About
50
Publications
2,696
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
344
Citations
Introduction
Additional affiliations
July 2010 - present
September 2005 - September 2007
September 2007 - June 2010
Publications
Publications (50)
In recent years, the study of adversarial robustness in object detection systems, particularly those based on deep neural networks (DNNs), has become a pivotal area of research. Traditional physical attacks targeting object detectors, such as adversarial patches and texture manipulations, directly manipulate the surface of the object. While these m...
Concurrent programs are normally composed of multiple concurrent threads sharing memory space. These threads are often interleaved, which may lead to some non-determinism in execution results, even for the same program input. This poses huge challenges to the testing of concurrent programs, especially on the test result verification, that is, the p...
Accuracy and individual fairness are both crucial for trustworthy machine learning, but these two aspects are often incompatible with each other so that enhancing one aspect may sacrifice the other inevitably with side effects of true bias or false fairness. We propose in this paper a new fairness criterion, accurate fairness, to align individual f...
The trustworthiness of DNNs is often challenged by their vulnerability to minor adversarial perturbations, which may not only undermine prediction accuracy (robustness) but also cause biased predictions for similar inputs (individual fairness). Accurate fairness has been recently proposed to enforce a harmonic balance between accuracy and individua...
Accuracy and fairness are both crucial aspects for trustworthy machine learning. However, in practice, enhancing one aspect may sacrifice the other inevitably. We propose in this paper a new fairness criterion, accurate fairness, to assess whether an individual is treated both accurately and fairly regardless of protected attributes. We further pro...
TSO-to-TSO linearizability is a variant of linearizability for concurrent libraries on the total store order (TSO) memory model. It is proved in this paper that TSO-to-TSO linearizability for a bounded number of processes is undecidable. We first show that the trace inclusion problem of a classic-lossy single-channel system, which is known undecida...
Linearizability is an important correctness criterion for concurrent objects. Existing work mainly focuses on linearizability verification of coarse-grained traces with operation invocations and responses only. However, when linearizability is violated, such coarse-grained traces do not provide sufficient information for reasoning about the underly...
Context
Testing concurrent data structures remains a notoriously challenging task, due to the nondeterminism of multi-threaded tests and the exponential explosion on the number of thread schedules.
Objective
We propose an automated approach to generate a series of concurrent test cases in an adaptive manner, i.e., the next test cases are generated...
Many recent implementations of concurrent data structures relaxed their linearizability requirements for better performance and scalability. Quasi-linearizability, k-linearizability and regular-relaxed linearizability are three quantitative relaxation variants of linearizability that have been proposed as correctness conditions of relaxed data stru...
Linearizability is an important correctness criterion that guarantees the safety of concurrent data structures. Due to the nondeterminism of concurrent executions, reproduction and localization of a linearizability fault still remain challenging. The existing works mainly focus on model checking the thread schedule space of a concurrent program on...
We present Temporal Cooperation Logic with Coalition Variables (TCLX), for the synthesis of coalitions of unknown sizes to achieve temporal objectives in multi-agent games. TCLX extends Temporal Cooperation Logic (TCL) by allowing existentially quantified variables for agent sets and operators for set relations. Even though TCLX is shown more expre...
We propose a relaxation scheme for defining specifications of relaxed data structures. It can produce a relaxed specification parameterized with a specification of a standard data structure, a transition cost function and a relaxation strategy represented by a finite automaton. We show that this relaxation scheme can cover the known specifications...
TSO-to-SC linearizability is a variant of linearizability for concurrent libraries on the Total Store Order (TSO) memory model. In this paper we propose the notion of k-bounded TSO-to-SC linearizability, a subclass of TSO-to-SC linearizability that concerns only bounded histories. This subclass is non-trivial in that it does not restrict the number...
Game theory has been applied to investigate network security. But different
security scenarios were often modeled via different types of games and analyzed
in an ad-hoc manner. In this paper, we propose an algebraic approach for
modeling and analyzing uniformly several types of network security games. This
approach is based on a probabilistic exten...
Quasi-linearizability is a quantitative relaxation of linearizability. It preserves the intuition of the standard notion of linearizability and permits more flexibility. The decidability of quasi-linearizability has been remaining open in general for a bounded number of processes. In this paper we show that the problem of whether a library is quasi...
TSO-to-TSO linearizability is a variant of linearizability for concurrent libraries on the Total Store Order (TSO) memory model. It is proved in this paper that TSO-to-TSO linearizability for a bounded number of processes is undecidable. We first show that the trace inclusion problem of a classic-lossy single-channel system, which is known undecida...
The physical time order information can help verifying the memory model of a multiprocessor system rather efficiently. But we find that this time order based approach is limited to the sequential consistency model. For most relaxed memory models, an incompatible time order may possibly result in a false negative verdict. In this paper, we extend th...
We investigate assume-guarantee reasoning for global specifications consisting of conjunctions of local specifications. We
present a sound and complete assume-guarantee rule that permits reasoning about individual modules for local specifications
and draws conclusions on global specifications. We illustrate our approach with an example from the fie...
Model checking has been widely applied to the verification of network protocols. Alternatively, optimisation based approaches have been proposed to reason about the large scale dynamics of networks, particularly with regard to congestion and rate control protocols such as TCP. This paper intends to provide a first bridge and explore synergies betwe...
We present an implementation of model checking for probabilistic and stochastic extensions of the pi-calculus, a process algebra which supports modelling of concurrency and mobility. Formal verification techniques for such extensions have clear applications in several domains, including mobile ad-hoc network protocols, probabilistic security protoc...
The paper introduces symbolic bisimulations for a simple probabilistic pi-calculus to overcome the infinite branching problem that still exists in checking ground bisimulations between probabilistic systems. Especially the definition of weak (symbolic) bisimulation does not rely on the random capability of adversaries and suggests a solution to the...
We present an implementation of model checking for the probabilistic pi-calculus-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random securit...
The paper introduces symbolic bisimulations for a simple probabilistic π-calculus to overcome the infinite branching problem that still exists in checking ground bisimulations between probabilistic systems. Especially the definition of weak (symbolic) bisimulation does not rely on the random capability of adversaries and sug- gests a solution to th...
We present an implementation of model checking for the probabilistic pi-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protoco...
We present an implementation of model checking for the probabilistic π-calculus, a pro-cess algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in sev-eral domains, including mobile ad-hoc network protocols and random security protoc...
A temporal logic with constrained event modallities, TLCE, is proposed to represent test purposes for testing concurrent programs.
The logic is capable can express not only temporal relationships among input and output events, but also data dependencies
between event parameters. A TLCE-based test generation algorithm is developed to automatically d...
A predicate sequencing constraint logic (PSCL) is proposed to represent test purpose for concurrent program testing. The logic is capable of expressing not only sequencing relationships among input and output events, but also data dependencies between event parameters. A PSCL-based symbolic test generation method is developed to automatically deriv...
Anonymity is the property of maintaining secret the iden- tity of users performing a certain action. Anonymity protocols often use random mechanisms which can be described probabilistically. In this pa- per, we propose a probabilistic process calculus to describe protocols for ensuring anonymity, and we use the notion of relative entropy from infor...
A predicate sequencing constraint logic (PSCL) is proposed to represent test purpose for testing of concurrent programs. The advantage of PSCL rests in its capability of expressing not only sequencing relationships among I/O events, but also data dependencies between event parameters. A PSCL-based symbolic test case generation method is also propos...
An enhanced compositional framework is presented for modelling network protocols with symbolic transition graphs. In the context
of the modelling framework, a sufficient condition for deadlock freedom of network protocols, namely interoperability, is
reconstructed in a more concise way with an advantage that it allows for symbolic verification with...
An enhanced version of metamorphic testing, namely n-iterative metamorphic testing, is proposed to systematically exploit more information out of metamorphic tests by applying metamorphic relations in a chain style. A contrastive case study, conducted within an integrated testing environment MTest, shows that n-iterative metamorphic testing exceeds...
This paper presents an integrated metamorphic testing environment MTest and reports an experimental analysis of the effectiveness of metamorphic testing, which is carried out using MTest with a real program of sparse matrix multiplication. Quantitative evaluation and comparison of special case testing, metamorphic testing with special and random te...
A compositional framework is proposed for modelling network protocols with sym- bolic transition graphs. The main advantages of the framework are that it can address dynamic network topologies without requiring additional mobility facili- ties; and it can work out system models that preserve deadlock freedom, namely the deadlock freedom of a system...
Palamidessi[8] presented two important corollaries with regard to the expressive power of the value passing CCS, the synchronous and asynchronous #-calculi. However they are not well proved due to the electoral algorithm in their proofs. This paper points out the main problem and presents a new solution, which has been verified, via model checking,...
To some extent, interoperability testing is still laborious with little effect, even for those products that have passed conformance testing. This paper mainly discusses the influence of sequential and concurrent implementation structures on interoperability, with two instructive conclusions: a) the sequential structure may lead to deadlock; b) the...
This paper describes a formal method to verify the completeness of conformance testing, in which not only Implementation Under Test (IUT) is formalized in SDL, but also conformance tester is described in SDL so that conformance testing can be performed in simulator provided with CASE tool. The protocol set considered is Bluetooth, an open wireless...
The paper presents a compositional framework for modeling network protocols with symbolic transition graphs. The main advantages of the framework are that it can address dynamic network topologies without requiring additional facilities; and it can work out system models that preserve deadlock freedom, namely the deadlock freedom of a system model...
In Promela, the specification language for Spin, messages passing between processes are able to contain channel identifiers, which intuitively provides a direct way to interpret π-calculus into Promela and therefore verify specifications in π-calculus with Spin. This paper presents a rule-based translation algorithm with an experimental tool pi2pro...
Model checking has been widely applied for verification of network protocols, particularly on the sequences of interactions between protocol entities. Alternatively, optimisation based approaches have been proposed to reason about the large scale dynamics of networks, particu-larly with regard to congestion and rate control protocols such as TCP. T...