Finite-State Verification or Model Checking. Finite State Verification (FSV) or Model Checking
|
|
- Clifford Warner
- 5 years ago
- Views:
Transcription
1 Finite-State Verification or Model Checking Finite State Verification (FSV) or Model Checking Holds the romise of roviding a cost effective way of verifying imortant roerties about a system Not all faults are created equal Invest effort into most imortant roerties Several romising rototyes Reachability Based SPIN Symbolic Model Checking (SMV) LTSA Flow Equations Integer Necessary Conditions (INCA) Data Flow Analysis FLAVERS
2 High-Level Architecture of FSV Systems Proerty Proerty Translator Proerty Reresentation System System Translator System Model Reasoning Engine Proerty Verified Counter Examles for Model Conservative Analysis If roerty verified, roerty holds for all ossible executions of the system If roerty not verified: An error found (in the system or in the roerty) OR A surious result System model abstracts information to be tractable Conservative abstractions usually overaroximate behavior If inconsistency relies uon overaroximations, then a surious result e.g. every counterexamle corresonds to an infeasible ath
3 System Model Deends on roerty being verified Eliminate information that does not imact the roof To kee the model as small as ossible Abstraction techniques allow states in the model to be reduced/collased Only kee track of the variables that are imortant to the roerty Use slicing Abstract values whenever ossible x<0, x=0, x>0 Alhabet Refinement: Model reduction based on relevant events foo foo foo bar Can remove a node from the grah if it does not have an event associated with it, AND does not affect the flow of events through the grah foo bar
4 Some Proerties of Proerties State-based versus event-based Once temerature is greater than 100 degrees, lock is true Elevator door s before elevator moves Single locations versus (sub)aths Deadlock, race conditions, some mutual exclusion Sequences of states or events Safety versus Liveness Finitely refutable Not finitely refutable Look for cycles that violate the roerty or the absence of cycles that satisfy the roerty A quick look at three aroaches to FSV Reachability-based Model Checking Flow Equations Data Flow Analysis
5 Reachability-based Model Checking: some history Originally roosed for hardware Early 80 s: E. Clarke and Emerson; Quielle and Sifakis Late 80 s: Imroved algorithms and roerty notations (E. Clarke, Emerson, Sistla) 90 s: Symbolic Model Checking (SMV) and other otimizations (Burch, E. Clarke, Dill, Long, and McMillan) Current: Hybrid aroaches that combine model checking with Theorem roving techniques Symbolic execution Otimization techniques (e.g., oints to analysis) Model Checking: Overview Proerties usually exressed in a temoral logic System reresented as a (ossibly abstracted ) reachability grah State based=>show the values of all the relevant variables Reasoning engine roagates valid subformulas through the grah
6 High-Level Architecture of Model Checking Temoral Logic Proerty Proerty Translator System System Translator State-based Reachability Grah Subformula roagation Proerty Reresentation Proerty Verified Counter Examles for Model Reresenting Proerties in CTL Temoral oerators G - globally F - future X - next U - until R - release Examles: Path quantifiers A - for all aths E - for some ath AG means that for all aths from this state, is true and will remain true EF means that for some ath from this state, will eventually be true
7 Assigning roositions to nodes Mark nodes with roositions that are true at that node Each tye of exression has a rule for how to roagate that exression through the grah E.g., Mark a node with AX (EX) if for all (some) of its successors is true Proagating Proositions: AX and EX X - in the next state, is true Consider AX Consider EX EX AX EX Only need to look at the successors of the node of interest
8 Proagating Proositions: AF F - at some time in the future, is true AF AF AF AF To roagate AF : Mark nodes where is true with AF If all of a node s successors are marked with AF, mark that node Reeat Ste 2 until a fixed oint is reached Proagating Proositions: EF F - at some time in the future, is true EF EF EF EF EF EF To roagate EF : Mark nodes where is true with EF If at least one of a node s successors are marked with EF, mark that node Reeat Ste 2 until a fixed oint is reached
9 Proagating Proositions G - globally in the future, is true Globally in the future talks about aths of infinite length Need to identify strongly connected comonents (SCCs) in the grah A subset of the grah in which every node is reachable from every other node in the subset Can be comuted in time linear to the size of the grah [Tarjan 1972] Proagating Proositions G - globally in the future, is true AG AG AG To roagate AG : Identify SCCs If is true on every node in a SCC, mark every node in that SCC with AG If is true on a node and all of its successors are marked with AG, mark that node Reeat Ste 3 until a fixed oint is reached AG AG AG
10 Proagating Proositions G - globally in the future, is true EG EG EG EG To roagate EG : Mark every node in a cycle where is true on every node in that cycle with EG If is true on a node and at least one of its successors are marked with EG, mark that node Reeat Ste 2 until a fixed oint is reached EG EG EG Proagation rules Different rule for each formula tye A roerty is true for a grah if it holds in the initial node(s) Need a reachability grah that shows the states (i.e., the values) of the relevant variables Examle: rocess 1 can be null, trying to obtain the lock, or in its critical region (n1, t1, c1) rocess 2 can be null, trying to obtain the lock, or in its critical region (n2, t2, c2) turn is a variable that indicates which rocess can obtain the lock (0,1,2)
11 Examle: mutual exclusion rotocol [McMillan] (rocess1 = n1,t1,c1 rocess2 = n2,t2,c2 turn = 0,1,2) n1,n2,0 t1,n2,1 n1,t2,2 c1,n2,1 t1,t2,1 t1,t2,2 n1,c2,2 c1,t2,1 t1,c2,2 Examle Proerty AG(t1 AF c1) If rocess1 gets the lock (t1) then eventually it gets into its critical region (c1) Subformulas AF c1 t1 AF c1 AG(t1 AF c1) Note, would like to rove this for all rocesses but FSV aroaches usually must instantiate a fixed configuration of the system (and roerty)
12 Examle: roagation AG(t1 AF c1) AF c1 n1,n2,0 AF c1 t1,n2,1 AF c1 n1,t2,2 AF c1 AF c1 c1,n2,1 AF c1 t1,t2,1 t1,t2,2 AF c1 n1,c2,2 AF c1 c1,t2,1 t1,c2,2 AF c1 (rocess1, rocess2, turn) Need to continue roagating AG(t1 AF c1) (t1 AF c1) equivalent to ( t1 v AF c1)
13 Examle: roagation AG(t1 AF c1) = AG( t1 v AF c1) t1 AF c1 c1 n1,n2,0 t1 AF c1 c1 t1,n2,1 t1 AF c1 t1 AF c1 c1,n2,1 AF c1 t1,t2,1 t1 AF c1 c1 n1,t2,2 t1 AF c1 t1 AF c1 c1 t1,t2,2 AF c1 n1,c2,2 t1 AF c1 c1,t2,1 t1,c2,2 t1 AF c1 c1 (rocess1, rocess2, turn) Examle: roagation AG(t1 AF c1) AG(t1 AF c1 c1) n1,n2,0 AG(t1 AF c1) t1,n2,1 AG(t1 AF c1) AG(t1 AF c1) c1,n2,1 t1,t2,1 AG(t1 AF c1 c1) n1,t2,2 AG(t1 AF AF c1) AG(t1 AF c1 c1) t1,t2,2 n1,c2,2 t1 AF AG(t1 c1 AF c1) c1,t2,1 t1,c2,2 AG(t1 t1 AF c1 AF c1) (rocess1, rocess2, turn)
14 Examle: roagation Proerty holds in the initial node, therefore it holds for the model n1,n2,0 AG(t1 AF c1) AG(t1 AF c1) c1,n2,1 AG(t1 AF c1) t1,n2,1 AG(t1 AF c1) t1,t2,1 t1,t2,2 AG(t1 AF c1) n1,t2,2 AG(t1 AF c1) AG(t1 AF c1) n1,c2,2 AG(t1 AF c1) c1,t2,1 t1,c2,2 AG(t1 AF c1) (rocess1, rocess2, turn) Formula Proagation Proagate until no change roagate from smaller to larger subformulas Actually kee all the formulas associated with a node AF c1, t1 AF c1, AG(t1 AF c1) n1,t2,2 smart algorithm: linear in the size of model and size of the formula But, model is exonential Many otimization techniques Symbolic model checking
15 Some observations: Model Checking Worst case bound linear in size of the model Model exonential Symbolic model checking encodes Boolean exressions and usually reduces the size of the model Exerimentally often very effective! Used to verify hardware and designs Trying to develo aroriate abstractions to make it alicable to software systems A quick look at three aroaches to FSV Model Checking Flow Equations Data Flow Analysis
16 Flow Equations: some history Originally roosed for designs Early 80 s: Initial develoment (Avrunin, Dillon, and Wileden) 90 s: Otimized and extended to real-time (Avrunin, Buy, Corbett, Dillon, and Wileden) Current: INCA rototye (Avrunin, Corbett, and Siegel) Flow Equations Model system as a set of finite state automata Use extended network flow inequalities to cature legal flow through a concurrent system Reresent comlement of the roerty and see if it is consistent with the set of system inequalities
17 Flow Equations Determine if combined system of inequalities is consistent Use integer linear rogramming If consistent, there is at least one set of flows through automata that violate the roerty Provides trace through the model (but may not be executable) High-Level Architecture of INCA Integer Necessary Condition Analyzer Proerty Secification Proerty Translator System System Translator Linear Inequalities Integer Linear Programming Solver Linear Inequalities Proerty Verified Assignment to Variables
18 Examle: Task Flow Equations x3 x0 x1 a x2 x4 x1 = x0 + x3 x2 = x1 x2 = x3 + x4 x0 = 1 x4 = 1 x7 x5 a x6 b x8 x6 = x5 + x7 x6 = x7 + x8 x5 = 1 x8 = 1 x12 x9 x10 b x11 x13 x10 = x9 + x12 x11 = x10 x11 = x12 + x13 x9 = 1 x13=1 Flow in to a node = Flow out of a node Flow in and out of a task is 1 Examle: Inter-task Flow Equations x3 x0 x1 a x2 x4 x7 x5 a x6 b x8 x12 x9 x10 b x11 x13 x2 = x6 x11 = x7 + x8 Rendezvous are always matched: # calls = # accets
19 Examle: Require Non-Negative Flow x3 x0 x1 a x2 x4 x7 x5 a x6 b x8 x12 x9 x10 b x11 x13 j: 0 xj Flow over edges is non-negative Examle: Proerty x3 x0 x1 a x2 x4 x7 x5 a x6 b x8 x12 x9 x10 b x11 x13 Are there more occurrences of event a then event b? Proerty: For all aths, event a occurs more than event b Proerty Equation: x2 > x11 Proerty Comlement: x2 x11
20 Solving for a roerty x1 = 1 + x3 x2 = x1 x2 = x3 + 1 x6 = 1 + x7 x6 = x7 + 1 x10 = 1 + x12 x11 = x10 x11 = x x2 = x6 x11 = x7 + 1 j: 0 xj x2 x11 Task Flow Equations Inter-Task Flow Equations Non-Negative Flow Proerty Comlement Does this set of inequalities have a solution? Solving for a roerty x1 = 1 + x3 x2 = x1 x2 = x3 + 1 x6 = 1 + x7 x6 = x7 + 1 x10 = 1 + x12 x11 = x10 x11 = x x2 = x6 x11 = x7 + x8 j: 0 xj x2 x11 Solution exists e.g., x3, x7, x12=0, all other xi=1 => roerty does not hold
21 Examle: Proerty x3 x0 x1 a x2 x4 x7 x5 a x6 b x8 x12 x9 x10 b x11 x13 Are there more occurrences of event a then event b? Proerty: For all aths, event a occurs more than event b Counter Examle: x3, x7, x12=0, all other xi=1 Some limitations Integer Linear Programming has an exonential worst case bound Interrocess order information is not reserved only checks whether event counts are consistent Like most static techniques, may roduce surious results
22 Benefits of the aroach Does not enumerate the state sace! ILP is often very efficient Emirical evidence: linear inequality systems usually grow linearly and take sub-exonential times to solve In ractice, INCA is often an effective technique A quick look at three aroaches to FSV Reachability-based Model Checking Flow Equations Data Flow Analysis FLAVERS
23 High-Level Architecture of FSV Systems Proerty Proerty Translator Proerty Reresentation System System Translator System Model Reasoning Engine Proerty Verified Counter Examles for Model Data Flow Based Verification: some history Mid-70 s: Originally roosed for def-ref anomalies in FORTRAN (Osterweil and Fosdick) Early 80 s: Extended to general roerties (Olender and Osterweil) & concurrency (Taylor and Osterweil) 90 s: Deadlock detection (Masticola and Ryder); Efficient reresentation of concurrency & incremental recision imrovement (Dwyer and Clarke) Recent: Otimizations, Java (Avrunin, Clarke, Cobleigh, Naumovich, and Osterweil)
24 Data Flow Analysis: FLAVERS FLow Analysis for VERification of Systems Reresents roerty as a finite-state automaton Reasoning engine based on data-flow analysis Relatively efficient because of the system model collection of annotated control flow grahs intertask communication and interleavings are reresented with additional nodes & edges does not enumerate all reachable states over-aroximates relevant executable behaviors Uses constraints to selectively imrove recision of the model TFG Construction task body t1 is begin u; t2.synch; v; w; end t1; task t2 body is begin x; accet synch; y; z; end t2; u t2.synch ` v synch x accet synch ` y w z
25 Two Event-Based Models b,b u,b u,x b,x u x s,s synch w,s v,s v,y s,y s,z v y w,y v,z w z w,z e,e TFG model Conservative Reresents all the sequences of events that occur in the rogram Imrecise May include some sequences of events that can not occur in the rogram Resulting analysis is conservative, but may reort surious roblems (false ositives)
26 High-Level Architecture of FLAVERS Proerty Secification Proerty Translator System System Translator Trace Flow Grah (TFG) State Proagation Proerty FSA Proerty Verified Counter Examle Trace through TFG FLAVERS Forward Flow, Any Path Problem IN and OUT are sets of FSA states IN(n) = OUT(m) m in red(n) OUT(n) = δ(s, n) s in IN(n) δ is the FSA transition function Result: Let f be the final node of the TFG All roerty: Want OUT(f) Accet(P) None roerty: Want OUT(f) Accet(P) = Accet(P) is the set of acceting states of a roerty, P Similar to Cesar, but state roagation being alied to a Trace Flow Grah
27 State Proagation Worklist: : 2, 3, 4, 5 {1} {2} 2: oen 1: if {1} {1} 1 oen move 3: if {1,2} {1,2} 2 oen {1,2} {1} 4: 5: move {1,2} {1,3} 3 move move oen State Proagation {2} 2: oen 1: if {1} 1 oen move 3: if {1,2} 2 oen {1} 4: 5: move {1,3} 3 move move oen
28 State Proagation 2: oen 4: 1: if 3: if 5: move 1: if (stoed) then 2: oen; end if; 3: if (stoed) then 4: ; end if; 5: move; Incrementally Imroving Precision Proerty Secification Proerty Translator Constraints... Proerty FSA System Trace Flow Grah System Translator State Proagation Proerty Verified Counter Examle Trace through TFG
29 Boolean Variable Constraint S=t u S=f S=f S=t t f S=f S=t v S=t S=f == is a redicate = is assignment Boolean Variable Constraint S=t u S=f S=f S=t t f S=f S=t v S=t S=f == is a redicate = is assignment
30 Constraints Are reresented as FSAs Describe conditions necessary for feasible execution Have a secial violation state that is entered when an infeasible ath is detected Violation is a tra state; once it is entered, never leave that state How do constraints affect the data flow equations IN and OUT are now sets of tules of FSA states Merge is still union Transfer function now has to look at each FSA state in the in-tule when comuting the out-tule Result looks at aths that are feasible with resect to the constraints The roerty state is the same as before Every constraint must be in an acceting state
31 Elevator Revisited 1,2,4: if (stoed) then 3: oen; end if; 5,6,8: if (stoed) then 7: ; end if; 9: move; 2: 3: oen 1: if 5: if 4: 6: 8: 7: 9: move State Proagation Worklist: : 2, 4, 3,, 5,, 6, 8 <1,t> <1,t> <2,t> <2,t>,<1,f> <2,t>,<1,v> 2: 3: oen 1: if 5: if 9: move 4: 6: 8: 7: <2,t>,<1,f> <2,t>,<1,f> <1,f> t 1 2 oen move oen move 3 move oen u v f
32 State Proagation Worklist: : 2, 4, 3,, 5,, 6, 8 <1,t> <1,t> <2,t> <2,t>,<1,f> <2,t>,<1,v> <1,v> 2: 3: oen 1: if 5: if 9: move 4: 6: 8: 7: <2,t>,<1,f> <2,t>,<1,f> <1,f> t 1 2 oen move oen move 3 move oen u v f State Proagation 1 Worklist: : 2, 4, 3,, 5, 6, 8, 7, 9 1: if <1,t> <1,t> <2,t> <2,t>,<1,f> <2,t>,<1,v> <2,t> <1,t> 2: 3: oen 5: if 9: move 4: 6: 8: 7: <2,t>,<1,f> <2,t>,<1,f> <1,f> <2,v>,<1,f> <1,t>,<1,f> <1,t>,<1,f> <2,t>,<1,f> t 2 oen move oen move 3 move oen u v f
33 State Proagation 1 Worklist: : 2, 4, 3,, 5,, 6, 8, 7, 9 1: if <1,t> <1,t> <2,t> <2,t>,<1,f> <2,t>,<1,v> <2,t> <1,t> 2: 3: oen 5: if 9: move 4: 6: 8: 7: <2,t>,<1,f> <2,t>,<1,f> <1,f> <2,v>,<1,f> <1,t>,<1,f> <1,t>,<1,f> <2,t>,<1,f> t 2 oen move oen move 3 move oen u v f State Proagation 1 Worklist: : 2, 4, 3,, 5,, 6, 8, 7, 9 1: if <1,t> <1,t> <2,t> <2,t>,<1,f> <2,t>,<1,v> <2,t> <1,t> 2: 3: oen 5: if 9: move 4: 6: 8: 7: <2,t>,<1,f> <2,t>,<1,f> <1,f> <2,v>,<1,f> <1,t>,<1,f> <1,t>,<1,f> <2,t>,<1,f> t 2 oen move oen move 3 move oen u v f
34 Some Observations: Data Flow Analysis Overall comlexity is O(N 2 S) N is the # nodes in the model S is the number of states: roerty x constraints More recisely O(N G 2 S P S C1 S Cn ) In our exerience, many imortant roerties can be roven with a small number of constraints Exerimentally: erformance sub-cubic Usually requires several iterations to determine needed constraints Constraints Many automatically generated on request Imroving Precision Use constraints to imrove recision Given a CFG G, a roerty P, and constraints C 1,,C n Alhabet refine G wrt (Σ P Σ C1 Σ Cn ) Want (L(G) L(C 1 ) L(C n )) L(P)
35 07 Comarison (Original) Time (s) INCA Sin SMV NuSMV Native Sin FLAVERS Events 07 Comarison (Decomosed) Time (s) INCA Sin SMV NuSMV Native Sin FLAVERS Events
36 FLAVERS Times Time (s) Events FSV Summary A number of techniques for otimizing the model Abstraction of values Bounded analysis Partial order Will always have some limitations on size The growth of distributed systems and the difficulty of testing such systems has increased attention on FSV Microsoft, NASA, Motorola, Intel, Ford, Verify some of the roerties of a system
Model checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]
Chater 5 Model checking, verification of CTL One must verify or exel... doubts, and convert them into the certainty of YES or NO. [Thomas Carlyle] 5. The verification setting Page 66 We introduce linear
More informationp,egp AFp EFp ... p,agp
TUESDAY, Session 2 Temoral logic and model checking, cont 1 Branching time and CTL model checking In a branching time temoral logics, we consider not just a single ath through the Krike model, but all
More informationPrinciples. Model (System Requirements) Answer: Model Checker. Specification (System Property) Yes, if the model satisfies the specification
Model Checking Princiles Model (System Requirements) Secification (System Proerty) Model Checker Answer: Yes, if the model satisfies the secification Counterexamle, otherwise Krike Model Krike Structure
More informationCTL, the branching-time temporal logic
CTL, the branching-time temoral logic Cătălin Dima Université Paris-Est Créteil Cătălin Dima (UPEC) CTL 1 / 29 Temoral roerties CNIL Safety, termination, mutual exclusion LTL. Liveness, reactiveness, resonsiveness,
More informationApproximating min-max k-clustering
Aroximating min-max k-clustering Asaf Levin July 24, 2007 Abstract We consider the roblems of set artitioning into k clusters with minimum total cost and minimum of the maximum cost of a cluster. The cost
More informationABSTRACT MODEL REPAIR
Logical Methods in Comuter Science Vol. 11(3:11)2015,. 1 43 www.lmcs-online.org Submitted Jul. 2, 2014 Published Se. 17, 2015 ABSTRACT MODEL REPAIR GEORGE CHATZIELEFTHERIOU a, BORZOO BONAKDARPOUR b, PANAGIOTIS
More informationABSTRACT MODEL REPAIR
ABSTRACT MODEL REPAIR GEORGE CHATZIELEFTHERIOU a, BORZOO BONAKDARPOUR b, PANAGIOTIS KATSAROS c, AND SCOTT A. SMOLKA d a Deartment of Informatics, Aristotle University of Thessaloniki, 54124 Thessaloniki,
More informationMODELING THE RELIABILITY OF C4ISR SYSTEMS HARDWARE/SOFTWARE COMPONENTS USING AN IMPROVED MARKOV MODEL
Technical Sciences and Alied Mathematics MODELING THE RELIABILITY OF CISR SYSTEMS HARDWARE/SOFTWARE COMPONENTS USING AN IMPROVED MARKOV MODEL Cezar VASILESCU Regional Deartment of Defense Resources Management
More informationComputation Tree Logic
Comutation Tree Logic Finite State Model Checking of Branching Time Logic Kim Guldstrand Larsen BRICS@Aalborg 1 Tool Suort Finite State Systems System Descrition A Reuirement F CTL TOOL Course Objectives:
More informationSAT based Abstraction-Refinement using ILP and Machine Learning Techniques
SAT based Abstraction-Refinement using ILP and Machine Learning Techniques 1 SAT based Abstraction-Refinement using ILP and Machine Learning Techniques Edmund Clarke James Kukula Anubhav Guta Ofer Strichman
More informationFinite State Model Checking
Finite State Model Checking Finite State Model Checking Finite State Systems System Descrition A Requirement F CTL TOOL No! Debugging Information Yes, Prototyes Executable Code Test sequences Tools: visualstate,
More informationLinear diophantine equations for discrete tomography
Journal of X-Ray Science and Technology 10 001 59 66 59 IOS Press Linear diohantine euations for discrete tomograhy Yangbo Ye a,gewang b and Jiehua Zhu a a Deartment of Mathematics, The University of Iowa,
More informationMATH 2710: NOTES FOR ANALYSIS
MATH 270: NOTES FOR ANALYSIS The main ideas we will learn from analysis center around the idea of a limit. Limits occurs in several settings. We will start with finite limits of sequences, then cover infinite
More informationCombining Logistic Regression with Kriging for Mapping the Risk of Occurrence of Unexploded Ordnance (UXO)
Combining Logistic Regression with Kriging for Maing the Risk of Occurrence of Unexloded Ordnance (UXO) H. Saito (), P. Goovaerts (), S. A. McKenna (2) Environmental and Water Resources Engineering, Deartment
More informationOn the Chvatál-Complexity of Knapsack Problems
R u t c o r Research R e o r t On the Chvatál-Comlexity of Knasack Problems Gergely Kovács a Béla Vizvári b RRR 5-08, October 008 RUTCOR Rutgers Center for Oerations Research Rutgers University 640 Bartholomew
More informationGOOD MODELS FOR CUBIC SURFACES. 1. Introduction
GOOD MODELS FOR CUBIC SURFACES ANDREAS-STEPHAN ELSENHANS Abstract. This article describes an algorithm for finding a model of a hyersurface with small coefficients. It is shown that the aroach works in
More informationComputer arithmetic. Intensive Computation. Annalisa Massini 2017/2018
Comuter arithmetic Intensive Comutation Annalisa Massini 7/8 Intensive Comutation - 7/8 References Comuter Architecture - A Quantitative Aroach Hennessy Patterson Aendix J Intensive Comutation - 7/8 3
More informationMemoryfull Branching-Time Logic
Memoryfull Branching-Time Logic Orna Kuferman 1 and Moshe Y. Vardi 2 1 Hebrew University, School of Engineering and Comuter Science, Jerusalem 91904, Israel Email: orna@cs.huji.ac.il, URL: htt://www.cs.huji.ac.il/
More informationCTL Model checking. 1. finite number of processes, each having a finite number of finite-valued variables. Model-Checking
CTL Model checking Assumptions:. finite number of processes, each having a finite number of finite-valued variables.. finite length of CTL formula Problem:Determine whether formula f 0 is true in a finite
More informationRound-off Errors and Computer Arithmetic - (1.2)
Round-off Errors and Comuter Arithmetic - (.). Round-off Errors: Round-off errors is roduced when a calculator or comuter is used to erform real number calculations. That is because the arithmetic erformed
More informationSets of Real Numbers
Chater 4 Sets of Real Numbers 4. The Integers Z and their Proerties In our revious discussions about sets and functions the set of integers Z served as a key examle. Its ubiquitousness comes from the fact
More informationFor q 0; 1; : : : ; `? 1, we have m 0; 1; : : : ; q? 1. The set fh j(x) : j 0; 1; ; : : : ; `? 1g forms a basis for the tness functions dened on the i
Comuting with Haar Functions Sami Khuri Deartment of Mathematics and Comuter Science San Jose State University One Washington Square San Jose, CA 9519-0103, USA khuri@juiter.sjsu.edu Fax: (40)94-500 Keywords:
More informationFeedback-error control
Chater 4 Feedback-error control 4.1 Introduction This chater exlains the feedback-error (FBE) control scheme originally described by Kawato [, 87, 8]. FBE is a widely used neural network based controller
More informationUPPAAL tutorial What s inside UPPAAL The UPPAAL input languages
UPPAAL tutorial What s inside UPPAAL The UPPAAL inut languages 1 UPPAAL tool Develoed jointly by Usala & Aalborg University >>8,000 downloads since 1999 1 UPPAAL Tool Simulation Modeling Verification 3
More informationDETC2003/DAC AN EFFICIENT ALGORITHM FOR CONSTRUCTING OPTIMAL DESIGN OF COMPUTER EXPERIMENTS
Proceedings of DETC 03 ASME 003 Design Engineering Technical Conferences and Comuters and Information in Engineering Conference Chicago, Illinois USA, Setember -6, 003 DETC003/DAC-48760 AN EFFICIENT ALGORITHM
More informationAn Analysis of Reliable Classifiers through ROC Isometrics
An Analysis of Reliable Classifiers through ROC Isometrics Stijn Vanderlooy s.vanderlooy@cs.unimaas.nl Ida G. Srinkhuizen-Kuyer kuyer@cs.unimaas.nl Evgueni N. Smirnov smirnov@cs.unimaas.nl MICC-IKAT, Universiteit
More informationNetwork Configuration Control Via Connectivity Graph Processes
Network Configuration Control Via Connectivity Grah Processes Abubakr Muhammad Deartment of Electrical and Systems Engineering University of Pennsylvania Philadelhia, PA 90 abubakr@seas.uenn.edu Magnus
More informationConvex Optimization methods for Computing Channel Capacity
Convex Otimization methods for Comuting Channel Caacity Abhishek Sinha Laboratory for Information and Decision Systems (LIDS), MIT sinhaa@mit.edu May 15, 2014 We consider a classical comutational roblem
More informationApproximate Dynamic Programming for Dynamic Capacity Allocation with Multiple Priority Levels
Aroximate Dynamic Programming for Dynamic Caacity Allocation with Multile Priority Levels Alexander Erdelyi School of Oerations Research and Information Engineering, Cornell University, Ithaca, NY 14853,
More informationSystem Reliability Estimation and Confidence Regions from Subsystem and Full System Tests
009 American Control Conference Hyatt Regency Riverfront, St. Louis, MO, USA June 0-, 009 FrB4. System Reliability Estimation and Confidence Regions from Subsystem and Full System Tests James C. Sall Abstract
More informationTopic 7: Using identity types
Toic 7: Using identity tyes June 10, 2014 Now we would like to learn how to use identity tyes and how to do some actual mathematics with them. By now we have essentially introduced all inference rules
More informationDialectical Theory for Multi-Agent Assumption-based Planning
Dialectical Theory for Multi-Agent Assumtion-based Planning Damien Pellier, Humbert Fiorino Laboratoire Leibniz, 46 avenue Félix Viallet F-38000 Grenboble, France {Damien.Pellier,Humbert.Fiorino}.imag.fr
More informationDRAFT - do not circulate
An Introduction to Proofs about Concurrent Programs K. V. S. Prasad (for the course TDA383/DIT390) Deartment of Comuter Science Chalmers University Setember 26, 2016 Rough sketch of notes released since
More informationRadial Basis Function Networks: Algorithms
Radial Basis Function Networks: Algorithms Introduction to Neural Networks : Lecture 13 John A. Bullinaria, 2004 1. The RBF Maing 2. The RBF Network Architecture 3. Comutational Power of RBF Networks 4.
More informationUsing BDDs to Decide CTL
Using BDDs to Decide CTL Will Marrero DePaul University, Chicago, IL 60604, USA wmarrero@cs.deaul.edu Abstract. Comutation Tree Logic (CTL) has been used uite extensively and successfully to reason about
More informationPositive decomposition of transfer functions with multiple poles
Positive decomosition of transfer functions with multile oles Béla Nagy 1, Máté Matolcsi 2, and Márta Szilvási 1 Deartment of Analysis, Technical University of Budaest (BME), H-1111, Budaest, Egry J. u.
More informationLilian Markenzon 1, Nair Maria Maia de Abreu 2* and Luciana Lee 3
Pesquisa Oeracional (2013) 33(1): 123-132 2013 Brazilian Oerations Research Society Printed version ISSN 0101-7438 / Online version ISSN 1678-5142 www.scielo.br/oe SOME RESULTS ABOUT THE CONNECTIVITY OF
More informationA generalization of Amdahl's law and relative conditions of parallelism
A generalization of Amdahl's law and relative conditions of arallelism Author: Gianluca Argentini, New Technologies and Models, Riello Grou, Legnago (VR), Italy. E-mail: gianluca.argentini@riellogrou.com
More informationDistributed Rule-Based Inference in the Presence of Redundant Information
istribution Statement : roved for ublic release; distribution is unlimited. istributed Rule-ased Inference in the Presence of Redundant Information June 8, 004 William J. Farrell III Lockheed Martin dvanced
More informationDistributed Maximality based CTL Model Checking
IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay ISSN Onlin: 694-784 ISSN Print: 694-84 Distributed aximality based CTL odel Checking Djamel Eddine Saidouni ine EL Abidine Bouneb
More informationPreliminary Uncertainty Estimation of the Pressure Distortion Coefficient of a Pressure. Balance by FEM Calculations
Preliminary Uncertainty Estimation of the Pressure Distortion Coefficient of a Pressure Balance by FEM Calculations G. Molinar*, M. Bergoglio*, G. Mosso*,G. Buonanno**, M. Dell Isola** * Istituto di Metrologia
More informationProof Nets and Boolean Circuits
Proof Nets and Boolean Circuits Kazushige Terui terui@nii.ac.j National Institute of Informatics, Tokyo 14/07/04, Turku.1/44 Motivation (1) Proofs-as-Programs (Curry-Howard) corresondence: Proofs = Programs
More informationInformation collection on a graph
Information collection on a grah Ilya O. Ryzhov Warren Powell February 10, 2010 Abstract We derive a knowledge gradient olicy for an otimal learning roblem on a grah, in which we use sequential measurements
More informationShadow Computing: An Energy-Aware Fault Tolerant Computing Model
Shadow Comuting: An Energy-Aware Fault Tolerant Comuting Model Bryan Mills, Taieb Znati, Rami Melhem Deartment of Comuter Science University of Pittsburgh (bmills, znati, melhem)@cs.itt.edu Index Terms
More informationA STUDY ON THE UTILIZATION OF COMPATIBILITY METRIC IN THE AHP: APPLYING TO SOFTWARE PROCESS ASSESSMENTS
ISAHP 2005, Honolulu, Hawaii, July 8-10, 2003 A SUDY ON HE UILIZAION OF COMPAIBILIY MERIC IN HE AHP: APPLYING O SOFWARE PROCESS ASSESSMENS Min-Suk Yoon Yosu National University San 96-1 Dundeok-dong Yeosu
More informationEvaluating Circuit Reliability Under Probabilistic Gate-Level Fault Models
Evaluating Circuit Reliability Under Probabilistic Gate-Level Fault Models Ketan N. Patel, Igor L. Markov and John P. Hayes University of Michigan, Ann Arbor 48109-2122 {knatel,imarkov,jhayes}@eecs.umich.edu
More informationAn Improved Generalized Estimation Procedure of Current Population Mean in Two-Occasion Successive Sampling
Journal of Modern Alied Statistical Methods Volume 15 Issue Article 14 11-1-016 An Imroved Generalized Estimation Procedure of Current Poulation Mean in Two-Occasion Successive Samling G. N. Singh Indian
More informationSOME TRACE INEQUALITIES FOR OPERATORS IN HILBERT SPACES
Kragujevac Journal of Mathematics Volume 411) 017), Pages 33 55. SOME TRACE INEQUALITIES FOR OPERATORS IN HILBERT SPACES SILVESTRU SEVER DRAGOMIR 1, Abstract. Some new trace ineualities for oerators in
More informationNew Schedulability Test Conditions for Non-preemptive Scheduling on Multiprocessor Platforms
New Schedulability Test Conditions for Non-reemtive Scheduling on Multirocessor Platforms Technical Reort May 2008 Nan Guan 1, Wang Yi 2, Zonghua Gu 3 and Ge Yu 1 1 Northeastern University, Shenyang, China
More informationBrownian Motion and Random Prime Factorization
Brownian Motion and Random Prime Factorization Kendrick Tang June 4, 202 Contents Introduction 2 2 Brownian Motion 2 2. Develoing Brownian Motion.................... 2 2.. Measure Saces and Borel Sigma-Algebras.........
More informationInformation collection on a graph
Information collection on a grah Ilya O. Ryzhov Warren Powell October 25, 2009 Abstract We derive a knowledge gradient olicy for an otimal learning roblem on a grah, in which we use sequential measurements
More informationA Parallel Algorithm for Minimization of Finite Automata
A Parallel Algorithm for Minimization of Finite Automata B. Ravikumar X. Xiong Deartment of Comuter Science University of Rhode Island Kingston, RI 02881 E-mail: fravi,xiongg@cs.uri.edu Abstract In this
More informationPretest (Optional) Use as an additional pacing tool to guide instruction. August 21
Trimester 1 Pretest (Otional) Use as an additional acing tool to guide instruction. August 21 Beyond the Basic Facts In Trimester 1, Grade 8 focus on multilication. Daily Unit 1: Rational vs. Irrational
More informationAnalysis of execution time for parallel algorithm to dertmine if it is worth the effort to code and debug in parallel
Performance Analysis Introduction Analysis of execution time for arallel algorithm to dertmine if it is worth the effort to code and debug in arallel Understanding barriers to high erformance and redict
More informationOverview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two circuits
More informationThe Graph Accessibility Problem and the Universality of the Collision CRCW Conflict Resolution Rule
The Grah Accessibility Problem and the Universality of the Collision CRCW Conflict Resolution Rule STEFAN D. BRUDA Deartment of Comuter Science Bisho s University Lennoxville, Quebec J1M 1Z7 CANADA bruda@cs.ubishos.ca
More informationUniformly best wavenumber approximations by spatial central difference operators: An initial investigation
Uniformly best wavenumber aroximations by satial central difference oerators: An initial investigation Vitor Linders and Jan Nordström Abstract A characterisation theorem for best uniform wavenumber aroximations
More informationMODEL-BASED MULTIPLE FAULT DETECTION AND ISOLATION FOR NONLINEAR SYSTEMS
MODEL-BASED MULIPLE FAUL DEECION AND ISOLAION FOR NONLINEAR SYSEMS Ivan Castillo, and homas F. Edgar he University of exas at Austin Austin, X 78712 David Hill Chemstations Houston, X 77009 Abstract A
More informationCOMPARISON OF VARIOUS OPTIMIZATION TECHNIQUES FOR DESIGN FIR DIGITAL FILTERS
NCCI 1 -National Conference on Comutational Instrumentation CSIO Chandigarh, INDIA, 19- March 1 COMPARISON OF VARIOUS OPIMIZAION ECHNIQUES FOR DESIGN FIR DIGIAL FILERS Amanjeet Panghal 1, Nitin Mittal,Devender
More information2-D Analysis for Iterative Learning Controller for Discrete-Time Systems With Variable Initial Conditions Yong FANG 1, and Tommy W. S.
-D Analysis for Iterative Learning Controller for Discrete-ime Systems With Variable Initial Conditions Yong FANG, and ommy W. S. Chow Abstract In this aer, an iterative learning controller alying to linear
More informationp-adic Measures and Bernoulli Numbers
-Adic Measures and Bernoulli Numbers Adam Bowers Introduction The constants B k in the Taylor series exansion t e t = t k B k k! k=0 are known as the Bernoulli numbers. The first few are,, 6, 0, 30, 0,
More informationUncorrelated Multilinear Principal Component Analysis for Unsupervised Multilinear Subspace Learning
TNN-2009-P-1186.R2 1 Uncorrelated Multilinear Princial Comonent Analysis for Unsuervised Multilinear Subsace Learning Haiing Lu, K. N. Plataniotis and A. N. Venetsanooulos The Edward S. Rogers Sr. Deartment
More information4. Score normalization technical details We now discuss the technical details of the score normalization method.
SMT SCORING SYSTEM This document describes the scoring system for the Stanford Math Tournament We begin by giving an overview of the changes to scoring and a non-technical descrition of the scoring rules
More informationMultiplicative group law on the folium of Descartes
Multilicative grou law on the folium of Descartes Steluţa Pricoie and Constantin Udrişte Abstract. The folium of Descartes is still studied and understood today. Not only did it rovide for the roof of
More informationMulti-Operation Multi-Machine Scheduling
Multi-Oeration Multi-Machine Scheduling Weizhen Mao he College of William and Mary, Williamsburg VA 3185, USA Abstract. In the multi-oeration scheduling that arises in industrial engineering, each job
More informationEstimation of the large covariance matrix with two-step monotone missing data
Estimation of the large covariance matrix with two-ste monotone missing data Masashi Hyodo, Nobumichi Shutoh 2, Takashi Seo, and Tatjana Pavlenko 3 Deartment of Mathematical Information Science, Tokyo
More informationComputations in Quantum Tensor Networks
Comutations in Quantum Tensor Networks T Huckle a,, K Waldherr a, T Schulte-Herbrüggen b a Technische Universität München, Boltzmannstr 3, 85748 Garching, Germany b Technische Universität München, Lichtenbergstr
More informationChapter 1 Fundamentals
Chater Fundamentals. Overview of Thermodynamics Industrial Revolution brought in large scale automation of many tedious tasks which were earlier being erformed through manual or animal labour. Inventors
More informationModel Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies
Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies Tom Henzinger EPFL Three Verification Communities Model checking: -automatic, but inefficient
More informationBreaking Up is Hard to Do: An Investigation of Decomposition for Assume-Guarantee Reasoning
Breaking Up is Hard to Do: An Investigation of Decomposition for Assume-Guarantee Reasoning Jamieson M. Cobleigh jcobleig@cs.umass.edu George S. Avrunin avrunin@cs.umass.edu Department of Computer Science
More informationA Closed-Form Solution to the Minimum V 2
Celestial Mechanics and Dynamical Astronomy manuscrit No. (will be inserted by the editor) Martín Avendaño Daniele Mortari A Closed-Form Solution to the Minimum V tot Lambert s Problem Received: Month
More informationOnline Appendix to Accompany AComparisonof Traditional and Open-Access Appointment Scheduling Policies
Online Aendix to Accomany AComarisonof Traditional and Oen-Access Aointment Scheduling Policies Lawrence W. Robinson Johnson Graduate School of Management Cornell University Ithaca, NY 14853-6201 lwr2@cornell.edu
More information1-way quantum finite automata: strengths, weaknesses and generalizations
1-way quantum finite automata: strengths, weaknesses and generalizations arxiv:quant-h/9802062v3 30 Se 1998 Andris Ambainis UC Berkeley Abstract Rūsiņš Freivalds University of Latvia We study 1-way quantum
More informationSolved Problems. (a) (b) (c) Figure P4.1 Simple Classification Problems First we draw a line between each set of dark and light data points.
Solved Problems Solved Problems P Solve the three simle classification roblems shown in Figure P by drawing a decision boundary Find weight and bias values that result in single-neuron ercetrons with the
More information16.2. Infinite Series. Introduction. Prerequisites. Learning Outcomes
Infinite Series 6.2 Introduction We extend the concet of a finite series, met in Section 6., to the situation in which the number of terms increase without bound. We define what is meant by an infinite
More informationPeriodic scheduling 05/06/
Periodic scheduling T T or eriodic scheduling, the best that we can do is to design an algorithm which will always find a schedule if one exists. A scheduler is defined to be otimal iff it will find a
More informationA Social Welfare Optimal Sequential Allocation Procedure
A Social Welfare Otimal Sequential Allocation Procedure Thomas Kalinowsi Universität Rostoc, Germany Nina Narodytsa and Toby Walsh NICTA and UNSW, Australia May 2, 201 Abstract We consider a simle sequential
More informationAn efficient method for generalized linear multiplicative programming problem with multiplicative constraints
DOI 0.86/s40064-06-2984-9 RESEARCH An efficient method for generalized linear multilicative rogramming roblem with multilicative constraints Yingfeng Zhao,2* and Sanyang Liu Oen Access *Corresondence:
More informationElementary Analysis in Q p
Elementary Analysis in Q Hannah Hutter, May Szedlák, Phili Wirth November 17, 2011 This reort follows very closely the book of Svetlana Katok 1. 1 Sequences and Series In this section we will see some
More informationJohn Weatherwax. Analysis of Parallel Depth First Search Algorithms
Sulementary Discussions and Solutions to Selected Problems in: Introduction to Parallel Comuting by Viin Kumar, Ananth Grama, Anshul Guta, & George Karyis John Weatherwax Chater 8 Analysis of Parallel
More informationAnalysis of Multi-Hop Emergency Message Propagation in Vehicular Ad Hoc Networks
Analysis of Multi-Ho Emergency Message Proagation in Vehicular Ad Hoc Networks ABSTRACT Vehicular Ad Hoc Networks (VANETs) are attracting the attention of researchers, industry, and governments for their
More informationUnit 1 - Computer Arithmetic
FIXD-POINT (FX) ARITHMTIC Unit 1 - Comuter Arithmetic INTGR NUMBRS n bit number: b n 1 b n 2 b 0 Decimal Value Range of values UNSIGND n 1 SIGND D = b i 2 i D = 2 n 1 b n 1 + b i 2 i n 2 i=0 i=0 [0, 2
More informationBreaking Up is Hard to Do: An Evaluation of Automated Assume-Guarantee Reasoning
Breaking Up is Hard to Do: An Evaluation of Automated Assume-Guarantee Reasoning JAMIESON M. COBLEIGH 1, GEORGE S. AVRUNIN, and LORI A. CLARKE University of Massachusetts Amherst Finite-state verification
More informationRecent Developments in Multilayer Perceptron Neural Networks
Recent Develoments in Multilayer Percetron eural etworks Walter H. Delashmit Lockheed Martin Missiles and Fire Control Dallas, Texas 75265 walter.delashmit@lmco.com walter.delashmit@verizon.net Michael
More informationResearch Article An iterative Algorithm for Hemicontractive Mappings in Banach Spaces
Abstract and Alied Analysis Volume 2012, Article ID 264103, 11 ages doi:10.1155/2012/264103 Research Article An iterative Algorithm for Hemicontractive Maings in Banach Saces Youli Yu, 1 Zhitao Wu, 2 and
More informationLecture 6. 2 Recurrence/transience, harmonic functions and martingales
Lecture 6 Classification of states We have shown that all states of an irreducible countable state Markov chain must of the same tye. This gives rise to the following classification. Definition. [Classification
More informationA Qualitative Event-based Approach to Multiple Fault Diagnosis in Continuous Systems using Structural Model Decomposition
A Qualitative Event-based Aroach to Multile Fault Diagnosis in Continuous Systems using Structural Model Decomosition Matthew J. Daigle a,,, Anibal Bregon b,, Xenofon Koutsoukos c, Gautam Biswas c, Belarmino
More informationHomework #11. (Due December 5 at the beginning of the class.) Numerical Method Series #6: Engineering applications of Newton-Raphson Method to
Homework #11 (Due December 5 at the beginning of the class.) Numerical Method Series #6: Engineering alications of Newton-Rahson Method to solving systems of nonlinear equations Goals: 1. Understanding
More informationUnderstanding and Using Availability
Understanding and Using Availability Jorge Luis Romeu, Ph.D. ASQ CQE/CRE, & Senior Member Email: romeu@cortland.edu htt://myrofile.cos.com/romeu ASQ/RD Webinar Series Noviembre 5, J. L. Romeu - Consultant
More informationCMSC 425: Lecture 4 Geometry and Geometric Programming
CMSC 425: Lecture 4 Geometry and Geometric Programming Geometry for Game Programming and Grahics: For the next few lectures, we will discuss some of the basic elements of geometry. There are many areas
More informationGeneralized Coiflets: A New Family of Orthonormal Wavelets
Generalized Coiflets A New Family of Orthonormal Wavelets Dong Wei, Alan C Bovik, and Brian L Evans Laboratory for Image and Video Engineering Deartment of Electrical and Comuter Engineering The University
More informationThe Value of Even Distribution for Temporal Resource Partitions
The Value of Even Distribution for Temoral Resource Partitions Yu Li, Albert M. K. Cheng Deartment of Comuter Science University of Houston Houston, TX, 7704, USA htt://www.cs.uh.edu Technical Reort Number
More informationAnalysis of M/M/n/K Queue with Multiple Priorities
Analysis of M/M/n/K Queue with Multile Priorities Coyright, Sanjay K. Bose For a P-riority system, class P of highest riority Indeendent, Poisson arrival rocesses for each class with i as average arrival
More informationThe non-stochastic multi-armed bandit problem
Submitted for journal ublication. The non-stochastic multi-armed bandit roblem Peter Auer Institute for Theoretical Comuter Science Graz University of Technology A-8010 Graz (Austria) auer@igi.tu-graz.ac.at
More informationFE FORMULATIONS FOR PLASTICITY
G These slides are designed based on the book: Finite Elements in Plasticity Theory and Practice, D.R.J. Owen and E. Hinton, 1970, Pineridge Press Ltd., Swansea, UK. 1 Course Content: A INTRODUCTION AND
More informationSymmetry Reductions. A. Prasad Sistla University Of Illinois at Chicago
Symmetry Reductions. A. Prasad Sistla University Of Illinois at Chicago Model-Checking Concurrent PGM Temporal SPEC Model Checker Yes/No Counter Example Approach Build the global state graph Algorithm
More informationIntroduction to Model Checking. Debdeep Mukhopadhyay IIT Madras
Introduction to Model Checking Debdeep Mukhopadhyay IIT Madras How good can you fight bugs? Comprising of three parts Formal Verification techniques consist of three parts: 1. A framework for modeling
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More informationGame Specification in the Trias Politica
Game Secification in the Trias Politica Guido Boella a Leendert van der Torre b a Diartimento di Informatica - Università di Torino - Italy b CWI - Amsterdam - The Netherlands Abstract In this aer we formalize
More informationSupplementary Materials for Robust Estimation of the False Discovery Rate
Sulementary Materials for Robust Estimation of the False Discovery Rate Stan Pounds and Cheng Cheng This sulemental contains roofs regarding theoretical roerties of the roosed method (Section S1), rovides
More information