Infeasible Paths Research Articles

Composed IIS path locating based optimization for bounded \\reachability analysis of compositional linear hybrid systems}{Composed IIS path locating based optimization for bounded reachability analysis of compositional linear hybrid systems

Hybrid systems include both discrete and continuous behavior and are widely used to model control systems. The reachability analysis of its unsafe state is an important method for guaranteeing the safety of a system. However, the current techniques do not scale well to the problems of practical interest. Due to the synchronization of components and the combinatorial explosion of state space, the reachability analysis of compositional linear hybrid system is extremely complex. In order to reduce the complexity, a path-oriented approach was proposed in a previous work, which conducted bounded reachability analysis of a compositional linear hybrid system. By enumerating and verifying each potential path one by one, the size of the problem that can be solved will be increased substantially. This path-oriented approach will become quite inefficient due to a sharp increase in the number of candidate paths when analyzing complex systems. The path explosion problem in model checking is also famous. To solve this problem, we propose a state-space reduction technique, which accelerates the verification process. We propose a method to locate the cause of infeasibility, when a composed infeasible path segment after a path set is proved to be infeasible. As we can simply falsify a path set that contains a composed infeasible path segment, the number of candidate paths can be reduced significantly. Furthermore, to avoid such composed path segments efficiently, we propose an approach based on satisfiability modulo theories (SMT), to traverse the bounded graph structure of the composed linear hybrid system. The results of the experiment show that the performance of the path-oriented bounded reachability analysis can be optimized significantly and that the overall performance of the proposed approach is better than that of the state-of-the-art competitor.

A hybrid co-evolutionary genetic algorithm for multiple nanoparticle assembly task path planning

In this paper, a hybrid co-evolutionary genetic algorithm (HCGA) has been presented for determining the optimal moving paths of several nanoparticles in a complex environment. In the proposed approach, an artificial potential field (APF) has been used to determine the feasible initial paths for moving the nanoparticles. The proposed APF prepares a potential map of the environment using the initial positions of the nanoparticles and positions of the obstacles and surface roughness. The cost function used in this paper includes the area under the critical force-time diagram, surface roughness as well as path smoothness. The performed investigations indicate the importance of each of these parameters in determining the optimal paths for displacing the nanoparticles. Also, the dynamic application of crossover and mutation operators has been used to avoid premature convergence. Using the information of the potential map, two new operators have been introduced to improve the feasible and infeasible paths. Furthermore, a novel co-evolutionary mechanism for solving the multiple nanoparticle path planning problems has been presented. The proposed co-evolutionary mechanism is able to determine the best destination for each particle, optimal sequence of moves for several particles, and also the optimal path for moving each particle. Finally, the performance of the proposed HCGA has been compared with the conventional genetic algorithm (CGA) and the ant colony optimization algorithm.

Fitness switching genetic algorithm for solving combinatorial optimization problems with rare feasible solutions

The goal of meta-heuristic algorithms such as genetic algorithm is to explore the search space of the combinatorial optimization problems efficiently to locate the optimal solutions, the feasible solutions with the best output values. However, typical meta-heuristic algorithms implicitly assume that the feasible solutions for the given problems can be generated easily, and they can fail to solve the problems with rare feasible solutions in effective manner. In this context, this paper aims to introduce the maze-type shortest path problem as an example of the combinatorial optimization problem with rare feasible solutions and to propose the fitness switching genetic algorithm for solving it. The maze-type shortest path problem is characterized by the maze-type network that contains many dead-ends, and the conventional genetic algorithms based on the population of feasible paths are not appropriate for finding the optimal path in such networks. On the contrary, this paper introduces the fitness switching and fitness leveling operations for maintaining the population of both feasible and infeasible paths during the search procedure. In addition, the infeasible paths are randomly modified by the simple local search of the proposed algorithm to find the feasible paths more quickly. The experiment results show that the proposed algorithm can address the issues in the combinatorial optimization problems with rare feasible solutions very effectively.

Branch‐and‐price‐and‐cut for the manpower routing problem with synchronization constraints

AbstractIn this article, we propose a branch‐and‐price‐and‐cut (BPC) algorithm to exactly solve the manpower routing problem with synchronization constraints (MRPSC). Compared with the classical vehicle routing problems (VRPs), the defining characteristic of the MRPSC is that multiple workers are required to work together and start at the same time to carry out a job, that is, the routes of the scheduling subjects are dependent. The incorporation of the synchronization constraints increases the difficulty of the MRPSC significantly and makes the existing VRP exact algorithm inapplicable. Although there are many types of valid inequalities for the VRP or its variants, so far we can only adapt the infeasible path elimination inequality and the weak clique inequality to handle the synchronization constraints in our BPC algorithm. The experimental results at the root node of the branch‐and‐bound tree show that the employed inequalities can effectively improve the lower bound of the problem. Compared with ILOG CPLEX, our BPC algorithm managed to find optimal solutions for more test instances within 1 hour. © 2016 Wiley Periodicals, Inc. Naval Research Logistics 63: 138–171, 2016

Dynamic Path Planning Algorithm for a Mobile Robot Based on Visible Space and an Improved Genetic Algorithm

In this study, a series of new concepts and improved genetic operators of a genetic algorithm (GA) was proposed and applied to solve mobile robot (MR) path planning problems in dynamic environments. The proposed method has two superiorities: fast convergence towards the global optimum and the feasibility of all solutions in the population. Path planning aims to provide an optimal path from a starting location to a target location, preventing collision or so-called obstacle avoidance. Although GAs have been widely used in optimization problems and can obtain good results, conventional GAs have some weaknesses in an obstacle environment, such as infeasible paths. The main ideas in this paper are visible space, matrix coding and new mutation operators. In order to demonstrate the superiority of this method, three different obstacle environments have been used and an experiment is conducted. This algorithm is effective in both static and dynamic environments.

The application of iterative interval arithmetic in path-wise test data generation

Research of path-wise test data generation is crucial and challenging in the area of software testing, which can be formulated as a constraint satisfaction problem. In our previous research, a look-ahead search method has been proposed as the constraint solver for path-wise test data generation. This paper analytically studies interval arithmetic of the search method in detail, which enforces arc consistency, and introduces the iterative operator to improve it, aiming at detecting infeasible paths as well as shortening generation time. Experiments were conducted to compare the iterative operator with the classical look-ahead operator AC-3, and to compare the test data generation method using the iterative operator with some currently existing methods. Experimental results validate the effectiveness and practical deployment of the proposed iterative method, and demonstrate that it is applicable in engineering.

A Modified Membrane-Inspired Algorithm Based on Particle Swarm Optimization for Mobile Robot Path Planning

To solve the multi-objective mobile robot path planning in a dangerous environment with dynamic obstacles, this paper proposes a modified membraneinspired algorithm based on particle swarm optimization (mMPSO), which combines membrane systems with particle swarm optimization. In mMPSO, a dynamic double one-level membrane structure is introduced to arrange the particles with various dimensions and perform the communications between particles in different membranes; a point repair algorithm is presented to change an infeasible path into a feasible path; a smoothness algorithm is proposed to remove the redundant information of a feasible path; inspired by the idea of tightening the fishing line, a moving direction adjustment for each node of a path is introduced to enhance the algorithm performance. Extensive experiments conducted in different environments with three kinds of grid models and five kinds of obstacles show the effectiveness and practicality of mMPSO.

A UML model-based approach to detect infeasible paths

UML model-based analysis is gaining wide acceptance for its cost effectiveness and lower overhead for processing compared to code-based analysis. A possible way to enhance the precision of the results of UML based analysis is by detecting infeasible paths in UML models. Our investigation reveals that two interaction patterns called Null Reference Check (NLC) and Mutually Exclusive (MUX) can cause a large number of infeasible paths in UML sequence diagrams. To detect such infeasible paths, we construct a graph model (called SIG), generate MM paths from the graph model, where an MM path refers to an execution sequence of model elements from the start to end of a method scope. Subsequently, we determine infeasibility of the MM paths with respect to MUX and NLC patterns. Our proposed model-based approach is useful to help exclude generation of test cases and test data for prior-detected infeasible paths, refine test effort estimation, and facilitate better test planning in the early stages of software development life cycle.

A Hybrid Link‐Node Approach for Finding Shortest Paths in Road Networks with Turn Restrictions

AbstractTurn restrictions, such as ‘no left turn’ or ‘no U‐turn’, are commonly encountered in real road networks. These turn restrictions must be explicitly considered in the shortest path problem and ignoring them may lead to infeasible paths. In the present study, a hybrid link‐node Dijkstra's (HLND) algorithm is proposed to exactly solve the shortest path problem in road networks with turn restrictions. A new hybrid link–node labelling approach is devised by using a link–based labelling strategy at restricted nodes with turn restrictions, and a node‐based labelling strategy at unrestricted nodes without turn restrictions. Computational results for several real road networks show that the proposed HLND algorithm obtains the same optimal results as the link‐based Dijkstra's algorithm, while having a similar computational performance to the classical node‐based Dijkstra's algorithm.

VulHunter: Toward Discovering Vulnerabilities in Android Applications

With the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.

Modeling flow information of loops using compositional condition of controls

This paper proposes a flow analysis approach to provide accurate flow facts such as number of loop iterations and infeasible paths for WCET analysis. To achieve this, a novel approach to model program flows of given loops as compositional condition of controls that can model the program flow of the sequence of basic blocks on an execution path through a single loop iteration is proposed. The proposed approach builds distinct symbolic expressions each representing a path condition as conjunctions of branch conditions along the path. Then, the path conditions are formed via substituting all constituent variables of the branch conditions with symbolic expressions computing the value of these variables. The final symbolic expression will contain variables denoting theirs value at the loop entry point. Considering the change in the value of the loop variables of the path condition, the feasible values of these variables are computed and consequently the number of the loop iterations along the iteration path is determined. Applying a SMT solver to the symbolic expressions representing each path condition, all the infeasible paths along the loop body are detected. The results of applying our flow analysis approach to a number of programs addressed in the Malardalen benchmark suite reveal the capability and efficiency of our proposed approach.

Symbolic execution of multithreaded programs from arbitrary program contexts

We describe an algorithm to perform symbolic execution of a multithreaded program starting from an arbitrary program context. We argue that this can enable more efficient symbolic exploration of deep code paths in multithreaded programs by allowing the symbolic engine to jump directly to program contexts of interest. The key challenge is modeling the initial context with reasonable precision - an overly approximate model leads to exploration of many infeasible paths during symbolic execution, while a very precise model would be so expensive to compute that computing it would defeat the purpose of jumping directly to the initial context in the first place. We propose a context-specific dataflow analysis that approximates the initial context cheaply, but precisely enough to avoid some common causes of infeasible-path explosion. This model is necessarily approximate - it may leave portions of the memory state unconstrained, leaving our symbolic execution unable to answer simple questions such as "which thread holds lock A?". For such cases, we describe a novel algorithm for evaluating symbolic synchronization during symbolic execution. Our symbolic execution semantics are sound and complete up to the limits of the underlying SMT solver. We describe initial experiments on an implementation in Cloud 9.

Infeasible path generalization in dynamic symbolic execution

ContextAutomatic code-based test input generation aims at generating a test suite ensuring good code coverage. Dynamic Symbolic Execution (DSE) recently emerged as a strong code-based testing technique to increase coverage by solving path conditions with a combination of symbolic constraint solving and concrete executions. ObjectiveWhen selecting paths in DSE for generating test inputs, some paths are actually detected as being infeasible, meaning that no input can be found to exercize them. But, showing path infeasibility instead of generating test inputs is costly and most effort could be saved in DSE by reusing path infeasibility information. MethodIn this paper, we propose a method that takes opportunity of the detection of a single infeasible path to generalize to a possibly infinite family of infeasible paths. The method first extracts an explanation of path condition, that is, the reason of the path infeasibility. Then, it determines conditions, using data dependency information, that paths must respect to exhibit the same infeasibility. Finally, it constructs an automaton matching the generalized infeasible paths. ResultsWe implemented our method in a prototype tool called IPEG (Infeasible Path Explanation and Generalization), for DSE of C programs. First experimental results obtained with IPEG show that our approach can save considerable effort in DSE, when generating test inputs for increasing code coverage. ConclusionInfeasible path generalization allows test generation to know of numerous infeasible paths ahead of time, and consequently to save the time needed to show their infeasibility.

SAT–LP–IIS joint-directed path-oriented bounded reachability analysis of linear hybrid automata

As discrete jumps and continuous flows tangle in the behavior of linear hybrid automata (LHA), the bounded model checking (BMC) for reachability of LHA is a challenging problem. Current works try to handle this problem by encoding all the discrete and continuous behaviors in the bound into a set of SMT formulas which can then be solved by SMT solvers. However, when the system size is large, the object SMT problem could be huge and difficult to solve. Instead of encoding everything into one constraint set, this paper proposes a SAT---LP---IIS joint-directed solution to conduct the BMC for reachability of LHA in a layered way. First, the bounded graph structure of LHA is encoded into a propositional formula set, and solved by SAT solvers to find potential paths which can reach the target location on the graph. Then, the feasibility of certain path is encoded into a set of linear constraints which can then be solved by linear programming (LP) efficiently. If the path is not feasible, irreducible infeasible set (IIS) technique is deployed to locate an infeasible path segment which will be fed to the SAT solver to accelerate the enumerating process. Experiments show that by this SAT---LP---IIS joint-directed solution, the memory usage of the BMC of LHA is well-controlled and the performance outperforms the state-of-the-art SMT-style competitors significantly.

一种基于扩展有限状态机的自动化测试用例生成方法

Extended finite state machine (EFSM) is among the most popular models for model-based testing. However, automated test case generation on EFSM models is still a challenging task since an EFSM model may contains infeasible paths. This paper proposed a novel approach (ATGEM) to generate test case and construct oracle information from EFSM automatically. To address the infeasible problem, a metric based on data flow analysis is presented to predict the infeasible probability so as to bypass the infeasible paths as far as possible and improve the test case generation efficiency. Afterwards, an executable EFSM model is developed to obtain runtime feedback information as a fitness function in order to generate test data and construct oracle information automatically. This approach, which can generate various types data and has a wide range of applications, combines static analysis and dynamic analysis aims to find a preferable feasible path subset to generate test cases and meet adequacy coverage criteria. The experimental results on several EFSM models show that test case generation method and path feasibility metric have good effectiveness. Utilizing path feasibility metric can speed up the process of test case generation greatly, and ATGEM is more efficient than existing method.

A Comparative Study: Modified Particle Swarm Optimization and Modified Genetic Algorithm for Global Mobile Robot Navigation

In this paper, Modified Genetic Algorithm (MGA*) and Modified Particle Swarm Optimization (MPSO* ) are developed to increase the capability of the optimization algorithms for a global path planning which means that environment models have been known already. The proposed algorithms read the map of the environment which expressed by grid model and then creates an optimal or near optimal collision free path. The effectiveness of these optimization algorithms for mobile robot path planning is demonstrated by simulation studies. This paper investigates the application of efficient optimization algorithms, MGA* and MPSO* to the problem of mobile robot navigation. Despite the fact that Genetic Algorithm (GA) has rapid search and high search quality, infeasible paths and high computational cost problems are exist associated with this algorithm. To address these problems, the MGA* is presented. Adaptive population size without selection and mutation operators are used in the proposed algorithm. In this thesis, Distinguish Algorithm (DA) is used to check the paths, whether the path is feasible or not, in order to come out with all feasible paths in the population. Improvements presented in MPSO* are mainly trying to address the problem of premature convergence associated with the original PSO. In the MPSO* an error factor is modelled to ensure that the PSO converges. MPSO* try to address another problem which is the population may contain many infeasible paths. A modified procedure is carrying out in the MPSO* to solve the infeasible path problem. According to the simulation done using MATLAB version R2012 (m-file), both algorithms (MGA* and MPSO*) are tested in different environments and the results are compared. The results demonstrate that these two algorithms have a great potential to solve mobile robot path planning with satisfactory results in terms of minimizing distance and execution time. The simulation results illustrate that the path obtained by MGA* is the shortest path, however the execution time based on MPSO* is significantly smaller than the execution time of MGA*. Thus, the proposed MPSO* is computationally faster than the MGA* in finding optimal path. 1 The (*) used to distinguish the proposed modified algorithms (MGA and MPSO) from the previous modified algorithms.

User-defined backtracking criteria for symbolic execution

Symbolic execution is a path-sensitive program analysis technique that aids users with program verification. To avoid exploring infeasible paths, symbolic execution checks the prefix of a current path for feasibility by adding a branch constraint to the path prefix and passing the formula to an off-the-shelf SMT solver for an evaluation. If the solver returns SAT/UNSAT, then the prefix is marked as feasible/infeasible. However, the solver can also return an UNKNOWN result, which means it cannot evaluate the formula. In addition, an operation occurring before a constraint can cause over-approximation that propagates to the solver's result. Moreover, symbolic execution might time out the solver if it takes too long to run. A symbolic execution tool might handle these uncertainties by backtracking or by continuing its exploration of the prefix. This paper examines the behavior of path constraints beyond uncertain backtracking points. String and integer constraints are collected from concrete program execution via dynamic symbolic execution. These constraints are used to analyze how over- approximation in a path prefix affects the completeness of its extensions. We also examine variations in time required to decide a path constraint. Our findings suggest that a custom backtracking criteria defined by the user does improve the completeness of symbolic execution.

User-defined backtracking criteria for symbolic execution

Symbolic execution is a path-sensitive program analysis technique that aids users with program verification. To avoid exploring infeasible paths, symbolic execution checks the prefix of a current path for feasibility by adding a branch constraint to the path prefix and passing the formula to an off-the-shelf SMT solver for an evaluation. If the solver returns SAT/UNSAT, then the prefix is marked as feasible/infeasible.

네트워크 분석을 위한 유전 알고리즘 기반 경로탐색 시스템

본 논문은 다양한 네트워크를 편리하게 분석할 수 있는 실용적인 유전 알고리즘 기반 경로탐색 시스템인 GAPS를 제안하고자 한다. 이러한 목적을 위해 GAPS는 네트워크 모델링을 위한 직관적인 그래픽 사용자 인터페이스와 모델링 및 탐색 과정에서 발생하는 데이터들을 관리하기 위한 데이터베이스 관리 시스템, 다양한 네트워크를 분석하기 위해 개발된 간단한 유전 알고리즘을 결합하여 개발되었다. 특히, 기존의 유전 알고리즘들이 단락이 많고 두 개 노드 간 실행가능 경로 수가 많지 않은 네트워크를 분석하는데 적합하지 않았던 반면, GAPS는 실행가능 경로와 실행불가능 경로를 모두 적절히 평가할 수 있는 적합도 함수를 사용하는 유전 알고리즘에 기반하고 있어 해 집단의 다양성을 유지하면서 다양한 네트워크들을 분석할 수 있다. 실험결과, GAPS를 통해 단락이 많은 네트워크와 단락이 적은 네트워크를 모두 편리하게 분석할 수 있다는 점과, GAPS가 기존의 경로탐색문제를 위한 유전 알고리즘들과 대비되는 장점을 갖고 있음을 확인할 수 있었다. This paper proposes GAPS, a practical genetic algorithm based pathfinding system for conveniently analyzing various networks. To this end, the GAPS is developed through integration of the intuitive graphic user interface for network modeling, the database management system for managing the data generated in modeling and exploring procedures, and a simple genetic algorithm for analyzing a wide range of networks. Especially, previous genetic algorithms are not appropriate for analyzing the networks with many dead-ends where there are few feasible paths between the given two nodes, however, GAPS is based on the genetic algorithm with the fitness function appropriate for evaluating both feasible and infeasible paths, which enables GAPS to analyze a wide range of networks while maintaining the diversity of the population. The experiment results reveal that GAPS can be used to analyze both networks with many dead-ends and networks with few dead-ends conveniently, and GAPS has several advantages over the previous genetic algorithms for pathfinding problems.

Dynamic stopping criteria for search-based test data generation for path testing

ContextEvolutionary algorithms have proved to be successful for generating test data for path coverage testing. However in this approach, the set of target paths to be covered may include some that are infeasible. It is impossible to find test data to cover those paths. Rather than searching indefinitely, or until a fixed limit of generations is reached, it would be desirable to stop searching as soon it seems likely that feasible paths have been covered and all remaining un-covered target paths are infeasible. ObjectiveThe objective is to develop criteria to halt the evolutionary test data generation process as soon as it seems not worth continuing, without compromising testing confidence level. MethodDrawing on software reliability growth models as an analogy, this paper proposes and evaluates a method for determining when it is no longer worthwhile to continue searching for test data to cover un-covered target paths. We outline the method, its key parameters, and how it can be used as the basis for different decision rules for early termination of a search. Twenty-one test programs from the SBSE path testing literature are used to evaluate the method. ResultsCompared to searching for a standard number of generations, an average of 30–75% of total computation was avoided in test programs with infeasible paths, and no feasible paths were missed due to early termination. The extra computation in programs with no infeasible paths was negligible. ConclusionsThe method is effective and efficient. It avoids the need to specify a limit on the number of generations for searching. It can help to overcome problems caused by infeasible paths in search-based test data generation for path testing.