to provide guarantees on neural network agents' safety and robustness criteria.
\r\nThis can be achieved by developing formal verification methods to verify the
safety and robustness properties of neural networks.\r\n\r\nOur goal is to design,
develop and assess safety verification methods for neural networks to improve
their reliability and trustworthiness in real-world applications.\r\nThis thesis
establishes techniques for the verification of compressed and adversarially trained
models as well as the design of novel neural networks for verifiably safe decision-making.\r\n\r\nFirst,
we establish the problem of verifying quantized neural networks. Quantization
is a technique that trades numerical precision for the computational efficiency
of running a neural network and is widely adopted in industry.\r\nWe show that
neglecting the reduced precision when verifying a neural network can lead to wrong
conclusions about the robustness and safety of the network, highlighting that
novel techniques for quantized network verification are necessary. We introduce
several bit-exact verification methods explicitly designed for quantized neural
networks and experimentally confirm on realistic networks that the network's robustness
and other formal properties are affected by the quantization.\r\n\r\nFurthermore,
we perform a case study providing evidence that adversarial training, a standard
technique for making neural networks more robust, has detrimental effects on the
network's performance. This robustness-accuracy tradeoff has been studied before
regarding the accuracy obtained on classification datasets where each data point
is independent of all other data points. On the other hand, we investigate the
tradeoff empirically in robot learning settings where a both, a high accuracy
and a high robustness, are desirable.\r\nOur results suggest that the negative
side-effects of adversarial training outweigh its robustness benefits in practice.\r\n\r\nFinally,
we consider the problem of verifying safety when running a Bayesian neural network
policy in a feedback loop with systems over the infinite time horizon. Bayesian
neural networks are probabilistic models for learning uncertainties in the data
and are therefore often used on robotic and healthcare applications where data
is inherently stochastic.\r\nWe introduce a method for recalibrating Bayesian
neural networks so that they yield probability distributions over safe decisions
only.\r\nOur method learns a safety certificate that guarantees safety over the
infinite time horizon to determine which decisions are safe in every possible
state of the system.\r\nWe demonstrate the effectiveness of our approach on a
series of reinforcement learning benchmarks."
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Mathias
full_name: Lechner, Mathias
id: 3DC22916-F248-11E8-B48F-1D18A9856A87
last_name: Lechner
citation:
ama: Lechner M. Learning verifiable representations. 2022. doi:10.15479/at:ista:11362
apa: Lechner, M. (2022). Learning verifiable representations. Institute of
Science and Technology Austria. https://doi.org/10.15479/at:ista:11362
chicago: Lechner, Mathias. “Learning Verifiable Representations.” Institute of Science
and Technology Austria, 2022. https://doi.org/10.15479/at:ista:11362.
ieee: M. Lechner, “Learning verifiable representations,” Institute of Science and
Technology Austria, 2022.
ista: Lechner M. 2022. Learning verifiable representations. Institute of Science
and Technology Austria.
mla: Lechner, Mathias. Learning Verifiable Representations. Institute of
Science and Technology Austria, 2022, doi:10.15479/at:ista:11362.
short: M. Lechner, Learning Verifiable Representations, Institute of Science and
Technology Austria, 2022.
date_created: 2022-05-12T07:14:01Z
date_published: 2022-05-12T00:00:00Z
date_updated: 2025-07-14T09:10:11Z
day: '12'
ddc:
- '004'
degree_awarded: PhD
department:
- _id: GradSch
- _id: ToHe
doi: 10.15479/at:ista:11362
ec_funded: 1
file:
- access_level: closed
checksum: 8eefa9c7c10ca7e1a2ccdd731962a645
content_type: application/zip
creator: mlechner
date_created: 2022-05-13T12:33:26Z
date_updated: 2022-05-13T12:49:00Z
file_id: '11378'
file_name: src.zip
file_size: 13210143
relation: source_file
- access_level: open_access
checksum: 1b9e1e5a9a83ed9d89dad2f5133dc026
content_type: application/pdf
creator: mlechner
date_created: 2022-05-16T08:02:28Z
date_updated: 2022-05-17T15:19:39Z
file_id: '11382'
file_name: thesis_main-a2.pdf
file_size: 2732536
relation: main_file
file_date_updated: 2022-05-17T15:19:39Z
has_accepted_license: '1'
keyword:
- neural networks
- verification
- machine learning
language:
- iso: eng
license: https://creativecommons.org/licenses/by-nd/4.0/
month: '05'
oa: 1
oa_version: Published Version
page: '124'
project:
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: Z211
name: The Wittgenstein Prize
- _id: 62781420-2b32-11ec-9570-8d9b63373d4d
call_identifier: H2020
grant_number: '101020093'
name: Vigilant Algorithmic Monitoring of Software
publication_identifier:
isbn:
- 978-3-99078-017-6
publication_status: published
publisher: Institute of Science and Technology Austria
related_material:
record:
- id: '11366'
relation: part_of_dissertation
status: public
- id: '7808'
relation: part_of_dissertation
status: public
- id: '10666'
relation: part_of_dissertation
status: public
- id: '10665'
relation: part_of_dissertation
status: public
- id: '10667'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: Learning verifiable representations
tmp:
image: /image/cc_by_nd.png
legal_code_url: https://creativecommons.org/licenses/by-nd/4.0/legalcode
name: Creative Commons Attribution-NoDerivatives 4.0 International (CC BY-ND 4.0)
short: CC BY-ND (4.0)
type: dissertation
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
year: '2022'
...
---
_id: '8332'
abstract:
- lang: eng
text: "Designing and verifying concurrent programs is a notoriously challenging,
time consuming, and error prone task, even for experts. This is due to the sheer
number of possible interleavings of a concurrent program, all of which have to
be tracked and accounted for in a formal proof. Inventing an inductive invariant
that captures all interleavings of a low-level implementation is theoretically
possible, but practically intractable. We develop a refinement-based verification
framework that provides mechanisms to simplify proof construction by decomposing
the verification task into smaller subtasks.\r\n\r\nIn a first line of work, we
present a foundation for refinement reasoning over structured concurrent programs.
We introduce layered concurrent programs as a compact notation to represent multi-layer
refinement proofs. A layered concurrent program specifies a sequence of connected
concurrent programs, from most concrete to most abstract, such that common parts
of different programs are written exactly once. Each program in this sequence
is expressed as structured concurrent program, i.e., a program over (potentially
recursive) procedures, imperative control flow, gated atomic actions, structured
parallelism, and asynchronous concurrency. This is in contrast to existing refinement-based
verifiers, which represent concurrent systems as flat transition relations. We
present a powerful refinement proof rule that decomposes refinement checking over
structured programs into modular verification conditions. Refinement checking
is supported by a new form of modular, parameterized invariants, called yield
invariants, and a linear permission system to enhance local reasoning.\r\n\r\nIn
a second line of work, we present two new reduction-based program transformations
that target asynchronous programs. These transformations reduce the number of
interleavings that need to be considered, thus reducing the complexity of invariants.
Synchronization simplifies the verification of asynchronous programs by introducing
the fiction, for proof purposes, that asynchronous operations complete synchronously.
Synchronization summarizes an asynchronous computation as immediate atomic effect.
Inductive sequentialization establishes sequential reductions that captures every
behavior of the original program up to reordering of coarse-grained commutative
actions. A sequential reduction of a concurrent program is easy to reason about
since it corresponds to a simple execution of the program in an idealized synchronous
environment, where processes act in a fixed order and at the same speed.\r\n\r\nOur
approach is implemented the CIVL verifier, which has been successfully used for
the verification of several complex concurrent programs. In our methodology, the
overall correctness of a program is established piecemeal by focusing on the invariant
required for each refinement step separately. While the programmer does the creative
work of specifying the chain of programs and the inductive invariant justifying
each link in the chain, the tool automatically constructs the verification conditions
underlying each refinement step."
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Bernhard
full_name: Kragl, Bernhard
id: 320FC952-F248-11E8-B48F-1D18A9856A87
last_name: Kragl
orcid: 0000-0001-7745-9117
citation:
ama: 'Kragl B. Verifying concurrent programs: Refinement, synchronization, sequentialization.
2020. doi:10.15479/AT:ISTA:8332'
apa: 'Kragl, B. (2020). Verifying concurrent programs: Refinement, synchronization,
sequentialization. Institute of Science and Technology Austria. https://doi.org/10.15479/AT:ISTA:8332'
chicago: 'Kragl, Bernhard. “Verifying Concurrent Programs: Refinement, Synchronization,
Sequentialization.” Institute of Science and Technology Austria, 2020. https://doi.org/10.15479/AT:ISTA:8332.'
ieee: 'B. Kragl, “Verifying concurrent programs: Refinement, synchronization, sequentialization,”
Institute of Science and Technology Austria, 2020.'
ista: 'Kragl B. 2020. Verifying concurrent programs: Refinement, synchronization,
sequentialization. Institute of Science and Technology Austria.'
mla: 'Kragl, Bernhard. Verifying Concurrent Programs: Refinement, Synchronization,
Sequentialization. Institute of Science and Technology Austria, 2020, doi:10.15479/AT:ISTA:8332.'
short: 'B. Kragl, Verifying Concurrent Programs: Refinement, Synchronization, Sequentialization,
Institute of Science and Technology Austria, 2020.'
date_created: 2020-09-04T12:24:12Z
date_published: 2020-09-03T00:00:00Z
date_updated: 2023-09-13T08:45:08Z
day: '03'
ddc:
- '000'
degree_awarded: PhD
department:
- _id: ToHe
doi: 10.15479/AT:ISTA:8332
file:
- access_level: open_access
checksum: 26fe261550f691280bda4c454bf015c7
content_type: application/pdf
creator: bkragl
date_created: 2020-09-04T12:17:47Z
date_updated: 2020-09-04T12:17:47Z
file_id: '8333'
file_name: kragl-thesis.pdf
file_size: 1348815
relation: main_file
- access_level: closed
checksum: b9694ce092b7c55557122adba8337ebc
content_type: application/zip
creator: bkragl
date_created: 2020-09-04T13:00:17Z
date_updated: 2020-09-04T13:00:17Z
file_id: '8335'
file_name: kragl-thesis.zip
file_size: 372312
relation: source_file
file_date_updated: 2020-09-04T13:00:17Z
has_accepted_license: '1'
language:
- iso: eng
month: '09'
oa: 1
oa_version: Published Version
page: '120'
publication_identifier:
issn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
related_material:
record:
- id: '133'
relation: part_of_dissertation
status: public
- id: '8012'
relation: part_of_dissertation
status: public
- id: '8195'
relation: part_of_dissertation
status: public
- id: '160'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: 'Verifying concurrent programs: Refinement, synchronization, sequentialization'
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2020'
...
---
_id: '6894'
abstract:
- lang: eng
text: "Hybrid automata combine finite automata and dynamical systems, and model
the interaction of digital with physical systems. Formal analysis that can guarantee
the safety of all behaviors or rigorously witness failures, while unsolvable in
general, has been tackled algorithmically using, e.g., abstraction, bounded model-checking,
assisted theorem proving.\r\nNevertheless, very few methods have addressed the
time-unbounded reachability analysis of hybrid automata and, for current sound
and automatic tools, scalability remains critical. We develop methods for the
polyhedral abstraction of hybrid automata, which construct coarse overapproximations
and tightens them incrementally, in a CEGAR fashion. We use template polyhedra,
i.e., polyhedra whose facets are normal to a given set of directions.\r\nWhile,
previously, directions were given by the user, we introduce (1) the first method\r\nfor
computing template directions from spurious counterexamples, so as to generalize
and\r\neliminate them. The method applies naturally to convex hybrid automata,
i.e., hybrid\r\nautomata with (possibly non-linear) convex constraints on derivatives
only, while for linear\r\nODE requires further abstraction. Specifically, we introduce
(2) the conic abstractions,\r\nwhich, partitioning the state space into appropriate
(possibly non-uniform) cones, divide\r\ncurvy trajectories into relatively straight
sections, suitable for polyhedral abstractions.\r\nFinally, we introduce (3) space-time
interpolation, which, combining interval arithmetic\r\nand template refinement,
computes appropriate (possibly non-uniform) time partitioning\r\nand template
directions along spurious trajectories, so as to eliminate them.\r\nWe obtain
sound and automatic methods for the reachability analysis over dense\r\nand unbounded
time of convex hybrid automata and hybrid automata with linear ODE.\r\nWe build
prototype tools and compare—favorably—our methods against the respective\r\nstate-of-the-art
tools, on several benchmarks."
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Mirco
full_name: Giacobbe, Mirco
id: 3444EA5E-F248-11E8-B48F-1D18A9856A87
last_name: Giacobbe
orcid: 0000-0001-8180-0904
citation:
ama: Giacobbe M. Automatic time-unbounded reachability analysis of hybrid systems.
2019. doi:10.15479/AT:ISTA:6894
apa: Giacobbe, M. (2019). Automatic time-unbounded reachability analysis of hybrid
systems. Institute of Science and Technology Austria. https://doi.org/10.15479/AT:ISTA:6894
chicago: Giacobbe, Mirco. “Automatic Time-Unbounded Reachability Analysis of Hybrid
Systems.” Institute of Science and Technology Austria, 2019. https://doi.org/10.15479/AT:ISTA:6894.
ieee: M. Giacobbe, “Automatic time-unbounded reachability analysis of hybrid systems,”
Institute of Science and Technology Austria, 2019.
ista: Giacobbe M. 2019. Automatic time-unbounded reachability analysis of hybrid
systems. Institute of Science and Technology Austria.
mla: Giacobbe, Mirco. Automatic Time-Unbounded Reachability Analysis of Hybrid
Systems. Institute of Science and Technology Austria, 2019, doi:10.15479/AT:ISTA:6894.
short: M. Giacobbe, Automatic Time-Unbounded Reachability Analysis of Hybrid Systems,
Institute of Science and Technology Austria, 2019.
date_created: 2019-09-22T14:08:44Z
date_published: 2019-09-30T00:00:00Z
date_updated: 2023-09-19T09:30:43Z
day: '30'
ddc:
- '000'
degree_awarded: PhD
department:
- _id: ToHe
doi: 10.15479/AT:ISTA:6894
file:
- access_level: open_access
checksum: 773beaf4a85dc2acc2c12b578fbe1965
content_type: application/pdf
creator: mgiacobbe
date_created: 2019-09-27T14:15:05Z
date_updated: 2020-07-14T12:47:43Z
file_id: '6916'
file_name: giacobbe_thesis.pdf
file_size: 4100685
relation: main_file
- access_level: closed
checksum: 97f1c3da71feefd27e6e625d32b4c75b
content_type: application/gzip
creator: mgiacobbe
date_created: 2019-09-27T14:22:04Z
date_updated: 2020-07-14T12:47:43Z
file_id: '6917'
file_name: giacobbe_thesis_src.tar.gz
file_size: 7959732
relation: source_file
file_date_updated: 2020-07-14T12:47:43Z
has_accepted_license: '1'
language:
- iso: eng
month: '09'
oa: 1
oa_version: Published Version
page: '132'
publication_identifier:
eissn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
related_material:
record:
- id: '631'
relation: part_of_dissertation
status: public
- id: '647'
relation: part_of_dissertation
status: public
- id: '140'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000−0002−2985−7724
title: Automatic time-unbounded reachability analysis of hybrid systems
tmp:
image: /images/cc_by.png
legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
short: CC BY (4.0)
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2019'
...
---
_id: '1155'
abstract:
- lang: eng
text: This dissertation concerns the automatic verification of probabilistic systems
and programs with arrays by statistical and logical methods. Although statistical
and logical methods are different in nature, we show that they can be successfully
combined for system analysis. In the first part of the dissertation we present
a new statistical algorithm for the verification of probabilistic systems with
respect to unbounded properties, including linear temporal logic. Our algorithm
often performs faster than the previous approaches, and at the same time requires
less information about the system. In addition, our method can be generalized
to unbounded quantitative properties such as mean-payoff bounds. In the second
part, we introduce two techniques for comparing probabilistic systems. Probabilistic
systems are typically compared using the notion of equivalence, which requires
the systems to have the equal probability of all behaviors. However, this notion
is often too strict, since probabilities are typically only empirically estimated,
and any imprecision may break the relation between processes. On the one hand,
we propose to replace the Boolean notion of equivalence by a quantitative distance
of similarity. For this purpose, we introduce a statistical framework for estimating
distances between Markov chains based on their simulation runs, and we investigate
which distances can be approximated in our framework. On the other hand, we propose
to compare systems with respect to a new qualitative logic, which expresses that
behaviors occur with probability one or a positive probability. This qualitative
analysis is robust with respect to modeling errors and applicable to many domains.
In the last part, we present a new quantifier-free logic for integer arrays, which
allows us to express counting. Counting properties are prevalent in array-manipulating
programs, however they cannot be expressed in the quantified fragments of the
theory of arrays. We present a decision procedure for our logic, and provide several
complexity results.
acknowledgement: ' First of all, I want to thank my advisor, prof. Thomas A. Henzinger,
for his guidance during my PhD program. I am grateful for the freedom I was given
to pursue my research interests, and his continuous support. Working with prof.
Henzinger was a truly inspiring experience and taught me what it means to be a scientist.
I want to express my gratitude to my collaborators: Nikola Beneš, Krishnendu Chatterjee,
Martin Chmelík, Ashutosh Gupta, Willibald Krenn, Jan Kˇretínský, Dejan Nickovic,
Andrey Kupriyanov, and Tatjana Petrov. I have learned a great deal from my collaborators,
and without their help this thesis would not be possible. In addition, I want to
thank the members of my thesis committee: Dirk Beyer, Dejan Nickovic, and Georg
Weissenbacher for their advice and reviewing this dissertation. I would especially
like to acknowledge the late Helmut Veith, who was a member of my committee. I will
remember Helmut for his kindness, enthusiasm, and wit, as well as for being an inspiring
scientist. Finally, I would like to thank my colleagues for making my stay at IST
such a pleasant experience: Guy Avni, Sergiy Bogomolov, Ventsislav Chonev, Rasmus
Ibsen-Jensen, Mirco Giacobbe, Bernhard Kragl, Hui Kong, Petr Novotný, Jan Otop,
Andreas Pavlogiannis, Tantjana Petrov, Arjun Radhakrishna, Jakob Ruess, Thorsten
Tarrach, as well as other members of groups Henzinger and Chatterjee. '
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Przemyslaw
full_name: Daca, Przemyslaw
id: 49351290-F248-11E8-B48F-1D18A9856A87
last_name: Daca
citation:
ama: Daca P. Statistical and logical methods for property checking. 2017. doi:10.15479/AT:ISTA:TH_730
apa: Daca, P. (2017). Statistical and logical methods for property checking.
Institute of Science and Technology Austria. https://doi.org/10.15479/AT:ISTA:TH_730
chicago: Daca, Przemyslaw. “Statistical and Logical Methods for Property Checking.”
Institute of Science and Technology Austria, 2017. https://doi.org/10.15479/AT:ISTA:TH_730.
ieee: P. Daca, “Statistical and logical methods for property checking,” Institute
of Science and Technology Austria, 2017.
ista: Daca P. 2017. Statistical and logical methods for property checking. Institute
of Science and Technology Austria.
mla: Daca, Przemyslaw. Statistical and Logical Methods for Property Checking.
Institute of Science and Technology Austria, 2017, doi:10.15479/AT:ISTA:TH_730.
short: P. Daca, Statistical and Logical Methods for Property Checking, Institute
of Science and Technology Austria, 2017.
date_created: 2018-12-11T11:50:27Z
date_published: 2017-01-02T00:00:00Z
date_updated: 2023-09-07T11:58:34Z
day: '02'
ddc:
- '004'
- '005'
degree_awarded: PhD
department:
- _id: ToHe
doi: 10.15479/AT:ISTA:TH_730
ec_funded: 1
file:
- access_level: open_access
checksum: 1406a681cb737508234fde34766be2c2
content_type: application/pdf
creator: system
date_created: 2018-12-12T10:11:26Z
date_updated: 2020-07-14T12:44:34Z
file_id: '4880'
file_name: IST-2017-730-v1+1_Statistical_and_Logical_Methods_for_Property_Checking.pdf
file_size: 1028586
relation: main_file
file_date_updated: 2020-07-14T12:44:34Z
has_accepted_license: '1'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: '163'
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '267989'
name: Quantitative Reactive Modeling
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: Z211
name: The Wittgenstein Prize
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: S 11407_N23
name: Rigorous Systems Engineering
publication_identifier:
issn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
publist_id: '6203'
pubrep_id: '730'
related_material:
record:
- id: '1093'
relation: part_of_dissertation
status: public
- id: '1230'
relation: part_of_dissertation
status: public
- id: '1234'
relation: part_of_dissertation
status: public
- id: '1391'
relation: part_of_dissertation
status: public
- id: '1501'
relation: part_of_dissertation
status: public
- id: '1502'
relation: part_of_dissertation
status: public
- id: '2063'
relation: part_of_dissertation
status: public
- id: '2167'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000−0002−2985−7724
title: Statistical and logical methods for property checking
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2017'
...
---
_id: '1130'
abstract:
- lang: eng
text: "In this thesis we present a computer-aided programming approach to concurrency.
Our approach helps the programmer by automatically fixing concurrency-related
bugs, i.e. bugs that occur when the program is executed using an aggressive preemptive
scheduler, but not when using a non-preemptive (cooperative) scheduler. Bugs are
program behaviours that are incorrect w.r.t. a specification. We consider both
user-provided explicit specifications in the form of assertion\r\nstatements in
the code as well as an implicit specification. The implicit specification is inferred
from the non-preemptive behaviour. Let us consider sequences of calls that the
program makes to an external interface. The implicit specification requires that
any such sequence produced under a preemptive scheduler should be included in
the set of sequences produced under a non-preemptive scheduler. We consider several
semantics-preserving fixes that go beyond atomic sections typically explored in
the synchronisation synthesis literature. Our synthesis is able to place locks,
barriers and wait-signal statements and last, but not least reorder independent
statements. The latter may be useful if a thread is released to early, e.g., before
some initialisation is completed. We guarantee that our synthesis does not introduce
deadlocks and that the synchronisation inserted is optimal w.r.t. a given objective
function. We dub our solution trace-based synchronisation synthesis and it is
loosely based on counterexample-guided inductive synthesis (CEGIS). The synthesis
works by discovering a trace that is incorrect w.r.t. the specification and identifying
ordering constraints crucial to trigger the specification violation. Synchronisation
may be placed immediately (greedy approach) or delayed until all incorrect traces
are found (non-greedy approach). For the non-greedy approach we construct a set
of global constraints over synchronisation placements. Each model of the global
constraints set corresponds to a correctness-ensuring synchronisation placement.
The placement that is optimal w.r.t. the given objective function is chosen as
the synchronisation solution. We evaluate our approach on a number of realistic
(albeit simplified) Linux device-driver\r\nbenchmarks. The benchmarks are versions
of the drivers with known concurrency-related bugs. For the experiments with an
explicit specification we added assertions that would detect the bugs in the experiments.
Device drivers lend themselves to implicit specification, where the device and
the operating system are the external interfaces. Our experiments demonstrate
that our synthesis method is precise and efficient. We implemented objective functions
for coarse-grained and fine-grained locking and observed that different synchronisation
placements are produced for our experiments, favouring e.g. a minimal number of
synchronisation operations or maximum concurrency."
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Thorsten
full_name: Tarrach, Thorsten
id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
last_name: Tarrach
orcid: 0000-0003-4409-8487
citation:
ama: Tarrach T. Automatic synthesis of synchronisation primitives for concurrent
programs. 2016. doi:10.15479/at:ista:1130
apa: Tarrach, T. (2016). Automatic synthesis of synchronisation primitives for
concurrent programs. Institute of Science and Technology Austria. https://doi.org/10.15479/at:ista:1130
chicago: Tarrach, Thorsten. “Automatic Synthesis of Synchronisation Primitives for
Concurrent Programs.” Institute of Science and Technology Austria, 2016. https://doi.org/10.15479/at:ista:1130.
ieee: T. Tarrach, “Automatic synthesis of synchronisation primitives for concurrent
programs,” Institute of Science and Technology Austria, 2016.
ista: Tarrach T. 2016. Automatic synthesis of synchronisation primitives for concurrent
programs. Institute of Science and Technology Austria.
mla: Tarrach, Thorsten. Automatic Synthesis of Synchronisation Primitives for
Concurrent Programs. Institute of Science and Technology Austria, 2016, doi:10.15479/at:ista:1130.
short: T. Tarrach, Automatic Synthesis of Synchronisation Primitives for Concurrent
Programs, Institute of Science and Technology Austria, 2016.
date_created: 2018-12-11T11:50:19Z
date_published: 2016-07-07T00:00:00Z
date_updated: 2023-09-07T11:57:01Z
day: '07'
ddc:
- '000'
degree_awarded: PhD
department:
- _id: ToHe
- _id: GradSch
doi: 10.15479/at:ista:1130
ec_funded: 1
file:
- access_level: open_access
checksum: 319a506831650327e85376db41fc1094
content_type: application/pdf
creator: dernst
date_created: 2021-02-22T11:39:32Z
date_updated: 2021-02-22T11:39:32Z
file_id: '9179'
file_name: 2016_Tarrach_Thesis.pdf
file_size: 1523935
relation: main_file
success: 1
- access_level: closed
checksum: 39efcd789f0ad859ff15652cb7afc412
content_type: application/pdf
creator: cchlebak
date_created: 2021-11-16T14:14:38Z
date_updated: 2021-11-17T13:46:55Z
file_id: '10296'
file_name: 2016_Tarrach_Thesispdfa.pdf
file_size: 1306068
relation: main_file
file_date_updated: 2021-11-17T13:46:55Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: http://thorstent.github.io/theses/phd_thorsten_tarrach.pdf
month: '07'
oa: 1
oa_version: Published Version
page: '151'
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '267989'
name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: S 11407_N23
name: Rigorous Systems Engineering
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: Z211
name: The Wittgenstein Prize
publication_identifier:
issn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
publist_id: '6230'
related_material:
record:
- id: '1729'
relation: part_of_dissertation
status: public
- id: '2218'
relation: part_of_dissertation
status: public
- id: '2445'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000−0002−2985−7724
title: Automatic synthesis of synchronisation primitives for concurrent programs
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2016'
...
---
_id: '1405'
abstract:
- lang: eng
text: "Motivated by the analysis of highly dynamic message-passing systems, i.e.
unbounded thread creation, mobility, etc. we present a framework for the analysis
of depth-bounded systems. Depth-bounded systems are one of the most expressive
known fragment of the π-calculus for which interesting verification problems are
still decidable. Even though they are infinite state systems depth-bounded systems
are well-structured, thus can be analyzed algorithmically. We give an interpretation
of depth-bounded systems as graph-rewriting systems. This gives more flexibility
and ease of use to apply depth-bounded systems to other type of systems like shared
memory concurrency.\r\n\r\nFirst, we develop an adequate domain of limits for
depth-bounded systems, a prerequisite for the effective representation of downward-closed
sets. Downward-closed sets are needed by forward saturation-based algorithms to
represent potentially infinite sets of states. Then, we present an abstract interpretation
framework to compute the covering set of well-structured transition systems. Because,
in general, the covering set is not computable, our abstraction over-approximates
the actual covering set. Our abstraction captures the essence of acceleration
based-algorithms while giving up enough precision to ensure convergence. We have
implemented the analysis in the PICASSO tool and show that it is accurate in practice.
Finally, we build some further analyses like termination using the covering set
as starting point."
acknowledgement: "This work was supported in part by the Austrian Science Fund NFN
RiSE (Rigorous Systems Engineering) and by the ERC Advanced Grant QUAREM (Quantitative
Reactve Modeling).\r\nChapter 2, 3, and 4 are joint work with Thomas A. Henzinger
and Thomas Wies. Chapter 2 was published in FoSSaCS 2010 as “Forward Analysis of
Depth-Bounded Processes” [112]. Chapter 3 was published in VMCAI 2012 as “Ideal
Abstractions for Well-Structured Transition Systems” [114]. Chap- ter 5.1 is joint
work with Kshitij Bansal, Eric Koskinen, and Thomas Wies. It was published in TACAS
2013 as “Structural Counter Abstraction” [13]. The author’s contribution in this
part is mostly related to the implementation. The theory required to understand
the method and its implementation is quickly recalled to make the thesis self-contained,
but should not be considered as a contribution. For the details of the methods,
we refer the reader to the orig- inal publication [13] and the corresponding technical
report [14]. Chapter 5.2 is ongoing work with Shahram Esmaeilsabzali, Rupak Majumdar,
and Thomas Wies. I also would like to thank the people who supported over the past
4 years. My advisor Thomas A. Henzinger who gave me a lot of freedom to work on
projects I was interested in. My collaborators, especially Thomas Wies with whom
I worked since the beginning. The members of my thesis committee, Viktor Kun- cak
and Rupak Majumdar, who also agreed to advise me. Simon Aeschbacher, Pavol Cerny,
Cezara Dragoi, Arjun Radhakrishna, my family, friends and col- leagues who created
an enjoyable environment. "
alternative_title:
- ISTA Thesis
article_processing_charge: No
author:
- first_name: Damien
full_name: Zufferey, Damien
id: 4397AC76-F248-11E8-B48F-1D18A9856A87
last_name: Zufferey
orcid: 0000-0002-3197-8736
citation:
ama: Zufferey D. Analysis of dynamic message passing programs. 2013. doi:10.15479/at:ista:1405
apa: Zufferey, D. (2013). Analysis of dynamic message passing programs. Institute
of Science and Technology Austria. https://doi.org/10.15479/at:ista:1405
chicago: Zufferey, Damien. “Analysis of Dynamic Message Passing Programs.” Institute
of Science and Technology Austria, 2013. https://doi.org/10.15479/at:ista:1405.
ieee: D. Zufferey, “Analysis of dynamic message passing programs,” Institute of
Science and Technology Austria, 2013.
ista: Zufferey D. 2013. Analysis of dynamic message passing programs. Institute
of Science and Technology Austria.
mla: Zufferey, Damien. Analysis of Dynamic Message Passing Programs. Institute
of Science and Technology Austria, 2013, doi:10.15479/at:ista:1405.
short: D. Zufferey, Analysis of Dynamic Message Passing Programs, Institute of Science
and Technology Austria, 2013.
date_created: 2018-12-11T11:51:50Z
date_published: 2013-09-05T00:00:00Z
date_updated: 2023-09-07T11:36:37Z
day: '05'
ddc:
- '000'
degree_awarded: PhD
department:
- _id: ToHe
- _id: GradSch
doi: 10.15479/at:ista:1405
ec_funded: 1
file:
- access_level: open_access
checksum: ed2d7b52933d134e8dc69d569baa284e
content_type: application/pdf
creator: dernst
date_created: 2021-02-22T11:28:36Z
date_updated: 2021-02-22T11:28:36Z
file_id: '9176'
file_name: 2013_Zufferey_thesis_final.pdf
file_size: 1514906
relation: main_file
success: 1
- access_level: closed
checksum: cecc4c4b14225bee973d32e3dba91a55
content_type: application/pdf
creator: cchlebak
date_created: 2021-11-16T14:42:52Z
date_updated: 2021-11-17T13:47:58Z
file_id: '10298'
file_name: 2013_Zufferey_thesis_final_pdfa.pdf
file_size: 1378313
relation: main_file
file_date_updated: 2021-11-17T13:47:58Z
has_accepted_license: '1'
language:
- iso: eng
main_file_link:
- url: http://dzufferey.github.io/files/2013_thesis.pdf
month: '09'
oa: 1
oa_version: Published Version
page: '134'
project:
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
call_identifier: FWF
grant_number: S 11407_N23
name: Rigorous Systems Engineering
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
call_identifier: FP7
grant_number: '267989'
name: Quantitative Reactive Modeling
publication_identifier:
issn:
- 2663-337X
publication_status: published
publisher: Institute of Science and Technology Austria
publist_id: '5802'
related_material:
record:
- id: '2847'
relation: part_of_dissertation
status: public
- id: '3251'
relation: part_of_dissertation
status: public
- id: '4361'
relation: part_of_dissertation
status: public
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000−0002−2985−7724
title: Analysis of dynamic message passing programs
type: dissertation
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
year: '2013'
...
---
_id: '4409'
abstract:
- lang: eng
text: "Models of timed systems must incorporate not only the sequence of system
events, but the timings of these events as well to capture the real-time aspects
of physical systems. Timed automata are models of real-time systems in which states
consist of discrete locations and values for real-time clocks. The presence of
real-time clocks leads to an uncountable state space. This thesis studies verification
problems on timed automata in a game theoretic framework.\r\n\r\nFor untimed systems,
two systems are close if every sequence of events of one system is also observable
in the second system. For timed systems, the difference in timings of the two
corresponding sequences is also of importance. We propose the notion of bisimulation
distance which quantifies timing differences; if the bisimulation distance between
two systems is epsilon, then (a) every sequence of events of one system has a
corresponding matching sequence in the other, and (b) the timings of matching
events in between the two corresponding traces do not differ by more than epsilon.
We show that we can compute the bisimulation distance between two timed automata
to within any desired degree of accuracy. We also show that the timed verification
logic TCTL is robust with respect to our notion of quantitative bisimilarity,
in particular, if a system satisfies a formula, then every close system satisfies
a close formula.\r\n\r\nTimed games are used for distinguishing between the actions
of several agents, typically a controller and an environment. The controller must
achieve its objective against all possible choices of the environment. The modeling
of the passage of time leads to the presence of zeno executions, and corresponding
unrealizable strategies of the controller which may achieve objectives by blocking
time. We disallow such unreasonable strategies by restricting all agents to use
only receptive strategies --strategies which while not being required to ensure
time divergence by any agent, are such that no agent is responsible for blocking
time. Time divergence is guaranteed when all players use receptive strategies.
We show that timed automaton games with receptive strategies can be solved by
a reduction to finite state turn based game graphs. We define the logic timed
alternating-time temporal logic for verification of timed automaton games and
show that the logic can be model checked in EXPTIME. We also show that the minimum
time required by an agent to reach a desired location, and the maximum time an
agent can stay safe within a set of locations, against all possible actions of
its adversaries are both computable.\r\n\r\nWe next study the memory requirements
of winning strategies for timed automaton games. We prove that finite memory strategies
suffice for safety objectives, and that winning strategies for reachability objectives
may require infinite memory in general. We introduce randomized strategies in
which an agent can propose a probabilistic distribution of moves and show that
finite memory randomized strategies suffice for all omega-regular objectives.
We also show that while randomization helps in simplifying winning strategies,
and thus allows the construction of simpler controllers, it does not help a player
in winning at more states, and thus does not allow the construction of more powerful
controllers.\r\n\r\nFinally we study robust winning strategies in timed games.
In a physical system, a controller may propose an action together with a time
delay, but the action cannot be assumed to be executed at the exact proposed time
delay. We present robust strategies which incorporate such jitters and show that
the set of states from which an agent can win robustly is computable."
article_processing_charge: No
author:
- first_name: Vinayak
full_name: Prabhu, Vinayak
last_name: Prabhu
citation:
ama: Prabhu V. Games for the verification of timed systems. 2008:1-137.
apa: Prabhu, V. (2008). Games for the verification of timed systems. University
of California, Berkeley.
chicago: Prabhu, Vinayak. “Games for the Verification of Timed Systems.” University
of California, Berkeley, 2008.
ieee: V. Prabhu, “Games for the verification of timed systems,” University of California,
Berkeley, 2008.
ista: Prabhu V. 2008. Games for the verification of timed systems. University of
California, Berkeley.
mla: Prabhu, Vinayak. Games for the Verification of Timed Systems. University
of California, Berkeley, 2008, pp. 1–137.
short: V. Prabhu, Games for the Verification of Timed Systems, University of California,
Berkeley, 2008.
date_created: 2018-12-11T12:08:42Z
date_published: 2008-09-01T00:00:00Z
date_updated: 2022-02-14T14:35:11Z
day: '01'
degree_awarded: PhD
extern: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-97.html
month: '09'
oa: 1
oa_version: None
page: 1 - 137
publication_status: published
publisher: University of California, Berkeley
publist_id: '319'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
- first_name: John
full_name: Steel, John
last_name: Steel
- first_name: Pravin
full_name: Varaiya, Pravin
last_name: Varaiya
title: Games for the verification of timed systems
type: dissertation
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
year: '2008'
...
---
_id: '4415'
abstract:
- lang: eng
text: 'Many computing applications, especially those in safety critical embedded
systems, require highly predictable timing properties. However, time is often
not present in the prevailing computing and networking abstractions. In fact,
most advances in computer architecture, software, and networking favor average-case
performance over timing predictability. This thesis studies several methods for
the design of concurrent and/or distributed embedded systems with precise timing
guarantees. The focus is on flexible and compositional methods for programming
and verification of the timing properties. The presented methods together with
related formalisms cover two levels of design: (1) Programming language/model
level. We propose the distributed variant of Giotto, a coordination programming
language with an explicit temporal semantics—the logical execution time (LET)
semantics. The LET of a task is an interval of time that specifies the time instants
at which task inputs and outputs become available (task release and termination
instants). The LET of a task is always non-zero. This allows us to communicate
values across the network without changing the timing information of the task,
and without introducing nondeterminism. We show how this methodology supports
distributed code generation for distributed real-time systems. The method gives
up some performance in favor of composability and predictability. We characterize
the tradeoff by comparing the LET semantics with the semantics used in Simulink.
(2) Abstract task graph level. We study interface-based design and verification
of applications represented with task graphs. We consider task sequence graphs
with general event models, and cyclic graphs with periodic event models with jitter
and phase. Here an interface of a component exposes time and resource constraints
of the component. Together with interfaces we formally define interface composition
operations and the refinement relation. For efficient and flexible composability
checking two properties are important: incremental design and independent refinement.
According to the incremental design property the composition of interfaces can
be performed in any order, even if interfaces for some components are not known.
The refinement relation is defined such that in a design we can always substitute
a refined interface for an abstract one. We show that the framework supports independent
refinement, i.e., the refinement relation is preserved under composition operations.'
acknowledgement: 978-0-549-83480-9
article_processing_charge: No
author:
- first_name: Slobodan
full_name: Matic, Slobodan
last_name: Matic
citation:
ama: Matic S. Compositionality in deterministic real-time embedded systems. 2008:1-148.
apa: Matic, S. (2008). Compositionality in deterministic real-time embedded systems.
University of California, Berkeley.
chicago: Matic, Slobodan. “Compositionality in Deterministic Real-Time Embedded
Systems.” University of California, Berkeley, 2008.
ieee: S. Matic, “Compositionality in deterministic real-time embedded systems,”
University of California, Berkeley, 2008.
ista: Matic S. 2008. Compositionality in deterministic real-time embedded systems.
University of California, Berkeley.
mla: Matic, Slobodan. Compositionality in Deterministic Real-Time Embedded Systems.
University of California, Berkeley, 2008, pp. 1–148.
short: S. Matic, Compositionality in Deterministic Real-Time Embedded Systems, University
of California, Berkeley, 2008.
date_created: 2018-12-11T12:08:44Z
date_published: 2008-01-01T00:00:00Z
date_updated: 2022-02-14T14:08:50Z
day: '01'
degree_awarded: PhD
extern: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 1 - 148
publication_status: published
publisher: University of California, Berkeley
publist_id: '316'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
- first_name: Edward
full_name: Lee, Edward
last_name: Lee
- first_name: Raja
full_name: Sengupta, Raja
last_name: Sengupta
title: Compositionality in deterministic real-time embedded systems
type: dissertation
user_id: 8b945eb4-e2f2-11eb-945a-df72226e66a9
year: '2008'
...
---
_id: '4524'
abstract:
- lang: eng
text: "Complex requirements, time-to-market pressure and regulatory constraints
have made the designing of embedded systems extremely challenging. This is evident
by the increase in effort and expenditure for design of safety-driven real-time
control-dominated applications like automotive and avionic controllers. Design
processes are often challenged by lack of proper programming tools for specifying
and verifying critical requirements (e.g. timing and reliability) of such applications.
Platform based design, an approach for designing embedded systems, addresses the
above concerns by separating requirement from architecture. The requirement specifies
the intended behavior of an application while the architecture specifies the guarantees
(e.g. execution speed, failure rate etc). An implementation, a mapping of the
requirement on the architecture, is then analyzed for correctness. The orthogonalization
of concerns makes the specification and analyses simpler. An effective use of
such design methodology has been proposed in Logical Execution Time (LET) model
of real-time tasks. The model separates the timing requirements (specified by
release and termination instances of a task) from the architecture guarantees
(specified by worst-case execution time of the task).\r\n\r\nThis dissertation
proposes a coordination language, Hierarchical Timing Language (HTL), that captures
the timing and reliability requirements of real-time applications. An implementation
of the program on an architecture is then analyzed to check whether desired timing
and reliability requirements are met or not. The core framework extends the LET
model by accounting for reliability and refinement. The reliability model separates
the reliability requirements of tasks from the reliability guarantees of the architecture.
The requirement expresses the desired long-term reliability while the architecture
provides a short-term reliability guarantee (e.g. failure rate for each iteration).
The analysis checks if the short-term guarantee ensures the desired long-term
reliability. The refinement model allows replacing a task by another task during
program execution. Refinement preserves schedulability and reliability, i.e.,
if a refined task is schedulable and reliable for an implementation, then the
refining task is also schedulable and reliable for the implementation. Refinement
helps in concise specification without overloading analysis.\r\n\r\nThe work presents
the formal model, the analyses (both with and without refinement), and a compiler
for HTL programs. The compiler checks composition and refinement constraints,
performs schedulability and reliability analyses, and generates code for implementation
of an HTL program on a virtual machine. Three real-time controllers, one each
from automatic control, automotive control and avionic control, are used to illustrate
the steps in modeling and analyzing HTL programs."
acknowledgement: 978-0-549-83679-7
article_processing_charge: No
author:
- first_name: Arkadeb
full_name: Ghosal, Arkadeb
last_name: Ghosal
citation:
ama: Ghosal A. A hierarchical coordination language for reliable real-time tasks.
2008:1-210.
apa: Ghosal, A. (2008). A hierarchical coordination language for reliable real-time
tasks. University of California, Berkeley.
chicago: Ghosal, Arkadeb. “A Hierarchical Coordination Language for Reliable Real-Time
Tasks.” University of California, Berkeley, 2008.
ieee: A. Ghosal, “A hierarchical coordination language for reliable real-time tasks,”
University of California, Berkeley, 2008.
ista: Ghosal A. 2008. A hierarchical coordination language for reliable real-time
tasks. University of California, Berkeley.
mla: Ghosal, Arkadeb. A Hierarchical Coordination Language for Reliable Real-Time
Tasks. University of California, Berkeley, 2008, pp. 1–210.
short: A. Ghosal, A Hierarchical Coordination Language for Reliable Real-Time Tasks,
University of California, Berkeley, 2008.
date_created: 2018-12-11T12:09:18Z
date_published: 2008-01-31T00:00:00Z
date_updated: 2021-01-12T07:59:26Z
day: '31'
extern: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 1 - 210
publication_status: published
publisher: University of California, Berkeley
publist_id: '199'
status: public
supervisor:
- first_name: Alberto
full_name: Sangiovanni-Vincentelli, Alberto
last_name: Sangiovanni-Vincentelli
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
- first_name: Edward
full_name: Lee, Edward
last_name: Lee
- first_name: Karl
full_name: Hedrick, Karl
last_name: Hedrick
title: A hierarchical coordination language for reliable real-time tasks
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2008'
...
---
_id: '4566'
abstract:
- lang: eng
text: "Complex system design today calls for compositional design and implementation.
However each component is designed with certain assumptions about the environment
it is meant to operate in, and delivering certain guarantees if those assumptions
are satisfied; numerous inter-component interaction errors are introduced in the
manual and error-prone integration process as there is little support in design
environments for machine-readably representing these assumptions and guarantees
and automatically checking consistency during integration.\r\n\r\nBased on Interface
Automata we propose a framework for compositional design and analysis of systems:
a set of domain-specific automata-theoretic type systems for compositional system
specification and analysis by behavioral specification of open systems. We focus
on three different domains: component-based hardware systems communicating on
bidirectional wires. concurrent distributed recursive message-passing software
systems, and embedded software system components operating in resource-constrained
environments. For these domains we present approaches to formally represent the
assumptions and conditional guarantees between interacting open system components.
Composition of such components produces new components with the appropriate assumptions
and guarantees. We check satisfaction of temporal logic specifications by such
components, and the substitutability of one component with another in an arbitrary
context. Using this framework one can analyze large systems incrementally without
needing extensive summary information to close the system at each stage. Furthermore,
we focus only on the inter-component interaction behavior without dealing with
the full implementation details of each component. Many of the merits of automata-theoretic
model-checking are combined with the compositionality afforded by type-system
based techniques. We also present an integer-based extension of the conventional
boolean verification framework motivated by our interface formalism for embedded
software components.\r\n\r\nOur algorithms for checking the behavioral compatibility
of component interfaces are available in our tool Chic, which can be used as a
plug-in for the Java IDE JBuilder and the heterogenous modeling and design environment
Ptolemy II.\r\n\r\nFinally, we address the complementary problem of partitioning
a large system into meaningful coherent components by analyzing the interaction
patterns between its basic elements. We demonstrate the usefulness of our partitioning
approach by evaluating its efficacy in improving unit-test branch coverage for
a large software system implemented in C."
article_processing_charge: No
author:
- first_name: Arindam
full_name: Chakrabarti, Arindam
last_name: Chakrabarti
citation:
ama: Chakrabarti A. A framework for compositional design and analysis of systems.
2007:1-244.
apa: Chakrabarti, A. (2007). A framework for compositional design and analysis
of systems. University of California, Berkeley.
chicago: Chakrabarti, Arindam. “A Framework for Compositional Design and Analysis
of Systems.” University of California, Berkeley, 2007.
ieee: A. Chakrabarti, “A framework for compositional design and analysis of systems,”
University of California, Berkeley, 2007.
ista: Chakrabarti A. 2007. A framework for compositional design and analysis of
systems. University of California, Berkeley.
mla: Chakrabarti, Arindam. A Framework for Compositional Design and Analysis
of Systems. University of California, Berkeley, 2007, pp. 1–244.
short: A. Chakrabarti, A Framework for Compositional Design and Analysis of Systems,
University of California, Berkeley, 2007.
date_created: 2018-12-11T12:09:31Z
date_published: 2007-12-20T00:00:00Z
date_updated: 2021-01-12T07:59:45Z
day: '20'
extern: '1'
language:
- iso: eng
month: '12'
oa_version: None
page: 1 - 244
publication_status: published
publisher: University of California, Berkeley
publist_id: '145'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
- first_name: George
full_name: Necula, George
last_name: Necula
- first_name: Edward
full_name: Lee, Edward
last_name: Lee
- first_name: Jack
full_name: Silver, Jack
last_name: Silver
title: A framework for compositional design and analysis of systems
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2007'
...
---
_id: '4424'
abstract:
- lang: eng
text: "The enormous cost and ubiquity of software errors necessitates the need for
techniques and tools that can precisely analyze large systems and prove that they
meet given specifications, or if they don't, return counterexample behaviors showing
how the system fails. Recent advances in model checking, decision procedures,
program analysis and type systems, and a shift of focus to partial specifications
common to several systems (e.g., memory safety and race freedom) have resulted
in several practical verification methods. However, these methods are either precise
or they are scalable, depending on whether they track the values of variables
or only a fixed small set of dataflow facts (e.g., types), and are usually insufficient
for precisely verifying large programs.\r\n\r\nWe describe a new technique called
Lazy Abstraction (LA) which achieves both precision and scalability by localizing
the use of precise information. LA automatically builds, explores and refines
a single abstract model of the program in a way that different parts of the model
exhibit different degrees of precision, namely just enough to verify the desired
property. The algorithm automatically mines the information required by partitioning
mechanical proofs of unsatisfiability of spurious counterexamples into Craig Interpolants.
For multithreaded systems, we give a new technique based on analyzing the behavior
of a single thread executing in a context which is an abstraction of the other
(arbitrarily many) threads. We define novel context models and show how to automatically
infer them and analyze the full system (thread + context) using LA.\r\n\r\nLA
is implemented in BLAST. We have run BLAST on Windows and Linux Device Drivers
to verify API conformance properties, and have used it to find (or guarantee the
absence of) data races in multithreaded Networked Embedded Systems (NESC) applications.
BLAST is able to prove the absence of races in several cases where earlier methods,
which depend on lock-based synchronization, fail."
article_processing_charge: No
author:
- first_name: Ranjit
full_name: Jhala, Ranjit
last_name: Jhala
citation:
ama: Jhala R. Program verification by lazy abstraction. 2004:1-165.
apa: Jhala, R. (2004). Program verification by lazy abstraction. University
of California, Berkeley.
chicago: Jhala, Ranjit. “Program Verification by Lazy Abstraction.” University of
California, Berkeley, 2004.
ieee: R. Jhala, “Program verification by lazy abstraction,” University of California,
Berkeley, 2004.
ista: Jhala R. 2004. Program verification by lazy abstraction. University of California,
Berkeley.
mla: Jhala, Ranjit. Program Verification by Lazy Abstraction. University
of California, Berkeley, 2004, pp. 1–165.
short: R. Jhala, Program Verification by Lazy Abstraction, University of California,
Berkeley, 2004.
date_created: 2018-12-11T12:08:47Z
date_published: 2004-12-01T00:00:00Z
date_updated: 2021-01-12T07:56:52Z
day: '01'
extern: '1'
language:
- iso: eng
month: '12'
oa_version: None
page: 1 - 165
publication_status: published
publisher: University of California, Berkeley
publist_id: '307'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: Program verification by lazy abstraction
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2004'
...
---
_id: '4416'
abstract:
- lang: eng
text: "Methods for the formal specification and verification of systems are indispensible
for the development of complex yet correct systems. In formal verification, the
designer describes the system in a modeling language with a well-defined semantics,
and this system description is analyzed against a set of correctness requirements.
Model checking is an algorithmic technique to check that a system description
indeed satisfies correctness requirements given as logical specifications. While
successful in hardware verification, the potential for model checking for software
and embedded systems has not yet been realized. This is because traditional model
checking focuses on systems modeled as finite state-transition graphs. While a
natural model for hardware (especially synchronous hardware), state-transition
graphs often do not capture software and embedded systems at an appropriate level
of granularity. This dissertation considers two orthogonal extensions to finite
state-transition graphs making model checking techniques applicable to both a
wider class of systems and a wider class of properties.\r\n\r\nThe first direction
is an extension to infinite-state structures finitely represented using constraints
and operations on constraints. Infinite state arises when we wish to model variables
with unbounded range (e.g., integers), or data structures, or real time. We provide
a uniform framework of symbolic region algebras to study model checking of infinite-state
systems. We also provide sufficient language-independent termination conditions
for symbolic model checking algorithms on infinite state systems.\r\n\r\nThe second
direction supplements verification with game theoretic reasoning. Games are natural
models for interactions between components. We study game theoretic behavior with
winning conditions given by temporal logic objectives both in the deterministic
and in the probabilistic context. For deterministic games, we provide an extremal
model characterization of fixpoint algorithms that link solutions of verification
problems to solutions for games. For probabilistic games we study fixpoint characterization
of winning probabilities for games with omega-regular winning objectives, and
construct (epsilon-)optimal winning strategies."
article_processing_charge: No
author:
- first_name: Ritankar
full_name: Majumdar, Ritankar
last_name: Majumdar
citation:
ama: Majumdar R. Symbolic algorithms for verification and control. 2003:1-201.
apa: Majumdar, R. (2003). Symbolic algorithms for verification and control.
University of California, Berkeley.
chicago: Majumdar, Ritankar. “Symbolic Algorithms for Verification and Control.”
University of California, Berkeley, 2003.
ieee: R. Majumdar, “Symbolic algorithms for verification and control,” University
of California, Berkeley, 2003.
ista: Majumdar R. 2003. Symbolic algorithms for verification and control. University
of California, Berkeley.
mla: Majumdar, Ritankar. Symbolic Algorithms for Verification and Control.
University of California, Berkeley, 2003, pp. 1–201.
short: R. Majumdar, Symbolic Algorithms for Verification and Control, University
of California, Berkeley, 2003.
date_created: 2018-12-11T12:08:44Z
date_published: 2003-12-01T00:00:00Z
date_updated: 2021-01-12T07:56:49Z
day: '01'
extern: '1'
language:
- iso: eng
month: '12'
oa_version: None
page: 1 - 201
publication_status: published
publisher: University of California, Berkeley
publist_id: '313'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: Symbolic algorithms for verification and control
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2003'
...
---
_id: '4425'
abstract:
- lang: eng
text: "Giotto provides a time-triggered programmer’s model for the implementation
of embedded control systems with hard real-time constraints. Giotto’s precise
semantics and predictabil- ity make it suitable for safety-critical applications.\r\nGiotto
is based around the idea that time-triggered task invocation together with time-triggered
mode switching can form a useful programming model for real-time systems. To substantiate
this claim, we describe the use of Giotto to refactor the software of a small,
autonomous helicopter. The ease with which Giotto expresses the existing software
provides evidence that Giotto is an appropriate programming language for control
systems.\r\nSince Giotto is a real-time programming language, ensuring that Giotto
programs meet their deadlines is crucial. To study precedence-constrained Giotto
scheduling, we first examine single-mode, single-processor scheduling. We extend
to an infinite, periodic setting the classical problem of meeting deadlines for
a set of tasks with release times, deadlines, precedence constraints, and preemption.
We then develop an algorithm for scheduling Giotto programs on a single processor
by representing Giotto programs as instances of the extended scheduling problem.\r\nNext,
we study multi-mode, single-processor Giotto scheduling. This problem is different
from classical scheduling problems, since in our precedence-constrained approach,
the deadlines of tasks may vary depending on the mode switching behavior of the
program. We present conditional scheduling models which capture this varying-deadline
behavior. We develop polynomial-time algorithms for some conditional scheduling
models, and prove oth- ers to be computationally hard. We show how to represent
multi-mode Giotto programs as instances of the model, resulting in an algorithm
for scheduling multi-mode Giotto programs on a single processor.\r\nFinally, we
show that the problem of scheduling Giotto programs for multiple net- worked processors
is strongly NP-hard."
article_processing_charge: No
author:
- first_name: Benjamin
full_name: Horowitz, Benjamin
last_name: Horowitz
citation:
ama: 'Horowitz B. Giotto: A time-triggered language for embedded programming. 2003:1-237.'
apa: 'Horowitz, B. (2003). Giotto: A time-triggered language for embedded programming.
University of California, Berkeley.'
chicago: 'Horowitz, Benjamin. “Giotto: A Time-Triggered Language for Embedded Programming.”
University of California, Berkeley, 2003.'
ieee: 'B. Horowitz, “Giotto: A time-triggered language for embedded programming,”
University of California, Berkeley, 2003.'
ista: 'Horowitz B. 2003. Giotto: A time-triggered language for embedded programming.
University of California, Berkeley.'
mla: 'Horowitz, Benjamin. Giotto: A Time-Triggered Language for Embedded Programming.
University of California, Berkeley, 2003, pp. 1–237.'
short: 'B. Horowitz, Giotto: A Time-Triggered Language for Embedded Programming,
University of California, Berkeley, 2003.'
date_created: 2018-12-11T12:08:47Z
date_published: 2003-10-01T00:00:00Z
date_updated: 2021-01-12T07:56:53Z
day: '01'
extern: '1'
language:
- iso: eng
month: '10'
oa_version: None
page: 1 - 237
publication_status: published
publisher: University of California, Berkeley
publist_id: '305'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: 'Giotto: A time-triggered language for embedded programming'
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2003'
...
---
_id: '4414'
abstract:
- lang: eng
text: "This dissertation investigates game-theoretic approaches to the algorithmic
analysis of concurrent, reactive systems. A concurrent system comprises a number
of components working concurrently; a reactive system maintains an ongoing interaction
with its environment. Traditional approaches to the formal analysis of concurrent
reactive systems usually view the system as an unstructured state-transition graphs;
instead, we view them as collections of interacting components, where each one
is an open system which accepts inputs from the other components. The interactions
among the components are naturally modeled as games.\r\n\r\nAdopting this game-theoretic
view, we study three related problems pertaining to the verification and synthesis
of systems. Firstly, we propose two novel game-theoretic techniques for the model-checking
of concurrent reactive systems, and improve the performance of model-checking.
The first technique discovers an error as soon as it cannot be prevented, which
can be long before it actually occurs. This technique is based on the key observation
that "unpreventability" is a local property to a module: an error is
unpreventable in a module state if no environment can prevent it. The second technique
attempts to decompose a model-checking proof into smaller proof obligations by
constructing abstract modules automatically, using reachability and "unpreventability"
information about the concrete modules. Three increasingly powerful proof decomposition
rules are proposed and we show that in practice, the resulting abstract modules
are often significantly smaller than the concrete modules and can drastically
reduce the space and time requirements for verification. Both techniques fall
into the category of compositional reasoning.\r\n\r\nSecondly, we investigate
the composition and control of synchronous systems. An essential property of synchronous
systems for compositional reasoning is non-blocking. In the composition of synchronous
systems, however, due to circular causal dependency of input and output signals,
non-blocking is not always guaranteed. Blocking compositions of systems can be
ruled out semantically, by insisting on the existence of certain fixed points,
or syntactically, by equipping systems with types, which make the dependencies
between input and output signals transparent. We characterize various typing mechanisms
in game-theoretic terms, and study their effects on the controller synthesis problem.
We show that our typing systems are general enough to capture interesting real-life
synchronous systems such as all delay-insensitive digital circuits. We then study
their corresponding single-step control problems --a restricted form of controller
synthesis problem whose solutions can be iterated in appropriate manners to solve
all LTL controller synthesis problems. We also consider versions of the controller
synthesis problem in which the type of the controller is given. We show that the
solution of these fixed-type control problems requires the evaluation of partially
ordered (Henkin) quantifiers on boolean formulas, and is therefore harder (nondeterministic
exponential time) than more traditional control questions.\r\n\r\nThirdly, we
study the synthesis of a class of open systems, namely, uninitialized state machines.
The sequential synthesis problem, which is closely related to Church's solvability
problem, asks, given a specification in the form of a binary relation between
input and output streams, for the construction of a finite-state stream transducer
that converts inputs to appropriate outputs. For efficiency reasons, practical
sequential hardware is often designed to operate without prior initialization.
Such hardware designs can be modeled by uninitialized state machines, which are
required to satisfy their specification if started from any state. We solve the
sequential synthesis problem for uninitialized systems, that is, we construct
uninitialized finite-state stream transducers. We consider specifications given
by LTL formulas, deterministic, nondeterministic, universal, and alternating Buechi
automata. We solve this uninitialized synthesis problem by reducing it to the
well-understood initialized synthesis problem. While our solution is straightforward,
it leads, for some specification formalisms, to upper bounds that are exponentially
worse than the complexity of the corresponding initialized problems. However,
we prove lower bounds to show that our simple solutions are optimal for all considered
specification formalisms. The lower bound proofs require nontrivial generic reductions."
article_processing_charge: No
author:
- first_name: Freddy
full_name: Mang, Freddy
last_name: Mang
citation:
ama: Mang F. Games in open systems verification and synthesis. 2002:1-116.
apa: Mang, F. (2002). Games in open systems verification and synthesis. University
of California, Berkeley.
chicago: Mang, Freddy. “Games in Open Systems Verification and Synthesis.” University
of California, Berkeley, 2002.
ieee: F. Mang, “Games in open systems verification and synthesis,” University of
California, Berkeley, 2002.
ista: Mang F. 2002. Games in open systems verification and synthesis. University
of California, Berkeley.
mla: Mang, Freddy. Games in Open Systems Verification and Synthesis. University
of California, Berkeley, 2002, pp. 1–116.
short: F. Mang, Games in Open Systems Verification and Synthesis, University of
California, Berkeley, 2002.
date_created: 2018-12-11T12:08:44Z
date_published: 2002-05-01T00:00:00Z
date_updated: 2021-01-12T07:56:48Z
day: '01'
extern: '1'
language:
- iso: eng
month: '05'
oa_version: None
page: 1 - 116
publication_status: published
publisher: University of California, Berkeley
publist_id: '315'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: Games in open systems verification and synthesis
type: dissertation
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2002'
...
---
_id: '4411'
abstract:
- lang: eng
text: "Model checking algorithms for the verification of reactive systems proceed
by a systematic and exhaustive exploration of the system state space. They do
not scale to large designs because of the state explosion problem --the number
of states grows exponentially with the number of components in the design. Consequently,
the model checking problem is PSPACE-hard in the size of the design description.
This dissertation proposes three novel techniques to combat the state explosion
problem.\r\n\r\nOne of the most important advances in model checking in recent
years has been the discovery of symbolic methods, which use a calculus of expressions,
such as binary decision diagrams, to represent the state sets encountered during
state space exploration. Symbolic model checking has proved to be effective for
verifying hardware designs. Traditionally, symbolic checking of temporal logic
specifications is performed by backward fixpoint reasoning with the operator Pre.
Backward reasoning can be wasteful since unreachable states are explored. We suggest
the use of forward fixpoint reasoning based on the operator Post. We show how
all linear temporal logic specifications can be model checked symbolically by
forward reasoning. In contrast to backward reasoning, forward reasoning performs
computations only on the reachable states.\r\n\r\nHeuristics that improve algorithms
for application domains, such as symbolic methods for hardware designs, are useful
but not enough to make model checking feasible on industrial designs. Currently,
exhaustive state exploration is possible only on designs with about 50-100 boolean
state variables. Assume-guarantee verification attempts to combat the state explosion
problem by using the principle of "divide and conquer," where the components
of the implementation are analyzed one at a time. Typically, an implementation
component refines its specification only when its inputs are suitably constrained
by other components in the implementation. The assume-guarantee principle states
that instead of constraining the inputs by implementation components, it is sound
to constrain them by the corresponding specification components, which can be
significantly smaller. We extend the assume-guarantee proof rule to deal with
the case where the specification operates at a coarser time scale than the implementation.
Using our model checker Mocha, which implements this methodology, we verify VGI,
a parallel DSP processor chip with 64 compute processors each containing approximately
800 state variables and 30K gates.\r\n\r\nOur third contribution is a systematic
model checking methodology for verifying the abstract shared-memory interface
of sequential consistency on multiprocessor systems with three parameters --number
of processors, number of memory locations, and number of data values. Sequential
consistency requires that some interleaving of the local temporal orders of read/write
events at different processors be a trace of serial memory. Therefore, it suffices
to construct a non-interfering serializer that watches and reorders read/write
events so that a trace of serial memory is obtained. While in general such a serializer
must be unbounded even for fixed values of the parameters --checking sequential
consistency is undecidable!-- we show that the paradigmatic class of snoopy cache
coherence protocols has finite-state serializers. In order to reduce the arbitrary-parameter
problem to the fixed-parameter problem, we develop a novel framework for induction
over the number of processors and use the notion of a serializer to reduce the
problem of verifying sequential consistency to that of checking language inclusion
between finite state machines."
article_processing_charge: No
author:
- first_name: Shaz
full_name: Qadeer, Shaz
last_name: Qadeer
citation:
ama: Qadeer S. Algorithms and Methodology for Scalable Model Checking. 1999:1-150.
apa: Qadeer, S. (1999). Algorithms and Methodology for Scalable Model Checking.
University of California, Berkeley.
chicago: Qadeer, Shaz. “Algorithms and Methodology for Scalable Model Checking.”
University of California, Berkeley, 1999.
ieee: S. Qadeer, “Algorithms and Methodology for Scalable Model Checking,” University
of California, Berkeley, 1999.
ista: Qadeer S. 1999. Algorithms and Methodology for Scalable Model Checking. University
of California, Berkeley.
mla: Qadeer, Shaz. Algorithms and Methodology for Scalable Model Checking.
University of California, Berkeley, 1999, pp. 1–150.
short: S. Qadeer, Algorithms and Methodology for Scalable Model Checking, University
of California, Berkeley, 1999.
date_created: 2018-12-11T12:08:43Z
date_published: 1999-10-01T00:00:00Z
date_updated: 2022-09-06T08:07:40Z
day: '01'
degree_awarded: PhD
extern: '1'
language:
- iso: eng
main_file_link:
- url: https://www.microsoft.com/en-us/research/publication/algorithms-methodology-scalable-model-checking/
month: '10'
oa_version: None
page: 1 - 150
publication_status: published
publisher: University of California, Berkeley
publist_id: '321'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
- first_name: Robert
full_name: Bryton, Robert
last_name: Bryton
- first_name: John
full_name: Steel, John
last_name: Steel
title: Algorithms and Methodology for Scalable Model Checking
type: dissertation
user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17
year: '1999'
...
---
_id: '4419'
abstract:
- lang: eng
text: A {\em hybrid automaton\/} consists of a finite automaton interacting with
a dynamical system. Hybrid automata are used to model embedded controllers and
other systems that consist of interacting discrete and continuous components.
A hybrid automaton is {\em rectangular\/} if each of its continuous variables~x
satisfies a nondeterministic differential equation of the form a≤dxdt≤b, where
a and~b are rational constants. Rectangular hybrid automata are particularly useful
for the analysis of communication protocols in which local clocks have bounded
drift, and for the conservative approximation of systems with more complex continuous
behavior. We examine several verification problems on the class of rectangular
hybrid automata, including reachability, temporal logic model checking, and controller
synthesis. Both dense-time and discrete-time models are considered. We identify
subclasses of rectangular hybrid automata for which these problems are decidable
and give complexity analyses. An investigation of the structural properties of
rectangular hybrid automata is undertaken. One method for proving the decidability
of verification problems on infinite-state systems is to find finite quotient
systems on which analysis can proceed. Three state-space equivalence relations
with strong connections to temporal logic are bisimilarity, similarity, and language
equivalence. We characterize the quotient spaces of rectangular hybrid automata
with respect to these equivalence relations.
article_processing_charge: No
author:
- first_name: Peter
full_name: Kopke, Peter
last_name: Kopke
citation:
ama: Kopke P. The Theory of Rectangular Hybrid Automata. 1996.
apa: Kopke, P. (1996). The Theory of Rectangular Hybrid Automata. Cornell
University.
chicago: Kopke, Peter. “The Theory of Rectangular Hybrid Automata.” Cornell University,
1996.
ieee: P. Kopke, “The Theory of Rectangular Hybrid Automata,” Cornell University,
1996.
ista: Kopke P. 1996. The Theory of Rectangular Hybrid Automata. Cornell University.
mla: Kopke, Peter. The Theory of Rectangular Hybrid Automata. Cornell University,
1996.
short: P. Kopke, The Theory of Rectangular Hybrid Automata, Cornell University,
1996.
date_created: 2018-12-11T12:08:45Z
date_published: 1996-01-01T00:00:00Z
date_updated: 2022-07-06T15:11:24Z
day: '01'
extern: '1'
language:
- iso: eng
month: '01'
oa_version: None
publication_status: published
publisher: Cornell University
publist_id: '312'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: The Theory of Rectangular Hybrid Automata
type: dissertation
user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17
year: '1996'
...
---
_id: '4428'
abstract:
- lang: eng
text: "Hybrid systems are real-time systems that react to both discrete and continuous
activities (such as analog signals, time, temperature, and speed). Typical examples
of hybrid systems are embedded systems, timing-based communication protocols,
and digital circuits at the transistor level. Due to the rapid development of
microprocessor technology, hybrid systems directly control much of what we depend
on in our daily lives. Consequently, the formal specification and verification
of hybrid systems has become an active area of research. This dissertation presents
the first general framework for the formal specification and verification of hybrid
systems, as well as the first hybrid-system analysis tool--HyTech. The framework
consists of a graphical finite-state-machine-like language for modeling hybrid
systems, a temporal logic for modeling the requirements of hybrid systems, and
a computer procedure that verifies modeled hybrid systems against modeled requirements.
The tool HyTech is the implementation of the framework using C++ and Mathematica.\r\n\r\nMore
specifically, our hybrid-system modeling language, Hybrid Automata, is an extension
of timed automata with discrete and continuous variables whose dynamics are governed
by differential equations. Our requirement modeling language, ICTL, is a branching-time
temporal logic, and is an extension of TCTL with stop-watch variables. Our verification
procedure is a symbolic model-checking procedure that verifies linear hybrid automata
against ICTL formulas. To make HyTech more efficient and effective, we use model-checking
strategies and abstract operators that can expedite the verification process.
To enable HyTech to verify nonlinear hybrid automata, we introduce two translations
from nonlinear hybrid automata to linear hybrid automata. We have applied HyTech
to analyze more than 30 hybrid-system benchmarks. In this dissertation, we present
the application of HyTech to three nontrivial hybrid systems taken from the literature."
article_processing_charge: No
author:
- first_name: Pei
full_name: Ho, Pei
last_name: Ho
citation:
ama: Ho P. Automatic analysis of hybrid systems. 1995:1-188.
apa: Ho, P. (1995). Automatic analysis of hybrid systems. Cornell University.
chicago: Ho, Pei. “Automatic Analysis of Hybrid Systems.” Cornell University, 1995.
ieee: P. Ho, “Automatic analysis of hybrid systems,” Cornell University, 1995.
ista: Ho P. 1995. Automatic analysis of hybrid systems. Cornell University.
mla: Ho, Pei. Automatic Analysis of Hybrid Systems. Cornell University, 1995,
pp. 1–188.
short: P. Ho, Automatic Analysis of Hybrid Systems, Cornell University, 1995.
date_created: 2018-12-11T12:08:48Z
date_published: 1995-08-01T00:00:00Z
date_updated: 2022-06-28T07:30:34Z
day: '01'
degree_awarded: PhD
extern: '1'
language:
- iso: eng
main_file_link:
- open_access: '1'
url: https://hdl.handle.net/1813/7193
month: '08'
oa: 1
oa_version: Published Version
page: 1 - 188
publication_status: published
publisher: Cornell University
publist_id: '304'
status: public
supervisor:
- first_name: Thomas A
full_name: Henzinger, Thomas A
id: 40876CD8-F248-11E8-B48F-1D18A9856A87
last_name: Henzinger
orcid: 0000-0002-2985-7724
title: Automatic analysis of hybrid systems
type: dissertation
user_id: ea97e931-d5af-11eb-85d4-e6957dddbf17
year: '1995'
...