Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS.

Published byGyles Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS."— Presentation transcript:

1 Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS Program through award FA8750-12-2-0291 2015-09-16 Formal Verification of Hybrid Control Operator Language Formal Verification of Hybrid Control Operator Language

2 Carnegie Mellon Project’s Goal and High Level Approach Goal Approach To synthesize executable code for the control system of a robot satisfying certain safety and security properties and to produce machine-checkable proofs assuring that this code implements functional specification.  Vehicular control system is specified in HCOL language  HCOL specification is transformed to the code via a series of steps  Transformation steps are formally verified in Coq proof assistant  SPIRAL-Synthesized and formally verified code deployed on a robot. Abstract code HCOL specification HCOL (dataflow) expression Optimized Ʃ-HCOL expression Ʃ-HCOL (loop) expression Optimized abstract code C code Expansion + backtracking Recursive descent Confluent term rewriting Recursive descent Confluent term rewriting Final code

3 Carnegie Mellon HCOL Basic Operators

4 Carnegie Mellon HCOL Formalization An HCOL expression can be represented by an Abstract Syntax Tree (AST). A subset of the language syntax could be defined in Coq using the following inductive type : Example definitions of Polynomial operator: The semantics of is defined via an evaluation function, which takes an HOperator object and an input vector and returns the resulting vector: evalHCOOL: ∀ {m n}, HOperator m n → vector A m → vector A n. Inductive HOperator: nat→ nat → Type := │HOReduction : ∀ m (f: A → A →) ‘{pF: !Proper ( (=) ==> (=) ==> (=) ) f } (id:A), HOperator m 1 │HOPointWise : ∀ n (f: A → A →A) ‘{pF: !Proper ( (=) ==> (=) ==> (=) ) f }, HOperator (n+n) n │HOScalarProd: ∀ {k:nat}, HOperator (k+k) 1 │HOEvalPolynomial: ∀ {n} (a:vector A n), HOperator 1 1 │HOCompose: ∀ m {k} n, HOperator k n → HOperator m k → → HOperator m n. Fixpoint EvalPolynomial {n} ‘{SemiRing A} (a: vector A n) (x:A) : A := match a with nil ⇒ 0 │ cons a0 p a ’ ⇒ a0 + (x × (EvalPolynomial a x )) end Syntax: Semantics: Operators’ definition:

5 Carnegie Mellon HCOL Rewriting Rules

6 Carnegie Mellon Proving HCOL Rewriting Using Coq Proof Assistant Syntax: Inductive type for HCOL expressions Semantics: evaluation Equivalence: extensionality Rewriting rules as lemmas “Translation validation” – proving sequence of rule applications from SPIRAL trace.

7 Carnegie Mellon Rewriting Rules as Lemmas We express each rule as a lemma stating equality of two operators. For example, We defined operator extensional equality: Lemma breakdown_ScalarProd: ∀ {h:nat}, HOScalarProd h = HOCompose _ _ (HOReduction _ (+) 0) (HOPointWise _ (.*.) ). Global Instance HCOL_equiv {i o: nat}: Equiv (HOperator i o) := fun a b ⇒ ∀ (x: vector A i), evalHCOL a x = evalHCOL b x. Informally: two operators “a” and “b” are equal if for any input vector “x” the values of (evalHCOL a x) and (evalHCOL b x) are also equal.

8 Carnegie Mellon Results and Future Directions We completed Axiomatic proofs of the HCOL operator language transformations: 7 breakdown rules 76 Lemmas 2,138 lines of Coq code Next steps to prove:  HCOL ➣ Ʃ-HCOL  Ʃ-HCOL transformations  Ʃ-HCOL ➣ i-Code  i-Code ➣ “C” code generation  “C” code ➣ machine code compilation

9 Carnegie Mellon THANKS! For more information go to: http://www.spiral.net/http://www.spiral.net/ Contact: vzaliva@cmu.edu

Download ppt "Carnegie Mellon Vadim Zaliva, Franz Franchetti Carnegie Mellon University Department of Electrical and Computer Engineering Funded by the DARPA I2O HACMS."

Similar presentations

Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.

Type Inference David Walker COS 320. Criticisms of Typed Languages Types overly constrain functions & data polymorphism makes typed constructs useful.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.

1 1 Regression Verification for Multi-Threaded Programs Sagar Chaki, SEI-Pittsburgh Arie Gurfinkel, SEI-Pittsburgh Ofer Strichman, Technion-Haifa Originally.
Translator Architecture Code Generator ParserTokenizer string of characters (source code) string of tokens abstract program string of integers (object.

Translator Architecture Code Generator ParserTokenizer string of characters (source code) string of tokens abstract program string of integers (object.
1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.

1 Translation Validation: From Simulink to C Michael RyabtsevOfer Strichman Technion, Haifa, Israel Acknowledgement: sponsored by a grant from General.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.

Nicholas Moore Bianca Curutan Pooya Samizadeh McMaster University March 30, 2012.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.

Copyright © 2006 Addison-Wesley. All rights reserved. 3.5 Dynamic Semantics Meanings of expressions, statements, and program units Static semantics – type.
Fall 20021 Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.

Fall Semantics Juan Carlos Guzmán CS 3123 Programming Languages Concepts Southern Polytechnic State University.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.

Automated Soundness Proofs for Dataflow Analyses and Transformations via Local Rules Sorin Lerner* Todd Millstein** Erika Rice* Craig Chambers* * University.
On-the-fly Synthesis of Multi-Clock SVA Jiang Long Andrew Seawright Paparao Kavalipati IWLS’ 2008.

On-the-fly Synthesis of Multi-Clock SVA Jiang Long Andrew Seawright Paparao Kavalipati IWLS’ 2008.
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.

Comp 205: Comparative Programming Languages Semantics of Imperative Programming Languages denotational semantics operational semantics logical semantics.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Similar presentations

Ads by Google