230 results on '"Alessandro Cimatti"'
Search Results
2. EVA: a Tool for the Compositional Verification of AUTOSAR Models
- Author
-
Alessandro Cimatti, Luca Cristoforetti, Alberto Griggio, Stefano Tonetta, Sara Corfini, Marco Di Natale, and Florian Barrau
- Abstract
We present , a framework for the integration of modern verification tools in the context of AUTOSAR, a widely-used open standard for the development of automotive software systems. Our framework enables the automatic end-to-end verification of system-level properties using a compositional approach. It combines software model checking techniques for the verification of software components at the code level with a contract-based analysis for verifying their correct composition. In this paper, we present the tool through its application on a representative automotive case study, discussing the main functionalities provided and the results obtained.
- Published
- 2023
3. Scalable Design Space Exploration for the Synthesis of Redundant Architectures
- Author
-
Antonio Tierno, Giuliano Turri, Alessandro Cimatti, and Roberto Passerone
- Published
- 2023
4. A Formal IDE for Railways: Research Challenges
- Author
-
Roberto Cavada, Alessandro Cimatti, Alberto Griggio, and Angelo Susi
- Abstract
The development of modern railways applications must be supported by trusted tools, able to cover the whole development process. In this paper we report on the research challenges underlying a comprehensive toolset for the design of computer-based interlocking systems. Following a VV development process, the framework adopts a clear separation between the abstract interlocking logic and the instantiations characterizing the single stations. The challenges include the definition of adequate specification languages, the generation of executable code and simulation infrastructure, traceability, test case generation, and formal verification.
- Published
- 2023
5. Symbolic Synthesis of Observability Requirements for Diagnosability
- Author
-
Bittner, B., Bozzano, M., Alessandro Cimatti, and Olive, X.
- Subjects
General Medicine - Abstract
Given a partially observable dynamic system and a diagnoser observing its evolution over time, diagnosability analysis formally verifies (at design time) if the diagnosis system will be able to infer (at runtime) the required information on the hidden part of the dynamic state. Diagnosability directly depends on the availability of observations, and can be guaranteed by different sets of sensors, possibly associated with different costs. In this paper, we tackle the problem of synthesizing observability requirements, i.e. automatically discovering a set of observations that is sufficient to guarantee diagnosability. We propose a novel approach with the following characterizing features. First, it fully covers a comprehensive formal framework for diagnosability analysis, and enables ranking configurations of observables in terms of cost, minimality, and diagnosability delay. Second, we propose two complementary algorithms for the synthesis of observables. Third, we describe an efficient implementation that takes full advantage of mature symbolic model checking techniques. The proposed approach is thoroughly evaluated over a comprehensive suite of benchmarks taken from the aerospace domain.
- Published
- 2021
6. A Comprehensive Approach to On-board Autonomy Verification and Validation
- Author
-
Marco Bozzano, Alessandro Cimatti, and Marco Roveri
- Subjects
On board ,Deep space missions ,Artificial Intelligence ,Computer science ,media_common.quotation_subject ,Systems engineering ,Space (commercial competition) ,Autonomy ,Theoretical Computer Science ,media_common ,Verification and validation - Abstract
Deep space missions are characterized by severely constrained communication links. To meet the needs of future missions and increase their scientific return, future space systems will require an increased level of autonomy on-board. In this work, we propose a comprehensive approach to on-board autonomy. We rely on model-based reasoning, and we consider many important (on-line and off-line) reasoning capabilities such as plan generation, validation, execution and monitoring, runtime diagnosis, and fault detection, identification, and recovery. The controlled platform is represented symbolically, and the reasoning capabilities are seen as symbolic manipulation of such formal model. We have developed a prototype of our framework, and we have integrated it within an on-board Autonomous Reasoning Engine. Finally, we have evaluated our approach on three case-studies inspired by real-world projects and characterized it in terms of reliability, availability, and performance.
- Published
- 2021
7. A comprehensive framework for the analysis of automotive systems
- Author
-
Alessandro Cimatti, Sara Corfini, Luca Cristoforetti, Marco Di Natale, Alberto Griggio, Stefano Puri, and Stefano Tonetta
- Published
- 2022
8. Symbolic Encoding of Reliability for the Design of Redundant Architectures
- Author
-
Antonio Tierno, Giuliano Turri, Alessandro Cimatti, and Roberto Passerone
- Published
- 2022
9. Model-based Safety Assessment of a Triple Modular Generator with xSAP
- Author
-
Cristian Mattarei, Alessandro Cimatti, Marco Gario, Marco Bozzano, and David Jones
- Subjects
Fault tree analysis ,Computer science ,business.industry ,Control reconfiguration ,0102 computer and information sciences ,Modular design ,Fault (power engineering) ,Formal methods ,01 natural sciences ,Theoretical Computer Science ,Reliability engineering ,010201 computation theory & mathematics ,Control theory ,Scalability ,business ,Software ,Generator (mathematics) - Abstract
The system design process needs to cope with the increasing complexity and size of systems,motivating the replacement of labor intensivemanual techniques with automated and semi-automated approaches.Recently, formal methods techniques, such as model-based verification and safety assessment, have been increasingly used to model systems under fault and to analyze them, generating artifacts such as fault trees and FMEA tables. In this paper, we show how to apply model-based techniques to a realistic case study from the avionics domain: a high integrity power distribution system, the Triple Modular Generator (TMG). The TMG is composed of a redundant and reconfigurable plant and a controller that must guarantee a high level of reliability. The case study is a significant challenge, from the modeling perspective, since it implements a complex reconfiguration policy, specified via a number of requirements in natural language, including a set of mutually dependent and potentially conflicting priority constraints. Moreover, from the verification standpoint, the controller must be able to handle an exponential number of possible faulty configurations. Our contribution is twofold. First, we formalize and validate the requirements and, using a constraint-based modeling style, we synthesize a correct by construction controller, avoiding the enumeration of all possible fault configurations, as is currently done by manual approaches. Second, we describe a comprehensive methodology and process, supported by the xSAP safety analysis platform that targets the modeling and safety assessment of faulty systems. Using xSAP, we are able to automatically extract minimal cut sets for the TMG. We demonstrate the scalability of our approach by analyzing a parametric version of the TMG case study that contains more than 700 variables and 90 faults.
- Published
- 2021
10. Temporal Planning with Intermediate Conditions and Effects
- Author
-
Andrea Micheli, Alessandro Valentini, and Alessandro Cimatti
- Subjects
FOS: Computer and information sciences ,Mathematical optimization ,Artificial Intelligence (cs.AI) ,Action (philosophy) ,Computer Science - Artificial Intelligence ,Computer science ,General Medicine ,Planning Domain Definition Language ,Duration (project management) - Abstract
Automated temporal planning is the technology of choice when controlling systems that can execute more actions in parallel and when temporal constraints, such as deadlines, are needed in the model. One limitation of several action-based planning systems is that actions are modeled as intervals having conditions and effects only at the extremes and as invariants, but no conditions nor effects can be specified at arbitrary points or sub-intervals.In this paper, we address this limitation by providing an effective heuristic-search technique for temporal planning, allowing the definition of actions with conditions and effects at any arbitrary time within the action duration. We experimentally demonstrate that our approach is far better than standard encodings in PDDL 2.1 and is competitive with other approaches that can (directly or indirectly) represent intermediate action conditions or effects.
- Published
- 2020
11. Deciding Unsolvability in Temporal Planning under Action Non-Self-Overlapping
- Author
-
Stefan Panjkovic, Andrea Micheli, and Alessandro Cimatti
- Subjects
General Medicine - Abstract
The field of Temporal Planning (TP) is receiving increasing interest for its many real-world applications. Most of the literature focuses on the TP problem of finding a plan, with algorithms that are not guaranteed to terminate when the problem admits no solution. In this paper, we present sound and complete decision procedures that address the dual problem of proving that no plan exists, which has important applications in oversubscription, model validation and optimization. We focus on the expressive and practically relevant semantics of action non-self-overlapping, recently proved to be PSPACE-complete. For this subclass, we propose two approaches: a reduction of the planning problem to model-checking of Timed Transition Systems, and a heuristic-search algorithm where temporal constraints are represented by Difference Bound Matrices. We implemented the approaches, and carried out an experimental evaluation against other state-of-the-art TP tools. On benchmarks that admit no plans, both approaches dramatically outperform the other planners, while the heuristic-search algorithm remains competitive on solvable benchmarks.
- Published
- 2022
- Full Text
- View/download PDF
12. Gr(1) is Equivalent to R(1)
- Author
-
Alessandro Cimatti, Luca GEATTI, Nicola Gigante, Angelo Montanari, and Stefano Tonetta
- Subjects
History ,Polymers and Plastics ,Business and International Management ,Industrial and Manufacturing Engineering - Published
- 2022
13. Verification of SMT Systems with Quantifiers
- Author
-
Gianluca Redondi, Alberto Griggio, and Alessandro Cimatti
- Published
- 2022
14. Automatic Design Space Exploration of Redundant Architectures
- Author
-
Antonio Tierno, Giuliano Turri, Alessandro Cimatti, and Roberto Passerone
- Published
- 2022
15. Searching for Ribbon-Shaped Paths in Fair Transition Systems
- Author
-
Marco Bozzano, Alessandro Cimatti, Stefano Tonetta, and Viktoria Vozarova
- Abstract
Diagnosability is a fundamental problem of partial observable systems in safety-critical design. Diagnosability verification checks if the observable part of system is sufficient to detect some faults. A counterexample to diagnosability may consist of infinitely many indistinguishable traces that differ in the occurrence of the fault. When the system under analysis is modeled as a Büchi automaton or finite-state Fair Transition System, this problem reduces to look for ribbon-shaped paths, i.e., fair paths with a loop in the middle.In this paper, we propose to solve the problem by extending the liveness-to-safety approach to look for lasso-shaped paths. The algorithm can be applied to various diagnosability conditions in a uniform way by changing the conditions on the loops. We implemented and evaluated the approach on various diagnosability benchmarks.
- Published
- 2022
16. Analysis of Cyclic Fault Propagation via ASP
- Author
-
Marco Bozzano, Alessandro Cimatti, Alberto Griggio, Martin Jonáš, and Greg Kimberly
- Published
- 2022
17. NORMA: a tool for the analysis of Relay-based Railway Interlocking Systems
- Author
-
Arturo Amendola, Anna Becchi, Roberto Cavada, Alessandro Cimatti, Andrea Ferrando, Lorenzo Pilati, Giuseppe Scaglione, Alberto Tacchella, and Marco Zamboni
- Abstract
We present Norma, a tool for the modeling and analysis of Relay-based Railways Interlocking Systems (RRIS). Norma is the result of a research project funded by the Italian Railway Network, to support the reverse engineering and migration to computer-based technology of legacy RRIS. The frontend fully supports the graphical modeling of Italian RRIS, with a palette of over two hundred basic components, stubs to abstract RRIS subcircuits, and requirements in terms of formal properties. The internal component based representation is translated into highly optimized Timed nuXmv models, and supports various syntactic and semantic checks based on formal verification, simulation and test case generation. Norma is experimentally evaluated, demonstrating the practical support for the modelers, and the effectiveness of the underlying optimizations.
- Published
- 2022
18. Abstraction Modulo Stability for Reverse Engineering
- Author
-
Anna Becchi and Alessandro Cimatti
- Abstract
The analysis of legacy systems requires the automated extraction of high-level specifications. We propose a framework, called Abstraction Modulo Stability, for the analysis of transition systems operating in stable states, and responding with run-to-completion transactions to external stimuli. The abstraction captures the effects of external stimuli on the system state, and describes it in the form of a finite state machine. This approach is parametric on a set of predicates of interest and the definition of stability. We consider some possible stability definitions which yield different practically relevant abstractions, and propose a parametric algorithm for abstraction computation. The obtained FSM is extended with guards and effects on a given set of variables of interest. The framework is evaluated in terms of expressivity and adequacy within an industrial project with the Italian Railway Network, on reverse engineering tasks of relay-based interlocking circuits to extract specifications for a computer-based reimplementation.
- Published
- 2022
19. Handling Polynomial and Transcendental Functions in SMT via Unconstrained Optimisation and Topological Degree Test
- Author
-
Alessandro Cimatti, Alberto Griggio, Enrico Lipparini, and Roberto Sebastiani
- Published
- 2022
20. COMPASTA: Extending TASTE with Formal Design and Verification Functionality
- Author
-
Alberto Bombardelli, Marco Bozzano, Roberto Cavada, Alessandro Cimatti, Alberto Griggio, Massimo Nazaria, Edoardo Nicolodi, and Stefano Tonetta
- Published
- 2022
21. A first-order logic characterisation of safety and co-safety languages
- Author
-
Alessandro Cimatti, Luca Geatti, Nicola Gigante, Angelo Montanari, and Stefano Tonetta
- Abstract
Linear Temporal Logic ($$\mathsf {LTL}$$ LTL ) is one of the most popular temporal logics, that comes into play in a variety of branches of computer science. Its widespread use is also due to its strong foundational properties. One of them is Kamp’s theorem, showing that $$\mathsf {LTL}$$ LTL and the first-order theory of one successor ($$\mathsf {S1S}[\mathsf {FO}]$$ S 1 S [ FO ] ) are expressively equivalent. Safety and co-safety languages, where a finite prefix suffices to establish whether a word does not or does belong to the language, respectively, play a crucial role in lowering the complexity of problems like model checking and reactive synthesis for $$\mathsf {LTL}$$ LTL . $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL (resp., $$\mathsf {coSafety\text {-} \mathsf {LTL}}$$ coSafety - LTL ) is a fragment of $$\mathsf {LTL}$$ LTL where only universal (resp., existential) temporal modalities are allowed, that recognises safety (resp., co-safety) languages only. In this paper, we introduce a fragment of $$\mathsf {S1S}[\mathsf {FO}]$$ S 1 S [ FO ] , called $$\mathsf {Safety\text {-} FO}$$ Safety - FO , and its dual $$\mathsf {coSafety\text {-} FO}$$ coSafety - FO , which are expressively complete with regards to the $$\mathsf {LTL}$$ LTL -definable safety languages. In particular, we prove that they respectively characterise exactly $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL and $$\mathsf {coSafety\text {-} \mathsf {LTL}}$$ coSafety - LTL , a result that joins Kamp’s theorem, and provides a clearer view of the charactisations of (fragments of) $$\mathsf {LTL}$$ LTL in terms of first-order languages. In addition, it gives a direct, compact, and self-contained proof that any safety language definable in $$\mathsf {LTL}$$ LTL is definable in $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL as well. As a by-product, we obtain some interesting results on the expressive power of the weak tomorrow operator of $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL interpreted over finite and infinite traces.
- Published
- 2022
22. Formal Design and Validation of an Automatic Train Operation Control System
- Author
-
Arturo Amendola, Lorenzo Barruffo, Marco Bozzano, Alessandro Cimatti, Salvatore De Simone, Eugenio Fedeli, Artem Gabbasov, Domenico Ernesto Garrubba, Massimiliano Girardi, Diana Serra, Roberto Tiella, and Gianni Zampedri
- Published
- 2022
23. GR(1) is equivalent to R(1)
- Author
-
Alessandro Cimatti, Luca Geatti, Nicola Gigante, Angelo Montanari, and Stefano Tonetta
- Subjects
Signal Processing ,Computer Science Applications ,Information Systems ,Theoretical Computer Science - Published
- 2023
24. LTL falsification in infinite-state systems
- Author
-
Alessandro Cimatti, Alberto Griggio, and Enrico Magnago
- Subjects
Computational Theory and Mathematics ,Computer Science Applications ,Information Systems ,Theoretical Computer Science - Published
- 2022
25. Diagnosability of fair transition systems
- Author
-
Benjamin Bittner, Marco Bozzano, Alessandro Cimatti, Marco Gario, Stefano Tonetta, and Viktoria Vozarova
- Subjects
Linguistics and Language ,Artificial Intelligence ,Language and Linguistics - Published
- 2022
26. Robustness Envelopes for Temporal Plans
- Author
-
Alessandro Cimatti, Andrea Micheli, Michael Cashmore, Daniele Magazzeni, and Parisa Zehtabi
- Subjects
QA75 ,Mathematical optimization ,Computer science ,media_common.quotation_subject ,0102 computer and information sciences ,General Medicine ,Executor ,01 natural sciences ,Adaptability ,010201 computation theory & mathematics ,Robustness (computer science) ,Satisfiability modulo theories ,Leverage (statistics) ,media_common - Abstract
To achieve practical execution, planners must produce temporal plans with some degree of run-time adaptability. Such plans can be expressed as Simple Temporal Networks (STN), that constrain the timing of action activations, and implicitly represent the space of choices for the plan executor.A first problem is to verify that all the executor choices allowed by the STN plan will be successful, i.e. the plan is valid. An even more important problem is to assess the effect of discrepancies between the model used for planning and the execution environment.We propose an approach to compute the “robustness envelope” (i.e., alternative action durations or resource consumption rates) of a given STN plan, for which the plan remains valid. Plans can have boolean and numeric variables as well as discrete and continuous change. We leverage Satisfiability Modulo Theories (SMT) to make the approach formal and practical.
- Published
- 2019
27. Formal reliability analysis of redundancy architectures
- Author
-
Alessandro Cimatti, Cristian Mattarei, and Marco Bozzano
- Subjects
Model checking ,Fault tree analysis ,Theoretical computer science ,Speedup ,Binary decision diagram ,Computer science ,0102 computer and information sciences ,Formal methods ,01 natural sciences ,Theoretical Computer Science ,Predicate abstraction ,010201 computation theory & mathematics ,Theory of computation ,Redundancy (engineering) ,Software - Abstract
Reliability is a fundamental property for critical systems. A thorough evaluation of the reliability is required by the certification procedures in various application domains, and it is important to support the exploration of the space of the design solutions. In this paper we propose a new, fully automated approach to the reliability analysis of complex redundant architectures. Given an abstract description of the architecture, the approach automatically extracts a fault tree and a symbolic reliability function, i.e. a program mapping the probability of fault of the basic components to the probability that the overall architecture deviates from the expected behavior. The proposed approach heavily relies on formal methods, by representing the architecture blocks as Uninterpreted Functions, and using the so-called miter construction to model the deviation from the nominal behavior. The extraction of all the deviation conditions is reduced to an AllSMT problem, and we extract the reliability function by traversing the Binary Decision Diagram corresponding to the quantified formula. Predicate abstraction is used to partition and speed up the computation. The approach has been implemented leveraging formal tools for model checking and safety assessment. A thorough experimental evaluation demonstrates its generality and effectiveness of the proposed techniques.
- Published
- 2019
28. Semi-ProtoPNet Deep Neural Network for the Classification of Defective Power Grid Distribution Structures
- Author
-
Gurmail Singh, Kin-Choong Yow, Alessandro Cimatti, and Stefano Frizzo Stefenon
- Subjects
insulator classification ,power grid inspection ,Reproducibility of Results ,Biochemistry ,computer vision ,Atomic and Molecular Physics, and Optics ,Analytical Chemistry ,Deep Learning ,convolutional neural networks ,deep learning ,Computer Systems ,Neural Networks, Computer ,Electrical and Electronic Engineering ,Instrumentation - Abstract
Power distribution grids are typically installed outdoors and are exposed to environmental conditions. When contamination accumulates in the structures of the network, there may be shutdowns caused by electrical arcs. To improve the reliability of the network, visual inspections of the electrical power system can be carried out; these inspections can be automated using computer vision techniques based on deep neural networks. Based on this need, this paper proposes the Semi-ProtoPNet deep learning model to classify defective structures in the power distribution networks. The Semi-ProtoPNet deep neural network does not perform convex optimization of its last dense layer to maintain the impact of the negative reasoning process on image classification. The negative reasoning process rejects the incorrect classes of an input image; for this reason, it is possible to carry out an analysis with a low number of images that have different backgrounds, which is one of the challenges of this type of analysis. Semi-ProtoPNet achieves an accuracy of 97.22%, being superior to VGG-13, VGG-16, VGG-19, ResNet-34, ResNet-50, ResNet-152, DenseNet-121, DenseNet-161, DenseNet-201, and also models of the same class such as ProtoPNet, NP-ProtoPNet, Gen-ProtoPNet, and Ps-ProtoPNet.
- Published
- 2022
29. Safe Decomposition of Startup Requirements: Verification and Synthesis
- Author
-
Alberto Griggio, Stefano Tonetta, Alessandro Cimatti, and Luca Geatti
- Published
- 2021
30. Fairness, Assumptions, and Guarantees for Extended Bounded Response LTL+P Synthesis
- Author
-
Alessandro Cimatti, Luca Geatti, Nicola Gigante, Angelo Montanari, and Stefano Tonetta
- Published
- 2021
31. Automatic Discovery of Fair Paths in Infinite-State Transition Systems
- Author
-
Alberto Griggio, Alessandro Cimatti, and Enrico Magnago
- Subjects
Set (abstract data type) ,Model checking ,Sequence ,business.product_category ,Theoretical computer science ,Computer science ,Path (graph theory) ,Funnel ,Function (mathematics) ,Abstract space ,business ,Automaton - Abstract
Proving existential properties of infinite-state systems (e.g. software non-termination, model checking of hybrid automata) comes with a key challenge: differently from the finite-state case, witnesses may not be in form of lasso-shaped fair paths. In this paper we propose an approach to automatically prove existential properties for infinite state transition systems, presenting witnesses in an indirect way. The approach is based on the notion of well-founded funnel, where a ranking function guarantees that the states in the source set are guaranteed to inevitably reach the destination set. We show that, under suitable conditions, a sequence of funnels ensures the existence of a fair path. We propose an algorithm that, working in an abstract space induced by a set of predicates, identifies candidate funnels, proves their well-foundedness, and searches for a sequencing order.
- Published
- 2021
32. Efficient SMT-Based Analysis of Failure Propagation
- Author
-
Alessandro Cimatti, Anthony Fernandes Pires, Alberto Griggio, Martin Jonáš, Greg Kimberly, and Marco Bozzano
- Subjects
Dependency (UML) ,Process (engineering) ,Computer science ,0102 computer and information sciences ,02 engineering and technology ,Hazard analysis ,Fault (power engineering) ,01 natural sciences ,Phase (combat) ,Reliability engineering ,010201 computation theory & mathematics ,Satisfiability modulo theories ,Component (UML) ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Engineering design process - Abstract
The process of developing civil aircraft and their related systems includes multiple phases of Preliminary Safety Assessment (PSA). An objective of PSA is to link the classification of failure conditions and effects (produced in the functional hazard analysis phases) to appropriate safety requirements for elements in the aircraft architecture. A complete and correct preliminary safety assessment phase avoids potentially costly revisions to the design late in the design process. Hence, automated ways to support PSA are an important challenge in modern aircraft design. A modern approach to conducting PSAs is via the use of abstract propagation models, that are basically hyper-graphs where arcs model the dependency among components, e.g. how the degradation of one component may lead to the degraded or failed operation of another. Such models are used for computingfailure propagations: the fault of a component may have multiple ramifications within the system, causing the malfunction of several interconnected components. A central aspect of this problem is that of identifying the minimal fault combinations, also referred to asminimal cut sets, that cause overall failures.In this paper we propose an expressive framework to model failure propagation, catering for multiple levels of degradation as well as cyclic and nondeterministic dependencies. We define a formal sequential semantics, and present an efficient SMT-based method for the analysis of failure propagation, able to enumerate cut sets that are minimal with respect to the order between levels of degradation. In contrast with the state of the art, the proposed approach is provably more expressive, and dramatically outperforms other systems when a comparison is possible.
- Published
- 2021
33. Proving the Existence of Fair Paths in Infinite-State Systems
- Author
-
Alberto Griggio, Enrico Magnago, and Alessandro Cimatti
- Subjects
Model checking ,050101 languages & linguistics ,Theoretical computer science ,business.industry ,Computer science ,05 social sciences ,02 engineering and technology ,Composition (combinatorics) ,Automaton ,Set (abstract data type) ,Software ,Hybrid system ,Path (graph theory) ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,0501 psychology and cognitive sciences ,State (computer science) ,business - Abstract
In finite-state systems, true existential properties admit witnesses in form of lasso-shaped fair paths. When dealing with the infinite-state case (e.g. software non-termination, model checking of hybrid automata) this is no longer the case. In this paper, we propose a compositional approach for proving the existence of fair paths of infinite-state systems. First, we describe a formal approach to prove the existence of a non-empty under-approximation of the original system that only contains fair paths. Second, we define an automated procedure that, given a set of hints (in form of basic components), searches for a suitable composition proving the existence of a fair path. We experimentally evaluate the approach on examples taken from both software and hybrid systems, showing its wide applicability and expressiveness.
- Published
- 2021
34. Assumption-Based Runtime Verification of Infinite-State Systems
- Author
-
Chun Tian, Alessandro Cimatti, and Stefano Tonetta
- Subjects
Computer science ,Programming language ,Runtime verification ,State (computer science) ,computer.software_genre ,computer ,TRACE (psycholinguistics) ,System model - Abstract
Runtime Verification (RV) basically means monitoring an execution trace of a system under scrutiny and checking if the trace satisfies or violates a specification. In Assumption-Based Runtime Verification (ABRV), runtime monitors may be synthesized from not only the specification but also a system model (either full or partial), which represents the assumptions on which the input traces are expected to follow. With assumptions the monitor can additionally check if the input traces actually follow the assumptions. Some previous research has shown that monitors under assumptions can be more precise or even predictive, while non-monitorable specifications may become monitorable under assumptions.
- Published
- 2021
35. Optimization Modulo Non-linear Arithmetic via Incremental Linearization
- Author
-
Filippo Bigarella, Roberto Sebastiani, Martin Jonáš, Marco Roveri, Ahmed Irfan, Alberto Griggio, Alessandro Cimatti, and Patrick Trentin
- Subjects
Nonlinear system ,Linearization ,Computer science ,Simple (abstract algebra) ,Modulo ,Extension (predicate logic) ,Solver ,Arithmetic - Abstract
Incremental linearization is a conceptually simple, yet effective, technique that we have recently proposed for solving SMT problems on the theories of non-linear arithmetic over the reals and the integers. Optimization Modulo Theories (OMT) is an important extension of SMT which allows for finding models that optimize given objective functions. In this paper, we show how incremental linearization can be extended to OMT in a simple way, producing an incomplete though effective OMT procedure. We describe the main ideas and algorithms, we provide an implementation within the OptiMathSAT OMT solver, and perform an empirical evaluation. The results support the effectiveness of the approach.
- Published
- 2021
36. Synthesis of P-Stable Abstractions
- Author
-
Alessandro Cimatti, Enea Zaffanella, and Anna Becchi
- Subjects
Discrete mathematics ,Set (abstract data type) ,Dynamical systems theory ,020204 information systems ,0202 electrical engineering, electronic engineering, information engineering ,020207 software engineering ,02 engineering and technology ,Abstraction ,Dynamical system (definition) ,Representation (mathematics) ,Stability (probability) ,Mathematics - Abstract
Stability is a fundamental requirement of dynamical systems. Most of the works concentrate on verifying stability for a given stability region. In this paper we tackle the problem of synthesizing \(\mathbb {P}\) -stable abstractions. Intuitively, the \(\mathbb {P}\)-stable abstraction of an open dynamical system characterizes the transitions between stability regions in response to external inputs. The stability regions are not given - rather, they are synthesized as the tightest representation with respect to a given set of relevant predicates \(\mathbb {P}\). A \(\mathbb {P}\)-stable abstraction is enriched by timing information derived from the duration of stabilization.
- Published
- 2020
37. A Model-Based Approach to the Design, Verification and Deployment of Railway Interlocking System
- Author
-
Alberto Griggio, Matteo Tessi, Arturo Amendola, Alessandro Cimatti, Giuseppe Scaglione, Alberto Tacchella, Angelo Susi, Roberto Cavada, and Anna Becchi
- Subjects
Functional specification ,business.industry ,Computer science ,language.human_language ,Domain (software engineering) ,Controlled natural language ,Systems Modeling Language ,Model-based design ,language ,Code generation ,Software engineering ,business ,Formal verification ,Interlocking - Abstract
This paper describes a model-based flow for the development of Interlocking Systems. The flow starts from a set of specifications in Controlled Natural Language (CNL), that are close to the jargon adopted in by domain experts, but fully formal. From the CNL, a complete SysML specification is extracted, leveraging various forms of diagrams, and enabling automated code generation. Several formal verification methods are supported. A complementary part of the flow supports the extraction of formal properties from legacy Interlocking Systems designed as Relay circuits. The flow is implemented in a comprehensive toolset, and is currently used by railway experts.
- Published
- 2020
38. Extending nuXmv with Timed Transition Systems and Timed Temporal Properties
- Author
-
Marco Roveri, Alberto Griggio, Stefano Tonetta, Enrico Magnago, and Alessandro Cimatti
- Subjects
Model checking ,Discrete mathematics ,050101 languages & linguistics ,Reduction (recursion theory) ,Semantics (computer science) ,Computer science ,05 social sciences ,System requirements specification ,02 engineering and technology ,Divergence (computer science) ,Automaton ,Computer Science::Logic in Computer Science ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,0501 psychology and cognitive sciences ,Representation (mathematics) ,Parametric statistics - Abstract
nuXmv is a well-known symbolic model checker, which implements various state-of-the-art algorithms for the analysis of finite- and infinite-state transition systems and temporal logics. In this paper, we present a new version that supports timed systems and logics over continuous super-dense semantics. The system specification was extended with clocks to constrain the timed evolution. The support for temporal properties has been expanded to include \(\textsc {MTL}_{0,\infty }\) formulas with parametric intervals. The analysis is performed via a reduction to verification problems in the discrete-time case. The internal representation of traces has been extended to go beyond the lasso-shaped form, to take into account the possible divergence of clocks. We evaluated the new features by comparing nuXmv with other verification tools for timed automata and \(\textsc {MTL}_{0,\infty }\), considering different benchmarks from the literature. The results show that nuXmv is competitive with and in many cases performs better than state-of-the-art tools, especially on validity problems for \(\textsc {MTL}_{0,\infty }\).
- Published
- 2019
39. Assumption-Based Runtime Verification with Partial Observability and Resets
- Author
-
Alessandro Cimatti, Chun Tian, and Stefano Tonetta
- Subjects
Model checking ,050101 languages & linguistics ,Theoretical computer science ,Property (programming) ,Computer science ,05 social sciences ,Runtime verification ,Observable ,02 engineering and technology ,Automaton ,Linear temporal logic ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,0501 psychology and cognitive sciences ,Observability ,TRACE (psycholinguistics) - Abstract
We consider Runtime Verification (RV) based on Propositional Linear Temporal Logic (LTL) with both future and past temporal operators. We generalize the framework to monitor partially observable systems using models of the system under scrutiny (SUS) as assumptions for reasoning on the non-observable or future behaviors of the SUS. The observations are general predicates over the SUS, thus both static and dynamic sets of observables are supported. Furthermore, the monitors are resettable, i.e. able to evaluate any LTL property at arbitrary positions of the input trace (roughly speaking, \([\![u,i\models \varphi ]\!]\) can be evaluated for any u and i with the underlying assumptions taken into account). We present a symbolic monitoring algorithm that can be efficiently implemented using BDD. It is proven correct and the monitor can be double-checked by model checking. As a by-product, we give the first automata-based monitoring algorithm for Past-Time LTL. Beside feasibility and effectiveness of our approach, we also demonstrate that, under certain assumptions the monitors of some properties are predictive.
- Published
- 2019
40. Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems
- Author
-
Rance DeLong, Ivan Stojic, Alessandro Cimatti, and Stefano Tonetta
- Subjects
Computer science ,Distributed computing ,Model-based systems engineering ,Control reconfiguration ,ComputerApplications_COMPUTERSINOTHERSYSTEMS ,0102 computer and information sciences ,02 engineering and technology ,01 natural sciences ,Trustworthiness ,010201 computation theory & mathematics ,Robustness (computer science) ,Adaptive system ,Formal specification ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing - Abstract
In order to be resilient, a system must be adaptable. Trustworthy adaptation requires that a system can be dynamically reconfigured at run-time without compromising the robustness and integrity of the system. Adaptive MILS extends MILS, a successful paradigm for rigorously developed and assured composable static systems, with reconfiguration mechanisms and a framework within which those mechanisms may be safely and securely employed for adaptation.
- Published
- 2019
- Full Text
- View/download PDF
41. HRELTL: A temporal logic for hybrid systems
- Author
-
Alessandro Cimatti, Marco Roveri, and Stefano Tonetta
- Subjects
Computation tree logic ,Theoretical computer science ,Interval temporal logic ,Multimodal logic ,Computer Science Applications ,Theoretical Computer Science ,Computational Theory and Mathematics ,Linear temporal logic ,Hybrid system ,Temporal logic ,Automated reasoning ,Temporal logic of actions ,Algorithm ,Information Systems ,Mathematics - Abstract
Hybrid traces are useful to describe behaviors of dynamic systems where continuous and discrete evolutions are combined. The ability to represent sets of traces by means of formulas in temporal logic has recently found important applications in various fields, such as requirements analysis, compositional verification, and contract-based design. In this paper we present HRELTL, a temporal logic to characterize hybrid traces. The logic is highly expressive: it allows the description of continuous behaviors, by expressing mathematical constraints over derivatives, and discrete behaviors, by constraining values of variables across instantaneous transitions. HRELTL combines the power of temporal operators and regular expressions, and enjoys important properties such as sampling invariance. We demonstrate that the satisfiability problem for a fragment of HRELTL allows for a satisfiability-preserving reduction to RELTL(RA), a logic over discrete traces with atoms in non-linear Real Arithmetic for which automated reasoning procedures are being developed.
- Published
- 2015
42. SMT-based satisfiability of first-order LTL with event freezing functions and metric operators
- Author
-
Marco Roveri, Alberto Griggio, Alessandro Cimatti, Stefano Tonetta, and Enrico Magnago
- Subjects
Model checking ,Theoretical computer science ,SMT-based model checkingTemporal satisfiability ,First-order linear-time temporal logic ,Metric temporal logic ,Computer science ,020207 software engineering ,02 engineering and technology ,Satisfiability ,Computer Science Applications ,Theoretical Computer Science ,Computational Theory and Mathematics ,Computer Science::Logic in Computer Science ,Satisfiability modulo theories ,0202 electrical engineering, electronic engineering, information engineering ,Leverage (statistics) ,020201 artificial intelligence & image processing ,Temporal logic ,Rewriting ,Boolean satisfiability problem ,Information Systems - Abstract
In this paper, we propose to extend First-Order Linear-time Temporal Logic with Past adding two operators “at next” and “at last”, which take in input a term and a formula and return the value of the term at the next state in the future or last state in the past in which the formula holds. The new logic, named LTL-EF, can be interpreted with different models of time (including discrete, dense, and super-dense time) and with different first-order theories (a la Satisfiability Modulo Theories (SMT)). We show that the “at next” and “at last” can encode (first-order) MTL 0 , ∞ with counting. We provide rewriting procedures to reduce the satisfiability problem to the discrete-time case (to leverage on the mature state-of-the-art corresponding verification techniques) and to remove the extra functional symbols. We implemented these techniques in the nuXmv model checker enabling the analysis of LTL-EF and MTL 0 , ∞ based on SMT-based model checking. We show the feasibility of the approach experimenting with several non-trivial valid and satisfiable formulas.
- Published
- 2020
43. Symbolic execution with existential second-order constraints
- Author
-
Sergey Mechtaev, Alberto Griggio, Abhik Roychoudhury, and Alessandro Cimatti
- Subjects
Theoretical computer science ,Computer science ,020207 software engineering ,Context (language use) ,02 engineering and technology ,Symbolic execution ,Mathematical proof ,Constraint (information theory) ,Range (mathematics) ,Path (graph theory) ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,The Symbolic ,Program synthesis - Abstract
Symbolic execution systematically explores program paths by solving path conditions --- formulas over symbolic variables. Typically, the symbolic variables range over numbers, arrays and strings. We introduce symbolic execution with existential second-order constraints --- an extension of traditional symbolic execution that allows symbolic variables to range over functions whose interpretations are restricted by a user-defined language. The aims of this new technique are twofold. First, it offers a general analysis framework that can be applied in multiple domains such as program repair and library modelling. Secondly, it addresses the path explosion problem of traditional first-order symbolic execution in certain applications. To realize this technique, we integrate symbolic execution with program synthesis. Specifically, we propose a method of second-order constraint solving that provides efficient proofs of unsatisfiability, which is critical for the performance of symbolic execution. Our evaluation shows that the proposed technique (1) helps to repair programs with loops by mitigating the path explosion, (2) can enable analysis of applications written against unavailable libraries by modelling these libraries from the usage context.
- Published
- 2018
44. Analysis of Relay Interlocking Systems via SMT-based Model Checking of Switched Multi-Domain Kirchhoff Networks
- Author
-
Giuseppe Scaglione, Alessandro Cimatti, Mirko Sessa, Roberto Cavada, Giuseppe Cadavero, and Sergio Mover
- Subjects
Model checking ,Computer science ,Distributed computing ,Legacy system ,020207 software engineering ,02 engineering and technology ,Automaton ,law.invention ,Domain (software engineering) ,Analog signal ,Relay ,law ,Scalability ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Interlocking - Abstract
Relay Interlocking Systems (RIS) are analog electromechanical networks traditionally applied in the safety-critical domain of railway signaling. RIS consist of networks of interconnected components such as power supplies, contacts, resistances, and electrically-controlled contacts (i.e. the relays). Due to cost and flexibility needs, RIS are progressively being replaced by equivalent computer-based systems. Unfortunately, RIS are often legacy systems, hard to understand at an abstract level, hence the valuable information they encoded in them is not available.In this paper, we propose a methodology and a tool chain to analyze and understand legacy RIS. A RIS is reduced to a Switched Multi-Domain Kirchhoff Network (SMDKN), which is in turn compiled into hybrid automata. SMT-based model checking supports various forms of formal analyses for SMDKN. The approach is based on the modeling of the RIS analog signals (i.e. currents and voltages) over continuous time, and their mapping in terms of railways control actions. Starting from the diagram representation, we overcome a key limitation of previous approaches based on purely Boolean models, i.e. the presence of spurious behaviors. The evaluation of the tool chain on a set of industrial-size railway RIS demonstrates practical scalability.
- Published
- 2018
45. Incremental linearization: A practical approach to satisfiability modulo nonlinear arithmetic and transcendental functions
- Author
-
Marco Roveri, Alberto Griggio, Alessandro Cimatti, Roberto Sebastiani, and Ahmed Irfan
- Subjects
Transcendental function ,Modulo ,0102 computer and information sciences ,02 engineering and technology ,01 natural sciences ,Satisfiability ,Exponential function ,010201 computation theory & mathematics ,Linearization ,Satisfiability modulo theories ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Transcendental number ,Arithmetic ,Trigonometry ,Mathematics - Abstract
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some theory or combination of theories. In this paper, we overview our recent approach called Incremental Linearization, which successfully tackles the problems of SMT over the theories of nonlinear arithmetic over the reals (NRA), nonlinear arithmetic over the integers (NIA) and their combination, and of NRA augmented with transcendental (exponential and trigonometric) functions (NTA). Moreover, we showcase some of the experimental results and outline interesting future directions.
- Published
- 2018
46. SC-square: when Satisfiability Checking and Symbolic Computation join forces
- Author
-
Anna Maria Bigatti, Erika Ábrahám, Pascal Fontaine, Matthew England, Bernd Becker, Alessandro Cimatti, Vijay Ganesh, Alberto Griggio, Daniel Kroening, Stephen Forrest, John Abbott, Werner M. Seiler, Martin Brain, and James H. Davenport
- Subjects
Algebra ,Model checking ,Discrete mathematics ,Computer science ,Symbolic trajectory evaluation ,Join (sigma algebra) ,Automated reasoning ,Symbolic computation ,Satisfiability ,Square (algebra) - Abstract
Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but with common interests, e.g., in the development, implementation and application of decision procedures for arithmetic theories. Despite their commonalities, the two communities are rather weakly connected. The aim of the SC-square initiative is to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap from theory along the way to tools and (industrial) applications.
- Published
- 2018
47. ARCH-COMP17 Category Report: Hybrid Systems with Piecewise Constant Dynamics
- Author
-
Anna Becchi, Muhammad Syifa'ul Mufid, Mirco Giacobbe, Alberto Griggio, Stefano Tonetta, Lei Bu, Dieky Adzkiya, Sergio Mover, Alessandro Abate, Goran Frehse, Enea Zaffanella, Idriss Riouak, and Alessandro Cimatti
- Subjects
Control theory ,Hybrid system ,Dynamics (mechanics) ,Piecewise ,Applied mathematics ,Arch ,Constant (mathematics) ,Mathematics - Abstract
This report presents results of a friendly competition for formal verification of continuous and hybrid systems with piecewise constant dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2017. In its first edition, four tools have been applied to solve five different benchmark problems in the category for piecewise constant dynamics: BACH, Lyse, PHAVer, and VeriSiMPL. The result is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results probably provide the most complete assessment of tools for the safety verification of continuous and hybrid systems with piecewise constant dynamics up to this date.
- Published
- 2018
48. Experimenting on Solving Nonlinear Integer Arithmetic with Incremental Linearization
- Author
-
Marco Roveri, Roberto Sebastiani, Ahmed Irfan, Alessandro Cimatti, and Alberto Griggio
- Subjects
Integer arithmetic ,Computer science ,Real arithmetic ,0102 computer and information sciences ,02 engineering and technology ,01 natural sciences ,Nonlinear system ,010201 computation theory & mathematics ,Simple (abstract algebra) ,Linearization ,Satisfiability modulo theories ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Arithmetic ,Integer (computer science) - Abstract
Incremental linearization is a conceptually simple, yet effective, technique that we have recently proposed for solving SMT problems over nonlinear real arithmetic constraints. In this paper, we show how the same approach can be applied successfully also to the harder case of nonlinear integer arithmetic problems. We describe in detail our implementation of the basic ideas inside the MathSAT SMT solver, and evaluate its effectiveness with an extensive experimental analysis over all nonlinear integer benchmarks in SMT-LIB. Our results show that MathSAT is very competitive with (and often outperforms) state-of-the-art SMT solvers based on alternative techniques.
- Published
- 2018
49. Formal Specification and Verification of Dynamic Parametrized Architectures
- Author
-
Stefano Tonetta, Alessandro Cimatti, and Ivan Stojic
- Subjects
Model checking ,Theoretical computer science ,Computer science ,010102 general mathematics ,Control reconfiguration ,02 engineering and technology ,01 natural sciences ,Reachability ,Adaptive system ,Formal specification ,Satisfiability modulo theories ,Transition system ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,0101 mathematics - Abstract
We propose a novel approach to the formal specification and verification of dynamic architectures that are at the core of adaptive systems such as critical infrastructure protection. Key features include run-time reconfiguration based on adding and removing components and connections, resulting in systems with unbounded number of components. We provide a logic-based specification of a Dynamic Parametrized Architecture (DPA), where parameters represent the infinite-state space of possible configurations, and first-order formulas represent the sets of initial configurations and reconfiguration transitions. We encode information flow properties as reachability problems of such DPAs, define a translation into an array-based transition system, and use a Satisfiability Modulo Theories (SMT)-based model checker to tackle a number of case studies.
- Published
- 2018
50. An SMT-based approach to weak controllability for disjunctive temporal problems with uncertainty
- Author
-
Andrea Micheli, Alessandro Cimatti, and Marco Roveri
- Subjects
Controllability ,Linguistics and Language ,Mathematical optimization ,Artificial Intelligence ,Existential quantification ,Satisfiability modulo theories ,Scalability ,Logical approach ,Decision problem ,Solver ,Language and Linguistics ,Scheduling (computing) ,Mathematics - Abstract
The framework of temporal problems with uncertainty (TPU) is useful to express temporal constraints over a set of activities subject to uncertain (and uncontrollable) duration. In this work, we focus on the most general class of TPU, namely disjunctive TPU (DTPU), and consider the case of weak controllability, that allows one to model problems arising in practical scenarios (e.g. on-line scheduling). We first tackle the decision problem, i.e. whether there exists a schedule of the activities that, depending on the uncertainty, satisfies all the constraints. We propose a logical approach, based on the reduction to a problem of Satisfiability Modulo Theories (SMT), in the theory of Linear Real Arithmetic with Quantifiers. This results in the first implemented solver for weak controllability of DTPUs. Then, we tackle the problem of synthesizing control strategies for scheduling the activities. We focus on strategies that are amenable for efficient execution. We prove that linear strategies are not always sufficient, even in the sub-case of simple TPU (STPU), while piecewise-linear strategies, that are multiple conditionally-applied linear strategies, are always sufficient. We present several algorithms for the synthesis of linear and piecewise-linear strategies, in case of STPU and of DTPU. All the algorithms are implemented on top of SMT solvers. We provide experimental evidence of the scalability of the proposed techniques, with dramatic speed-ups in strategy execution compared to on-line reasoning.
- Published
- 2015
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.