具有过去时态算子的计算树逻辑模型检测

在计算树逻辑(CTL)中引入过去时态算子,得到了表达力更强的属性规约语言CTLP,给出了CTLP 的模型检测算法及其固定点刻画.该算法的复杂性和CTL一样.固定点刻画使得CTLP的符号模型检测过程能够实现,从而有效克服了模型检测中的状态爆炸问题.     

模糊计算树逻辑的符号模型检测

对含有模糊不确定性信息的系统进行模型检测时,状态空间爆炸问题成为了亟待解决的主要问题.将形式化的系统模型用拟布尔公式表示,用多终端二叉决策图来对拟布尔公式进行存储.对模糊计算树逻辑的不动点语义给出了解释和证明,然后给出模糊计算树逻辑的符号化模型检测算法,最后通过一个实例验证算法的正确性.该算法可有效缓解对模糊模型检测验证时的状态空间爆炸问题,并扩展了模型检测的应用范围.     

基于模糊决策过程的模糊计算树逻辑模型检测

针对由数据表述产生的不确定性模糊系统的模型检测问题,给出模糊计算树逻辑模型检测算法。首先,引入模糊决策过程作为此类系统的模型,其最大特点是在迁移过程中对动作的不确定性选择和状态表述的模糊性。然后,在模糊决策过程基础上,给出模糊计算树逻辑的语法和语义。最后,给出模糊计算树逻辑模型检测算法,该算法是将模糊计算树逻辑模型检测问题转换为模糊矩阵的合成运算,其优势是时间复杂度低、计算过程较为简洁。     

具有多值决策过程的广义可能性计算树逻辑模型检测

模型检测是一种自动验证软硬件系统行为的有效技术。为了对包含非确定性信息、不一致信息的并发系统进行形式化验证,在可能性理论、多值逻辑的基础上,研究了具有多值决策过程的广义可能性多值计算树逻辑模型检测算法,及其在检验非确定性系统中的具体应用。首先构造了多值决策过程作为系统模型,用多值计算树逻辑描述系统属性。然后给出具有多值决策过程的广义可能性多值计算树逻辑的模型检测算法,该算法将模型检测的具体问题转换为多项式时间内的模糊矩阵运算。最后就包含非确定性选择的多值系统的模型检测问题,给出一个具体的应用实例。     

广义可能性决策过程的计算树逻辑模型检测

模型检测作为一种形式化验证技术,已被广泛应用于各种并发系统的正确性验证。针对具有非确定性选择和广义可能性分布的并发系统,引入广义可能性决策过程作为此类系统的模型;给出描述其性质的规范语言广义可能性计算树逻辑的概念;研究此类系统的广义可能性计算树逻辑模型检测问题。结论表明,其模型检测算法的时间复杂度也为多项式时间。所获得的结果扩大了广义可能性测度在模型检测中的应用范围。     

Falsification of combined invariance and reachability specifications in hybrid control systems

We propose an abstraction-based method that can be applied to falsify a class of computation tree logic (CTL) specifications that combine invariance and reachability requirements in terms of the discrete state of a hybrid control system. The fragment of CTL that we address is not expressible in ACTL^? (which includes LTL). The method involves applying supervisory control to a finite abstraction of the hybrid system to falsify the specification. For the class of systems that we consider, falsification of the specification implies a flaw in the design of the control and automation logic.     

概率计算树逻辑的限界模型检测

为了缓解概率计算树逻辑模型检测中的状态空间爆炸问题,提出了概率计算树逻辑的限界模型检测技术.该技术首先定义概率计算树逻辑的限界语义,并证明其正确性;之后,通过实例说明在传统限界模型检测中,以路径长度作为判断检测过程终止的标准已经失效,基于数值计算中牛顿迭代法的终止准则,设计了新的终止判断标准;然后提出基于线性方程组求解的限界模型检测算法;最后,通过3个测试用例说明,概率计算树逻辑限界模型检测方法在反例较短的情况下能够快速完成检测过程,而且比概率计算树逻辑的无界模型检测算法所需求得的状态空间要少.     

Efficient model-checking of weighted CTL with upper-bound constraints

We present a symbolic extension of dependency graphs by Liu and Smolka in to model-check weighted Kripke structures against the computation tree logic with upper-bound weight constraints. Our extension introduces a new type of edges into dependency graphs and lifts the computation of fixed-points from boolean domain to nonnegative integers to cope with the weights. We present both global and local algorithms for the fixed-point computation on symbolic dependency graphs and argue for the advantages of our approach compared to the direct encoding of the model-checking problem into dependency graphs. We implement all algorithms in a publicly available tool and evaluate them on several experiments. The principal conclusion is that our local algorithm is the most efficient one with an order of magnitude improvement for model checking problems with a high number of “witnesses”.     

FSM状态间逻辑条件检验的算法研究

有限状态机(FSM)是VLSI控制结构的一种映射,它的自动综合成为设计自动化的一个十分重要的环节和途径。本文讨论在FSM自动综合中输入阶段的状态间逻辑条件检验的问题,研究分析状态间逻辑条件检验的相互关系及影响,并提出了FSM状态间逻辑条件检验的优化算法,从而使时间复杂度降低,实现更加简便。最后,本文给出了优化算法的流程和一些实验结果,结果令人满意。     

Probabilistic synthesis against GR(1) winning condition

Reactive synthesis is a technique for automatic generation of a reactive system from a high level specification. The system is reactive in the sense that it reacts to the inputs from the environment. The specification is in general given as a linear temporal logic (LTL) formula. The behaviour of the system interacting with the environment can be represented as a game in which the system plays against the environment. Thus, a problem of reactive synthesis is commonly treated as solving such a game with the specification as the winning condition. Reactive synthesis has been thoroughly investigated for more two decades. A well-known challenge is to deal with the complex uncertainty of the environment. We understand that a major issue is due to the lack of a sufficient treatment of probabilistic properties in the traditional models. For example, a two-player game defined by a standard Kriple structure does not consider probabilistic transitions in reaction to the uncertain physical environment; and a Markov Decision Process (MDP) in general does not explicitly separate the system from its environment and it does not describe the interaction between system and the environment. In this paper, we propose a new and more general model which combines the two-player game and the MDP. Furthermore, we study probabilistic reactive synthesis for the games of General Reactivity of Rank 1 (i.e., GR(1)) defined in this model. More specifically, we present an algorithm, which for given model M, a location s and a GR(1) specification P, determines the strategy for each player how to maximize/minimize the probabilities of the satisfaction of P at location s. We use an example to describe the model of probabilistic games and demonstrate our algorithm.     

可靠性感知下的虚拟数据中心映射算法

介绍现阶段虚拟数据中心(VDC)映射的研究进展,根据租户对VDC可靠性的需求,提出一种可靠性感知下的VDC映射启发式算法。对于每个VDC,该算法通过限制能放置在同一个服务器上的最大虚拟机数目来保证租户VDC可靠性需求,然后以降低数据中心网络带宽消耗和服务器能耗为主要目标进行VDC映射。其具体做法是:首先将相互之间带宽需求量大的虚拟机合并部署来降低数据中心网络带宽的消耗;然后把合并后的虚拟机优先部署到已开启的服务器上,从而减少开启的服务器数目,降低数据中心的服务器能耗。利用基于胖树结构的数据中心拓扑对提出的算法进行了仿真,结果表明,与2EM算法相比,该算法能够满足租户VDC的可靠性需求,能在不增加额外能耗的前提下最多减少数据中心网络约30%的带宽消耗。     

着色Petri网模型检测工具的扩展及其在Web服务组合中的应用

Web服务组合的形式化描述和验证是一个重要的研究问题.为了更好地完成验证工作,提出了扩展着色Petri网的模型检测方法.首先,在着色Petri网原有的基于CTL的局部模型检测算法基础上,给出了获取模型检测证据/反例的算法,并在着色Petri网模型检测工具--CPN Tools--中使用ML(meta language)语言实现了这些算法,然后将扩展后的CPN模型检测工具应用在Web服务组合的验证问题中.该方法不仅可以验证Web服务组合是否存在逻辑错误,还能告诉用户发生错误的原因,为Web服务组合的验证提供了技术上的保障.实验表明对着色Petri网的模型检测工具的扩展是正确、有效的.     

QoS-aware web service selection with negative selection algorithm

Web service selection, as an important part of web service composition, has direct influence on the quality of composite service. Many works have been carried out to find the efficient algorithms for quality of service (QoS)-aware service selection problem in recent years. In this paper, a negative selection immune algorithm (NSA) is proposed, and as far as we know, this is the first time that NSA is introduced into web service selection problem. Domain terms and operations of NSA are firstly redefined in this paper aiming at QoS-aware service selection problem. NSA is then constructed to demonstrate how to use negative selection principle to solve this question. Thirdly, an inconsistent analysis between local exploitation and global planning is presented, through which a local alteration of a composite service scheme can transfer to the global exploration correctly. It is a general adjusting method and independent to algorithms. Finally, extensive experimental results illustrate that NSA, especially for NSA with consistency weights adjusting strategy (NSA+), significantly outperforms particle swarm optimization and clonal selection algorithm for QoS-aware service selection problem. The superiority of NSA+ over others is more and more evident with the increase of component tasks and related candidate services.     

Synthesis with rational environments

Synthesis is the automated construction of a system from its specification. The system has to satisfy its specification in all possible environments. The environment often consists of agents that have objectives of their own. Thus, it makes sense to soften the universal quantification on the behavior of the environment and take the objectives of its underlying agents into an account. Fisman et al. introduced rational synthesis: the problem of synthesis in the context of rational agents. The input to the problem consists of temporal logic formulas specifying the objectives of the system and the agents that constitute the environment, and a solution concept (e.g., Nash equilibrium). The output is a profile of strategies, for the system and the agents, such that the objective of the system is satisfied in the computation that is the outcome of the strategies, and the profile is stable according to the solution concept; that is, the agents that constitute the environment have no incentive to deviate from the strategies suggested to them. In this paper we continue to study rational synthesis. First, we suggest an alternative definition to rational synthesis, in which the agents are rational but not cooperative. We call such problem strong rational synthesis. In the strong rational synthesis setting, one cannot assume that the agents that constitute the environment take into account the strategies suggested to them. Accordingly, the output is a strategy for the system only, and the objective of the system has to be satisfied in all the compositions that are the outcome of a stable profile in which the system follows this strategy. We show that strong rational synthesis is 2ExpTime-complete, thus it is not more complex than traditional synthesis or rational synthesis. Second, we study a richer specification formalism, where the objectives of the system and the agents are not Boolean but quantitative. In this setting, the objective of the system and the agents is to maximize their outcome. The quantitative setting significantly extends the scope of rational synthesis, making the game-theoretic approach much more relevant. Finally, we enrich the setting to one that allows coalitions of agents that constitute the system or the environment.     

Specifying and Validating Data-Aware Temporal Web Service Properties

Most works that extend workflow validation beyond syntactical checking consider constraints on the sequence of messages exchanged between services. These constraints are expressed only in terms of message names and abstract away their actual data content. We provide examples of real-world "data-aware" Web service constraints where the sequence of messages and their content are interdependent. To this end, we present CTL-FO⁺, an extension over computation tree logic that includes first-order quantification on message content in addition to temporal operators. We show how CTL-FO⁺ is adequate for expressing data-aware constraints, give a sound and complete model checking algorithm for CTL-FO⁺, and establish its complexity to be PSPACE-complete. A "naive" translation of CTL-FO⁺ into CTL leads to a serious exponential blowup of the problem that prevents existing validation tools to be used. We provide an alternate translation of CTL-FO⁺ into CTL, where the construction of the workflow model depends on the property to validate. We show experimentally how this translation is significantly more efficient for complex formulas and makes model checking of data-aware temporal properties on real-world Web service workflows tractable using off-the-shelf tools.     

A method for efficiently executing horn clause programs using multiple processors

Previous investigations have suggested the use of multiple communicating processors for executing logic programs. However, this strategy lacks efficiency due to competition for memory and communication bandwidth, and this is a problem that has been largely neglected. In this paper we propose a realistic model for executing logic programs with low overhead on multiple processors. Our proposal does not involve shared memory or copying computation state between processors. The model organises computations over the nondeterministic proof tree so that different processors explore unique deterministic computation paths independently, in order to exploit the “OR-parallelism” present in a program. We discuss the advantages of this approach over previous ones, and suggest control strategies for making it effective in practice.     

Inductive inference of logic programs based on algebraic semantics

In this paper we present a new inductive inference algorithm for a class of logic programs, calledlinear monadic logic programs. It has several unique features not found in Shapiro’s Model Inference System. It has been proved that a set of trees isrational if and only if it is computed by a linear monadic logic program, and that the rational set of trees is recognized by a tree automaton. Based on these facts, we can reduce the problem of inductive inference of linear monadic logic programs to the problem of inductive inference of tree automata. Further several efficient inference algorithms for finite automata have been developed. We extend them to an inference algorithm for tree automata and use it to get an efficient inductive inference algorithm for linear monadic logic programs. The correctness, time complexity and several comparisons of our algorithm with Model Inference System are shown.     

Pushdown model checking for malware detection

The number of malware is growing extraordinarily fast. Therefore, it is important to have efficient malware detectors. Malware writers try to obfuscate their code by different techniques. Many well-known obfuscation techniques rely on operations on the stack such as inserting dead code by adding useless push and pop instructions, or hiding calls to the operating system, etc. Thus, it is important for malware detectors to be able to deal with the program’s stack. In this study, we propose a new model-checking approach for malware detection that takes into account the behavior of the stack. Our approach consists in: (1) Modeling the program using a pushdown system (PDS). (2) Introducing a new logic, called stack computation tree predicate logic (SCTPL), to represent the malicious behavior. SCTPL can be seen as an extension of the branching-time temporal logic CTL with variables, quantifiers, and predicates over the stack. (3) Reducing the malware detection problem to the model-checking problem of PDSs against SCTPL formulas. We show how our new logic can be used to precisely express malicious behaviors that could not be specified by existing specification formalisms. We then consider the model-checking problem of PDSs against SCTPL specifications. We reduce this problem to emptiness checking in Symbolic Alternating Büchi Pushdown Systems, and we provide an algorithm to solve this problem. We implemented our techniques in a tool and applied it to detect several viruses. Our results are encouraging.     

WISHBONE片上总线符号模型检测

随着多核体系结构的出现和普及,片上总线逐渐成为影响片上系统功能和性能的关键部件.因此,片上总线的验证成为片上系统设计中一个重要组成部分.模型检测作为一种主流的形式化验证方法,可以自动化穷举搜索系统行为以决定片上系统的设计是否满足设计规范.然而,模型检测受制于状态空间爆炸问题,且现有规范语言如计算树逻辑和线性时序逻辑等的描述能力有限.提出了一种基于命题投影时序逻辑的WISHBONE片上总线符号模型检测方法.该方法将以Verilog硬件描述语言实现的WISHBONE总线转化为以NuSMV模型检测工具的建模语言SMV描述的系统模型,使用命题投影时序逻辑描述WISHBONE总线期望的性质,通过PLSMC工具验证系统模型是否满足期望的性质.实验结果表明该方法能够有效验证WISHBONE片上总线的定性性质,以及时间敏感和迭代性等定量性质.