-
Verified Relative Safety Margins for Neural Network Twins
Authors:
Anahita Baninajjar,
Kamran Hosseini,
Ahmed Rezine,
Amir Aminifar
Abstract:
Given two Deep Neural Network (DNN) classifiers with the same input and output domains, our goal is to quantify the robustness of the two networks in relation to each other. Towards this, we introduce the notion of Relative Safety Margins (RSMs). Intuitively, given two classes and a common input, RSM of one classifier with respect to another reflects the relative margins with which decisions are m…
▽ More
Given two Deep Neural Network (DNN) classifiers with the same input and output domains, our goal is to quantify the robustness of the two networks in relation to each other. Towards this, we introduce the notion of Relative Safety Margins (RSMs). Intuitively, given two classes and a common input, RSM of one classifier with respect to another reflects the relative margins with which decisions are made. The proposed notion is relevant in the context of several applications domains, including to compare a trained network and its corresponding compact network (e.g., pruned, quantized, distilled network). Not only can RSMs establish whether decisions are preserved, but they can also quantify their qualities. We also propose a framework to establish safe bounds on RSM gains or losses given an input and a family of perturbations. We evaluate our approach using the MNIST, CIFAR10, and two real-world medical datasets, to show the relevance of our results.
△ Less
Submitted 25 September, 2024;
originally announced September 2024.
-
VNN: Verification-Friendly Neural Networks with Hard Robustness Guarantees
Authors:
Anahita Baninajjar,
Ahmed Rezine,
Amir Aminifar
Abstract:
Machine learning techniques often lack formal correctness guarantees, evidenced by the widespread adversarial examples that plague most deep-learning applications. This lack of formal guarantees resulted in several research efforts that aim at verifying Deep Neural Networks (DNNs), with a particular focus on safety-critical applications. However, formal verification techniques still face major sca…
▽ More
Machine learning techniques often lack formal correctness guarantees, evidenced by the widespread adversarial examples that plague most deep-learning applications. This lack of formal guarantees resulted in several research efforts that aim at verifying Deep Neural Networks (DNNs), with a particular focus on safety-critical applications. However, formal verification techniques still face major scalability and precision challenges. The over-approximation introduced during the formal verification process to tackle the scalability challenge often results in inconclusive analysis. To address this challenge, we propose a novel framework to generate Verification-Friendly Neural Networks (VNNs). We present a post-training optimization framework to achieve a balance between preserving prediction performance and verification-friendliness. Our proposed framework results in VNNs that are comparable to the original DNNs in terms of prediction performance, while amenable to formal verification techniques. This essentially enables us to establish robustness for more VNNs than their DNN counterparts, in a time-efficient manner.
△ Less
Submitted 10 June, 2024; v1 submitted 15 December, 2023;
originally announced December 2023.
-
On Reachability in Parameterized Phaser Programs
Authors:
Zeinab Ganjei,
Ahmed Rezine,
Ludovic Henrio,
Petru Eles,
Zebo Peng
Abstract:
We address the problem of statically checking safety properties (such as assertions or deadlocks) for parameterized phaser programs. Phasers embody a non-trivial and modern synchronization construct used to orchestrate executions of parallel tasks. This generic construct supports dynamic parallelism with runtime registrations and deregistrations of spawned tasks. It generalizes many synchronizatio…
▽ More
We address the problem of statically checking safety properties (such as assertions or deadlocks) for parameterized phaser programs. Phasers embody a non-trivial and modern synchronization construct used to orchestrate executions of parallel tasks. This generic construct supports dynamic parallelism with runtime registrations and deregistrations of spawned tasks. It generalizes many synchronization patterns such as collective and point-to-point schemes. For instance, phasers can enforce barriers or producer-consumer synchronization patterns among all or subsets of the running tasks. We consider in this work programs that may generate arbitrarily many tasks and phasers. We study different formulations of the verification problem and propose an exact procedure that is guaranteed to terminate for some reachability problems even in the presence of unbounded phases and arbitrarily many spawned tasks. In addition, we prove undecidability results for several problems on which our procedure cannot be guaranteed to terminate.
△ Less
Submitted 12 May, 2021; v1 submitted 17 November, 2018;
originally announced November 2018.
-
Safety Verification of Phaser Programs
Authors:
Zeinab Ganjei,
Ahmed Rezine,
Petru Eles,
Zebo Peng
Abstract:
We address the problem of statically checking control state reachability (as in possibility of assertion violations, race conditions or runtime errors) and plain reachability (as in deadlock-freedom) of phaser programs. Phasers are a modern non-trivial synchronization construct that supports dynamic parallelism with runtime registration and deregistration of spawned tasks. They allow for collectiv…
▽ More
We address the problem of statically checking control state reachability (as in possibility of assertion violations, race conditions or runtime errors) and plain reachability (as in deadlock-freedom) of phaser programs. Phasers are a modern non-trivial synchronization construct that supports dynamic parallelism with runtime registration and deregistration of spawned tasks. They allow for collective and point-to-point synchronizations. For instance, phasers can enforce barriers or producer-consumer synchronization schemes among all or subsets of the running tasks. Implementations %of these recent and dynamic synchronization are found in modern languages such as X10 or Habanero Java. Phasers essentially associate phases to individual tasks and use their runtime values to restrict possible concurrent executions. Unbounded phases may result in infinite transition systems even in the case of programs only creating finite numbers of tasks and phasers. We introduce an exact gap-order based procedure that always terminates when checking control reachability for programs generating bounded numbers of coexisting tasks and phasers. We also show verifying plain reachability is undecidable even for programs generating few tasks and phasers. We then explain how to turn our procedure into a sound analysis for checking plain reachability (including deadlock freedom). We report on preliminary experiments with our open source tool.
△ Less
Submitted 9 August, 2017;
originally announced August 2017.
-
Quantifying the Information Leak in Cache Attacks through Symbolic Execution
Authors:
Sudipta Chattopadhyay,
Moritz Beck,
Ahmed Rezine,
Andreas Zeller
Abstract:
Cache timing attacks allow attackers to infer the properties of a secret execution by observing cache hits and misses. But how much information can actually leak through such attacks? For a given program, a cache model, and an input, our CHALICE framework leverages symbolic execution to compute the amount of information that can possibly leak through cache attacks. At the core of CHALICE is a nove…
▽ More
Cache timing attacks allow attackers to infer the properties of a secret execution by observing cache hits and misses. But how much information can actually leak through such attacks? For a given program, a cache model, and an input, our CHALICE framework leverages symbolic execution to compute the amount of information that can possibly leak through cache attacks. At the core of CHALICE is a novel approach to quantify information leak that can highlight critical cache side-channel leaks on arbitrary binary code. In our evaluation on real-world programs from OpenSSL and Linux GDK libraries, CHALICE effectively quantifies information leaks: For an AES-128 implementation on Linux, for instance, CHALICE finds that a cache attack can leak as much as 127 out of 128 bits of the encryption key.
△ Less
Submitted 14 November, 2016;
originally announced November 2016.
-
Proceedings 14th International Workshop on Verification of Infinite-State Systems
Authors:
Mohamed Faouzi Atig,
Ahmed Rezine
Abstract:
This volume contains the proceedings of Infinity'12, the 14th International Workshop on Verification of Infinite-State Systems, which was held in Paris, France on the 27th of August 2012 as a satellite event of FM'12. The aim of the INFINITY workshop is to provide a forum for researchers interested in the development of formal methods and algorithmic techniques for the analysis of systems with inf…
▽ More
This volume contains the proceedings of Infinity'12, the 14th International Workshop on Verification of Infinite-State Systems, which was held in Paris, France on the 27th of August 2012 as a satellite event of FM'12. The aim of the INFINITY workshop is to provide a forum for researchers interested in the development of formal methods and algorithmic techniques for the analysis of systems with infinitely many states, and their application in automated verification of complex software and hardware systems.
△ Less
Submitted 9 February, 2013;
originally announced February 2013.
-
Ordered Counter-Abstraction
Authors:
Ahmed Rezine
Abstract:
We introduce a new symbolic representation based on an original generalization of counter abstraction. Unlike classical counter abstraction (used in the analysis of parameterized systems with unordered or unstructured topologies) the new representation is tailored for proving properties of linearly ordered parameterized systems, i.e., systems with arbitrary many finite processes placed in an array…
▽ More
We introduce a new symbolic representation based on an original generalization of counter abstraction. Unlike classical counter abstraction (used in the analysis of parameterized systems with unordered or unstructured topologies) the new representation is tailored for proving properties of linearly ordered parameterized systems, i.e., systems with arbitrary many finite processes placed in an array. The relative positions in the array capture the relative priorities of the processes. Configurations of such systems are finite words of arbitrary lengths. The processes communicate using global transitions constrained by their relative priorities. Intuitively, an element of the symbolic representation has a base and a set of counters. It denotes configurations that respect the constraints imposed by the counters and that have the base as a sub word. We use the new representation in a uniform and automatic Counter Example Guided Refinement scheme. We introduce a relaxation operator that allows a well quasi ordering argument for the termination of each iteration of the refinement loop. We explain how to refine the relaxation to systematically prune out false positives. We implemented a tool to illustrate the approach on a number of parameterized systems.
△ Less
Submitted 31 March, 2012;
originally announced April 2012.
-
Proceedings 12th International Workshop on Verification of Infinite-State Systems
Authors:
Yu-Fang Chen,
Ahmed Rezine
Abstract:
The aim of the INFINITY workshop is to provide a forum for researchers interested in the development of formal methods and algorithmic techniques for the analysis of systems with infinitely many states, and their application in automated verification of complex software and hardware systems.
The aim of the INFINITY workshop is to provide a forum for researchers interested in the development of formal methods and algorithmic techniques for the analysis of systems with infinitely many states, and their application in automated verification of complex software and hardware systems.
△ Less
Submitted 28 October, 2010;
originally announced October 2010.
