forges: synthesizing verified generators kestrel institute pis: cordell green, john anton css:...
TRANSCRIPT
![Page 1: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/1.jpg)
Forges: Synthesizing Verified Generators
Kestrel InstitutePIs: Cordell Green, John AntonCSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen Westfold, Jim McDonald
![Page 2: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/2.jpg)
Objective: synthesize model-based generators!
Produce generators quicker!Produce generators that are verified!
![Page 3: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/3.jpg)
Overview
Stateflowmeta-model
Cmeta-model
Stateflowmodel
Ccode
Generator
MetaGenerator
designknowledge
translationspecification
![Page 4: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/4.jpg)
Problem Theory(D|I R|O)
generate-and-test
Constraint Satisfaction(R = set of maps) Global Structure
(R = set + recursive partition)global searchbinary search
backtrackbranch-and-bound
Local Structure(R = set + relation)
local searchhill climbing
simulated annealingtabu search
Local Structure(R = set + relation)genetic algorithms
Local Poset Structure(R = set + partial order)
Local Semilattice Structure(R = semilattice)
GS-CSP(R = recursively partitioned
set of maps)
GS-Horn-CSP(Horn-like Constraints)constraint propagation
Monotone Deflationary
Functionfixed point iteration
IntegerLinear
Programming0-1 methods
LinearProgramming
simplex methodinterior pointprimal dual
Network Flowspecialized simplex
Ford-Fulkerson
TransportationNW algorithm
Assignment ProblemHungarian method
Divide-and
-Conquerdivide-and-conquer
Problem ReductionGenerators
dynamic programmingbranch-and-boundgame tree search
ComplementReduction
sieves
Problem ReductionStructure
Taxonomy of Algorithm Theories
![Page 5: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/5.jpg)
What’s a meta-model?
A language specification! Static semantics
What are well formed programs in the language
Dynamic semantics How programs behave
![Page 6: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/6.jpg)
Elements of a Static Semantics
Abstract syntaxCharacterization of well-formed terms Type theoryVanderbilt has a static-semantics UML meta-model for StateflowWe translate UML into specifications in logic
![Page 7: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/7.jpg)
Stateflow static semantics
sort Event, State, Transition, Action, …op src : Transition Stateop dst : Transition State
op event : Transition Eventop action : Transition Action
op children : State Or [State] | And [State] | None
op parent : State State
![Page 8: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/8.jpg)
Static semantics (cont’d)
op active : State Bool
active(s) parent(s) ≠ undef active(parent(s))
“the ancestors of an active state are active”
![Page 9: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/9.jpg)
Dynamic Semantics
Many formalisms to choose from Denotational, axiomatic, … Action Semantics (Mosses) Structural Operational Semantics (Plotkin) Natural Semantics (Kahn) (used in Centaur)
Our choice: Abstract State Machines (ASMs) aka
Evolving Algebras (Gurevich)
![Page 10: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/10.jpg)
What are Abstract State Machines?
Algebraic theories. Sorts, operators, axioms
Rules for conditionally rewriting theories. if b then f(t1,…,tn) := t
![Page 11: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/11.jpg)
ASM Example
sort Nodeop left : Node Nodeop right : Node Nodeop node : Node
if left(node) undef then left(node) := left(left(node)) right(node) := right(left(node))
![Page 12: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/12.jpg)
Why ASMs?
ASMs support: abstraction refinement composition
Comprehensible To be shared with other MoBIES
participants.
![Page 13: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/13.jpg)
Stateflow dynamic semantics
Stateflow is event driven
a/b b
entry: f(); entry: g();
![Page 14: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/14.jpg)
Dynamic semantics (cont’d)
Event handling can be pre-empted Need a stack!
sort Frame = Exec Action | EndTrans Transition | …sort Stack = [Frame]op stack : Stack
startTrans(s : State, t : Transition) = active(s) := false stack := (Exec action(t)) :: (EndTrans t) :: (tail
stack)
![Page 15: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/15.jpg)
Verifiability: when is the translation correct?
Conventional notion: Program p denotes a function or
relation [p] Translation correct when the denotation
is preserved: [p] = [trans(p)]
Conventional notion doesn’t work: Stateflow diagrams are reactive – not
functional – they may never terminate!
![Page 16: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/16.jpg)
Bisimulation!
A run of a machine on a program p is a sequence of states.We observe only the events.p and trans(p) are equivalent when we observe the same behaviourFormally we define a bisimulation relation between the states of p and trans(p)
![Page 17: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/17.jpg)
Bisimulation
… and vice versa
p
Stateflow
trans(p)
C
q
e
q’
e
![Page 18: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/18.jpg)
Bisimulation
What we won’t do: Exhibit the bisimulation relation
What we will do: Ensure that the translation
preserves bisimulation
![Page 19: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/19.jpg)
StatusMeta-modeling
Translation theories – getting started
Stateflow C SMV SSAT Notes
Static With help
from Vanderbilt
Dynamic
40% - -
Anticipate help fromMoBIES
partipants
![Page 20: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/20.jpg)
Conclusions
Produce generators quicker! By reuse of language meta-models By capturing and exploiting design
knowledge
Produce generators that are verified! Translation preserves bisumulation
![Page 21: Forges: Synthesizing Verified Generators Kestrel Institute PIs: Cordell Green, John Anton CSs: Lindsay Errington, Doug Smith, Alessandro Coglio, Stephen](https://reader036.vdocument.in/reader036/viewer/2022062515/56649d0b5503460f949de921/html5/thumbnails/21.jpg)
Tasks ahead
Completion of meta-modelsValidation of meta-modelsAbstraction of design theories