decidability decidability and symbolic symbolic
play

Decidability Decidability and Symbolic Symbolic Verification - PowerPoint PPT Presentation

Dec 24, 2023 •215 likes •682 views

Decidability Decidability and Symbolic Symbolic Verification Symbolic Symbolic Verification Verification Verification Kim G. Larsen Kim G. Larsen Aalborg Aalborg University Aalborg Aalborg University University DENMARK University, ,

  1. Decidability Decidability and Symbolic Symbolic Verification Symbolic Symbolic Verification Verification Verification Kim G. Larsen Kim G. Larsen Aalborg Aalborg University Aalborg Aalborg University University DENMARK University, , DENMARK DENMARK DENMARK

  2. Reachability Reachability ? a b OBSTACLE: Uncountably infinite state space c c locations clock-valuations Reachable from initial state (L0 x 0 y 0) ? Reachable from initial state (L0,x= 0,y= 0) ? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [2] en [2]

  3. The Region Abstraction The Region Abstraction Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [3] en [3]

  4. Regions – From Infinite to Finite Regions – Reset region THM [AD90] S S Successor Successor S Successor Reachability is decidable Regions Regions regions (and PSPACE-complete) for timed automata + THM [CY90] Time-optimal reachability is decidable (and PSPACE-complete) for A region g timed automata timed automata Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [4] en [4]

  5. Fundamental Results Fundamental Results  Reachability y   Model-checking  TCTL  TCTL  ; MTL  ; MTL  ; MITL  ; MITL   Bisimulation, Simulation  Timed  d  ; Untimed  d  Ti U ti  Trace-inclusion  Timed  ; Untimed  Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [5] en [5]

  6. Symbolic Symbolic Verification Verification The UPPAAL Verification Engine Verification Engine

  7. Regions – Regions – From Infinite to Finite + Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [7] en [7]

  8. Zones – Zones – From Finite to Efficiency From Finite to Efficiency A zone Z : 1 ≤ x ≤ 2 Æ 0 ≤ y ≤ 2 Æ x - y ≥ 0 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Lars Kim Larsen [8] en [8]

  9. Zones - Zones - Operations Operations (n, 2 ≤ x ≤ 4 Æ (n, 2 ≤ x Æ (n, 2 ≤ x Æ 1 ≤ y ≤ 3 Æ y-x ≤ 0 ) 1 ≤ y ≤ 3 Æ y-x ≤ 0 ) 1 ≤ y Æ -3 ≤ y-x ≤ 0 ) y y y x x x Delay Delay (stopwatch) y y y (n, 2 ≤ x ≤ 4 Æ 1 ≤ y ) (n, x= 0 Æ 1 ≤ y ≤ 3 ) 2 x x x Reset Extrapolation Convex Hull Summer School on Informatics RIO Summer School on Informatics RIO 2012 2012 Kim Lars Kim Larsen [9] en [9]

  10. Symbolic Transitions Symbolic Transitions 1< = x< = 4 1< = x, 1< = y 1< = y< = 3 y -2< = x-y< = 3 y y delays to x x x> 3 y y 3< x, 1< = y conjuncts to -2< = x-y< = 3 a a x x y:= 0 y: 0 3< x, y= 0 , y projects to j t t Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [10] Kim Larsen [10]

  11. Datastructures for Zones Datastructures for Zones  Difference Bounded -4 Matrices (DBMs) ( ) x1 x2 4  Minimal Constraint 3 3 2 -2 -2 Form 2 2 x0 x3 1 [RTSS97] 5  Clock Difference Diagrams [CAV99] Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [11] Kim Larsen [11]

  12. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 12 12 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  13. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 13 13 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  14. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final? Final? REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 14 14 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  15. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 15 15 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  16. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 16 16 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  17. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 17 17 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  18. Forward Reachability Forward Reachability Init -> Final ? INITIAL Passed := Ø; PW Waiting := { (n 0 ,Z 0 )} Waiting Final REPEAT REPEAT pick (n,Z) in Waiting if (n,Z) = Final return true for all (n,Z)  (n’,Z’): ( , ) ( , ) if for some (n’,Z’’) Z’  Z’’ continue else add (n’,Z’) to Waiting move (n,Z) to Passed UNTIL Waiting = Ø return false Init Passed 18 18 Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012

  19. Symbolic Exploration Symbolic Exploration y x Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [19] Kim Larsen [19]

  20. Symbolic Exploration Symbolic Exploration y x Delay Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [20] Kim Larsen [20]

  21. Symbolic Exploration Symbolic Exploration y x Left Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [21] Kim Larsen [21]

  22. Symbolic Exploration Symbolic Exploration y x Left Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [22] Kim Larsen [22]

  23. Symbolic Exploration Symbolic Exploration y x Delay Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [23] Kim Larsen [23]

  24. Symbolic Exploration Symbolic Exploration y x Left Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [24] Kim Larsen [24]

  25. Symbolic Exploration Symbolic Exploration y x Left Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [25] Kim Larsen [25]

  26. Symbolic Exploration Symbolic Exploration y x Delay Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [26] Kim Larsen [26]

  27. Symbolic Exploration Symbolic Exploration y x Down Reachable? Reachable? Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [27] Kim Larsen [27]

  28. Verification Verification Options Options

  29. Verification Options Verification Options Search Order Depth First Breadth First St t State Space Reduction S R d ti None Conservative Aggressive St t State Space Representation S R t ti DBM Compact Form Under Approximation Over Approximation O A i ti Diagnostic Trace Some Shortest Fastest F t t Extrapolation Hash Table size Reuse Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [29] Kim Larsen [29]

  30. State Space Reduction State Space Reduction Cycles: Only symbolic states involving loop-entry points involving loop entry points need to be saved on Passed list Summer School on Summer School on Informatics RIO Informatics RIO 2012 2012 Kim Larsen [30] Kim Larsen [30]

Recommend

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of Basel May 4, 2016 (Semi-) Decidability Recursive Enumerability Models of Computation and Semi-Decidability Summary Overview: Computability Theory

600 views • 39 slides
Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of Computer Science D6.1 (Semi-) Decidability D6. Decidability and Semi-Decidability D6.2 Recursive Enumerability Malte Helmert University of Basel D6.3

406 views • 7 slides
Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which problems have algorithmic solutions Machine Learning Feasibility what assumptions must we make to trust that we can learn an unknown target

246 views • 22 slides
Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order

Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order

Logic-based Program Verification Decidability of Propositional and First-Order Logic. First-Order Theories. Theory of Equality M ad alina Era scu Tudor Jebelean Research Institute for Symbolic Computation, Johannes Kepler University,

1.3k views • 92 slides
Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms to solve problems Demonstrate that some problems can be solved by algorithms while other cannot Explore the limits of algorithmic solvability

477 views • 27 slides
Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Introduction (Un)decidability on modal MTL logics Undecidability of some modal MTL logics (formerly product logics) Amanda Vidal Institute of Computer Science, Czech Academy of Sciences September 6, 2016 1 / 19 Introduction (Un)decidability

705 views • 68 slides
Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

A tool for the Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all program branches. Inputs are considered symbolic variables. Symbols remain uninstantiated and become constrained at execution

451 views • 24 slides
Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

ICLA 2019 March 3, 2019 Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a geometry engine? On the (un)decidability of affine Euclidean geometries Annals of Mathematics and Artificial Intelligence

909 views • 65 slides
Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen February 3, 2014 1 Decidability We introduced the TM as a general purpose model of com- putation. An algorithm was basically defined

507 views • 25 slides
Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte Helmert University of Basel April 4, 2016 Closure Properties Decidability Summary Closure Properties Closure Properties Decidability Summary

278 views • 27 slides
How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw (based on joint work with Henryk Michalewski) CTFM/Tanaka60 Tokyo, September 2015 1 / 22 How

781 views • 31 slides
On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have been studied in Process Rewriting Systems for some time. The focus has been on the decidability of reachability, equivalence, . . . . There are

931 views • 47 slides
Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information

Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information

Outline Review Decidability of security Take-Grant Protection Model Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information and Computer Security January 11, 2011 Outline Review Decidability of

783 views • 57 slides
Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu, Sebastian Brandt, Yi-Jun Chang, Dennis Olivetti, el Rabie , Jukka Suomela Mika ANR DESCARTES/ESTATE Tuesday, April 2 Mika el RABIE Decidability

971 views • 96 slides
Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 /

Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 /

Symbolic Mathematics Dr. Mihail November 20, 2018 (Dr. Mihail) Symbolic November 20, 2018 1 / 16 Overview Symbolic So far in this course we dealt with MATLAB variables that were placeholders for numeric types (e.g., scalars, vectors,

953 views • 17 slides
Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and Applied Mathematics University of Bern Bern, Switzerland joint work with Samuel Bucheli, Roman Kuznets September 2011 Thomas Studer Decidability

471 views • 25 slides
Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is appealingly simple and useful , but computationally expensive ! We will see how the effective use of symbolic execution boils down to a kind of

494 views • 24 slides
Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on symbolic execution have found serious errors and security vulnerabilities in various systems: Network servers File systems Device drivers

733 views • 40 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems &amp; Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Hierarchical Exact Symbolic Analysis y y of Large Analog Integrated Circuits By Symbolic Stamps

Hierarchical Exact Symbolic Analysis y y of Large Analog Integrated Circuits By Symbolic Stamps

Hierarchical Exact Symbolic Analysis y y of Large Analog Integrated Circuits By Symbolic Stamps Symbolic Stamps Hui Xu, Guoyong Shi and Xiaopeng Li School of Microelectronics, Shanghai Jiao Tong Univ. Shanghai, China Presentation at Asia

655 views • 36 slides
Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure &amp; Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure &amp; Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure &amp; Decidability Gabriele R oger University of Basel April 15, 2020 Turing Machines vs. Grammars Closure and Decidability Summary Overview Languages &amp; Grammars

363 views • 25 slides
A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA Andrea Asperti Department of Computer Science University of Bologna 25/08/2011 A

726 views • 33 slides
Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte Helmert University of Basel April 6, 2016 Context-free Grammars and -Rules Chomsky Normal Form Closure Properties Decidability Summary

831 views • 47 slides
Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution / / Sbastien Bardin &amp; Richard Bonichon 20180409 CEA LIST 1 1,1,L Model Source qb int foo (int t ) { 0,1,L 0,1,L int y = t * t - 4 * t ;

567 views • 34 slides

More recommend