Synthesis from scenarios and requirements

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Catching Bugs in Software Rajeev Alur Systems Design Research Lab University of Pennsylvania
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Transaction Based Modeling and Verification of Hardware Protocols Xiaofang Chen, Steven M. German and Ganesh Gopalakrishnan Supported in part by Intel.
Model Checking : Making Automatic Formal Verification Scale Shaz Qadeer EECS Department University of California at Berkeley.
Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.
Software Reliability CIS 640 Adapted from the lecture notes by Doron Pelel (
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Convertibility Verification and Converter Synthesis: Two Faces of the Same Coin Jie-Hong Jiang EE249 Discussion 11/21/2002 Passerone et al., ICCAD ’ 02.
Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Verification of Hierarchical Cache Coherence Protocols for Future Processors Student: Xiaofang Chen Advisor: Ganesh Gopalakrishnan.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
CS294, YelickConsensus, p1 CS Consensus
Lecture 13 Synchronization (cont). EECE 411: Design of Distributed Software Applications Logistics Last quiz Max: 69 / Median: 52 / Min: 24 In a box outside.
Review of the automata-theoretic approach to model-checking.
ESE601: Hybrid Systems Introduction to verification Spring 2006.
Counterexample Guided Invariant Discovery for Parameterized Cache Coherence Verification Sudhindra Pandav Konrad Slind Ganesh Gopalakrishnan.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Real-Time System Requirements & Design Specs Shaw - Chapters 3 & 4 Homework #2: 3.3.1, 3.4.1, Add Error states to Fig 4.1 Lecture 4/17.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Model Checking LTL over (discrete time) Controllable Linear System is Decidable P. Tabuada and G. J. Pappas Michael, Roozbeh Ph.D. Course November 2005.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.
1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Inferring Temporal Properties of Finite-State Machines with Genetic Programming GECCO’15 Student Workshop July 11, 2015 Daniil Chivilikhin PhD student.
Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Dynamic software reconfiguration using control supervisors Ugo Buy 13 June 2005.
1 Undecidable Problems of Decentralized Observation and Control Stavros Tripakis VERIMAG (based on [Puri,Tripakis,Varaiya-SCODES’01], [Tripakis-CDC’01],
1 Black-box conformance testing for real-time systems Stavros Tripakis VERIMAG Joint work with Moez Krichen.
Network Protocols Network Systems Security Mort Anvari.
Predicate Abstraction. Abstract state space exploration Method: (1) start in the abstract initial state (2) use to compute reachable states (invariants)
Modelling and Analysis of Time-related Properties in Web Service Compositions Raman KazhamiakinParitosh K. PandyaMarco Pistore
Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event.
1 Proving program termination Lecture 5 · February 4 th, 2008 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Basic concepts of Model Checking
Algorithms and Problem Solving
1.3 Finite State Machines.
Matching Logic An Alternative to Hoare/Floyd Logic
Formal verification in SPIN
Formal Specifications for Complex Systems (236368) Tutorial #10
Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc.
Program Synthesis is a Game
Lecture 8 Functional synthesis
Timed Automata Formal Systems Pallab Dasgupta Professor,
Formal Methods in software development
Presentation Title Global-scale systems that know when they are behaving badly NSF workshop on grand challenges in distributed systems Jeff Mogul, HP.
Algorithms and Problem Solving
Introduction to verification
COT 5611 Operating Systems Design Principles Spring 2014
Presentation transcript:

Synthesis from scenarios and requirements Joint work with R. Alur, M. Martin, M. Raghothaman, A. Udupa (UPenn), and C. Stergiou (Berkeley & Upenn) Part of NSF Expeditions Project ExCAPE (co-PI) Tripakis

Synthesis – raising the level of abstraction in system design Verification: Design system “by hand”: 𝑆 State system requirements: 𝜙 Check if system meets requirements: 𝑆⊨𝜙 ? Synthesis: Generate automatically (synthesize) system 𝑆 that satisfies 𝜙 by construction. Tripakis

Limitations of synthesis Methodologically difficult Not always easy to write complete formal specs (e.g., imagine complete formal spec for Intel Pentium) Algorithmically expensive => does not scale E.g., doubly exponential algorithms in the length of the formal spec (temporal logic formulas) Generally undecidable for distributed controllers Tripakis

ABP: reliable transmission over an unreliable channel Sending client Receiving client deliver done msg O,1 O,1 Forward channel ABP sender ABP receiver O,1 O,1 Backward channel Channels are lossy but FIFO.

Challenge problem: synthesize the ABP automatically! Sending client Receiving client deliver done msg O,1 O,1 Forward channel ? ? O,1 O,1 Backward channel

Can be formalized as a decentralized controller synthesis problem Plant Controller 1 Controller 2 (locally) observable events controllable Unfortunately problem is undecidable …

Our work: Synthesis from Scenarios and Requirements Idea: combine requirements + example scenarios Synthesis tool example scenarios formal requirements (safety, liveness, deadlock-freedom, …) synthesized protocol (state machines) These are typically not complete specs! Tripakis

Synthesis using Scenarios Learn (generalize) behavior from examples Often only a few scenarios required (1-10) Synthesis becomes an automata completion problem Scenario 1 (nominal) Scenario 2 (msg loss) Scenario 3 (ack loss) Scenario 4 (delay)

From Scenarios to Incomplete Automata Process S0: empty message history S1: a! S0 initial S2: a! b? a! a! b? S1 S0 S1 S2 b? S0 = S2 a! initial S1 S2 initial b?

Automata Completion Incomplete automata using first scenario: ABP Receiver ABP Sender Completed automata after adding missing inputs:

Synthesis from Scenarios and Requirements: Results Able to synthesize the Alternating Bit Protocol (ABP) and other simple finite-state protocols (cache coherence, consensus, …) fully automatically [HVC 2014]. Progress towards industrial-level protocols modeled as extended state machines [CAV 2015]: synthesis of symbolic expressions. Tripakis

Counterexample-guided Synthesis from Scenarios and Requirements: completion of (extended) state machines At the heard of the synthesis method: completion of incomplete machines: find missing transitions, guards, assignments, etc. Counterexample-guided synthesis Tripakis

Back-up slides Tripakis

Synthesis from LTL Tripakis

Synthesis – state of the art Able to automatically synthesize controller for an avionic electric power generation and distribution system (EPS) Formal spec: LTL (linear temporal logic) Using Tulip synthesis tool (Caltech) Input: ~40 lines of LTL Output: ~3k lines of Matlab Synthesis time < 1 min EPS Case study by: Pierluigi Nuzzo & Antonio Iannopollo (UC Berkeley), and Eelco Scholte (UTC)

Case study “Manual” controller design vs. Controller automatically synthesized from formal specification Tripakis

Case study: controller design for an avionic electric power generation and distribution system (EPS) Case study by: Pierluigi Nuzzo & Antonio Iannopollo (UC Berkeley), and Eelco Scholte (UTC)

EPS requirements (in English) Assumptions: Guarantees:

EPS requirements (in English)

“Manual” controller design “Hand-written” controller: ~2 PhD student weeks Complex, not obvious that it works ⇒ Still needs to be verified

[](gl_healthy | gr_healthy | al_healthy | ar_healthy) Formal specification From English to a formal specification language Linear temporal logic (LTL) Close mapping from English to LTL: [](gl_healthy | gr_healthy | al_healthy | ar_healthy)

Formal specification for EPS ~40 lines of LTL #Assumptions (gl_healthy & gr_healthy & al_healthy & ar_healthy) [](gl_healthy | gr_healthy | al_healthy | ar_healthy) [](!gl_healthy -> X(!gl_healthy) ) [](!gr_healthy -> X(!gr_healthy) ) [](!al_healthy -> X(!al_healthy) ) [](!ar_healthy -> X(!ar_healthy) ) #Guarantees (!c1 & !c2 & !c3 & !c4 & !c5 & !c6 & !c7 & !c8 & !c9 & !c10 & !c11 & !c12 & !c13) [](X(c7) & X(c8) & X(c11) & X(c12) & X(c13)) [](!(c2 & c3)) [](!(c1 & c5 & (al_healthy | ar_healthy))) [](!(c4 & c6 & (al_healthy | ar_healthy))) []((X(gl_healthy) & X(gr_healthy) ) -> X(!c2) & X(!c3) & X(!c9) & X(!c10)) []((X(!gl_healthy) & X(!gr_healthy) ) -> X(c9) & X(c10)) [](X(!gl_healthy)-> X(!c1) ) [](X(!gr_healthy)-> X(!c4) ) [](X(!al_healthy)-> X(!c2) ) [](X(!ar_healthy)-> X(!c3) ) [](X(gl_healthy) -> X(c1) ) [](X(gr_healthy) -> X(c4) ) … #Guarantees … [](!gl_healthy -> X(c5)) [](!gr_healthy -> X(c6)) []((X(gl_healthy) & X(gr_healthy) ) -> (X(!c5) & X(!c6) )) []((X(!gl_healthy) & X(al_healthy) & X(gr_healthy) ) -> ( X(c2) & X(c3)) ) []((X(!gl_healthy) & X(!gr_healthy) & X(al_healthy) & !c3 & !c2) -> X(c2) ) []((X(al_healthy) & c2) -> X(c2) ) []((X(ar_healthy) & c3) -> X(c3) ) []((X(!gl_healthy) & X(!al_healthy) & X(ar_healthy) & !c2) -> X(c3) ) []((X(!gr_healthy) & X(!ar_healthy) & X(al_healthy) & !c3) -> X(c2) ) []((!gl_healthy & !al_healthy & !ar_healthy) -> X(c6) ) []((!gr_healthy & !ar_healthy & !al_healthy) -> X(c5) )

Automatic controller synthesis from LTL spec Controller (~3k lines of Matlab code) automatically synthesized in <1 min using the tool Tulip (Caltech)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.