Alur, Rajeev

Email Address
Research Projects
Organizational Units
Research Interests

Search Results

Now showing 1 - 10 of 93
  • Publication
    Regular Specifications of Resource Requirements for Embedded Control Software
    (2008-04-01) Alur, Rajeev; Weiss, Gera
    For embedded control systems, a schedule for the allocation of resources to a software component can be described by an infinite word whose ith symbol models the resources used at the ith sampling interval. Dependency of performance on schedules can be formally modeled by an automaton (w-regular language) which captures all the schedules that keep the system within performance requirements. We show how such an automaton is constructed for linear control designs and exponential stability or settling time performance requirements. Then, we explore the use of the automaton for online scheduling and for schedulability analysis. As a case study, we examine how this approach can be applied for the LQG control design. We demonstrate, by examples, that online schedulers can be used to guarantee performance in worst-case condition together with good performance in normal conditions. We also provide examples of schedulability analysis.
  • Publication
    Nondeterministic Streaming String Transducers
    (2011-07-01) Alur, Rajeev; Deshmukh, Jyotirmoy
    We introduce nondeterministic streaming string transducers (NSSTs) { a new computational model that can implement MSO-definable relations between strings. An NSST makes a single left-to-right pass on the input string and uses a finite set of string variables to compute the output. In each step, it reads one input symbol, and updates its string variables in parallel with a copyless assignment.We show that the expressive power of NSST coincides with that of nondeterministic MSO-definable transductions. Further, we identify the class of functional NSST; these allow nondeterministic transitions, but for every successful run on a given input generates the same output string. We show that deciding functionality of an arbitrary NSST is decidable with PSPACE complexity, while the equivalence problem for functional NSST is PSPACE-complete. We also show that checking if the set of outputs of an NSST is contained within the set of outputs of a finite number of DSSTs is decidable in PSPACE.
  • Publication
    Algorithmic Analysis of Array-Accessing Programs
    (2008-12-03) Alur, Rajeev; Weinstein, Scott; Cerný, Pavol
    For programs whose data variables range over Boolean or finite domains, program verification is decidable, and this forms the basis of recent tools for software model checking. In this paper, we consider algorithmic verification of programs that use Boolean variables, and in addition, access a single array whose length is potentially unbounded, and whose elements range over pairs from Σ × D, where Σ is a finite alphabet and D is a potentially unbounded data domain. We show that the reachability problem, while undecidable in general, is (1) Pspace-complete for programs in which the array-accessing for-loops are not nested, (2) solvable in Ex-pspace for programs with arbitrarily nested loops if array elements range over a finite data domain, and (3) decidable for a restricted class of programs with doubly-nested loops. The third result establishes connections to automata and logics defining languages over data words.
  • Publication
    Streaming Tree Transducers
    (2012-07-01) Alur, Rajeev; D'Antoni, Loris
    Theory of tree transducers provides a foundation for understanding expressiveness and complexity of analysis problems for specification languages for transforming hierarchically structured data such as XML documents. We introduce streaming tree transducers as an analyzable, executable, and expressive model for transforming unranked ordered trees (and hedges) in a single pass. Given a linear encoding of the input tree, the transducer makes a single left-to-right pass through the input, and computes the output in linear time using a finite-state control, a visibly pushdown stack, and a finite number of variables that store output chunks that can be combined using the operations of string-concatenation and tree-insertion. We prove that the expressiveness of the model coincides with transductions definable using monadic second-order logic (MSO). Existing models of tree transducers either cannot implement all MSO-definable transformations, or require regular look ahead that prohibits single-pass implementation. We show a variety of analysis problems such as type-checking and checking functional equivalence are decidable for our model.
  • Publication
    Membership Questions for Timed and Hybrid Automata
    (1998) Alur, Rajeev; Kurshan, R. P; Viswanathan, M.
    Timed and hybrid automata are extensions of finite-state machines for formal modeling of embedded systems with both discrete and continuous components. Reachability problems for these automata are well studied and have been implemented in verification tools. In this paper, for the purpose of effective error reporting and testing, we consider the membership problems for such automata. We consider different types of membership problems depending on whether the path (i.e. edge-sequence), or the trace (i.e. event-sequence), or the timed trace (i.e. timestamped event-sequence), is specified. We give comprehensive results regarding the complexity of these membership questions for different types of automata, such as timed automata and linear hybrid automata, with and without ε-transitions. In particular, we give an efficient O (n.m2) algorithm for generating timestamps corresponding a path of length n in a timed automaton with m clocks. This algorithm is implemented in the verifier COSPAN to improve its diagnostic feedback during timing verification. Second, we show that for automata without ε-transitions, the membership question is NP-complete for different types of automata whether or not the timestamps are specified along with the trace. Third, we show that for automata with ε-transitions, the membership question is as hard as the reachability question even for timed traces: it is PSPACE-complete for timed automata, and undecidable for slight generalizations.
  • Publication
    Symbolic Analysis of GSMP Models With One Stateful Clock
    (2007-04-03) Bernadsky, Mikhail; Alur, Rajeev
    We consider the problem of verifying reachability properties of stochastic real-time systems modeled as generalized semi-Markov processes (GSMPs). The standard simulation-based techniques for GSMPs are not adequate for solving verification problems, and existing symbolic techniques either require memoryless distributions for firing times, or approximate the problem using discrete time or bounded horizon. In this paper, we present a symbolic solution for the case where firing times are random variables over a rich class of distributions, but only one event is allowed to retain its firing time when a discrete change occurs. The solution allows us to compute the probability that such a GSMP satisfies a property of the form “can the system reach a target, while staying within a set of safe states”. We report on illustrative examples and their analysis using our procedure.
  • Publication
    On Omega-Languages Defined by Mean-Payoff Conditions
    (2009-03-01) Alur, Rajeev; Degorre, Aldric; Weiss, Gera; Maler, Oded
    In quantitative verification, system states/transitions have associated payoffs, and these are used to associate mean-payoffs with infinite behaviors. In this paper, we propose to define ω-languages via Boolean queries over mean-payoffs. Requirements concerning averages such as “the number of messages lost is negligible” are not ω-regular, but specifiable in our framework. We show that, for closure under intersection, one needs to consider multi-dimensional payoffs. We argue that the acceptance condition needs to examine the set of accumulation points of sequences of mean-payoffs of prefixes, and give a precise characterization of such sets. We propose the class of multi-threshold mean-payoff languages using acceptance conditions that are Boolean combinations of inequalities comparing the minimal or maximal accumulation point along some coordinate with a constant threshold. For this class of languages, we study expressiveness, closure properties, analyzability, and Borel complexity.
  • Publication
    Preserving Secrecy Under Refinement
    (2006-06-29) Alur, Rajeev; Zdancewic, Stephan A; Cerný, Pavol
    We propose a general framework of secrecy and preservation of secrecy for labeled transition systems. Our definition of secrecy is parameterized by the distinguishing power of the observer, the properties to be kept secret, and the executions of interest, and captures a multitude of definitions in the literature. We define a notion of secrecy preserving refinement between systems by strengthening the classical trace-based refinement so that the implementation leaks a secret only when the specification also leaks it. We show that secrecy is in general not definable in µ-calculus, and thus not expressible in specification logics supported by standard model-checkers. However, we develop a simulation-based proof technique for establishing secrecy preserving refinement. This result shows how existing refinement checkers can be used to show correctness of an implementation with respect to a specification.
  • Publication
    Ranking Automata and Games for Prioritized Requirements
    (2008-07-01) Alur, Rajeev; Weiss, Gera; Kanade, Aditya
    Requirements of reactive systems are usually specified by classifying system executions as desirable and undesirable. To specify prioritized requirements, we propose to associate a rank with each execution. This leads to optimization analogs of verification and synthesis problems in which we compute the "best" requirement that can be satisfied or enforced from a given state. The classical definitions of acceptance criteria for automata can be generalized to ranking conditions. In particular, given a mapping of states to colors, the Büchi ranking condition maps an execution to the highest color visited infinitely often by the execution, and the cyclic ranking condition with cycle k maps an execution to the modulo-k value of the highest color repeating infinitely often. The well-studied parity acceptance condition is a special case of cyclic ranking with cycle 2, and we show that the cyclic ranking condition can specify all ω-regular ranking functions. We show that the classical characterizations of acceptance conditions by fixpoints over sets generalize to characterizations of ranking conditions by fixpoints over an appropriately chosen lattice of coloring functions. This immediately leads to symbolic algorithms for solving verification and synthesis problems. Furthermore, the precise complexity of a decision problem for ranking conditions is no more than the corresponding acceptance version, and in particular, we show how to solve Büchi ranking games in quadratic time.
  • Publication
    Verisig: verifying safety properties of hybrid systems with neural network controllers
    (2019-04-01) Ivanov, Radoslav; Weimer, James; Alur, Rajeev; Pappas, George J.; Lee, Insup
    This paper presents Verisig, a hybrid system approach to verifying safety properties of closed-loop systems using neural networks as controllers. We focus on sigmoid-based networks and exploit the fact that the sigmoid is the solution to a quadratic differential equation, which allows us to transform the neural network into an equivalent hybrid system. By composing the network’s hybrid system with the plant’s, we transform the problem into a hybrid system verification problem which can be solved using state-of-theart reachability tools. We show that reachability is decidable for networks with one hidden layer and decidable for general networks if Schanuel’s conjecture is true. We evaluate the applicability and scalability of Verisig in two case studies, one from reinforcement learning and one in which the neural network is used to approximate a model predictive controller.