A. Dubey,X. Wu,H. Su,T. J. Koo

DOI: https://doi.org/10.1007/11562948_11

2005-01-01

Abstract:In this paper, we describe a computation platform called ReachLab, which enables automatic analysis of embedded software systems that interact with continuous environment. Algorithms are used to specify how the state space of the system model should be explored in order to perform analysis. In ReachLab, both system models and analysis algorithm models are specified in the same framework using Hybrid System Analysis and Design Language (HADL), which is a meta-model based language. The platform allows the models of algorithms to be constructed hierarchically and promotes their reuse in constructing more complex algorithms. Moreover, the platform is designed in such a way that the concerns of design and implementation of analysis algorithms are separated. On one hand, the models of analysis algorithms are abstract and therefore the design of algorithms can be made independent of implementation details. On the other hand, translators are provided to automatically generate implementations from the models for computing analysis results based on computation kernels. Multiple computation kernels, which are based on specific computation tools such as d/dt and the Level Set toolbox, are supported and can be chosen to enable hybrid state space exploration. An example is provided to illustrate the design and implementation process in ReachLab.

Kun Wang,Chengcheng Zhao,Jinpei Chu,Yiping Shi,Jianyuan Lu,Biao Lyu,Shunmin Zhu,Peng Cheng,Jiming Chen

DOI: https://doi.org/10.1109/tnet.2024.3469386

2024-01-01

Abstract:The Virtual Private Cloud (VPC) service enables users to configure shared resources within public clouds on demand, providing isolation between users. However, configuring the VPC network is a complex and error-prone task, and misconfiguration has been the leading cause of cloud network security issues. The large number of complex network components and configurations makes it difficult to perform scalable, efficient, and accurate fault verification of the network behavior. To address this issue, we design a comprehensive and automated fault diagnosis and localization tool, called, which is built upon an innovative modular network model that accurately captures the logic functions of real components within VPC networks, and propose eleven functions to verify network reachability and security requirements. We conduct performance testing of on various datasets and compared it with other verification tools. The experiments show that outperforms in modeling and analyzing real VPC scenarios while also possessing the fastest verification speed. It can model and analyze large VPC networks with tens of thousands of components and millions of configuration rules in less than half an hour.

Aochu Dai,Mingsheng Ying

DOI: https://doi.org/10.1007/978-3-031-65633-0_23

2024-01-01

Abstract:We present QReach, the first reachability analysis tool for quantum Markov chains based on decision diagrams CFLOBDD (presented at CAV 2023). QReach provides a novel framework for finding reachable subspaces, as well as a series of model-checking subprocedures like image computation. Experiments indicate its practicality in verification of quantum circuits and algorithms. QReach is expected to play a central role in future quantum model checkers.

Chencheng Tang,Matthias Althoff

DOI: https://doi.org/10.1016/j.ifacol.2023.10.028

2023-07-26

Abstract:Verifying the correct behavior of robots in contact tasks is challenging due to model uncertainties associated with contacts. Standard methods for testing often fall short since all (uncountable many) solutions cannot be obtained. Instead, we propose to formally and efficiently verify robot behaviors in contact tasks using reachability analysis, which enables checking all the reachable states against user-provided specifications. To this end, we extend the state of the art in reachability analysis for hybrid (mixed discrete and continuous) dynamics subject to discrete-time input trajectories. In particular, we present a novel and scalable guard intersection approach to reliably compute the complex behavior caused by contacts. We model robots subject to contacts as hybrid automata in which crucial time delays are included. The usefulness of our approach is demonstrated by verifying safe human-robot interaction in the presence of constrained collisions, which was out of reach for existing methods.

Robotics,Systems and Control

Peter Gjøl Jensen,Stefan Schmid,Morten Konggaard Schou,Jiří Srba,Juan Vanerio,Ingo van Duijn

DOI: https://doi.org/10.1007/978-3-030-88885-5_12

2021-01-01

Abstract:Reachability analysis of pushdown systems is a fundamental problem in model checking that comes with a wide range of applications. We study performance improvements of pushdown reachability analysis and as a case study, we consider the verification of the policy-compliance of MPLS (Multiprotocol Label Switching) networks, an application domain that has recently received much attention. Our main contribution are three techniques that allow us to speed up the state-of-the-art pushdown reachability tools by an order of magnitude. These techniques include the combination of classic pre∗documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$ pre ^*$$end{document} and post∗documentclass[12pt]{minimal}usepackage{amsmath}usepackage{wasysym}usepackage{amsfonts}usepackage{amssymb}usepackage{amsbsy}usepackage{mathrsfs}usepackage{upgreek}setlength{oddsidemargin}{-69pt}egin{document}$$ post ^*$$end{document} saturation algorithms into a dual-search algorithm, an on-the-fly technique for detecting the possibility of early termination, as well as a counter-example guided abstraction refinement technique that improves the performance in particular for the negative instances where the early termination technique is not applicable. As a second contribution, we describe an improved translation of MPLS networks to pushdown systems and demonstrate on an extensive set of benchmarks of real internet wide-area networks the efficiency of our approach.

Mark Wetzlinger,Niklas Kochdumper,Stanley Bak,Matthias Althoff

DOI: https://doi.org/10.1109/TAC.2023.3292008

2024-02-22

Abstract:Reachability analysis is a formal method to guarantee safety of dynamical systems under the influence of uncertainties. A substantial bottleneck of all reachability algorithms is the necessity to adequately tune specific algorithm parameters, such as the time step size, which requires expert knowledge. In this work, we solve this issue with a fully automated reachability algorithm that tunes all algorithm parameters internally such that the reachable set enclosure respects a user-defined approximation error bound in terms of the Hausdorff distance to the exact reachable set. Moreover, this bound can be used to extract an inner-approximation of the reachable set from the outer-approximation using the Minkowski difference. Finally, we propose a novel verification algorithm that automatically refines the accuracy of the outer-approximation and inner-approximation until specifications given by time-varying safe and unsafe sets can be verified or falsified. The numerical evaluation demonstrates that our verification algorithm successfully verifies or falsifies benchmarks from different domains without requiring manual tuning.

Numerical Analysis,Systems and Control

Lei Bu,Jiawan Wang,Yuming Wu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-55089-9_2

2019-01-01

Abstract:Hybrid Automata are a well-known framework used to model hybrid systems, containing both discrete and continuous dynamic behavior. However, reachability analysis of hybrid automata is difficult. Existing work does not scale well to the size of practical problems. This paper gives a review of how we handle the verification of hybrid systems in a path-oriented way. First, we propose a path-oriented bounded reachability analysis method to control the complexity of verification of linear hybrid automata. As we only check the reachability of one path at a time, the resulted state space for each computation is limited and hence can be solved efficiently. Then, we present an infeasible constraint guided path-pruning method to tailor the search space, a shallow synchronization semantics to handle compositional behavior, and a method based on linear temporal logic (LTL) to extend the bounded model checking (BMC) result to an unbounded state space. Such methods and tools are implemented in a tool, BACH, and have been used as the underlying decision procedure of our verification of cyber-physical systems (CPS) and Internet of Things (IoT).

Tianming Zhang,Yunjun Gao,Congzheng Li,Congcong Ge,Wei Guo,Qiang Zhou

DOI: https://doi.org/10.1007/978-3-030-18590-9_55

2019-01-01

Abstract:Reachability querying is one of the most fundamental graph problems, and it has many applications in graph analytics and processing. Although a substantial number of algorithms are proposed, most of them are centralized and cannot scale to massive graphs that are distributed across multiple data centers. In this paper, we study the problem of distributed reachability queries, and present an efficient distributed reachability index, called Parallel Vertex Labeling (PVL), together with two lemmas to accelerate the query. Using real datasets, we demonstrate that our solutions achieve better indexing performance and significantly outperform the state-of-the-art distributed techniques.

Abhiram Singh,Sidharth Sharma,Ashwin Gumaste

2024-09-22

Abstract:We present Vercel, a network verification and automatic fault rectification tool that is based on a computationally tractable, algorithmically expressive, and mathematically aesthetic domain of linear algebra. Vercel works on abstracting out packet headers into standard basis vectors that are used to create a port-specific forwarding matrix $\mathcal{A}$, representing a set of packet headers/prefixes that a router forwards along a port. By equating this matrix $\mathcal{A}$ and a vector $b$ (that represents the set of all headers under consideration), we are able to apply \textit{least squares} (which produces a column rank agnostic solution) to compute which headers are reachable at the destination. Reachability now simply means evaluating if vector $b$ is in the column space of $\mathcal{A}$, which can efficiently be computed using least squares. Further, the use of vector representation and least squares opens new possibilities for understanding network behavior. For example, we are able to map rules, routing policies, what-if scenarios to the fundamental linear algebraic form, $\mathcal{A}x=b$, as well as determine how to configure forwarding tables appropriately. We show Vercel is faster than the state-of-art such as NetPlumber, Veriflow, APKeep, AP Verifier, when measured over diverse datasets. Vercel is almost as fast as Deltanet, when rules are verified in batches and provides better scalability, expressiveness and memory efficiency. A key highlight of Vercel is that while evaluating for reachability, the tool can incorporate intents, and transform these into auto-configurable table entries, implying a recommendation/correction system.

Networking and Internet Architecture

Jingjuan Yu,Yuwei Duan,Ping Luo,Shundong Li

DOI: https://doi.org/10.1109/jiot.2024.3445431

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Any-hop (k-hop) reachability query is one fundamental operation in graph data analysis and its performance affects the efficiency of various tasks in social Internet of Things. As graph data scale increases, data is often outsourced to cloud servers. To protect the privacy of graph data, it is necessary to encrypt the data before outsourcing. Existing schemes can only support privacy-preserving 2-hop reachability queries. Only one scheme can support privacy-preserving k-hop reachability queries, but it discloses topological information and the query results is not verifiable. Most serious deficiency is that its efficiency is not practical. To address these issues, we propose a verifiable strong privacy-preserving k-hop reachability query on encrypted data. This scheme not only supports efficient privacy-preserving k-hop reachability queries without leaking any network topological information but also uses blockchain to achieve verifiability of query results. The security analysis shows that our scheme is secure. Compared to existing k-hop reachability query scheme, our scheme greatly improves query efficiency (at least 6.4∙105× faster when the number of nodes n≥100).

Chen Xin,Sankaranarayanan Sriram

DOI: https://doi.org/10.1007/978-3-031-06773-0_6

2022-01-01

Abstract:Reachability analysis is a fundamental problem in verification that checks for a given model and set of initial states if the system will reach a given set of unsafe states. Its importance lies in the ability to exhaustively explore the behaviors of a model over a finite or infinite time horizon. The problem of reachability analysis for Cyber-Physical Systems (CPS) is especially challenging because it involves reasoning about the continuous states of the system as well as its switching behavior. Each of these two aspects can by itself cause the reachability analysis problem to be undecidable. In this paper, we survey recent progress in this field beginning with the success of hybrid systems with affine dynamics. We then examine the current state-of-the-art for CPS with nonlinear dynamics and those driven by “learning-enabled” components such as neural networks. We conclude with an examination of some promising directions and open challenges.

Lei Bu,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-11319-2_9

2010-01-01

Abstract:Hybrid automata are well-studied formal models for dynamical systems. However, the analysis of hybrid automata is extremely difficult, and even state-of-the-art tools can only analyze systems with few continuous variables and simple dynamics. Because the reachability problem for general hybrid automata is undecidable, we give a path-oriented reachability analysis procedure for a class of nonlinear hybrid automata called convex hybrid automata. Our approach encodes the reachability problem along a path of a convex hybrid automaton as a convex feasibility problem, which can be efficiently solved by off-the-shelf convex solvers, such as CVX. Our path-oriented reachability verification approach can be applied in the frameworks of bounded model checking and counterexample-guided abstraction refinement with the goal of achieving significant performance improvement for this subclass of hybrid automata.

German Sviridov,Zheng Tao Shen,Jorge Cardoso

2024-04-30

Abstract:Virtual Private Cloud (VPC) is the main network abstraction technology used in public cloud systems. VPCs are composed of a set of network services that permit the definition of complex network reachability properties among internal and external cloud entities such as tenants' VMs or some generic internet nodes. Although hiding the underlying complexity through a comprehensible abstraction layer, manually enforcing particular reachability intents in VPC networks is still notably error-prone and complex. In this paper, we propose AutoNet, a new model for assisting cloud tenants in managing reachability-based policies in VPC networks. AutoNet is capable of safely generating incremental VPC configurations while satisfying some metric-based high-level intent defined by the tenants. To achieve this goal, we leverage a MaxSAT-based encoding of the network configuration combined with several optimizations to scale to topologies with thousands of nodes. Our results show that the developed system is capable of achieving a sub-second response time for production VPC deployments while still providing fine-grained control over the generated configurations.

Networking and Internet Architecture

Aurojit Panda,Ori Lahav,Katerina Argyraki,Mooly Sagiv,Scott Shenker

DOI: https://doi.org/10.48550/arXiv.1607.00991

2016-07-05

Abstract:Recent work has made great progress in verifying the forwarding correctness of networks . However, these approaches cannot be used to verify networks containing middleboxes, such as caches and firewalls, whose forwarding behavior depends on previously observed traffic. We explore how to verify reachability properties for networks that include such "mutable datapath" elements. We want our verification results to hold not just for the given network, but also in the presence of failures. The main challenge lies in scaling the approach to handle large and complicated networks, We address by developing and leveraging the concept of slices, which allow network-wide verification to only require analyzing small portions of the network. We show that with slices the time required to verify an invariant on many production networks is independent of the size of the network itself.

Networking and Internet Architecture

Ting Gan,Mingshuai Chen,Yangjia Li,Bican Xia,Naijun Zhan

DOI: https://doi.org/10.1109/ecc.2016.7810321

2016-01-01

Abstract:The reachability problem is one of the most important issues in the verification of hybrid systems. But unfortunately the reachable sets for most of hybrid systems are not computable except for some special families. In our previous work, we identified a family of vector fields, whose state parts are linear with real eigenvalues, while input parts are exponential functions, and proved its reachability problem is decidable. In this paper, we investigate another family of vector fields, whose state parts are linear, but with pure imagine eigenvalues, while input parts are trigonometric functions, and prove its reachability problem is decidable also. To the best of our knowledge, the two families are the largest families of linear vector fields with a decidable reachability problem. In addition, we present an approach on how to abstract general linear dynamical systems to the first family. Comparing with existing abstractions for linear dynamical systems, experimental results indicate that our abstraction is more precise.

Qing Xu,Yicong Liu,Jian Pan,Jiawei Wang,Jianqiang Wang,Keqiang Li

DOI: https://doi.org/10.1109/tie.2022.3165293

IF: 7.7

2022-01-01

IEEE Transactions on Industrial Electronics

Abstract:Connected and autonomous vehicles (CAVs) are expected to operate with safety guarantee in presence of adversaries from the Internet of Vehicles. This article proposes a control method named reachability analysis plus satisfiability modulo theories (RA-SMT) for CAVs against integrity attacks caused by bounded adversary. This method enables vehicles to possess the reach-avoid specification and strict control safety ensurance even in the worst case scenario. The introduction of state-feedback control decomposes the original complex problem into more manageable reachability analysis and adversary-free control strategy optimization. Precisely, zonotope sets are employed for reachability analysis, and the control strategy is optimally solved and verified simultaneously via SMT. This method is applicable to complex traffic scenarios with the help of SMT, which can describe various constraints flexibly and conveniently. Simulation results reveal the effectiveness and safety of the proposed method in the classical car-following scenario against bounded adversary under various conditions. Particularly, RA-SMT exhibits significantly improved control performance (around 16%) and computation efficiency (around 63%) compared with existing methods. Finally, the RA-SMT is implemented on an autonomous driving platform to validate its practicability.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Wenrui Meng,Qiang Liu,Jie Li

DOI: https://doi.org/10.1109/CTRQ.2010.21

2010-01-01

Abstract:Model checking is a well known formal technique for systems verification and its main challenge is state explosion. Assume-guarantee is a promising way to deal with this challenge, but in the compositional reasoning process we should provide assumption for the model to be verified. Traditionally the assumption is given manually, which constrains its practice application. There are some automatic assumption generation ways based learning algorithm which are time consuming and inefficient. In this paper, we will introduce reachability assume-guarantee reasoning for property equal to some target states’ reachability. We will generate assumption automatically in liner time. The key idea of our approach is getting all the conditions what the property verification needs and which are contained in an automaton. And then we condense the automaton to a complete and non-redundant assumption. Finally we verify the assumption automaton on environment model. In our approach, we will improve the efficiency of assume-guarantee reasoning.

Xuandong Li,Sumit Jha Aanand,Lei Bu

DOI: https://doi.org/10.1016/j.entcs.2006.12.023

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:The existing techniques for reachability analysis of linear hybrid automata do not scale well to problem sizes of practical interest. Instead of developing a tool to perform reachability check on all the paths of a linear hybrid automaton, a complementary approach is to develop an efficient path-oriented tool to check one path at a time where the length of the path being checked can be made very large and the size of the automaton can be made large enough to handle problems of practical interest. This approach of symbolic execution of paths can be used by design engineers to check important paths and thereby, increase the faith in the correctness of the system. Unlike simple testing, each path in our framework represents a dense set of possible trajectories of the system being analyzed. In this paper, we develop the linear programming based techniques towards an efficient path-oriented tool for the bounded reachability analysis of linear hybrid systems.

Yushen Huang,Ertai Luo,Stanley Bak,Yifan Sun

2024-06-17

Abstract:In real world applications, uncertain parameters are the rule rather than the exception. We present a reachability algorithm for linear systems with uncertain parameters and inputs using set propagation of polynomial zonotopes. In contrast to previous methods, our approach is able to tightly capture the non-convexity of the reachable set. Building up on our main result, we show how our reachability algorithm can be extended to handle linear time-varying systems as well as linear systems with time-varying parameters. Moreover, our approach opens up new possibilities for reachability analysis of linear time-invariant systems, nonlinear systems, and hybrid systems. We compare our approach to other state of the art methods, with superior tightness on two benchmarks including a 9-dimensional vehicle platooning system. Moreover, as part of the journal extension, we investigate through a polynomial zonotope with special structure named multi-affine zonotopes and its optimization problem. We provide the corresponding optimization algorithm and experiment over the examples obatined from two benchmark systems, showing the efficiency and scalability comparing to the state of the art method for handling such type of set representation.

Systems and Control

Albert Lin,Somil Bansal

2023-06-11

Abstract:Providing formal safety and performance guarantees for autonomous systems is becoming increasingly important. Hamilton-Jacobi (HJ) reachability analysis is a popular formal verification tool for providing these guarantees, since it can handle general nonlinear system dynamics, bounded adversarial system disturbances, and state and input constraints. However, it involves solving a PDE, whose computational and memory complexity scales exponentially with respect to the state dimensionality, making its direct use on large-scale systems intractable. A recently proposed method called DeepReach overcomes this challenge by leveraging a sinusoidal neural PDE solver for high-dimensional reachability problems, whose computational requirements scale with the complexity of the underlying reachable tube rather than the state space dimension. Unfortunately, neural networks can make errors and thus the computed solution may not be safe, which falls short of achieving our overarching goal to provide formal safety assurances. In this work, we propose a method to compute an error bound for the DeepReach solution. This error bound can then be used for reachable tube correction, resulting in a safe approximation of the true reachable tube. We also propose a scenario-based optimization approach to compute a probabilistic bound on this error correction for general nonlinear dynamical systems. We demonstrate the efficacy of the proposed approach in obtaining probabilistically safe reachable tubes for high-dimensional rocket-landing and multi-vehicle collision-avoidance problems.

Robotics,Artificial Intelligence,Machine Learning,Systems and Control