Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Knowledge Engineering for Planning Domain Design Ron Simpson University of Huddersfield.

Partial Order Reduction: Main Idea

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.

The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

1 Inductive Equivalence of Logic Programs Chiaki Sakama Wakayama University Katsumi Inoue National Institute of Informatics ILP

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Timed Automata.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

Reasoning about Actions and Causality Θεωρίες Δράσης και Αιτιότητας Θοδωρής Πάτκος Αναπαράσταση και Επεξεργασία Γνώσης ΗΥ

Nonmonotonic Abductive – Inductive Learning Oliver Ray Department of Computer Science University of Bristol AIAI'07, September 15th, 2007 Aix-en-Provence.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

ISBN Chapter 3 Describing Syntax and Semantics.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

A Preliminary Study on Reasoning About Causes Pedro Cabalar AI Lab., Dept. of Computer Science University of Corunna, SPAIN.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.

Review of the automata-theoretic approach to model-checking.

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

Describing Syntax and Semantics

Model Checking LTL over (discrete time) Controllable Linear System is Decidable P. Tabuada and G. J. Pappas Michael, Roozbeh Ph.D. Course November 2005.

Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.

2007/9/15AIAI '07 (Aix-en-Provence, France)1 Reconsideration of Circumscriptive Induction with Pointwise Circumscription Koji Iwanuma 1 Katsumi Inoue 2.

Ontologies Reasoning Components Agents Simulations Belief Update, Planning and the Fluent Calculus Jacques Robin.

BACKGROUND KNOWLEDGE IN ONTOLOGY MATCHING Pavel Shvaiko joint work with Fausto Giunchiglia and Mikalai Yatskevich INFINT 2007 Bertinoro Workshop on Information.

A Logic for Decidable Reasoning about Services Yilan Gu Dept. of Computer Science University of Toronto Mikhail Soutchanski Dept. of Computer Science Ryerson.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

The Bernays-Schönfinkel Fragment of First-Order Autoepistemic Logic Peter Baumgartner MPI Informatik, Saarbrücken.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

CS 363 Comparative Programming Languages Semantics.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software FOAL '10Mar. 15, 2010 Yasuyuki Tahara, Akihiko Ohsuga The University of.

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)

Kansas State University Department of Computing and Information Sciences CIS 730: Introduction to Artificial Intelligence Lecture 13 of 41 Monday, 20 September.

Deriving Operational Software Specification from System Goals Xin Bai EEL 5881 Course Fall, 2003.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Chapter 17. Assertions State Assertion – predicate intended to express that a descriptive or prescriptive property holds in an arbitrarily chose current.

Inverse Entailment in Nonmonotonic Logic Programs Chiaki Sakama Wakayama University, Japan.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Ukrprog Formal requirement language and its applications A.Letichevsky Glushkov Institute of Cybernetics.

1 Reasoning with Infinite stable models Piero A. Bonatti presented by Axel Polleres (IJCAI 2001,

1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

On Abductive Equivalence Katsumi Inoue National Institute of Informatics Chiaki Sakama Wakayama University MBR

29/06/2016Verification Synchronous Languages Verification.

Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.

Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,

Automatic Test Generation

Formal methods: Lecture

Review for the Midterm Exam

Relatively Complete Refinement Type System for Verification of Higher-Order Non-deterministic Programs Hiroshi Unno (University of Tsukuba) Yuki Satake.

CSEP590 – Model Checking and Automated Verification

MA/CSSE 474 More Math Review Theory of Computation

WSSL: A Fluent Calculus-based Language for Web Service Specifications

Finite-Trace Linear Temporal Logic: Coinductive Completeness

Translating Linear Temporal Logic into Büchi Automata

Introduction to verification

Presentation transcript:

Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th 2007

2 System Development Cycle Requirements Design Testing Implementation Requirements

3 Requirements Elaboration Operationalization Techniques Goals:BookRequestSatisfied Operations: checkOut,issueReminder,.. Agents:System, borrower,.. Objects: book(found,borrowed, … ) Operation: checkOut Operation: IssueReminder Precondition: Book Available Trigger condition:has been borrowed for at least 2wks and there hasn’t been a reminder within the last week

4 Drawbacks Patterns become too complex Restricted to pattern catalog Size of specification becomes too large (some may be irrelevant) Lacks automated support

5 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

6 Mine Pump Controller

7 Linear Temporal Logic A propositional logic for modeling event- based systems over a linear temporal structure The language is composed of –Boolean Propositions (P) –Boolean operators( , , ,  ) –Temporal Operators ( , , , U,W) *Propositions divided into two disjoint sets (event propositions and fluent propositions). P f ={pumpOn, criticalMethane, highWater} P e ={switchPumpOn, switchPumpOff, signalCriticalMethane, signalNoCriticalMethane, signalHighWater, signalNoHighWater}

8 LTL Model s0s0 s1s1 s3s3 s2s2 signalNoHighWater switchPumpOn switchPumpOff signalNoHighWater signalHighWater  Composed of a Labeled Transition System and a valuation function. labels Initial state states Transition Relation  ={(s 0,signalHighWater.s 1 ),(s 1, switchPumpOn,s 2 ),…}

9 LTL Model -2 The truth value of an event fluent at state s i depends on the i th transition label. The truth value of a fluent proposition depends on the path and position in a path of a labeled transition system. LTL formulae are interpreted over paths of a Labeled Transition System LTS  HighWater U signalNotHighWater s0s0 s1s1 s3s3 s2s2 signalNoHighWater switchPumpOn switchPumpOff signalNoHighWater signalHighWater HighWater HighWater PumpOn HighWater

10 Partial System Specification-1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Partial System Specification Initial state  (0  i  n) f i  (0  j  m)  f j Effect Axioms:  (e  f )  (e  f ) Persistence Axioms:  (f  f W E T )  (  f   f W E I )

11 Partial System Specification- 2 Mine Pump Partial System Specification Initial state: e.g.  pumpOn   criticalMethane  highWater Effect Axioms: e.g.  (switchPumpOn  pumpOn )  (switchPumpOff  pumpOn ) Persistence Axioms: e.g.  (pumpOn  pumpOn W switchPumpOn)  (  pumpOn   pumpOn W switchPumpOff)

12 Scenario Properties -1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Scenario Properties Universal scenario Property: satisfied by all possible system behavior.  (  i<n)  i e i   n (  )e n Existential scenario Property: satisfied by at least one.  (1  j<m)  j e j   m (  )e m

13 Scenario Properties-2 Mine Pump Scenario Properties Universal scenario Property: –  signalCriticalMethane   2 signalHighWater   3  switchPumpOn Existential scenario Property: –  signalHighWater   2 switchPumpOn –   switchPumpOn

14 A Model of the Mine Pump switchPumpOn u 1 =  signalCriticalMethane   2 signalHighWater   3  switchPumpOn e 1 =  signalHighWater   2 switchPumpOn e 2 =   switchPumpOn

15 Operational Requirements -1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Precondition Axioms:  (  (1  j  n) (  )f j    e ) Trigger-Condition Axioms:  (  (1  k  m) (  )f k   e)

16 Opertational Requirements -2 Mine Pump Operational Requirements: Precondition Axioms:  (criticalMethane    switchPumpOn ) Trigger-Condition Axioms:  ((highWater  ¬ criticalMethene)   switchPumpOn)

17 The Task Given Partial System Specification Spec and a set of Universal and existential scenario properties SP u and Sp e, find a set of pre- and trigger conditions (Pre U Trig) such that: Spec U (Pre U Trig) |= sp u Spec U (Pre U Trig) |=/= ¬sp e *Pre U Trig are called a correct extension of Spec

18 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

19 Event Calculus Logic Program Domain dependent axioms –Initial State: initially(F,S) –Effect Axioms: initiates(E,F,T,S), terminates(E,F,T,S), –Event Axioms: impossible(E,T,S):-(not) holdsAt(F 1,T,S),.. triggered(E,T,S):- (not) holdsAt(F 1,T,S),.. Narrative: –attempt(E,T,S). Domain independent axioms –holdsAt(F,T2,S):- initially(F,S), not clipped(0,F,T2,S) –holdsAt(F,T2,S):- happens(E,T1,S), initiates(E,F,S,T1),T1<T2, not clipped(T1,F,T2,S). –clipped(T1,F,T2,S):- happens(E,T,S), terminates(E,F,T,S), T1<T, T < T2. –happens(E,T,S):- attempt(E,T,S), not impossible(E,T,S) –happens(E,T,S):- attempt(E,T,S), triggered(E,T,S). –:- triggered(E,T,S), impossible(E,T,S).

20 Learning Event Calculus Programs Given Partial Set of Domain dependant axioms Domain Independent axioms Narrative Event facts Find Additional Domain Dependant Axioms that explain the event facts. B E H B U H |= E

21 Sound Translation For any fluent f and position i , i |= f For any event e and position i , i |= e Obtaining program  composed of –  (Spec) –Nar ={ attempt(e i,i-1,s)| e i is the i th label in  } Given –System Specification Spec –A finite path  =e 1,e 2,…  |= holdsAt(f,i,  )  |= happens(e,i-1,  )

22 Step 1: Transform Specification into Logic Program -1 LTL Initial State Axioms Initial state facts  pumpOn   criticalMethane  highWater not initially(pumpOn,S). not initially(criticalMethane,S). not initially(highWater,S).

23 Step 1: Transform Specification into Logic Program -2 LTL Effect Axioms EC effect Axioms  (switchPumpOn  pumpOn )  (switchPumpOff  pumpOn ) initiates(switchPumpOn,pumpOn,T,S). terminates(switchPumpOff,pumpOn,T,S).

24 Step 1: Transform Specification into Logic Program -3 Scenario Properties  signalCriticalMethane   2 signalHighWater   3  switchPumpOn Narrative attempt(signalCriticalMethane,0,u1). attempt(signalHighWater,1,u1). attempt(switchPumpOn,2,u1). Event facts happens(signalCriticalMethane,0,u1). happens(signalHighWater,1,u1). not happens(switchPumpOn,2,u1).

25 Step 1: Transform Specification into Logic Program -4 Universal Scenario Prporties  signalHighWater   switchPumpumpOn Narrative attempt(signalHighWater,0,e1). attempt(switchPumpOn,1,e1). Action facts happens(signalHighWater,0,e1). happens(switchPumpOn,1,e1).

26 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

27 XHAIL: Extended Hybrid Abductive Inductive Learning Three phases –Abductive: Produce a set of ground atoms  such that B U  |= E –Deductive: Produce a set of ground clauses K ={k =  :- b } –Inductive: Produces a hypothesis H subsumes K

28 Step 2: Using XHAIL modeh(*,impossible(#event, +time,+scenario)) modeh(*,triggered(#event, +time, +scenario)) modeb(*,holdsAt(#fluent,+time,+scenario)) modeb(*,not holdsAt(#fluent, +time,+scenario)) % initiates(switchPumpOn,pumpOn,T,S). terminates(switchPumpOff,pumpOn,T,S). % attempt(signalCriticalMethane,0,u1). attempt(signalHighWater,1,u1). attempt(switchPumpOn,2,u1). % happens(signalCriticalMethane,0,u1). happens(signalHighWater,1,u1). not happens(switchPumpOn,2,u1). % initiates happens(E,T,S) :- attempts (E,T,S), not impossible (E,T,S) holdsAt(F,T2,S) :- initiates (E,F,T,S), happens (E,T,S), not clipped(T1,F,T2,S).  ={triggered(switchPumpOn, 1, e2), impossible(switchPumpOn, 2,u1), impossible(tswitchPumpOn, 0,e1)} K={triggered(switchPumpOn, 1, e2):- holdsAt(highWater,1,e2). not holdsAt(pumpOn,2,e2), not holdsAt(criticalMethane,2,e2). impossible(switchPumpOn, 2,u1):- holdsAt(highWater,2,u1). not holdsAt(pumpOn,2,u1), holdsAt(criticalMethane,2,u1). impossible(switchPumpOn, 0,e1) :- not holdsAt(highWater,0, e1), not holdsAt(pumpOn,0,e1), not holdsAt(criticalMethane,0, e1). H={triggered(switchPumpOn, X, Y):- holdsAt(highWater,X,Y). not holdsAt(criticalMethane,X,Y). impossible(switchPumpOn, X,Y):-holdsAt(criticalMethane,X,Y). impossible(switchPumpOn, X,Y) :- not holdsAt(highWater,X, Y)}

29 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

30 Step 3: Transform into Requirements Hypothesis LTL Operational requirements triggered(turnPumpOn, X, Y):- holdsAt(highWater,X,Y). not holdsAt(methane,X,Y).  ( (highWater  criticalMethane)   switchPumpOn) impossible(turnPumpOn, X,Y):-holdsAt(methane,X,Y).  ( criticalMethane    switchPumpOn)

31 A Correct Extension with respect to an Inductive solution Obtaining the corresponding: –Partial System Description –Set of Scenario properties Find: –A a correct extension with respect to Spec and SP u U SP e Given Partial Set of Domain dependant axioms Domain Independent axioms Narrative Event facts Find Additional Domain dependant Axioms that explain the event facts B U H |= E Spec U  -1 (H) |= sp u Spec U  -1 (H) |=\= sp e B E H

32 Extended Specification Model SpecSpec U Pre U Trig switchPumpOn

33 Conclusion Novel application of Abduction and Induction in the requirements elaboration process. The need for non-monotonic Learning systems. The Framework provides a back-end computational approach for the operationalization process.

34 Current and Future Work -1 Including Information about goals and agents in the partial specification Learning other types of requirements such as post-conditions. Learning requirements from discrete- time based models (goal driven models).

35 Current and Future Work -2 Handling incomplete scenarios Representing system Goals and assumptions as Integrity constraints. Integrating ILP and model checking techniques such that scenarios are generated automatically using model checking tools. Thorough comparison of results obtained from other non monotonic approaches.

36 Thank You

37 An LTS of the Mine Pump

38 Theorem 2 Given –a partial specification –set of consistent scenario properties –the EC theory (B,E)=Tr(Spec,SPu,SPe) –S be the set of EC event axioms. Then, –For any inductive generalisation H of E wrt. B and S, the corresponding set Tr(Pre U Trig)=(H) of LTL pre-condition and trigger-condition axioms is a correct extension of Spec with respect to SPu and SPe.

39