Synthesizing Multiple Boolean Functions using Interpolation on a Single Proof

It is often difficult to correctly implement a Boolean controller for a complex system, especially when concurrency is involved. Yet, it may be easy to formally specify a controller. For instance, for a pipelined processor it suffices to state that the visible behavior of the pipelined system should be identical to a non-pipelined reference system (Burch-Dill paradigm). We present a novel procedure to efficiently synthesize multiple Boolean control signals from a specification given as a quantified first-order formula (with a specific quantifier structure). Our approach uses uninterpreted functions to abstract details of the design. We construct an unsatisfiable SMT formula from the given specification. Then, from just one proof of unsatisfiability, we use a variant of Craig interpolation to compute multiple coordinated interpolants that implement the Boolean control signals. Our method avoids iterative learning and back-substitution of the control functions. We applied our approach to synthesize a controller for a simple two-stage pipelined processor, and present first experimental results.Comment: This paper originally appeared in FMCAD 2013, http://www.cs.utexas.edu/users/hunt/FMCAD/FMCAD13/index.shtml. This version includes an appendix that is missing in the conference versio

Synthesizing Robust Systems with RATSY

Specifications for reactive systems often consist of environment assumptions and system guarantees. An implementation should not only be correct, but also robust in the sense that it behaves reasonably even when the assumptions are (temporarily) violated. We present an extension of the requirements analysis and synthesis tool RATSY that is able to synthesize robust systems from GR(1) specifications, i.e., system in which a finite number of safety assumption violations is guaranteed to induce only a finite number of safety guarantee violations. We show how the specification can be turned into a two-pair Streett game, and how a winning strategy corresponding to a correct and robust implementation can be computed. Finally, we provide some experimental results.Comment: In Proceedings SYNT 2012, arXiv:1207.055

LNCS

Boolean controllers for systems with complex datapaths are often very difficult to implement correctly, in particular when concurrency is involved. Yet, in many instances it is easy to formally specify correctness. For example, the specification for the controller of a pipelined processor only has to state that the pipelined processor gives the same results as a non-pipelined reference design. This makes such controllers a good target for automated synthesis. However, an efficient abstraction for the complex datapath elements is needed, as a bit-precise description is often infeasible. We present Suraq, the first controller synthesis tool which uses uninterpreted functions for the abstraction. Quantified firstorder formulas (with specific quantifier structure) serve as the specification language from which Suraq synthesizes Boolean controllers. Suraq transforms the specification into an unsatisfiable SMT formula, and uses Craig interpolation to compute its results. Using Suraq, we were able to synthesize a controller (consisting of two Boolean signals) for a five-stage pipelined DLX processor in roughly one hour and 15 minutes

RATSY – A new Requirements Analysis Tool with Synthesis ⋆

Abstract. Formal specifications play an increasingly important role in system design-flows. Yet, they are not always easy to deal with. In this paper we present RATSY, a successor of the Requirements Analysis Tool RAT. RATSY extends RAT in several ways. First, it includes a new graphical user interface to specify system properties as simple Büchi word automata. Second, it can help debug incorrect specifications by means of a game-based approach. Third, it allows correct-by-construction synthesis of systems from their temporal properties. These new features and their seamless integration assist in property-based design processes.

Synthesizing robust systems

Systems should not only be correct but also robust in the sense that they behave reasonably in unexpected situations. This article addresses synthesis of robust reactive systems from temporal specifications. Existing methods allow arbitrary behavior if assumptions in the specification are violated. To overcome this, we define two robustness notions, combine them, and show how to enforce them in synthesis. The first notion applies to safety properties: If safety assumptions are violated temporarily, we require that the system recovers to normal operation with as few errors as possible. The second notion requires that, if liveness assumptions are violated, as many guarantees as possible should be fulfilled nevertheless. We present a synthesis procedure achieving this for the important class of GR(1) specifications, and establish complexity bounds. We also present an implementation of a special case of robustness, and show experimental results

Coupon recalculation for the GPS authentication scheme

Equipping branded goods with RFID tags is an effective measure to fight the growing black market of counterfeit products. Asymmetric cryptography is the technology of choice to achieve strong authentication but suffers from its ample demand of area and power resources. The GPS authentication scheme showed that a coupon-based approach can cope with the limited resources of passive RFID tags. This article extends the idea of coupons by recalculating coupons during the idle time of tags when they are powered but do not actively communicate. This approach relaxes latency requirements and allows to implement GPS hardware using only 800 gate equivalents plus storage for 560 bytes. In the average case it has the same performance as the classical coupon-based approach but does not suffer its susceptibility to denial-of-service attacks.Anglai

Formal Analysis of a TPM-Based Secrets Distribution and Storage Scheme

Trusted computing introduces the Trusted Platform Module (TPM) as a root of trust on an otherwise untrusted computer. The TPM can be used to restrict the use of cryptographic keys to trusted states, i.e., to situations in which the computer runs trusted software. This allows for the distribution of intellectual property or secrets to a remote party with a reasonable security that such secrets will not be obtained by a malicious or compromised client. We model a specific protocol for the distribution of secrets proposed by Sevine et al. A formal analysis using the NuSMV model checker shows that the protocol allows an intruder to give the client an arbitrary secret, without the client noticing. We propose an alternative that prevents this scenario