Towards Realizability Checking of Contracts using Theories

Virtual integration techniques focus on building architectural models of systems that can be analyzed early in the design cycle to try to lower cost, reduce risk, and improve quality of complex embedded systems. Given appropriate architectural descriptions and compositional reasoning rules, these techniques can be used to prove important safety properties about the architecture prior to system construction. Such proofs build from "leaf-level" assume/guarantee component contracts through architectural layers towards top-level safety properties. The proofs are built upon the premise that each leaf-level component contract is realizable; i.e., it is possible to construct a component such that for any input allowed by the contract assumptions, there is some output value that the component can produce that satisfies the contract guarantees. Without engineering support it is all too easy to write leaf-level components that can't be realized. Realizability checking for propositional contracts has been well-studied for many years, both for component synthesis and checking correctness of temporal logic requirements. However, checking realizability for contracts involving infinite theories is still an open problem. In this paper, we describe a new approach for checking realizability of contracts involving theories and demonstrate its usefulness on several examples.Comment: 15 pages, to appear in NASA Formal Methods (NFM) 201

Formal Techniques for Realizability Checking and Synthesis of Infinite-State Reactive Systems

University of Minnesota Ph.D. dissertation.July 2020. Major: Computer Science. Advisors: Michael Whalen, Mats Heimdahl. 1 computer file (PDF); 154 pages.Reactive systems are fundamental building blocks in the development of critical safety systems. The are called "reactive" due to the necessity of them interacting with (or against) an unpredictable and uncontrollable environment, for an indefinite amount of time. As a consequence, the verification of a critical system more often than not in- volves the process of writing requirements, modeling, implementing and testing reactive subcomponents. Research in formal verification for reactive systems attempts to solve fundamental problems in each of these processes, with an emphasis given on the cre- ation of mathematical proofs regarding the system's safety. More importantly, it has been shown that such proofs can lead to significant savings both in development time as well as overall production cost. This dissertation explores the problem of reactive synthesis, where the goal is the development of decision procedures that are able to (dis)prove the realizability of reactive system specifications, as well as produce artifacts that essentially serve as witnesses to the decision. Reactive synthesis is a problem closely related to formal verification, as it requires the development of precise, mathematical proofs of realizability. The overwhelming majority of research conducted in this area has so far been focused in its application to propositional specification, where only operations over the Boolean domain can be performed. For the first part of this thesis, we propose novel, efficient reactive synthesis algorithms that extend the support for propositional specification to also generate implementations when the requirements involve the use of richer theories, such as integer and real arithmetic. We discuss the advantages and disadvantages of each algorithm, and accompany their implementation with a formal proof of soundness. In the second part of this dissertation, we delve into an unexplored sub-problem in reactive iv synthesis, where we present the first attempt ever to synthesize witnesses for infinite-state problems in which the implementation behaves in a random, diverse manner. While the product of synthesis is typically expected to be a deterministic witness, we argue that randomness can still be valuable in practice. To that end, we evaluate the application of randomly-behaving solutions to problems related to fuzz testing and robot motion planning, demonstrating how reactive synthesis can be used in an innovative way in software engineering concepts that have not been considered before

Towards Synthesis from Assume-Guarantee Contracts involving Infinite Theories: A Preliminary Report

Associated research group: Critical Systems Research GroupIn previous work, we have introduced a contract-based {em realizability checking} algorithm for assume-guarantee contracts involving infinite theories, such as linear integer/real arithmetic and uninterpreted functions over infinite domains. This algorithm can determine whether or not it is possible to construct a realization (i.e. an implementation) of an assume-guarantee contract. The algorithm is similar to k-induction model checking, but involves the use of quantifiers to determine implementability. While our work on realizability is inherently useful for virtual integration in determining whether it is possible for suppliers to build software that meets a contract, it also provides the foundations to solving the more challenging problem of component synthesis. In this paper, we provide an initial synthesis algorithm for assume-guarantee contracts involving infinite theories. To do so, we take advantage of our realizability checking procedure and a skolemization solver for forall/exists-formulas, called AE-VAL. We show that it is possible to immediately adapt our existing algorithm towards synthesis by using this solver, using a demonstration example. We then discuss challenges towards creating a more robust synthesis algorithm

Hierarchical Circular Compositional Reasoning

Associated research group: Critical Systems Research GroupWe describe a composition rule for hierarchically composed components that may involve circular reasoning between the components. It is similar to previous work by McMillan, specialized to component level reasoning. In contrast to McMillan's work, our composition rule can be used in provers that only support safety properties (e.g. k-induction model checkers) as long as the system and component contracts consist of state invariants. The composition rule still holds for richer contracts, but the resulting verification conditions then require a general purpose model checker

The Multiple Roles of Cohesin in Meiotic Chromosome Morphogenesis and Pairing

Sister chromatid cohesion, mediated by cohesin complexes, is laid down during DNA replication and is essential for the accurate segregation of chromosomes. Previous studies indicated that, in addition to their cohesion function, cohesins are essential for completion of recombination, pairing, meiotic chromosome axis formation, and assembly of the synaptonemal complex (SC). Using mutants in the cohesin subunit Rec8, in which phosphorylated residues were mutated to alanines, we show that cohesin phosphorylation is not only important for cohesin removal, but that cohesin's meiotic prophase functions are distinct from each other. We find pairing and SC formation to be dependent on Rec8, but independent of the presence of a sister chromatid and hence sister chromatid cohesion. We identified mutations in REC8 that differentially affect Rec8's cohesion, pairing, recombination, chromosome axis and SC assembly function. These findings define Rec8 as a key determinant of meiotic chromosome morphogenesis and a central player in multiple meiotic events.United States National Institutes of Health (Grant GM62207)National Science Foundatio