Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
There is a wide range of decision procedures available for solving the existential fragment of first order theory of linear real algebra (QFLRA). However, for formulas of the theory of quantifier-free nonlinear real arithmetic (QFNRA),... more
There is a wide range of decision procedures available for solving the existential fragment of first order theory of linear real algebra (QFLRA). However, for formulas of the theory of quantifier-free nonlinear real arithmetic (QFNRA), which are much harder to solve, there are only few decision procedures (the lower bound for complete solvers is exponential). The context this thesis is settled in is the software project SMT-RAT, a software framework for SAT Modulo Theories (SMT) solving. SMT solving is a combination of a SAT solver, which checks the Boolean skeleton of a given input formula and a theory solver, which handles the involved theory constraints. SMT-RAT maintains different complete and incomplete solving modules and allows to combine several modules to operate as a theory solver. Interval constraint propagation (ICP) is an incomplete decision procedure to efficiently reduce the domain of a set of variables with respect to a conjunction of polynomial constraints. The goal...
Research Interests:
Research Interests:
Many systems that are subject to verification give rise to probabilities; examples include randomized distributed algorithms, security, systems biology, or embedded systems. State-of-the-art probabilistic model checkers like PRISM [7]... more
Many systems that are subject to verification give rise to probabilities; examples include randomized distributed algorithms, security, systems biology, or embedded systems. State-of-the-art probabilistic model checkers like PRISM [7] mostly work under the assumption that all model probabilities are a priori known. However, at early development stages, certain system quantities require parametric probabilistic models to be specified, where transition probabilities are given by real-valued parameters. Here, we focus on so-called parametric Markov chains (pMC), see Figure 1(a). The model checking goal is to compute rational functions, i. e., a fraction of polynomials
Research Interests:
This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th birthday. Frank S. de Boer is a prominent member of the research community in formal methods and theoretical computer science. A brief look... more
This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th birthday. Frank S. de Boer is a prominent member of the research community in formal methods and theoretical computer science. A brief look at his lengthy publication list reveals a broad area of interest and a versatile modus operandi with: logic and constraint programming; deductive proof systems, soundness, and completeness; semantics, compositionality, and full abstraction; process algebra and decidability; multithreading and actor-based concurrency; agent programming, ontologies, and modal logic; real-time systems, timed automata, and schedulability; enterprise architectures, choreography, and coordination; testing and runtime monitoring; and cloud computing and service-level agreements. For a while, he also liked failures, especially in semantics, and optimistically concluded with the failure of failures. In fact, Frank has an opportunistic approach to research. Rather than seeing...
Research Interests:
We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a subclass of Stochastic Hybrid Automata (SHA), thereby making HPnGs amenable to techniques from that domain. While (non-stochastic) Hybrid... more
We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a subclass of Stochastic Hybrid Automata (SHA), thereby making HPnGs amenable to techniques from that domain. While (non-stochastic) Hybrid Petri nets have previously been transformed into Hybrid Automata, we consider also stochastic aspects and transform HPnGs into Singular Automata, which are Hybrid Automata restricted to piecewise constant derivatives for continuous variables, extended by random clocks. We implemented our transformation and show its usefulness by comparing results for time-bounded reachability for HPnGs extended with non-determinism on the one hand, and for the transformed SHAs using the ProHVer tool on the other hand.
Research Interests:
Research Interests:
Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but they share common interests in the development, implementation and application of decision procedures for arithmetic theories. Despite these... more
Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but they share common interests in the development, implementation and application of decision procedures for arithmetic theories. Despite these commonalities, the two communities are currently only weakly connected. We introduce a new project SC 2 to build a joint community in this area, supported by a newly accepted EU (H2020-FETOPEN-CSA) project of the same name. We aim to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap. This abstract and accompanying poster describes the motivation and aims for the project, and reports on the first activities.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
This paper formalizes the observable interface behaviour ofopensystems for a strongly-typed, concurrent object-oriented language with single-class inheritance. We formally characterize the observable behaviour in terms of interactions at... more
This paper formalizes the observable interface behaviour ofopensystems for a strongly-typed, concurrent object-oriented language with single-class inheritance. We formally characterize the observable behaviour in terms of interactions at the program-environment interface. The behaviour is given by transitions between contextual judgments, where the absent environment is represented abstractly as assumption context. A particular challenge is the fact that, when the system is considered as open, code from the environment can be inherited to the component and vice versa. This requires to incorporate an abstract version of the heap into the environment assumptions when characterizing the interface behaviour. We prove the soundness of the abstract interface description.
Research Interests:
Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but sharing also common interests in the development, implementation and application of decision procedures for... more
Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but sharing also common interests in the development, implementation and application of decision procedures for arithmetic theories. Despite their commonalities, the two communities are rather weakly connected. The aim of our newly accepted SC 2 project (H2020-FETOPEN-CSA) is to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap from theory along the way to tools and (industrial) applications. In this paper we report on the aims and on the first activities of this project, and formalise some relevant challenges for the unified SC 2 community.
Research Interests:
SMT solving is a technology which aims at solving logical formulas over different theories. For real algebraic formulas, some SMT solvers make use of a method based on the cylindrical algebraic decomposition. We discuss relevant abstract... more
SMT solving is a technology which aims at solving logical formulas over different theories. For real algebraic formulas, some SMT solvers make use of a method based on the cylindrical algebraic decomposition. We discuss relevant abstract domains in this context and illustrate how a modified abstract domain view can improve the solving techniques.
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
Research Interests:
SAT-solving is a highly actual research area with increasing success and plenty of industrial applications. SMT-solving, extending SAT with theories, has its main focus on linear real constrains. However, there are only few solvers going... more
SAT-solving is a highly actual research area with increasing success and plenty of industrial applications. SMT-solving, extending SAT with theories, has its main focus on linear real constrains. However, there are only few solvers going further to more expressive but still decidable logics like the first-order theory of the reals with addition and multiplication. The main requests on theory solvers that must be fulfilled for their efficient embedding into an SMT solver are (a) incrementality, (b) the efficient computation of minimal infeasible subsets, and (c) the support of backtracking. For the first-order theory of the reals we are not aware of any solver offering those functionalities. In this work we address the possibilities to extend existing theory solving algorithms to come up with a theory solver suited for SMT.
Research Interests:
There are several methods for the synthesis and analysis of hybrid systems that require efficient algorithms and tools for satisfiability checking. For analysis, e.g., bounded model checking describes counterexamples of a fixed length by... more
There are several methods for the synthesis and analysis of hybrid systems that require efficient algorithms and tools for satisfiability checking. For analysis, e.g., bounded model checking describes counterexamples of a fixed length by logical formulas, whose satisfiability corresponds to the existence of such a counterexample. As an example for parameter synthesis, we can state the correctness of a parameterized system by a logical formula; the solution set of the formula gives us possible safe instances of the parameters. For discrete systems, which can be described by propositional logic formulas, SAT-solvers can be used for the satisfiability checks. For hybrid systems, having mixed discrete-continuous behavior, SMT-solvers are needed. SMT-solving extends SAT with theories, and has its main focus on linear arithmetic, which is sufficient to handle, e.g., linear hybrid systems. However, there are only few solvers for more expressive but still decidable logics like the first-ord...
Research Interests:
We consider a method for the bounded safety analysis of hybrid systems, whose continuous behaviour is intertwined with discrete execution steps. The method computes a tree of state sets, which together over-approximate reachability by... more
We consider a method for the bounded safety analysis of hybrid systems, whose continuous behaviour is intertwined with discrete execution steps. The method computes a tree of state sets, which together over-approximate reachability by bounded-length executions. If none of the state sets intersects with a given set of unsafe states then we have proven bounded safety. Otherwise, we iteratively repeat parts of the computations with locally refined search parameters, in order to reduce the over-approximation error.
Research Interests:
Research Interests:
This paper gives a brief overview of the new features introduced in the latest version of the tool Flow*. We mainly describe the new efficient scheme for integrating linear ODEs. We show that it can efficiently handle the challenging... more
This paper gives a brief overview of the new features introduced in the latest version of the tool Flow*. We mainly describe the new efficient scheme for integrating linear ODEs. We show that it can efficiently handle the challenging benchmarks on which, to the best of our knowledge, only SpaceEx works. Moreover, it is also possible to extend the method to deal with unbounded initial sets. A comparison between Flow* 1.2 and SpaceEx on those benchmarks is given. Besides, we also investigate the scalability of Flow* 1.2 based on our non-linear line circuit benchmarks.
Research Interests:
Research Interests:
Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread-classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance... more
Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread-classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation.
Research Interests:
Research Interests:
Verification tools for hybrid systems with mixed discrete-continuous behavior are becoming more and more powerful, but their applicability to high-dimensional models is still restricted. In this paper we propose an improvement for a... more
Verification tools for hybrid systems with mixed discrete-continuous behavior are becoming more and more powerful, but their applicability to high-dimensional models is still restricted. In this paper we propose an improvement for a certain class of verification techniques based on flowpipe construction. In previous work we presented a method that allows to decompose the state space of a hybrid system, such that the analysis can be done in sub-spaces of lower dimensions, instead of the global high-dimensional space. In this paper we present an approach to construct such decompositions automatically, to analyze the dynamics in each of the sub-spaces and to select for each sub-space an individual well-suited verification method. Our experimental evaluation demonstrates the general applicability of our approach and shows a remarkable speedup on decomposable systems with heterogeneous dynamics.
Research Interests:
We present the results of the ARCH1 2021 friendly competition for formal verification of continuous and hybrid systems with linear continuous dynamics. In its fifth edition, four tools have been applied to solve nine different benchmark... more
We present the results of the ARCH1 2021 friendly competition for formal verification of continuous and hybrid systems with linear continuous dynamics. In its fifth edition, four tools have been applied to solve nine different benchmark problems in the category for linear continuous dynamics (in alphabetical order): CORA, HyDRA, JuliaReach, and SpaceEx. This report is a snapshot of the current landscape of tools and the types of benchmarks they are particularly suited for. Due to the diversity of problems, we are not ranking tools, yet the presented results provide one of the most complete assessments of tools for the safety verification of continuous and hybrid systems with linear continuous dynamics up to this date.
Research Interests:
While the HPC community is working towards the development of the first Exaflop computer (expected around 2020), after reaching the Petaflop milestone in 2008 still only few HPC applications are able to fully exploit the capabilities of... more
While the HPC community is working towards the development of the first Exaflop computer (expected around 2020), after reaching the Petaflop milestone in 2008 still only few HPC applications are able to fully exploit the capabilities of Petaflop systems. In this paper we argue that efforts for preparing HPC applications for Exascale should start before such systems become available. We identify challenges that need to be addressed and recommend solutions in key areas of interest, including formal modeling, static analysis and optimization, runtime analysis and optimization, and autonomic computing. Furthermore, we outline a conceptual framework for porting HPC applications to future Exascale computing systems and propose steps for its implementation.
Research Interests:
Railway systems are often highly utilized, which makes them vulnerable to delay propagation. In order to minimize delays timetables are desired to be robust, a property that is often estimated by simulating the respective timetable for... more
Railway systems are often highly utilized, which makes them vulnerable to delay propagation. In order to minimize delays timetables are desired to be robust, a property that is often estimated by simulating the respective timetable for different deterministic delay values. To achieve an accurate estimation under consideration of uncertain delays many simulation runs need to be executed. Most established simulation systems additionally use microscopic models of the railway systems, which further increases the simulations running times and makes them applicable rather for small areas of interest for complexity reasons. In this paper, we present a probabilistic, symbolic simulation algorithm for given timetables, this means we do not simulate individual executions, but all possible executions at once. We use a macroscopic model of the railway infrastructure as input. This way we consider the railway systems in less detail but are able to examine certain performance indicators for large...
Research Interests:
Research Interests:
In this paper we propose hybrid systems and reachability analysis to verify properties in swarm robotics systems, i.e., teams of robots performing cooperative tasks without any centralized coordination. We discuss the challenges that are... more
In this paper we propose hybrid systems and reachability analysis to verify properties in swarm robotics systems, i.e., teams of robots performing cooperative tasks without any centralized coordination. We discuss the challenges that are to be faced and we report on the experience gained from applying hybrid formalisms to the verification of swarm robotics systems
Research Interests:
Research Interests:
Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but with common interests, e.g., in the development, implementation and application of decision procedures for... more
Symbolic Computation and Satisfiability Checking are two research areas, both having their individual scientific focus but with common interests, e.g., in the development, implementation and application of decision procedures for arithmetic theories. Despite their commonalities, the two communities are rather weakly connected. The aim of the SC-square initiative is to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap from theory along the way to tools and (industrial) applications.
Research Interests:
In this paper, we study the parameter synthesis problem for probabilistic hyperproper- ties. A probabilistic hyperproperty stipulates quantitative dependencies among a set of executions. In particular, we solve the following problem:... more
In this paper, we study the parameter synthesis problem for probabilistic hyperproper- ties. A probabilistic hyperproperty stipulates quantitative dependencies among a set of executions. In particular, we solve the following problem: given a probabilistic hyperprop- erty ψ and discrete-time Markov chain D with parametric transition probabilities, compute regions of parameter configurations that instantiate D to satisfy ψ, and regions that lead to violation. We address this problem for a fragment of the temporal logic HyperPCTL that allows expressing quantitative reachability relation among a set of computation trees. We illustrate the application of our technique in the areas of differential privacy, probabilistic nonintereference, and probabilistic conformance.