Upload
martha-horn
View
40
Download
0
Embed Size (px)
DESCRIPTION
Open Implication. Outline. Context Introduction LTL specifications, systems example Formal Definition, Complexity Algorithms with optimal complexity Safraless GR(1) Experimental Results Summary. Big Picture. What do HW and SW designers do? Write a specification Implement system - PowerPoint PPT Presentation
Citation preview
Institute for Applied Information Processing and Communications
1
Karin Greimel Semmering, 2008-05-19 Open Implication
Open Implication
Institute for Applied Information Processing and Communications
2
Karin Greimel Semmering, 2008-05-19 Open Implication
Outline
• Context• Introduction
– LTL specifications, systems– example
• Formal Definition, Complexity• Algorithms
– with optimal complexity– Safraless– GR(1)
• Experimental Results• Summary
Institute for Applied Information Processing and Communications
3
Karin Greimel Semmering, 2008-05-19 Open Implication
Big Picture
What do HW and SW designers do?
1. Write a specification
2. Implement system
3. Check if sys. realizes spec.
4. Debug
Our idea of HW/SW design:
1. Write specification
2. Automatically construct
3. Relax
Institute for Applied Information Processing and Communications
4
Karin Greimel Semmering, 2008-05-19 Open Implication
LTL Specifications
Linear Temporal Logic:• High level specification language• Boolean logic + temporal operators (X, G, F, U)• Semantics defined over infinite sequences (= words = traces)• Describe behavior of open systems
Open system ( = Moore machine = transducer):• Interacts with its environment (output and input variables)• Examples: controller for elevator, traffic light, arbiter for a bus
Definitions: An open system realizes an LTL formula iff all traces of the open system satisfy the formula.
Verification: Does a given system realize the specification.Realizability: Is there an open system that realizes a given spec.?Synthesis: Automatically construct an open system realizing the spec..
Institute for Applied Information Processing and Communications
5
Karin Greimel Semmering, 2008-05-19 Open Implication
LTL Specifications - Example
Part of a requirement for an arbiter:• a ... acknowledgement, output variable• r ... request, input variable
f = GF(r) → G(a→X(¬a)) If there is always a request at some point, then always if there is an
ack., there is no ack. in the next step.
Open system realizing f, all traces satisfy f:
Institute for Applied Information Processing and Communications
6
Karin Greimel Semmering, 2008-05-19 Open Implication
Example Equivalence
Are f and g equivalent?
Consider w = (a,¬r)ω, w satisfies f but not g.
Find an open system which realizes f but not g?
f = GF(r) → G(a→X(¬a))g = G(a→X(¬a)) Not equivalent!
Institute for Applied Information Processing and Communications
7
Karin Greimel Semmering, 2008-05-19 Open Implication
Definitions
Motivation:• Synthesis of g: find a smaller specification f such that
f →o g and synthesise f.
• Verification of g: find a smaller specification f such that
f →o g and f →o g and verify f.
Definition: Given two LTL formulas f and g, f open-implies g (f →o g) if all open systems realizing f also realize g.
Definition: Given two LTL formulas f and g, f trace-implies g if all traces satisfying f also satisfy g.
Institute for Applied Information Processing and Communications
8
Karin Greimel Semmering, 2008-05-19 Open Implication
Comparison
Definition of equivalence of LTL specifications with respect to open systems and with respect to traces.
+ Open-implication is weaker:• f = GF(r) → G(a→X(¬a)) and g = G(a→X(¬a))• are not trace equivalent but open equivalent.
- Open-implication has a very high complexity:• same complexity as realizability,
• consider f →o false,
• 2EXP.
Institute for Applied Information Processing and Communications
10
Karin Greimel Semmering, 2008-05-19 Open Implication
Algorithm - Idea
Find an open system that realizes f but not g, then ¬(f →o g): – An open system does not realize g iff there exists a trace that
satisfies ¬g.
Calculate realizability for f and satisfiability for ¬g simultaneously.
An open system can be represented by a tree:
every trace of the open system corresponds to a path in the tree.
Institute for Applied Information Processing and Communications
11
Karin Greimel Semmering, 2008-05-19 Open Implication
Algorithm with optimal complexity
1) Realizability (2EXP):– f → Deterministic Parity Tree automaton– f realizable iff language of the DPT is not empty– tree accepted by the DPT ≙ open system realizing f
2) Satisfiability (PSPACE): – ¬g → Nondeterministic Büchi Word automaton– ¬g satisfiable iff language of NBW is not empty– word accepted by the NBW ≙ word satisfying ¬g
Institute for Applied Information Processing and Communications
12
Karin Greimel Semmering, 2008-05-19 Open Implication
Algorithm - Safraless
Calculate realizability avoiding Safra’s determinization construction (O. Kupferman and M. Y. Vardi. Safraless decision procedures.):
• f → Universal Co-Büchi Tree automaton• tree accepted by the UCT ≙ open system realizing f• UCT → Nondeterministic Büchi Tree automaton with bound k
• tree accepted by the NBTk ≙ open system of size ≤ k realizing f
+ easier to implement
+ incremental approach, useful to find counter examples
- does not meet the lower bound
Institute for Applied Information Processing and Communications
13
Karin Greimel Semmering, 2008-05-19 Open Implication
Implementation
Consider a subset of LTL: General Reactivity of Rank 1 (GR(1))(N. Piterman, A. Pnueli and Y. Sa‘ar. Synthesis of reactive(1) designs) :
g = ge → gs environment assumption → system guaranty
Environment assumptions and system guaranties can be represented by deterministic Büchi automata.
Example: f = GFr → G(a→X(¬a))
f →o g?:• Calculate realizability for f and satisfiability for ¬g simultaneously,• by solving a fixpoint formula.• Symbolic algorithm in P.
Institute for Applied Information Processing and Communications
14
Karin Greimel Semmering, 2008-05-19 Open Implication
Results of Arbiter Case Study: new →o old
Time needed for calculations
1
10
100
1000
10000
100000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
number of masters
tim
e (s
)
synthesis old
synthesis new
open implication
R. Bloem, S. Galler, B. Jobstmann, N. Piterman, A. Pnueli und M. Weiglhofer:
- Automatic hardware synthesis from specification: A case study- Specify, compile, run: Hardware from PSL
Time for synthesis new + open implication << time for old synthesis
Institute for Applied Information Processing and Communications
15
Karin Greimel Semmering, 2008-05-19 Open Implication
Summary
• Defined open implication:– Compared to trace-implication
• Developed 3 algorithms:– Automata theoretic with optimal complexity– Automata theoretic avoiding Safras construction– Fixpoint formula for GR(1) with implementation
• Case study
Institute for Applied Information Processing and Communications
16
Karin Greimel Semmering, 2008-05-19 Open Implication
Thank you for your attention
References:O. Kupferman and M. Y. Vardi. Safraless decision procedures. In
Symposium on Foundations of Computer Science (FOCS’05), pages 531-542, 2005.
N. Piterman, A. Pnueli and Y. Sa‘ar. Synthesis of reactive(1) designs. In Proc. Verification, Model Checking and Abstract Interpretation, pages 364-380, 2006
R. Bloem, S. Galler, B. Jobstmann, N. Piterman, A. Pnueli und M. Weiglhofer. Automatic hardware synthesis from specifications: A case study. In DATE, 2007.
R. Bloem, S. Galler, B. Jobstmann, N. Piterman, A. Pnueli und M. Weiglhofer. Specify, compile, run: Hardware from PSL. In 6th International Workshop on Compiler Optimization Meets Compiler Verification, pages 3-16, 2007.