-
Certifying Phase Abstraction
Authors:
Nils Froleyks,
Emily Yu,
Armin Biere,
Keijo Heljanko
Abstract:
Certification helps to increase trust in formal verification of safety-critical systems which require assurance on their correctness. In hardware model checking, a widely used formal verification technique, phase abstraction is considered one of the most commonly used preprocessing techniques. We present an approach to certify an extended form of phase abstraction using a generic certificate forma…
▽ More
Certification helps to increase trust in formal verification of safety-critical systems which require assurance on their correctness. In hardware model checking, a widely used formal verification technique, phase abstraction is considered one of the most commonly used preprocessing techniques. We present an approach to certify an extended form of phase abstraction using a generic certificate format. As in earlier works our approach involves constructing a witness circuit with an inductive invariant property that certifies the correctness of the entire model checking process, which is then validated by an independent certificate checker. We have implemented and evaluated the proposed approach including certification for various preprocessing configurations on hardware model checking competition benchmarks. As an improvement on previous work in this area, the proposed method is able to efficiently complete certification with an overhead of a fraction of model checking time.
△ Less
Submitted 7 May, 2024;
originally announced May 2024.
-
Stratified Certification for k-Induction
Authors:
Emily Yu,
Nils Froleyks,
Armin Biere,
Keijo Heljanko
Abstract:
Our recently proposed certification framework for bit-level k-induction-based model checking has been shown to be quite effective in increasing the trust of verification results even though it partially involved quantifier reasoning. In this paper we show how to simplify the approach by assuming reset functions to be stratified. This way it can be lifted to word-level and in principle to other the…
▽ More
Our recently proposed certification framework for bit-level k-induction-based model checking has been shown to be quite effective in increasing the trust of verification results even though it partially involved quantifier reasoning. In this paper we show how to simplify the approach by assuming reset functions to be stratified. This way it can be lifted to word-level and in principle to other theories where quantifier reasoning is difficult. Our new method requires six simple SAT checks and one polynomial-time check, allowing certification to remain in co-NP while the previous approach required five SAT checks and one QBF check. Experimental results show a substantial performance gain for our new approach. Finally, we present and evaluate our new tool Certifaiger-wl which is able to certify k-induction-based word-level model checking.
△ Less
Submitted 2 August, 2022;
originally announced August 2022.
-
CEFIoT: A Fault-Tolerant IoT Architecture for Edge and Cloud
Authors:
Asad Javed,
Keijo Heljanko,
Andrea Buda,
Kary Främling
Abstract:
Internet of Things (IoT), the emerging computing infrastructure that refers to the networked interconnection of physical objects, incorporates a plethora of digital systems that are being developed by means of a large number of applications. Many of these applications administer data collection on the edge and offer data storage and analytics capabilities in the cloud. This raises the following pr…
▽ More
Internet of Things (IoT), the emerging computing infrastructure that refers to the networked interconnection of physical objects, incorporates a plethora of digital systems that are being developed by means of a large number of applications. Many of these applications administer data collection on the edge and offer data storage and analytics capabilities in the cloud. This raises the following problems: (i) the processing stages in IoT applications need to have separate implementations for both the edge and the cloud, (ii) the placement of computation is inflexible with separate software stacks, as the optimal deployment decisions need to be made at runtime, and (iii) unified fault tolerance is essential in case of intermittent long-distance network connectivity problems, malicious harming of edge devices, or harsh environments. This paper proposes a novel fault-tolerant architecture CEFIoT for IoT applications by adopting state-of-the-art cloud technologies and deploying them also for edge computing. We solve the data fault tolerance issue by exploiting the Apache Kafka publish/subscribe platform as the unified high-performance data replication solution offering a common software stack for both the edge and the cloud. We also deploy Kubernetes for fault-tolerant management and the advanced functionality allowing on-the-fly automatic reconfiguration of the processing pipeline to handle both hardware and network connectivity based failures.
△ Less
Submitted 23 January, 2020;
originally announced January 2020.
-
Exploiting Event Log Event Attributes in RNN Based Prediction
Authors:
Markku Hinkka,
Teemu Lehto,
Keijo Heljanko
Abstract:
In predictive process analytics, current and historical process data in event logs is used to predict the future, e.g., to predict the next activity or how long a process will still require to complete. Recurrent neural networks (RNN) and its subclasses have been demonstrated to be well suited for creating prediction models. Thus far, event attributes have not been fully utilized in these models.…
▽ More
In predictive process analytics, current and historical process data in event logs is used to predict the future, e.g., to predict the next activity or how long a process will still require to complete. Recurrent neural networks (RNN) and its subclasses have been demonstrated to be well suited for creating prediction models. Thus far, event attributes have not been fully utilized in these models. The biggest challenge in exploiting them in prediction models is the potentially large amount of event attributes and attribute values. We present a novel clustering technique that allows for trade-offs between prediction accuracy and the time needed for model training and prediction. As an additional finding, we also find that this clustering method combined with having raw event attribute values in some cases provides even better prediction accuracy at the cost of additional time required for training and prediction.
△ Less
Submitted 15 January, 2020; v1 submitted 15 April, 2019;
originally announced April 2019.
-
Classifying Process Instances Using Recurrent Neural Networks
Authors:
Markku Hinkka,
Teemu Lehto,
Keijo Heljanko,
Alexander Jung
Abstract:
Process Mining consists of techniques where logs created by operative systems are transformed into process models. In process mining tools it is often desired to be able to classify ongoing process instances, e.g., to predict how long the process will still require to complete, or to classify process instances to different classes based only on the activities that have occurred in the process inst…
▽ More
Process Mining consists of techniques where logs created by operative systems are transformed into process models. In process mining tools it is often desired to be able to classify ongoing process instances, e.g., to predict how long the process will still require to complete, or to classify process instances to different classes based only on the activities that have occurred in the process instance thus far. Recurrent neural networks and its subclasses, such as Gated Recurrent Unit (GRU) and Long Short-Term Memory (LSTM), have been demonstrated to be able to learn relevant temporal features for subsequent classification tasks. In this paper we apply recurrent neural networks to classifying process instances. The proposed model is trained in a supervised fashion using labeled process instances extracted from event log traces. This is the first time we know of GRU having been used in classifying business process instances. Our main experimental results shows that GRU outperforms LSTM remarkably in training time while giving almost identical accuracies to LSTM models. Additional contributions of our paper are improving the classification model training time by filtering infrequent activities, which is a technique commonly used, e.g., in Natural Language Processing (NLP).
△ Less
Submitted 16 September, 2018;
originally announced September 2018.
-
Structural Feature Selection for Event Logs
Authors:
Markku Hinkka,
Teemu Lehto,
Keijo Heljanko,
Alexander Jung
Abstract:
We consider the problem of classifying business process instances based on structural features derived from event logs. The main motivation is to provide machine learning based techniques with quick response times for interactive computer assisted root cause analysis. In particular, we create structural features from process mining such as activity and transition occurrence counts, and ordering of…
▽ More
We consider the problem of classifying business process instances based on structural features derived from event logs. The main motivation is to provide machine learning based techniques with quick response times for interactive computer assisted root cause analysis. In particular, we create structural features from process mining such as activity and transition occurrence counts, and ordering of activities to be evaluated as potential features for classification. We show that adding such structural features increases the amount of information thus potentially increasing classification accuracy. However, there is an inherent trade-off as using too many features leads to too long run-times for machine learning classification models. One way to improve the machine learning algorithms' run-time is to only select a small number of features by a feature selection algorithm. However, the run-time required by the feature selection algorithm must also be taken into account. Also, the classification accuracy should not suffer too much from the feature selection. The main contributions of this paper are as follows: First, we propose and compare six different feature selection algorithms by means of an experimental setup comparing their classification accuracy and achievable response times. Second, we discuss the potential use of feature selection results for computer assisted root cause analysis as well as the properties of different types of structural features in the context of feature selection.
△ Less
Submitted 17 May, 2018; v1 submitted 8 October, 2017;
originally announced October 2017.
-
Portability Analysis for Axiomatic Memory Models. PORTHOS: One Tool for all Models
Authors:
Hernán Ponce-de-León,
Florian Furbach,
Keijo Heljanko,
Roland Meyer
Abstract:
We present Porthos, the first tool that discovers porting bugs in performance-critical code. Porthos takes as input a program and the memory models of the source architecture for which the program has been developed and the target model to which it is ported. If the code is not portable, Porthos finds a bug in the form of an unexpected execution - an execution that is consistent with the target bu…
▽ More
We present Porthos, the first tool that discovers porting bugs in performance-critical code. Porthos takes as input a program and the memory models of the source architecture for which the program has been developed and the target model to which it is ported. If the code is not portable, Porthos finds a bug in the form of an unexpected execution - an execution that is consistent with the target but inconsistent with the source memory model. Technically, Porthos implements a bounded model checking method that reduces the portability analysis problem to satisfiability modulo theories (SMT). There are two main problems in the reduction that we present novel and efficient solutions for. First, the formulation of the portability problem contains a quantifier alternation (consistent + inconsistent). We introduce a formula that encodes both in a single existential query. Second, the supported memory models (e.g., Power) contain recursive definitions. We compute the required least fixed point semantics for recursion (a problem that was left open in [47]) efficiently in SMT. Finally we present the first experimental analysis of portability from TSO to Power.
△ Less
Submitted 28 April, 2017; v1 submitted 22 February, 2017;
originally announced February 2017.
-
Unfolding-Based Process Discovery
Authors:
Hernán Ponce-de-León,
César Rodríguez,
Josep Carmona,
Keijo Heljanko,
Stefan Haar
Abstract:
This paper presents a novel technique for process discovery. In contrast to the current trend, which only considers an event log for discovering a process model, we assume two additional inputs: an independence relation on the set of logged activities, and a collection of negative traces. After deriving an intermediate net unfolding from them, we perform a controlled folding giving rise to a Petri…
▽ More
This paper presents a novel technique for process discovery. In contrast to the current trend, which only considers an event log for discovering a process model, we assume two additional inputs: an independence relation on the set of logged activities, and a collection of negative traces. After deriving an intermediate net unfolding from them, we perform a controlled folding giving rise to a Petri net which contains both the input log and all independence-equivalent traces arising from it. Remarkably, the derived Petri net cannot execute any trace from the negative collection. The entire chain of transformations is fully automated. A tool has been developed and experimental results are provided that witness the significance of the contribution of this paper.
△ Less
Submitted 9 July, 2015;
originally announced July 2015.
-
Synchronous Counting and Computational Algorithm Design
Authors:
Danny Dolev,
Keijo Heljanko,
Matti Järvisalo,
Janne H. Korhonen,
Christoph Lenzen,
Joel Rybicki,
Jukka Suomela,
Siert Wieringa
Abstract:
Consider a complete communication network on $n$ nodes, each of which is a state machine. In synchronous 2-counting, the nodes receive a common clock pulse and they have to agree on which pulses are "odd" and which are "even". We require that the solution is self-stabilising (reaching the correct operation from any initial state) and it tolerates $f$ Byzantine failures (nodes that send arbitrary m…
▽ More
Consider a complete communication network on $n$ nodes, each of which is a state machine. In synchronous 2-counting, the nodes receive a common clock pulse and they have to agree on which pulses are "odd" and which are "even". We require that the solution is self-stabilising (reaching the correct operation from any initial state) and it tolerates $f$ Byzantine failures (nodes that send arbitrary misinformation). Prior algorithms are expensive to implement in hardware: they require a source of random bits or a large number of states.
This work consists of two parts. In the first part, we use computational techniques (often known as synthesis) to construct very compact deterministic algorithms for the first non-trivial case of $f = 1$. While no algorithm exists for $n < 4$, we show that as few as 3 states per node are sufficient for all values $n \ge 4$. Moreover, the problem cannot be solved with only 2 states per node for $n = 4$, but there is a 2-state solution for all values $n \ge 6$.
In the second part, we develop and compare two different approaches for synthesising synchronous counting algorithms. Both approaches are based on casting the synthesis problem as a propositional satisfiability (SAT) problem and employing modern SAT-solvers. The difference lies in how to solve the SAT problem: either in a direct fashion, or incrementally within a counter-example guided abstraction refinement loop. Empirical results suggest that the former technique is more efficient if we want to synthesise time-optimal algorithms, while the latter technique discovers non-optimal algorithms more quickly.
△ Less
Submitted 5 January, 2015; v1 submitted 21 April, 2013;
originally announced April 2013.
-
Proceedings 10th International Workshop on Parallel and Distributed Methods in verifiCation
Authors:
Jiří Barnat,
Keijo Heljanko
Abstract:
This volume contains the proceedings of the 10th International Workshop on Parallel and Distributed Methods in verifiCation (PDMC 2011) that took place in Snowbird, Utah, on July 14, 2011. The workshop was co-located with 23rd International Conference on Computer Aided Verification (CAV 2011). The PDMC workshop series covers all aspects related to the verification and analysis of very large and co…
▽ More
This volume contains the proceedings of the 10th International Workshop on Parallel and Distributed Methods in verifiCation (PDMC 2011) that took place in Snowbird, Utah, on July 14, 2011. The workshop was co-located with 23rd International Conference on Computer Aided Verification (CAV 2011). The PDMC workshop series covers all aspects related to the verification and analysis of very large and complex systems using, in particular, methods and techniques that exploit contemporary, hence parallel, hardware architectures. To celebrate the 10th anniversary of PDMC, the workshop consisted of a half day invited session together and a half day session of regular contributed presentations.
△ Less
Submitted 31 October, 2011;
originally announced November 2011.
-
Tarmo: A Framework for Parallelized Bounded Model Checking
Authors:
Siert Wieringa,
Matti Niemenmaa,
Keijo Heljanko
Abstract:
This paper investigates approaches to parallelizing Bounded Model Checking (BMC) for shared memory environments as well as for clusters of workstations. We present a generic framework for parallelized BMC named Tarmo. Our framework can be used with any incremental SAT encoding for BMC but for the results in this paper we use only the current state-of-the-art encoding for full PLTL. Using this en…
▽ More
This paper investigates approaches to parallelizing Bounded Model Checking (BMC) for shared memory environments as well as for clusters of workstations. We present a generic framework for parallelized BMC named Tarmo. Our framework can be used with any incremental SAT encoding for BMC but for the results in this paper we use only the current state-of-the-art encoding for full PLTL. Using this encoding allows us to check both safety and liveness properties, contrary to an earlier work on distributing BMC that is limited to safety properties only.
Despite our focus on BMC after it has been translated to SAT, existing distributed SAT solvers are not well suited for our application. This is because solving a BMC problem is not solving a set of independent SAT instances but rather involves solving multiple related SAT instances, encoded incrementally, where the satisfiability of each instance corresponds to the existence of a counterexample of a specific length. Our framework includes a generic architecture for a shared clause database that allows easy clause sharing between SAT solver threads solving various such instances.
We present extensive experimental results obtained with multiple variants of our Tarmo implementation. Our shared memory variants have a significantly better performance than conventional single threaded approaches, which is a result that many users can benefit from as multi-core and multi-processor technology is widely available. Furthermore we demonstrate that our framework can be deployed in a typical cluster of workstations, where several multi-core machines are connected by a network.
△ Less
Submitted 13 December, 2009;
originally announced December 2009.
-
Linear Encodings of Bounded LTL Model Checking
Authors:
Armin Biere,
Keijo Heljanko,
Tommi Junttila,
Timo Latvala,
Viktor Schuppan
Abstract:
We consider the problem of bounded model checking (BMC) for linear temporal logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of linear size, but cannot detect minimal length counterexamples. By using the virtual unrolling technique min…
▽ More
We consider the problem of bounded model checking (BMC) for linear temporal logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of linear size, but cannot detect minimal length counterexamples. By using the virtual unrolling technique minimal length counterexamples can be captured, however, the size of the encoding is quadratic in the specification. We also extend virtual unrolling to Buchi automata, enabling them to accept minimal length counterexamples.
Our BMC encodings can be made incremental in order to benefit from incremental SAT technology. With fairly small modifications the incremental encoding can be further enhanced with a termination check, allowing us to prove properties with BMC. Experiments clearly show that our new encodings improve performance of BMC considerably, particularly in the case of the incremental encoding, and that they are very competitive for finding bugs. An analysis of the liveness-to-safety transformation reveals many similarities to the BMC encodings in this paper. Using the liveness-to-safety translation with BDD-based invariant checking results in an efficient method to find shortest counterexamples that complements the BMC-based approach.
△ Less
Submitted 16 November, 2006; v1 submitted 6 November, 2006;
originally announced November 2006.
-
Bounded LTL Model Checking with Stable Models
Authors:
Keijo Heljanko,
Ilkka Niemelä
Abstract:
In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a requirement on the behaviour of the net can be translated into a logic program such that the bounded…
▽ More
In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a requirement on the behaviour of the net can be translated into a logic program such that the bounded model checking problem for the net can be solved by computing stable models of the corresponding program. The use of the stable model semantics leads to compact encodings of bounded reachability and deadlock detection tasks as well as the more general problem of bounded model checking of linear temporal logic. Correctness proofs of the devised translations are given, and some experimental results using the translation and the Smodels system are presented.
△ Less
Submitted 23 May, 2003;
originally announced May 2003.