Search

Your search keyword '"Alessandro Cimatti"' showing total 230 results
Start Over Author "Alessandro Cimatti" Language undetermined
230 results on '"Alessandro Cimatti"'

1. Assumption-based Runtime Verification

Author

Alessandro Cimatti, Chun Tian, and Stefano Tonetta

Subjects
Hardware and Architecture, Software, Theoretical Computer Science
Published
2022

2. EVA: a Tool for the Compositional Verification of AUTOSAR Models

Author

Alessandro Cimatti, Luca Cristoforetti, Alberto Griggio, Stefano Tonetta, Sara Corfini, Marco Di Natale, and Florian Barrau

Abstract

We present , a framework for the integration of modern verification tools in the context of AUTOSAR, a widely-used open standard for the development of automotive software systems. Our framework enables the automatic end-to-end verification of system-level properties using a compositional approach. It combines software model checking techniques for the verification of software components at the code level with a contract-based analysis for verifying their correct composition. In this paper, we present the tool through its application on a representative automotive case study, discussing the main functionalities provided and the results obtained.

Published
2023

4. A Formal IDE for Railways: Research Challenges

Author

Roberto Cavada, Alessandro Cimatti, Alberto Griggio, and Angelo Susi

Abstract

The development of modern railways applications must be supported by trusted tools, able to cover the whole development process. In this paper we report on the research challenges underlying a comprehensive toolset for the design of computer-based interlocking systems. Following a VV development process, the framework adopts a clear separation between the abstract interlocking logic and the instantiations characterizing the single stations. The challenges include the definition of adequate specification languages, the generation of executable code and simulation infrastructure, traceability, test case generation, and formal verification.

Published
2023

5. Symbolic Synthesis of Observability Requirements for Diagnosability

Author

Bittner, B., Bozzano, M., Alessandro Cimatti, and Olive, X.

Subjects
General Medicine
Abstract

Given a partially observable dynamic system and a diagnoser observing its evolution over time, diagnosability analysis formally verifies (at design time) if the diagnosis system will be able to infer (at runtime) the required information on the hidden part of the dynamic state. Diagnosability directly depends on the availability of observations, and can be guaranteed by different sets of sensors, possibly associated with different costs. In this paper, we tackle the problem of synthesizing observability requirements, i.e. automatically discovering a set of observations that is sufficient to guarantee diagnosability. We propose a novel approach with the following characterizing features. First, it fully covers a comprehensive formal framework for diagnosability analysis, and enables ranking configurations of observables in terms of cost, minimality, and diagnosability delay. Second, we propose two complementary algorithms for the synthesis of observables. Third, we describe an efficient implementation that takes full advantage of mature symbolic model checking techniques. The proposed approach is thoroughly evaluated over a comprehensive suite of benchmarks taken from the aerospace domain.

Published
2021

6. A Comprehensive Approach to On-board Autonomy Verification and Validation

Author

Marco Bozzano, Alessandro Cimatti, and Marco Roveri

Subjects
On board, Deep space missions, Artificial Intelligence, Computer science, media_common.quotation_subject, Systems engineering, Space (commercial competition), Autonomy, Theoretical Computer Science, media_common, Verification and validation
Abstract

Deep space missions are characterized by severely constrained communication links. To meet the needs of future missions and increase their scientific return, future space systems will require an increased level of autonomy on-board. In this work, we propose a comprehensive approach to on-board autonomy. We rely on model-based reasoning, and we consider many important (on-line and off-line) reasoning capabilities such as plan generation, validation, execution and monitoring, runtime diagnosis, and fault detection, identification, and recovery. The controlled platform is represented symbolically, and the reasoning capabilities are seen as symbolic manipulation of such formal model. We have developed a prototype of our framework, and we have integrated it within an on-board Autonomous Reasoning Engine. Finally, we have evaluated our approach on three case-studies inspired by real-world projects and characterized it in terms of reliability, availability, and performance.

Published
2021

9. Model-based Safety Assessment of a Triple Modular Generator with xSAP

Author

Cristian Mattarei, Alessandro Cimatti, Marco Gario, Marco Bozzano, and David Jones

Subjects
Fault tree analysis, Computer science, business.industry, Control reconfiguration, 0102 computer and information sciences, Modular design, Fault (power engineering), Formal methods, 01 natural sciences, Theoretical Computer Science, Reliability engineering, 010201 computation theory & mathematics, Control theory, Scalability, business, Software, Generator (mathematics)
Abstract

The system design process needs to cope with the increasing complexity and size of systems,motivating the replacement of labor intensivemanual techniques with automated and semi-automated approaches.Recently, formal methods techniques, such as model-based verification and safety assessment, have been increasingly used to model systems under fault and to analyze them, generating artifacts such as fault trees and FMEA tables. In this paper, we show how to apply model-based techniques to a realistic case study from the avionics domain: a high integrity power distribution system, the Triple Modular Generator (TMG). The TMG is composed of a redundant and reconfigurable plant and a controller that must guarantee a high level of reliability. The case study is a significant challenge, from the modeling perspective, since it implements a complex reconfiguration policy, specified via a number of requirements in natural language, including a set of mutually dependent and potentially conflicting priority constraints. Moreover, from the verification standpoint, the controller must be able to handle an exponential number of possible faulty configurations. Our contribution is twofold. First, we formalize and validate the requirements and, using a constraint-based modeling style, we synthesize a correct by construction controller, avoiding the enumeration of all possible fault configurations, as is currently done by manual approaches. Second, we describe a comprehensive methodology and process, supported by the xSAP safety analysis platform that targets the modeling and safety assessment of faulty systems. Using xSAP, we are able to automatically extract minimal cut sets for the TMG. We demonstrate the scalability of our approach by analyzing a parametric version of the TMG case study that contains more than 700 variables and 90 faults.

Published
2021

10. Temporal Planning with Intermediate Conditions and Effects

Author

Andrea Micheli, Alessandro Valentini, and Alessandro Cimatti

Subjects
FOS: Computer and information sciences, Mathematical optimization, Artificial Intelligence (cs.AI), Action (philosophy), Computer Science - Artificial Intelligence, Computer science, General Medicine, Planning Domain Definition Language, Duration (project management)
Abstract

Automated temporal planning is the technology of choice when controlling systems that can execute more actions in parallel and when temporal constraints, such as deadlines, are needed in the model. One limitation of several action-based planning systems is that actions are modeled as intervals having conditions and effects only at the extremes and as invariants, but no conditions nor effects can be specified at arbitrary points or sub-intervals.In this paper, we address this limitation by providing an effective heuristic-search technique for temporal planning, allowing the definition of actions with conditions and effects at any arbitrary time within the action duration. We experimentally demonstrate that our approach is far better than standard encodings in PDDL 2.1 and is competitive with other approaches that can (directly or indirectly) represent intermediate action conditions or effects.

Published
2020

11. Deciding Unsolvability in Temporal Planning under Action Non-Self-Overlapping

Author

Stefan Panjkovic, Andrea Micheli, and Alessandro Cimatti

Subjects
General Medicine
Abstract

The field of Temporal Planning (TP) is receiving increasing interest for its many real-world applications. Most of the literature focuses on the TP problem of finding a plan, with algorithms that are not guaranteed to terminate when the problem admits no solution. In this paper, we present sound and complete decision procedures that address the dual problem of proving that no plan exists, which has important applications in oversubscription, model validation and optimization. We focus on the expressive and practically relevant semantics of action non-self-overlapping, recently proved to be PSPACE-complete. For this subclass, we propose two approaches: a reduction of the planning problem to model-checking of Timed Transition Systems, and a heuristic-search algorithm where temporal constraints are represented by Difference Bound Matrices. We implemented the approaches, and carried out an experimental evaluation against other state-of-the-art TP tools. On benchmarks that admit no plans, both approaches dramatically outperform the other planners, while the heuristic-search algorithm remains competitive on solvable benchmarks.

Published
2022
Full Text
View/download PDF

12. Gr(1) is Equivalent to R(1)

Author

Alessandro Cimatti, Luca GEATTI, Nicola Gigante, Angelo Montanari, and Stefano Tonetta

Subjects
History, Polymers and Plastics, Business and International Management, Industrial and Manufacturing Engineering
Published
2022

15. Searching for Ribbon-Shaped Paths in Fair Transition Systems

Author

Marco Bozzano, Alessandro Cimatti, Stefano Tonetta, and Viktoria Vozarova

Abstract

Diagnosability is a fundamental problem of partial observable systems in safety-critical design. Diagnosability verification checks if the observable part of system is sufficient to detect some faults. A counterexample to diagnosability may consist of infinitely many indistinguishable traces that differ in the occurrence of the fault. When the system under analysis is modeled as a Büchi automaton or finite-state Fair Transition System, this problem reduces to look for ribbon-shaped paths, i.e., fair paths with a loop in the middle.In this paper, we propose to solve the problem by extending the liveness-to-safety approach to look for lasso-shaped paths. The algorithm can be applied to various diagnosability conditions in a uniform way by changing the conditions on the loops. We implemented and evaluated the approach on various diagnosability benchmarks.

Published
2022

17. NORMA: a tool for the analysis of Relay-based Railway Interlocking Systems

Author

Arturo Amendola, Anna Becchi, Roberto Cavada, Alessandro Cimatti, Andrea Ferrando, Lorenzo Pilati, Giuseppe Scaglione, Alberto Tacchella, and Marco Zamboni

Abstract

We present Norma, a tool for the modeling and analysis of Relay-based Railways Interlocking Systems (RRIS). Norma is the result of a research project funded by the Italian Railway Network, to support the reverse engineering and migration to computer-based technology of legacy RRIS. The frontend fully supports the graphical modeling of Italian RRIS, with a palette of over two hundred basic components, stubs to abstract RRIS subcircuits, and requirements in terms of formal properties. The internal component based representation is translated into highly optimized Timed nuXmv models, and supports various syntactic and semantic checks based on formal verification, simulation and test case generation. Norma is experimentally evaluated, demonstrating the practical support for the modelers, and the effectiveness of the underlying optimizations.

Published
2022

18. Abstraction Modulo Stability for Reverse Engineering

Author

Anna Becchi and Alessandro Cimatti

Abstract

The analysis of legacy systems requires the automated extraction of high-level specifications. We propose a framework, called Abstraction Modulo Stability, for the analysis of transition systems operating in stable states, and responding with run-to-completion transactions to external stimuli. The abstraction captures the effects of external stimuli on the system state, and describes it in the form of a finite state machine. This approach is parametric on a set of predicates of interest and the definition of stability. We consider some possible stability definitions which yield different practically relevant abstractions, and propose a parametric algorithm for abstraction computation. The obtained FSM is extended with guards and effects on a given set of variables of interest. The framework is evaluated in terms of expressivity and adequacy within an industrial project with the Italian Railway Network, on reverse engineering tasks of relay-based interlocking circuits to extract specifications for a computer-based reimplementation.

Published
2022

21. A first-order logic characterisation of safety and co-safety languages

Author

Alessandro Cimatti, Luca Geatti, Nicola Gigante, Angelo Montanari, and Stefano Tonetta

Abstract

Linear Temporal Logic ($$\mathsf {LTL}$$ LTL ) is one of the most popular temporal logics, that comes into play in a variety of branches of computer science. Its widespread use is also due to its strong foundational properties. One of them is Kamp’s theorem, showing that $$\mathsf {LTL}$$ LTL and the first-order theory of one successor ($$\mathsf {S1S}[\mathsf {FO}]$$ S 1 S [ FO ] ) are expressively equivalent. Safety and co-safety languages, where a finite prefix suffices to establish whether a word does not or does belong to the language, respectively, play a crucial role in lowering the complexity of problems like model checking and reactive synthesis for $$\mathsf {LTL}$$ LTL . $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL (resp., $$\mathsf {coSafety\text {-} \mathsf {LTL}}$$ coSafety - LTL ) is a fragment of $$\mathsf {LTL}$$ LTL where only universal (resp., existential) temporal modalities are allowed, that recognises safety (resp., co-safety) languages only. In this paper, we introduce a fragment of $$\mathsf {S1S}[\mathsf {FO}]$$ S 1 S [ FO ] , called $$\mathsf {Safety\text {-} FO}$$ Safety - FO , and its dual $$\mathsf {coSafety\text {-} FO}$$ coSafety - FO , which are expressively complete with regards to the $$\mathsf {LTL}$$ LTL -definable safety languages. In particular, we prove that they respectively characterise exactly $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL and $$\mathsf {coSafety\text {-} \mathsf {LTL}}$$ coSafety - LTL , a result that joins Kamp’s theorem, and provides a clearer view of the charactisations of (fragments of) $$\mathsf {LTL}$$ LTL in terms of first-order languages. In addition, it gives a direct, compact, and self-contained proof that any safety language definable in $$\mathsf {LTL}$$ LTL is definable in $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL as well. As a by-product, we obtain some interesting results on the expressive power of the weak tomorrow operator of $$\mathsf {Safety\text {-} \mathsf {LTL}}$$ Safety - LTL interpreted over finite and infinite traces.

Published
2022

23. GR(1) is equivalent to R(1)

Author

Alessandro Cimatti, Luca Geatti, Nicola Gigante, Angelo Montanari, and Stefano Tonetta

Subjects
Signal Processing, Computer Science Applications, Information Systems, Theoretical Computer Science
Published
2023

24. LTL falsification in infinite-state systems

Author

Alessandro Cimatti, Alberto Griggio, and Enrico Magnago

Subjects
Computational Theory and Mathematics, Computer Science Applications, Information Systems, Theoretical Computer Science
Published
2022

25. Diagnosability of fair transition systems

Author

Benjamin Bittner, Marco Bozzano, Alessandro Cimatti, Marco Gario, Stefano Tonetta, and Viktoria Vozarova

Subjects
Linguistics and Language, Artificial Intelligence, Language and Linguistics
Published
2022

26. Robustness Envelopes for Temporal Plans

Author

Alessandro Cimatti, Andrea Micheli, Michael Cashmore, Daniele Magazzeni, and Parisa Zehtabi

Subjects
QA75, Mathematical optimization, Computer science, media_common.quotation_subject, 0102 computer and information sciences, General Medicine, Executor, 01 natural sciences, Adaptability, 010201 computation theory & mathematics, Robustness (computer science), Satisfiability modulo theories, Leverage (statistics), media_common
Abstract

To achieve practical execution, planners must produce temporal plans with some degree of run-time adaptability. Such plans can be expressed as Simple Temporal Networks (STN), that constrain the timing of action activations, and implicitly represent the space of choices for the plan executor.A first problem is to verify that all the executor choices allowed by the STN plan will be successful, i.e. the plan is valid. An even more important problem is to assess the effect of discrepancies between the model used for planning and the execution environment.We propose an approach to compute the “robustness envelope” (i.e., alternative action durations or resource consumption rates) of a given STN plan, for which the plan remains valid. Plans can have boolean and numeric variables as well as discrete and continuous change. We leverage Satisfiability Modulo Theories (SMT) to make the approach formal and practical.

Published
2019

27. Formal reliability analysis of redundancy architectures

Author

Alessandro Cimatti, Cristian Mattarei, and Marco Bozzano

Subjects
Model checking, Fault tree analysis, Theoretical computer science, Speedup, Binary decision diagram, Computer science, 0102 computer and information sciences, Formal methods, 01 natural sciences, Theoretical Computer Science, Predicate abstraction, 010201 computation theory & mathematics, Theory of computation, Redundancy (engineering), Software
Abstract

Reliability is a fundamental property for critical systems. A thorough evaluation of the reliability is required by the certification procedures in various application domains, and it is important to support the exploration of the space of the design solutions. In this paper we propose a new, fully automated approach to the reliability analysis of complex redundant architectures. Given an abstract description of the architecture, the approach automatically extracts a fault tree and a symbolic reliability function, i.e. a program mapping the probability of fault of the basic components to the probability that the overall architecture deviates from the expected behavior. The proposed approach heavily relies on formal methods, by representing the architecture blocks as Uninterpreted Functions, and using the so-called miter construction to model the deviation from the nominal behavior. The extraction of all the deviation conditions is reduced to an AllSMT problem, and we extract the reliability function by traversing the Binary Decision Diagram corresponding to the quantified formula. Predicate abstraction is used to partition and speed up the computation. The approach has been implemented leveraging formal tools for model checking and safety assessment. A thorough experimental evaluation demonstrates its generality and effectiveness of the proposed techniques.

Published
2019

28. Semi-ProtoPNet Deep Neural Network for the Classification of Defective Power Grid Distribution Structures

Author

Gurmail Singh, Kin-Choong Yow, Alessandro Cimatti, and Stefano Frizzo Stefenon

Subjects
insulator classification, power grid inspection, Reproducibility of Results, Biochemistry, computer vision, Atomic and Molecular Physics, and Optics, Analytical Chemistry, Deep Learning, convolutional neural networks, deep learning, Computer Systems, Neural Networks, Computer, Electrical and Electronic Engineering, Instrumentation
Abstract

Power distribution grids are typically installed outdoors and are exposed to environmental conditions. When contamination accumulates in the structures of the network, there may be shutdowns caused by electrical arcs. To improve the reliability of the network, visual inspections of the electrical power system can be carried out; these inspections can be automated using computer vision techniques based on deep neural networks. Based on this need, this paper proposes the Semi-ProtoPNet deep learning model to classify defective structures in the power distribution networks. The Semi-ProtoPNet deep neural network does not perform convex optimization of its last dense layer to maintain the impact of the negative reasoning process on image classification. The negative reasoning process rejects the incorrect classes of an input image; for this reason, it is possible to carry out an analysis with a low number of images that have different backgrounds, which is one of the challenges of this type of analysis. Semi-ProtoPNet achieves an accuracy of 97.22%, being superior to VGG-13, VGG-16, VGG-19, ResNet-34, ResNet-50, ResNet-152, DenseNet-121, DenseNet-161, DenseNet-201, and also models of the same class such as ProtoPNet, NP-ProtoPNet, Gen-ProtoPNet, and Ps-ProtoPNet.

Published
2022

31. Automatic Discovery of Fair Paths in Infinite-State Transition Systems

Author

Alberto Griggio, Alessandro Cimatti, and Enrico Magnago

Subjects
Set (abstract data type), Model checking, Sequence, business.product_category, Theoretical computer science, Computer science, Path (graph theory), Funnel, Function (mathematics), Abstract space, business, Automaton
Abstract

Proving existential properties of infinite-state systems (e.g. software non-termination, model checking of hybrid automata) comes with a key challenge: differently from the finite-state case, witnesses may not be in form of lasso-shaped fair paths. In this paper we propose an approach to automatically prove existential properties for infinite state transition systems, presenting witnesses in an indirect way. The approach is based on the notion of well-founded funnel, where a ranking function guarantees that the states in the source set are guaranteed to inevitably reach the destination set. We show that, under suitable conditions, a sequence of funnels ensures the existence of a fair path. We propose an algorithm that, working in an abstract space induced by a set of predicates, identifies candidate funnels, proves their well-foundedness, and searches for a sequencing order.

Published
2021

32. Efficient SMT-Based Analysis of Failure Propagation

Author

Alessandro Cimatti, Anthony Fernandes Pires, Alberto Griggio, Martin Jonáš, Greg Kimberly, and Marco Bozzano

Subjects
Dependency (UML), Process (engineering), Computer science, 0102 computer and information sciences, 02 engineering and technology, Hazard analysis, Fault (power engineering), 01 natural sciences, Phase (combat), Reliability engineering, 010201 computation theory & mathematics, Satisfiability modulo theories, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Engineering design process
Abstract

The process of developing civil aircraft and their related systems includes multiple phases of Preliminary Safety Assessment (PSA). An objective of PSA is to link the classification of failure conditions and effects (produced in the functional hazard analysis phases) to appropriate safety requirements for elements in the aircraft architecture. A complete and correct preliminary safety assessment phase avoids potentially costly revisions to the design late in the design process. Hence, automated ways to support PSA are an important challenge in modern aircraft design. A modern approach to conducting PSAs is via the use of abstract propagation models, that are basically hyper-graphs where arcs model the dependency among components, e.g. how the degradation of one component may lead to the degraded or failed operation of another. Such models are used for computingfailure propagations: the fault of a component may have multiple ramifications within the system, causing the malfunction of several interconnected components. A central aspect of this problem is that of identifying the minimal fault combinations, also referred to asminimal cut sets, that cause overall failures.In this paper we propose an expressive framework to model failure propagation, catering for multiple levels of degradation as well as cyclic and nondeterministic dependencies. We define a formal sequential semantics, and present an efficient SMT-based method for the analysis of failure propagation, able to enumerate cut sets that are minimal with respect to the order between levels of degradation. In contrast with the state of the art, the proposed approach is provably more expressive, and dramatically outperforms other systems when a comparison is possible.

Published
2021

33. Proving the Existence of Fair Paths in Infinite-State Systems

Author

Alberto Griggio, Enrico Magnago, and Alessandro Cimatti

Subjects
Model checking, 050101 languages & linguistics, Theoretical computer science, business.industry, Computer science, 05 social sciences, 02 engineering and technology, Composition (combinatorics), Automaton, Set (abstract data type), Software, Hybrid system, Path (graph theory), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, State (computer science), business
Abstract

In finite-state systems, true existential properties admit witnesses in form of lasso-shaped fair paths. When dealing with the infinite-state case (e.g. software non-termination, model checking of hybrid automata) this is no longer the case. In this paper, we propose a compositional approach for proving the existence of fair paths of infinite-state systems. First, we describe a formal approach to prove the existence of a non-empty under-approximation of the original system that only contains fair paths. Second, we define an automated procedure that, given a set of hints (in form of basic components), searches for a suitable composition proving the existence of a fair path. We experimentally evaluate the approach on examples taken from both software and hybrid systems, showing its wide applicability and expressiveness.

Published
2021

34. Assumption-Based Runtime Verification of Infinite-State Systems

Author

Chun Tian, Alessandro Cimatti, and Stefano Tonetta

Subjects
Computer science, Programming language, Runtime verification, State (computer science), computer.software_genre, computer, TRACE (psycholinguistics), System model
Abstract

Runtime Verification (RV) basically means monitoring an execution trace of a system under scrutiny and checking if the trace satisfies or violates a specification. In Assumption-Based Runtime Verification (ABRV), runtime monitors may be synthesized from not only the specification but also a system model (either full or partial), which represents the assumptions on which the input traces are expected to follow. With assumptions the monitor can additionally check if the input traces actually follow the assumptions. Some previous research has shown that monitors under assumptions can be more precise or even predictive, while non-monitorable specifications may become monitorable under assumptions.

Published
2021

35. Optimization Modulo Non-linear Arithmetic via Incremental Linearization

Author

Filippo Bigarella, Roberto Sebastiani, Martin Jonáš, Marco Roveri, Ahmed Irfan, Alberto Griggio, Alessandro Cimatti, and Patrick Trentin

Subjects
Nonlinear system, Linearization, Computer science, Simple (abstract algebra), Modulo, Extension (predicate logic), Solver, Arithmetic
Abstract

Incremental linearization is a conceptually simple, yet effective, technique that we have recently proposed for solving SMT problems on the theories of non-linear arithmetic over the reals and the integers. Optimization Modulo Theories (OMT) is an important extension of SMT which allows for finding models that optimize given objective functions. In this paper, we show how incremental linearization can be extended to OMT in a simple way, producing an incomplete though effective OMT procedure. We describe the main ideas and algorithms, we provide an implementation within the OptiMathSAT OMT solver, and perform an empirical evaluation. The results support the effectiveness of the approach.

Published
2021

36. Synthesis of P-Stable Abstractions

Author

Alessandro Cimatti, Enea Zaffanella, and Anna Becchi

Subjects
Discrete mathematics, Set (abstract data type), Dynamical systems theory, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020207 software engineering, 02 engineering and technology, Abstraction, Dynamical system (definition), Representation (mathematics), Stability (probability), Mathematics
Abstract

Stability is a fundamental requirement of dynamical systems. Most of the works concentrate on verifying stability for a given stability region. In this paper we tackle the problem of synthesizing \(\mathbb {P}\) -stable abstractions. Intuitively, the \(\mathbb {P}\)-stable abstraction of an open dynamical system characterizes the transitions between stability regions in response to external inputs. The stability regions are not given - rather, they are synthesized as the tightest representation with respect to a given set of relevant predicates \(\mathbb {P}\). A \(\mathbb {P}\)-stable abstraction is enriched by timing information derived from the duration of stabilization.

Published
2020

37. A Model-Based Approach to the Design, Verification and Deployment of Railway Interlocking System

Author

Alberto Griggio, Matteo Tessi, Arturo Amendola, Alessandro Cimatti, Giuseppe Scaglione, Alberto Tacchella, Angelo Susi, Roberto Cavada, and Anna Becchi

Subjects
Functional specification, business.industry, Computer science, language.human_language, Domain (software engineering), Controlled natural language, Systems Modeling Language, Model-based design, language, Code generation, Software engineering, business, Formal verification, Interlocking
Abstract

This paper describes a model-based flow for the development of Interlocking Systems. The flow starts from a set of specifications in Controlled Natural Language (CNL), that are close to the jargon adopted in by domain experts, but fully formal. From the CNL, a complete SysML specification is extracted, leveraging various forms of diagrams, and enabling automated code generation. Several formal verification methods are supported. A complementary part of the flow supports the extraction of formal properties from legacy Interlocking Systems designed as Relay circuits. The flow is implemented in a comprehensive toolset, and is currently used by railway experts.

Published
2020

38. Extending nuXmv with Timed Transition Systems and Timed Temporal Properties

Author

Marco Roveri, Alberto Griggio, Stefano Tonetta, Enrico Magnago, and Alessandro Cimatti

Subjects
Model checking, Discrete mathematics, 050101 languages & linguistics, Reduction (recursion theory), Semantics (computer science), Computer science, 05 social sciences, System requirements specification, 02 engineering and technology, Divergence (computer science), Automaton, Computer Science::Logic in Computer Science, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Representation (mathematics), Parametric statistics
Abstract

nuXmv is a well-known symbolic model checker, which implements various state-of-the-art algorithms for the analysis of finite- and infinite-state transition systems and temporal logics. In this paper, we present a new version that supports timed systems and logics over continuous super-dense semantics. The system specification was extended with clocks to constrain the timed evolution. The support for temporal properties has been expanded to include \(\textsc {MTL}_{0,\infty }\) formulas with parametric intervals. The analysis is performed via a reduction to verification problems in the discrete-time case. The internal representation of traces has been extended to go beyond the lasso-shaped form, to take into account the possible divergence of clocks. We evaluated the new features by comparing nuXmv with other verification tools for timed automata and \(\textsc {MTL}_{0,\infty }\), considering different benchmarks from the literature. The results show that nuXmv is competitive with and in many cases performs better than state-of-the-art tools, especially on validity problems for \(\textsc {MTL}_{0,\infty }\).

Published
2019

39. Assumption-Based Runtime Verification with Partial Observability and Resets

Author

Alessandro Cimatti, Chun Tian, and Stefano Tonetta

Subjects
Model checking, 050101 languages & linguistics, Theoretical computer science, Property (programming), Computer science, 05 social sciences, Runtime verification, Observable, 02 engineering and technology, Automaton, Linear temporal logic, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Observability, TRACE (psycholinguistics)
Abstract

We consider Runtime Verification (RV) based on Propositional Linear Temporal Logic (LTL) with both future and past temporal operators. We generalize the framework to monitor partially observable systems using models of the system under scrutiny (SUS) as assumptions for reasoning on the non-observable or future behaviors of the SUS. The observations are general predicates over the SUS, thus both static and dynamic sets of observables are supported. Furthermore, the monitors are resettable, i.e. able to evaluate any LTL property at arbitrary positions of the input trace (roughly speaking, \([\![u,i\models \varphi ]\!]\) can be evaluated for any u and i with the underlying assumptions taken into account). We present a symbolic monitoring algorithm that can be efficiently implemented using BDD. It is proven correct and the monitor can be double-checked by model checking. As a by-product, we give the first automata-based monitoring algorithm for Past-Time LTL. Beside feasibility and effectiveness of our approach, we also demonstrate that, under certain assumptions the monitors of some properties are predictive.

Published
2019

40. Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems

Author

Rance DeLong, Ivan Stojic, Alessandro Cimatti, and Stefano Tonetta

Subjects
Computer science, Distributed computing, Model-based systems engineering, Control reconfiguration, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Trustworthiness, 010201 computation theory & mathematics, Robustness (computer science), Adaptive system, Formal specification, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing
Abstract

In order to be resilient, a system must be adaptable. Trustworthy adaptation requires that a system can be dynamically reconfigured at run-time without compromising the robustness and integrity of the system. Adaptive MILS extends MILS, a successful paradigm for rigorously developed and assured composable static systems, with reconfiguration mechanisms and a framework within which those mechanisms may be safely and securely employed for adaptation.

Published
2019
Full Text
View/download PDF

41. HRELTL: A temporal logic for hybrid systems

Author

Alessandro Cimatti, Marco Roveri, and Stefano Tonetta

Subjects
Computation tree logic, Theoretical computer science, Interval temporal logic, Multimodal logic, Computer Science Applications, Theoretical Computer Science, Computational Theory and Mathematics, Linear temporal logic, Hybrid system, Temporal logic, Automated reasoning, Temporal logic of actions, Algorithm, Information Systems, Mathematics
Abstract

Hybrid traces are useful to describe behaviors of dynamic systems where continuous and discrete evolutions are combined. The ability to represent sets of traces by means of formulas in temporal logic has recently found important applications in various fields, such as requirements analysis, compositional verification, and contract-based design. In this paper we present HRELTL, a temporal logic to characterize hybrid traces. The logic is highly expressive: it allows the description of continuous behaviors, by expressing mathematical constraints over derivatives, and discrete behaviors, by constraining values of variables across instantaneous transitions. HRELTL combines the power of temporal operators and regular expressions, and enjoys important properties such as sampling invariance. We demonstrate that the satisfiability problem for a fragment of HRELTL allows for a satisfiability-preserving reduction to RELTL(RA), a logic over discrete traces with atoms in non-linear Real Arithmetic for which automated reasoning procedures are being developed.

Published
2015

42. SMT-based satisfiability of first-order LTL with event freezing functions and metric operators

Author

Marco Roveri, Alberto Griggio, Alessandro Cimatti, Stefano Tonetta, and Enrico Magnago

Subjects
Model checking, Theoretical computer science, SMT-based model checkingTemporal satisfiability, First-order linear-time temporal logic, Metric temporal logic, Computer science, 020207 software engineering, 02 engineering and technology, Satisfiability, Computer Science Applications, Theoretical Computer Science, Computational Theory and Mathematics, Computer Science::Logic in Computer Science, Satisfiability modulo theories, 0202 electrical engineering, electronic engineering, information engineering, Leverage (statistics), 020201 artificial intelligence & image processing, Temporal logic, Rewriting, Boolean satisfiability problem, Information Systems
Abstract

In this paper, we propose to extend First-Order Linear-time Temporal Logic with Past adding two operators “at next” and “at last”, which take in input a term and a formula and return the value of the term at the next state in the future or last state in the past in which the formula holds. The new logic, named LTL-EF, can be interpreted with different models of time (including discrete, dense, and super-dense time) and with different first-order theories (a la Satisfiability Modulo Theories (SMT)). We show that the “at next” and “at last” can encode (first-order) MTL 0 , ∞ with counting. We provide rewriting procedures to reduce the satisfiability problem to the discrete-time case (to leverage on the mature state-of-the-art corresponding verification techniques) and to remove the extra functional symbols. We implemented these techniques in the nuXmv model checker enabling the analysis of LTL-EF and MTL 0 , ∞ based on SMT-based model checking. We show the feasibility of the approach experimenting with several non-trivial valid and satisfiable formulas.

Published
2020

43. Symbolic execution with existential second-order constraints

Author

Sergey Mechtaev, Alberto Griggio, Abhik Roychoudhury, and Alessandro Cimatti

Subjects
Theoretical computer science, Computer science, 020207 software engineering, Context (language use), 02 engineering and technology, Symbolic execution, Mathematical proof, Constraint (information theory), Range (mathematics), Path (graph theory), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Symbolic, Program synthesis
Abstract

Symbolic execution systematically explores program paths by solving path conditions --- formulas over symbolic variables. Typically, the symbolic variables range over numbers, arrays and strings. We introduce symbolic execution with existential second-order constraints --- an extension of traditional symbolic execution that allows symbolic variables to range over functions whose interpretations are restricted by a user-defined language. The aims of this new technique are twofold. First, it offers a general analysis framework that can be applied in multiple domains such as program repair and library modelling. Secondly, it addresses the path explosion problem of traditional first-order symbolic execution in certain applications. To realize this technique, we integrate symbolic execution with program synthesis. Specifically, we propose a method of second-order constraint solving that provides efficient proofs of unsatisfiability, which is critical for the performance of symbolic execution. Our evaluation shows that the proposed technique (1) helps to repair programs with loops by mitigating the path explosion, (2) can enable analysis of applications written against unavailable libraries by modelling these libraries from the usage context.

Published
2018

44. Analysis of Relay Interlocking Systems via SMT-based Model Checking of Switched Multi-Domain Kirchhoff Networks

Author

Giuseppe Scaglione, Alessandro Cimatti, Mirko Sessa, Roberto Cavada, Giuseppe Cadavero, and Sergio Mover

Subjects
Model checking, Computer science, Distributed computing, Legacy system, 020207 software engineering, 02 engineering and technology, Automaton, law.invention, Domain (software engineering), Analog signal, Relay, law, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Interlocking
Abstract

Relay Interlocking Systems (RIS) are analog electromechanical networks traditionally applied in the safety-critical domain of railway signaling. RIS consist of networks of interconnected components such as power supplies, contacts, resistances, and electrically-controlled contacts (i.e. the relays). Due to cost and flexibility needs, RIS are progressively being replaced by equivalent computer-based systems. Unfortunately, RIS are often legacy systems, hard to understand at an abstract level, hence the valuable information they encoded in them is not available.In this paper, we propose a methodology and a tool chain to analyze and understand legacy RIS. A RIS is reduced to a Switched Multi-Domain Kirchhoff Network (SMDKN), which is in turn compiled into hybrid automata. SMT-based model checking supports various forms of formal analyses for SMDKN. The approach is based on the modeling of the RIS analog signals (i.e. currents and voltages) over continuous time, and their mapping in terms of railways control actions. Starting from the diagram representation, we overcome a key limitation of previous approaches based on purely Boolean models, i.e. the presence of spurious behaviors. The evaluation of the tool chain on a set of industrial-size railway RIS demonstrates practical scalability.

Published
2018

45. Incremental linearization: A practical approach to satisfiability modulo nonlinear arithmetic and transcendental functions

Author

Marco Roveri, Alberto Griggio, Alessandro Cimatti, Roberto Sebastiani, and Ahmed Irfan

Subjects
Transcendental function, Modulo, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Satisfiability, Exponential function, 010201 computation theory & mathematics, Linearization, Satisfiability modulo theories, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Transcendental number, Arithmetic, Trigonometry, Mathematics
Abstract

Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a first-order formula with respect to some theory or combination of theories. In this paper, we overview our recent approach called Incremental Linearization, which successfully tackles the problems of SMT over the theories of nonlinear arithmetic over the reals (NRA), nonlinear arithmetic over the integers (NIA) and their combination, and of NRA augmented with transcendental (exponential and trigonometric) functions (NTA). Moreover, we showcase some of the experimental results and outline interesting future directions.

Published
2018

46. SC-square: when Satisfiability Checking and Symbolic Computation join forces

Author

Anna Maria Bigatti, Erika Ábrahám, Pascal Fontaine, Matthew England, Bernd Becker, Alessandro Cimatti, Vijay Ganesh, Alberto Griggio, Daniel Kroening, Stephen Forrest, John Abbott, Werner M. Seiler, Martin Brain, and James H. Davenport

Subjects
Algebra, Model checking, Discrete mathematics, Computer science, Symbolic trajectory evaluation, Join (sigma algebra), Automated reasoning, Symbolic computation, Satisfiability, Square (algebra)
Abstract

Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but with common interests, e.g., in the development, implementation and application of decision procedures for arithmetic theories. Despite their commonalities, the two communities are rather weakly connected. The aim of the SC-square initiative is to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap from theory along the way to tools and (industrial) applications.

Published
2018

47. ARCH-COMP17 Category Report: Hybrid Systems with Piecewise Constant Dynamics

Author

Anna Becchi, Muhammad Syifa'ul Mufid, Mirco Giacobbe, Alberto Griggio, Stefano Tonetta, Lei Bu, Dieky Adzkiya, Sergio Mover, Alessandro Abate, Goran Frehse, Enea Zaffanella, Idriss Riouak, and Alessandro Cimatti

Subjects
Control theory, Hybrid system, Dynamics (mechanics), Piecewise, Applied mathematics, Arch, Constant (mathematics), Mathematics
Abstract

This report presents results of a friendly competition for formal verification of continuous and hybrid systems with piecewise constant dynamics. The friendly competition took place as part of the workshop Applied Verification for Continuous and Hybrid Systems (ARCH) in 2017. In its first edition, four tools have been applied to solve five different benchmark problems in the category for piecewise constant dynamics: BACH, Lyse, PHAVer, and VeriSiMPL. The result is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results probably provide the most complete assessment of tools for the safety verification of continuous and hybrid systems with piecewise constant dynamics up to this date.

Published
2018

48. Experimenting on Solving Nonlinear Integer Arithmetic with Incremental Linearization

Author

Marco Roveri, Roberto Sebastiani, Ahmed Irfan, Alessandro Cimatti, and Alberto Griggio

Subjects
Integer arithmetic, Computer science, Real arithmetic, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Nonlinear system, 010201 computation theory & mathematics, Simple (abstract algebra), Linearization, Satisfiability modulo theories, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Arithmetic, Integer (computer science)
Abstract

Incremental linearization is a conceptually simple, yet effective, technique that we have recently proposed for solving SMT problems over nonlinear real arithmetic constraints. In this paper, we show how the same approach can be applied successfully also to the harder case of nonlinear integer arithmetic problems. We describe in detail our implementation of the basic ideas inside the MathSAT SMT solver, and evaluate its effectiveness with an extensive experimental analysis over all nonlinear integer benchmarks in SMT-LIB. Our results show that MathSAT is very competitive with (and often outperforms) state-of-the-art SMT solvers based on alternative techniques.

Published
2018

49. Formal Specification and Verification of Dynamic Parametrized Architectures

Author

Stefano Tonetta, Alessandro Cimatti, and Ivan Stojic

Subjects
Model checking, Theoretical computer science, Computer science, 010102 general mathematics, Control reconfiguration, 02 engineering and technology, 01 natural sciences, Reachability, Adaptive system, Formal specification, Satisfiability modulo theories, Transition system, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0101 mathematics
Abstract

We propose a novel approach to the formal specification and verification of dynamic architectures that are at the core of adaptive systems such as critical infrastructure protection. Key features include run-time reconfiguration based on adding and removing components and connections, resulting in systems with unbounded number of components. We provide a logic-based specification of a Dynamic Parametrized Architecture (DPA), where parameters represent the infinite-state space of possible configurations, and first-order formulas represent the sets of initial configurations and reconfiguration transitions. We encode information flow properties as reachability problems of such DPAs, define a translation into an array-based transition system, and use a Satisfiability Modulo Theories (SMT)-based model checker to tackle a number of case studies.

Published
2018

50. An SMT-based approach to weak controllability for disjunctive temporal problems with uncertainty

Author

Andrea Micheli, Alessandro Cimatti, and Marco Roveri

Subjects
Controllability, Linguistics and Language, Mathematical optimization, Artificial Intelligence, Existential quantification, Satisfiability modulo theories, Scalability, Logical approach, Decision problem, Solver, Language and Linguistics, Scheduling (computing), Mathematics
Abstract

The framework of temporal problems with uncertainty (TPU) is useful to express temporal constraints over a set of activities subject to uncertain (and uncontrollable) duration. In this work, we focus on the most general class of TPU, namely disjunctive TPU (DTPU), and consider the case of weak controllability, that allows one to model problems arising in practical scenarios (e.g. on-line scheduling). We first tackle the decision problem, i.e. whether there exists a schedule of the activities that, depending on the uncertainty, satisfies all the constraints. We propose a logical approach, based on the reduction to a problem of Satisfiability Modulo Theories (SMT), in the theory of Linear Real Arithmetic with Quantifiers. This results in the first implemented solver for weak controllability of DTPUs. Then, we tackle the problem of synthesizing control strategies for scheduling the activities. We focus on strategies that are amenable for efficient execution. We prove that linear strategies are not always sufficient, even in the sub-case of simple TPU (STPU), while piecewise-linear strategies, that are multiple conditionally-applied linear strategies, are always sufficient. We present several algorithms for the synthesis of linear and piecewise-linear strategies, in case of STPU and of DTPU. All the algorithms are implemented on top of SMT solvers. We provide experimental evidence of the scalability of the proposed techniques, with dramatic speed-ups in strategy execution compared to on-line reasoning.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results