Erika Abraham - Academia.edu (original) (raw)
Papers by Erika Abraham
EPiC series in computing, Jan 23, 2018
The exploitation of solar power for energy supply is of increasing importance. While technical de... more The exploitation of solar power for energy supply is of increasing importance. While technical development mainly takes place in the engineering disciplines, computer science offers adequate techniques for optimization. This work addresses the problem of finding an optimal heliostat field arrangement for a solar tower power plant. We propose a solution to this global, non-convex optimization problem by using an evolutionary algorithm. We show that the convergence rate of a conventional evolutionary algorithm is too slow, such that modifications of the recombination and mutation need to be tailored to the problem. This is achieved with a new genotype representation of the individuals. Experimental results show the applicability of our approach.
HAL (Le Centre pour la Communication Scientifique Directe), Oct 1, 2022
Integrated Formal Methods : 12th International Conference, IFM 2016, Reykjavik, Iceland, June 1-5, 2016, Proceedings
Lecture Notes in Computer Science, Jun 1, 2016
arXiv (Cornell University), Mar 16, 2019
Markov chain analysis is a key technique in formal verification. A practical obstacle is that all... more Markov chain analysis is a key technique in formal verification. A practical obstacle is that all probabilities in Markov models need to be known. However, system quantities such as failure rates or packet loss ratios, etc. are often not-or only partially-known. This motivates considering parametric models with transitions labeled with functions over parameters. Whereas traditional Markov chain analysis relies on a single, fixed set of probabilities, analysing parametric Markov models focuses on synthesising parameter values that establish a given safety or performance specification φ. Examples are: what component failure rates ensure the probability of a system breakdown to be below 0.00000001?, or which failure rates maximise the performance, for instance the throughput, of the system? This paper presents various analysis algorithms for parametric discrete-time Markov chains and Markov decision processes. We focus on three problems: (a) do all parameter values within a given region satisfy φ?, (b) which regions satisfy φ and which ones do not?, and (c) an approximate version of (b) focusing on covering a large fraction of all possible parameter values. We give a detailed account of the various algorithms, present a software tool realising these techniques, and report on an extensive experimental evaluation on benchmarks that span a wide range of applications.
The HyDRA Tool : A Playground for the Development of Hybrid Systems Reachability Analysis Methods
Formal Methods, 2018
Formal Methods, 2018
The automotive industry makes increasing usage of Simulink-based software development. Typically,... more The automotive industry makes increasing usage of Simulink-based software development. Typically, automotive Simulink designs are analyzed using non-formal test methods, which do not guarantee the absence of errors. In contrast, formal verification techniques aim at providing formal guarantees or counterexamples that the analyzed designs fulfill their requirements for all possible inputs and parameters. Therefore, the automotive safety standard ISO 26262 recommends the usage of formal methods in safety-critical software development. In this paper, we report on the application of formal verification to check discrete-time properties of a Simulink model for a park assistant R&D prototype feature using the commercial Simulink Design Verifier tool. During our evaluation, we experienced a gap between the offered functionalities and typical industrial needs, which hindered the successful application of this tool in the context of model-based development. We discuss these issues and propose solutions related to system development, requirements specification and verification tools, in order to prepare the ground for the effective integration of computer-assisted formal verification in automotive Simulink-based development.
Formal Methods for Industrial Critical Systems, 2019
In industrial model-based development (MBD) frameworks, requirements are typically specified info... more In industrial model-based development (MBD) frameworks, requirements are typically specified informally using textual descriptions. To enable the application of formal methods, these specifications need to be formalized in the input languages of all formal tools that should be applied to analyse the models at different development levels. In this paper we propose a unified approach for the computer-assisted formal specification of requirements and their fully automated translation into the specification languages of different verification tools. We consider a two-stage MBD scenario where first Simulink models are developed from which executable code is generated automatically. We (i) propose a specification language and a prototypical tool for the formal but still textual specification of requirements, (ii) show how these requirements can be translated automatically into the input languages of Simulink Design Verifier for verification of Simulink models and BTC EmbeddedValidator for source code verification, and (iii) show how our unified framework enables besides automated formal verification also the automated generation of test cases.
There is a wide range of decision procedures available for solving the existential fragment of fi... more There is a wide range of decision procedures available for solving the existential fragment of first order theory of linear real algebra (QFLRA). However, for formulas of the theory of quantifier-free nonlinear real arithmetic (QFNRA), which are much harder to solve, there are only few decision procedures (the lower bound for complete solvers is exponential). The context this thesis is settled in is the software project SMT-RAT, a software framework for SAT Modulo Theories (SMT) solving. SMT solving is a combination of a SAT solver, which checks the Boolean skeleton of a given input formula and a theory solver, which handles the involved theory constraints. SMT-RAT maintains different complete and incomplete solving modules and allows to combine several modules to operate as a theory solver. Interval constraint propagation (ICP) is an incomplete decision procedure to efficiently reduce the domain of a set of variables with respect to a conjunction of polynomial constraints. The goal...
Essays Dedicated to Frank de Boer on Theory and Practice of Formal Methods - Volume 9660
Many systems that are subject to verification give rise to probabilities; examples include random... more Many systems that are subject to verification give rise to probabilities; examples include randomized distributed algorithms, security, systems biology, or embedded systems. State-of-the-art probabilistic model checkers like PRISM [7] mostly work under the assumption that all model probabilities are a priori known. However, at early development stages, certain system quantities require parametric probabilistic models to be specified, where transition probabilities are given by real-valued parameters. Here, we focus on so-called parametric Markov chains (pMC), see Figure 1(a). The model checking goal is to compute rational functions, i. e., a fraction of polynomials
Theory and Practice of Formal Methods : Essays Dedicated to Frank de Boer on the Occasion of His 60th Birthday
This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th... more This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th birthday. Frank S. de Boer is a prominent member of the research community in formal methods and theoretical computer science. A brief look at his lengthy publication list reveals a broad area of interest and a versatile modus operandi with: logic and constraint programming; deductive proof systems, soundness, and completeness; semantics, compositionality, and full abstraction; process algebra and decidability; multithreading and actor-based concurrency; agent programming, ontologies, and modal logic; real-time systems, timed automata, and schedulability; enterprise architectures, choreography, and coordination; testing and runtime monitoring; and cloud computing and service-level agreements. For a while, he also liked failures, especially in semantics, and optimistically concluded with the failure of failures. In fact, Frank has an opportunistic approach to research. Rather than seeing...
A Transformation of Hybrid Petri Nets with Stochastic Firings into a Subclass of Stochastic Hybrid Automata
Lecture Notes in Computer Science, 2020
We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a ... more We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a subclass of Stochastic Hybrid Automata (SHA), thereby making HPnGs amenable to techniques from that domain. While (non-stochastic) Hybrid Petri nets have previously been transformed into Hybrid Automata, we consider also stochastic aspects and transform HPnGs into Singular Automata, which are Hybrid Automata restricted to piecewise constant derivatives for continuous variables, extended by random clocks. We implemented our transformation and show its usefulness by comparing results for time-bounded reachability for HPnGs extended with non-determinism on the one hand, and for the transformed SHAs using the ProHVer tool on the other hand.
Probabilistic Hyperproperties
Electronic Proceedings in Theoretical Computer Science, 2020
ACM Communications in Computer Algebra, 2017
Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but the... more Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but they share common interests in the development, implementation and application of decision procedures for arithmetic theories. Despite these commonalities, the two communities are currently only weakly connected. We introduce a new project SC 2 to build a joint community in this area, supported by a newly accepted EU (H2020-FETOPEN-CSA) project of the same name. We aim to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap. This abstract and accompanying poster describes the motivation and aims for the project, and reports on the first activities.
Lecture Notes in Computer Science, 2017
In this tool paper we introduce HyPro, our free and opensource C++ programming library, which off... more In this tool paper we introduce HyPro, our free and opensource C++ programming library, which offers implementations for the most prominent state set representations used by flowpipe-constructionbased reachability analysis techniques for hybrid systems.
Information Systems Frontiers, 2016
In this paper we address the safety analysis of chemical plants controlled by programmable logic ... more In this paper we address the safety analysis of chemical plants controlled by programmable logic controllers (PLCs). We consider a specification of the control program of the PLCs, extended with the specification of the dynamic plant behavior. The resulting hybrid models can be transformed to hybrid automata, for which advanced techniques for reachability analysis exist. However, the hybrid automata models are often too large to be analyzed. We propose two counterexample-guided abstraction refinement (CEGAR) approaches to keep the size of the hybrid models moderate.
Lecture Notes in Computer Science, 2016
The Aeolus component model has been introduced to formally address the problem of automatic deplo... more The Aeolus component model has been introduced to formally address the problem of automatic deployment of complex distributed component systems. In the general setting, the task of checking if a distributed application can be deployed is an undecidable problem. However, the current undecidability proof in Aeolus assumes the possibility to perform in a synchronized way atomic configuration actions on a set of interdependent components: this feature is usually not supported by deployment frameworks. In this paper we prove that even without synchronized configuration actions the Aeolus component model is still Turing complete. On the contrary, we show that other Aeolus features like capacity constraints and conflicts are necessary: if we remove the former the deployment problem becomes non-primitive recursive, while in the latter it becomes poly-time. Supported by the EU projects FP7-610582 Envisage: Engineering Virtualized Services (http://www.envisage-project.eu) and FP7-644298 Hy-Var: Scalable Hybrid Variability for Distributed, Evolving Software Systems (http://www.hyvar-project.eu).
Lecture Notes in Computer Science, 2015
Cyber Physical Systems. Design, Modeling, and Evaluation, 2015
Latest developments brought interesting theoretical results and powerful tools for the reachabili... more Latest developments brought interesting theoretical results and powerful tools for the reachability analysis of hybrid systems. However, there are still challenging problems to be solved in order to make those technologies applicable to large-scale applications in industrial context. To support this development, in this paper we give a brief overview of available algorithms and tools, and point out some of their individual characteristics regarding various properties which are crucial for the verification of hybrid systems. We present exemplary evaluations on three benchmarks to motivate the need for further development and discuss some of the main challenges for future research in this area.
Advances in Intelligent Systems and Computing, 2015
In this paper we address the safety analysis of chemical plants controlled by programmable logic ... more In this paper we address the safety analysis of chemical plants controlled by programmable logic controllers (PLCs). We consider sequential function charts (SFCs) for the programming of the PLCs, extended with the specication of the dynamic plant behavior. The resulting hybrid SFC models can be transformed to hybrid automata, opening the way to the application of advanced techniques for their reachability analysis. However, the hybrid automata models are often too large to be analyzed. To keep the size of the models moderate, we propose a counterexample-guided abstraction renement (CEGAR) approach, which starts with the purely discrete SFC model of the controller and extends it with those parts of the dynamic behavior, which are relevant for proving or disproving safety. Our algorithm can deal with urgent locations and transitions, and non-convex invariants. We integrated the CEGAR approach in the analysis tool SpaceEx and present an example.
EPiC series in computing, Jan 23, 2018
The exploitation of solar power for energy supply is of increasing importance. While technical de... more The exploitation of solar power for energy supply is of increasing importance. While technical development mainly takes place in the engineering disciplines, computer science offers adequate techniques for optimization. This work addresses the problem of finding an optimal heliostat field arrangement for a solar tower power plant. We propose a solution to this global, non-convex optimization problem by using an evolutionary algorithm. We show that the convergence rate of a conventional evolutionary algorithm is too slow, such that modifications of the recombination and mutation need to be tailored to the problem. This is achieved with a new genotype representation of the individuals. Experimental results show the applicability of our approach.
HAL (Le Centre pour la Communication Scientifique Directe), Oct 1, 2022
Integrated Formal Methods : 12th International Conference, IFM 2016, Reykjavik, Iceland, June 1-5, 2016, Proceedings
Lecture Notes in Computer Science, Jun 1, 2016
arXiv (Cornell University), Mar 16, 2019
Markov chain analysis is a key technique in formal verification. A practical obstacle is that all... more Markov chain analysis is a key technique in formal verification. A practical obstacle is that all probabilities in Markov models need to be known. However, system quantities such as failure rates or packet loss ratios, etc. are often not-or only partially-known. This motivates considering parametric models with transitions labeled with functions over parameters. Whereas traditional Markov chain analysis relies on a single, fixed set of probabilities, analysing parametric Markov models focuses on synthesising parameter values that establish a given safety or performance specification φ. Examples are: what component failure rates ensure the probability of a system breakdown to be below 0.00000001?, or which failure rates maximise the performance, for instance the throughput, of the system? This paper presents various analysis algorithms for parametric discrete-time Markov chains and Markov decision processes. We focus on three problems: (a) do all parameter values within a given region satisfy φ?, (b) which regions satisfy φ and which ones do not?, and (c) an approximate version of (b) focusing on covering a large fraction of all possible parameter values. We give a detailed account of the various algorithms, present a software tool realising these techniques, and report on an extensive experimental evaluation on benchmarks that span a wide range of applications.
The HyDRA Tool : A Playground for the Development of Hybrid Systems Reachability Analysis Methods
Formal Methods, 2018
Formal Methods, 2018
The automotive industry makes increasing usage of Simulink-based software development. Typically,... more The automotive industry makes increasing usage of Simulink-based software development. Typically, automotive Simulink designs are analyzed using non-formal test methods, which do not guarantee the absence of errors. In contrast, formal verification techniques aim at providing formal guarantees or counterexamples that the analyzed designs fulfill their requirements for all possible inputs and parameters. Therefore, the automotive safety standard ISO 26262 recommends the usage of formal methods in safety-critical software development. In this paper, we report on the application of formal verification to check discrete-time properties of a Simulink model for a park assistant R&D prototype feature using the commercial Simulink Design Verifier tool. During our evaluation, we experienced a gap between the offered functionalities and typical industrial needs, which hindered the successful application of this tool in the context of model-based development. We discuss these issues and propose solutions related to system development, requirements specification and verification tools, in order to prepare the ground for the effective integration of computer-assisted formal verification in automotive Simulink-based development.
Formal Methods for Industrial Critical Systems, 2019
In industrial model-based development (MBD) frameworks, requirements are typically specified info... more In industrial model-based development (MBD) frameworks, requirements are typically specified informally using textual descriptions. To enable the application of formal methods, these specifications need to be formalized in the input languages of all formal tools that should be applied to analyse the models at different development levels. In this paper we propose a unified approach for the computer-assisted formal specification of requirements and their fully automated translation into the specification languages of different verification tools. We consider a two-stage MBD scenario where first Simulink models are developed from which executable code is generated automatically. We (i) propose a specification language and a prototypical tool for the formal but still textual specification of requirements, (ii) show how these requirements can be translated automatically into the input languages of Simulink Design Verifier for verification of Simulink models and BTC EmbeddedValidator for source code verification, and (iii) show how our unified framework enables besides automated formal verification also the automated generation of test cases.
There is a wide range of decision procedures available for solving the existential fragment of fi... more There is a wide range of decision procedures available for solving the existential fragment of first order theory of linear real algebra (QFLRA). However, for formulas of the theory of quantifier-free nonlinear real arithmetic (QFNRA), which are much harder to solve, there are only few decision procedures (the lower bound for complete solvers is exponential). The context this thesis is settled in is the software project SMT-RAT, a software framework for SAT Modulo Theories (SMT) solving. SMT solving is a combination of a SAT solver, which checks the Boolean skeleton of a given input formula and a theory solver, which handles the involved theory constraints. SMT-RAT maintains different complete and incomplete solving modules and allows to combine several modules to operate as a theory solver. Interval constraint propagation (ICP) is an incomplete decision procedure to efficiently reduce the domain of a set of variables with respect to a conjunction of polynomial constraints. The goal...
Essays Dedicated to Frank de Boer on Theory and Practice of Formal Methods - Volume 9660
Many systems that are subject to verification give rise to probabilities; examples include random... more Many systems that are subject to verification give rise to probabilities; examples include randomized distributed algorithms, security, systems biology, or embedded systems. State-of-the-art probabilistic model checkers like PRISM [7] mostly work under the assumption that all model probabilities are a priori known. However, at early development stages, certain system quantities require parametric probabilistic models to be specified, where transition probabilities are given by real-valued parameters. Here, we focus on so-called parametric Markov chains (pMC), see Figure 1(a). The model checking goal is to compute rational functions, i. e., a fraction of polynomials
Theory and Practice of Formal Methods : Essays Dedicated to Frank de Boer on the Occasion of His 60th Birthday
This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th... more This Festschrift volume has been published in honor of Frank de Boer, on the occasion of his 60th birthday. Frank S. de Boer is a prominent member of the research community in formal methods and theoretical computer science. A brief look at his lengthy publication list reveals a broad area of interest and a versatile modus operandi with: logic and constraint programming; deductive proof systems, soundness, and completeness; semantics, compositionality, and full abstraction; process algebra and decidability; multithreading and actor-based concurrency; agent programming, ontologies, and modal logic; real-time systems, timed automata, and schedulability; enterprise architectures, choreography, and coordination; testing and runtime monitoring; and cloud computing and service-level agreements. For a while, he also liked failures, especially in semantics, and optimistically concluded with the failure of failures. In fact, Frank has an opportunistic approach to research. Rather than seeing...
A Transformation of Hybrid Petri Nets with Stochastic Firings into a Subclass of Stochastic Hybrid Automata
Lecture Notes in Computer Science, 2020
We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a ... more We present a transformation of Hybrid Petri nets extended with stochastic firings (HPnGs) into a subclass of Stochastic Hybrid Automata (SHA), thereby making HPnGs amenable to techniques from that domain. While (non-stochastic) Hybrid Petri nets have previously been transformed into Hybrid Automata, we consider also stochastic aspects and transform HPnGs into Singular Automata, which are Hybrid Automata restricted to piecewise constant derivatives for continuous variables, extended by random clocks. We implemented our transformation and show its usefulness by comparing results for time-bounded reachability for HPnGs extended with non-determinism on the one hand, and for the transformed SHAs using the ProHVer tool on the other hand.
Probabilistic Hyperproperties
Electronic Proceedings in Theoretical Computer Science, 2020
ACM Communications in Computer Algebra, 2017
Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but the... more Symbolic Computation and Satisfiability Checking are viewed as individual research areas, but they share common interests in the development, implementation and application of decision procedures for arithmetic theories. Despite these commonalities, the two communities are currently only weakly connected. We introduce a new project SC 2 to build a joint community in this area, supported by a newly accepted EU (H2020-FETOPEN-CSA) project of the same name. We aim to strengthen the connection between these communities by creating common platforms, initiating interaction and exchange, identifying common challenges, and developing a common roadmap. This abstract and accompanying poster describes the motivation and aims for the project, and reports on the first activities.
Lecture Notes in Computer Science, 2017
In this tool paper we introduce HyPro, our free and opensource C++ programming library, which off... more In this tool paper we introduce HyPro, our free and opensource C++ programming library, which offers implementations for the most prominent state set representations used by flowpipe-constructionbased reachability analysis techniques for hybrid systems.
Information Systems Frontiers, 2016
In this paper we address the safety analysis of chemical plants controlled by programmable logic ... more In this paper we address the safety analysis of chemical plants controlled by programmable logic controllers (PLCs). We consider a specification of the control program of the PLCs, extended with the specification of the dynamic plant behavior. The resulting hybrid models can be transformed to hybrid automata, for which advanced techniques for reachability analysis exist. However, the hybrid automata models are often too large to be analyzed. We propose two counterexample-guided abstraction refinement (CEGAR) approaches to keep the size of the hybrid models moderate.
Lecture Notes in Computer Science, 2016
The Aeolus component model has been introduced to formally address the problem of automatic deplo... more The Aeolus component model has been introduced to formally address the problem of automatic deployment of complex distributed component systems. In the general setting, the task of checking if a distributed application can be deployed is an undecidable problem. However, the current undecidability proof in Aeolus assumes the possibility to perform in a synchronized way atomic configuration actions on a set of interdependent components: this feature is usually not supported by deployment frameworks. In this paper we prove that even without synchronized configuration actions the Aeolus component model is still Turing complete. On the contrary, we show that other Aeolus features like capacity constraints and conflicts are necessary: if we remove the former the deployment problem becomes non-primitive recursive, while in the latter it becomes poly-time. Supported by the EU projects FP7-610582 Envisage: Engineering Virtualized Services (http://www.envisage-project.eu) and FP7-644298 Hy-Var: Scalable Hybrid Variability for Distributed, Evolving Software Systems (http://www.hyvar-project.eu).
Lecture Notes in Computer Science, 2015
Cyber Physical Systems. Design, Modeling, and Evaluation, 2015
Latest developments brought interesting theoretical results and powerful tools for the reachabili... more Latest developments brought interesting theoretical results and powerful tools for the reachability analysis of hybrid systems. However, there are still challenging problems to be solved in order to make those technologies applicable to large-scale applications in industrial context. To support this development, in this paper we give a brief overview of available algorithms and tools, and point out some of their individual characteristics regarding various properties which are crucial for the verification of hybrid systems. We present exemplary evaluations on three benchmarks to motivate the need for further development and discuss some of the main challenges for future research in this area.
Advances in Intelligent Systems and Computing, 2015
In this paper we address the safety analysis of chemical plants controlled by programmable logic ... more In this paper we address the safety analysis of chemical plants controlled by programmable logic controllers (PLCs). We consider sequential function charts (SFCs) for the programming of the PLCs, extended with the specication of the dynamic plant behavior. The resulting hybrid SFC models can be transformed to hybrid automata, opening the way to the application of advanced techniques for their reachability analysis. However, the hybrid automata models are often too large to be analyzed. To keep the size of the models moderate, we propose a counterexample-guided abstraction renement (CEGAR) approach, which starts with the purely discrete SFC model of the controller and extends it with those parts of the dynamic behavior, which are relevant for proving or disproving safety. Our algorithm can deal with urgent locations and transitions, and non-convex invariants. We integrated the CEGAR approach in the analysis tool SpaceEx and present an example.