1,114 research outputs found
A multi-paradigm language for reactive synthesis
This paper proposes a language for describing reactive synthesis problems
that integrates imperative and declarative elements. The semantics is defined
in terms of two-player turn-based infinite games with full information.
Currently, synthesis tools accept linear temporal logic (LTL) as input, but
this description is less structured and does not facilitate the expression of
sequential constraints. This motivates the use of a structured programming
language to specify synthesis problems. Transition systems and guarded commands
serve as imperative constructs, expressed in a syntax based on that of the
modeling language Promela. The syntax allows defining which player controls
data and control flow, and separating a program into assumptions and
guarantees. These notions are necessary for input to game solvers. The
integration of imperative and declarative paradigms allows using the paradigm
that is most appropriate for expressing each requirement. The declarative part
is expressed in the LTL fragment of generalized reactivity(1), which admits
efficient synthesis algorithms, extended with past LTL. The implementation
translates Promela to input for the Slugs synthesizer and is written in Python.
The AMBA AHB bus case study is revisited and synthesized efficiently,
identifying the need to reorder binary decision diagrams during strategy
construction, in order to prevent the exponential blowup observed in previous
work.Comment: In Proceedings SYNT 2015, arXiv:1602.0078
Validity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts
Automated synthesis of reactive systems from specifications has been a topic
of research for decades. Recently, a variety of approaches have been proposed
to extend synthesis of reactive systems from proposi- tional specifications
towards specifications over rich theories. We propose a novel, completely
automated approach to program synthesis which reduces the problem to deciding
the validity of a set of forall-exists formulas. In spirit of IC3 / PDR, our
problem space is recursively refined by blocking out regions of unsafe states,
aiming to discover a fixpoint that describes safe reactions. If such a fixpoint
is found, we construct a witness that is directly translated into an
implementation. We implemented the algorithm on top of the JKind model checker,
and exercised it against contracts written using the Lustre specification
language. Experimental results show how the new algorithm outperforms JKinds
already existing synthesis procedure based on k-induction and addresses
soundness issues in the k-inductive approach with respect to unrealizable
results.Comment: 18 pages, 5 figures, 2 table
Diamonds are not forever: Liveness in reactive programming with guarded recursion
When designing languages for functional reactive programming (FRP) the main
challenge is to provide the user with a simple, flexible interface for writing
programs on a high level of abstraction while ensuring that all programs can be
implemented efficiently in a low-level language. To meet this challenge, a new
family of modal FRP languages has been proposed, in which variants of Nakano's
guarded fixed point operator are used for writing recursive programs
guaranteeing properties such as causality and productivity. As an apparent
extension to this it has also been suggested to use Linear Temporal Logic (LTL)
as a language for reactive programming through the Curry-Howard isomorphism,
allowing properties such as termination, liveness and fairness to be encoded in
types. However, these two ideas are in conflict with each other, since the
fixed point operator introduces non-termination into the inductive types that
are supposed to provide termination guarantees.
In this paper we show that by regarding the modal time step operator of LTL a
submodality of the one used for guarded recursion (rather than equating them),
one can obtain a modal type system capable of expressing liveness properties
while retaining the power of the guarded fixed point operator. We introduce the
language Lively RaTT, a modal FRP language with a guarded fixed point operator
and an `until' type constructor as in LTL, and show how to program with events
and fair streams. Using a step-indexed Kripke logical relation we prove
operational properties of Lively RaTT including productivity and causality as
well as the termination and liveness properties expected of types from LTL.
Finally, we prove that the type system of Lively RaTT guarantees the absence of
implicit space leaks
Observation and abstract behaviour in specification and implementation of state-based systems
Classical algebraic specification is an accepted framework for specification. A criticism which applies is the
fact that it is functional, not based on a notion of state as most software development and implementation languages
are. We formalise the idea of a state-based object or abstract machine using algebraic means. In contrast to similar approaches we consider dynamic logic instead of equational logic as the framework for specification and implementation. The advantage is a more expressive language allowing us to specify safety and liveness conditions. It also allows a clearer distinction of functional and state-based parts which require different treatment in order to achieve behavioural abstraction when necessary. We shall in particular focus on abstract behaviour and observation. A behavioural notion of satisfaction for state-elements is needed in order to abstract from irrelevant details of the state realisation
Refinement Calculus of Reactive Systems
Refinement calculus is a powerful and expressive tool for reasoning about
sequential programs in a compositional manner. In this paper we present an
extension of refinement calculus for reactive systems. Refinement calculus is
based on monotonic predicate transformers, which transform sets of post-states
into sets of pre-states. To model reactive systems, we introduce monotonic
property transformers, which transform sets of output traces into sets of input
traces. We show how to model in this semantics refinement, sequential
composition, demonic choice, and other semantic operations on reactive systems.
We use primarily higher order logic to express our results, but we also show
how property transformers can be defined using other formalisms more amenable
to automation, such as linear temporal logic (suitable for specifications) and
symbolic transition systems (suitable for implementations). Finally, we show
how this framework generalizes previous work on relational interfaces so as to
be able to express systems with infinite behaviors and liveness properties
Desynchronization: Synthesis of asynchronous circuits from synchronous specifications
Asynchronous implementation techniques, which measure logic delays at run time and activate registers accordingly, are inherently more robust than their synchronous counterparts, which estimate worst-case delays at design time, and constrain the clock cycle accordingly. De-synchronization is a new paradigm to automate the design of asynchronous circuits from synchronous specifications, thus permitting widespread adoption of asynchronicity, without requiring special design skills or tools. In this paper, we first of all study different protocols for de-synchronization and formally prove their correctness, using techniques originally developed for distributed deployment of synchronous language specifications. We also provide a taxonomy of existing protocols for asynchronous latch controllers, covering in particular the four-phase handshake protocols devised in the literature for micro-pipelines. We then propose a new controller which exhibits provably maximal concurrency, and analyze the performance of desynchronized circuits with respect to the original synchronous optimized implementation. We finally prove the feasibility and effectiveness of our approach, by showing its application to a set of real designs, including a complete implementation of the DLX microprocessor architectur
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
- …