synthesis verification and synthesis verification and
play

Synthesis, Verification, and Synthesis, Verification, and Inductive - PowerPoint PPT Presentation

Mar 07, 2023 •372 likes •661 views

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

  1. Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar  Verified SW Working Group August 2014  July 15, 2015

  2. Messages of this Talk Messages of this Talk [Seshia DAC’12; Jha & Seshia, SYNT’14, ArXiV’15] Synthesis Everywhere 1. – Many (verification) tasks involve synthesis Effective Approach to Synthesis: 2. Induction + Deduction + Structure – Induction : Learning from examples – Deduction : Logical inference and constraint solving – Structure : Hypothesis on syntactic form of artifact to be synthesized – “Syntax-Guided Synthesis” [Alur et al., FMCAD’13]  Counterexample-guided inductive synthesis (CEGIS) [Solar-Lezama et al., ASPLOS’06] Analysis of Counterexample-Guided Synthesis 3. – Counterexample-driven learning – Sample Complexity – 2 –

  3. Artifacts Synthesized in Verification Artifacts Synthesized in Verification  Inductive invariants  Auxiliary specifications (e.g., pre/post-conditions, function summaries)  Environment assumptions / Env model / interface specifications  Abstraction functions / abstract models  Interpolants  Ranking functions  Intermediate lemmas for compositional proofs  Theory lemma instances in SMT solving  Patterns for Quantifier Instantiation  … – 3 –

  4. Formal Verification as Synthesis Formal Verification as Synthesis  Inductive Invariants  Abstraction Functions – 4 –

  5. One Reduction from Verification to One Reduction from Verification to Synthesis Synthesis NOTATION Transition system M = (I,  ) Safety property  = G(  ) VERIFICATION PROBLEM Does M satisfy  ? SYNTHESIS PROBLEM Synthesize  s.t. I            ’   ’ – 7 –

  6. Two Reductions from Verification to Two Reductions from Verification to Synthesis Synthesis NOTATION Transition system M = (I,  ), S = set of states Safety property  = G(  ) VERIFICATION PROBLEM Does M satisfy  ? SYNTHESIS PROBLEM #2 Synthesize  : S  Ŝ where ˆ ˆ  (M) = (I,  ) s.t. SYNTHESIS PROBLEM #1  (M) satisfies  Synthesize  s.t. I     iff M satisfies         ’   ’ – 8 –

  7. Common Approach for both: Common Approach for both: “Inductive” Synthesis “Inductive” Synthesis Synthesis of:-  Inductive Invariants – Choose templates for invariants – Infer likely invariants from tests (examples) – Check if any are true inductive invariants, possibly iterate  Abstraction Functions – Choose an abstract domain – Use Counter-Example Guided Abstraction Refinement (CEGAR) – 9 –

  8. Counterexample-Guided Abstraction Counterexample-Guided Abstraction Refinement is Inductive Synthesis Refinement is Inductive Synthesis [Anubhav Gupta, ‘06] Initial Abstract System Abstraction Domain +Property Function VERIFICATION SYNTHESIS Invoke Valid Abstract Model Generate Done Model + Property Abstraction Checker Counter- example New Abstraction Function Check Refine YES NO Spurious Counterexample: Done Abstraction Fail Counterexample Spurious? Function – 10 –

  9. CEGAR = Counterexample-Guided CEGAR = Counterexample-Guided Inductive Synthesis (of Abstractions) Inductive Synthesis (of Abstractions) Structure Hypothesis (“Syntax-Guidance”) , INITIALIZE Initial Examples Candidate Artifact SYNTHESIZE VERIFY Counterexample Synthesis Fails Verification Succeeds – 11 –

  10. Lazy SMT Solving performs Lazy SMT Solving performs Inductive Synthesis (of Lemmas) Inductive Synthesis (of Lemmas) Initial SMT Boolean Formula Abstraction VERIFICATION SYNTHESIS Invoke UNSAT SAT Formula Generate Done SAT SAT Solver Formula SAT (“Counter- (model) example”) Blocking Clause/Lemma Invoke Theory UNSAT SAT Proof “Spurious Solver Done Model” Analysis – 12 –

  11. CEGAR = CEGIS = Learning from CEGAR = CEGIS = Learning from (Counter)Examples (Counter)Examples What’s different from std learning theory: Learning Algorithm and Verification Oracle are typically general Solvers “Concept Class”, Initial Examples INITIALIZE Candidate Concept LEARNING VERIFICATION ALGORITHM ORACLE Counterexample Learning Fails Learning Succeeds – 13 –

  12. Comparison* Comparison* Formal Inductive Machine Feature Synthesis Learning Concept/Program Programmable, Fixed, Simple Classes Complex Learning General-Purpose Specialized Algorithms Solvers Exact, w/ Formal Approximate, w/ Learning Criteria Spec Cost Function Common (can Rare (black-box Oracle-Guidance control Oracle) oracles) – 14 – * Between typical inductive synthesizer and machine learning algo

  13. Active Learning: Key Elements Active Learning: Key Elements ACTIVE LEARNING Selection ALGORITHM Examples Strategy Search Strategy 1. Search Strategy: How to search the space of candidate concepts? 2. Example Selection: Which examples to learn from? – 15 –

  14. Counterexample-Guidance : A Successful Counterexample-Guidance : A Successful Paradigm for Synthesis and Learning Paradigm for Synthesis and Learning  Active Learning from Queries and Counterexamples [Angluin ’87a,’87b]  Counterexample-Guided Abstraction-Refinement (CEGAR) [Clarke et al., ’00]  Counterexample-Guided Inductive Synthesis (CEGIS) [Solar-Lezama et al., ’06] …  All rely heavily on Verification Oracle  Choice of Verification Oracle determines Sample Complexity of Learning – # of examples (counterexamples) needed to converge (learn a concept) – 16 –

  15. Questions Questions  Fix a concept class – abstract domain, template, etc. Suppose Countexample-Guided Learning is 1. guaranteed to terminate. What are lower/upper bounds on sample complexity? Suppose termination is not guaranteed. 2. Is it possible for the procedure to terminate on some problems with one verifier but not another? – Learner (synthesizer) just needs to be consistent wth examples; e.g. SMT solver – Sensitivity to type of counterexample – 17 –

  16. Problem 1: Bounds on Problem 1: Bounds on Sample Complexity Sample Complexity – 18 –

  17. Teaching Dimension Teaching Dimension [Goldman & Kearns, ‘90, ‘95]  The minimum number of (labeled) examples a teacher must reveal to uniquely identify any concept from a concept class – 19 –

  18. Teaching a 2-dimensional Box Teaching a 2-dimensional Box - + - + - - What about N dimensions? – 20 –

  19. Teaching Dimension Teaching Dimension  The minimum number of (labeled) examples a teacher must reveal to uniquely identify any concept from a concept class TD ( C ) = max c  C min    ( c ) |  | where C is a concept class c is a concept  is a teaching sequence (uniquely identifies concept c )  is the set of all teaching sequences – 21 –

  20. Theorem: TD ( C ) is lower bound on Theorem: TD ( C ) is lower bound on Sample Complexity Sample Complexity  Counterexample-Guided Learning: TD gives a lower bound on #counterexamples needed to learn any concept  Finite TD is necessary for termination – If C is finite, TD ( C )  | C| -1  Finding Optimal Teaching Sequence is NP-hard (in size of concept class) – But heuristic approach works well (“learning from distinguishing inputs”)  Finite TD may not be sufficient for termination! – Termination may depend on verification oracle [some results appear in Jha et al., ICSE 2010] – 22 –

  21. Problem 2: Termination of Problem 2: Termination of Counterexample-guided loop Counterexample-guided loop – 23 –

  22. Query Types for CEGIS Query Types for CEGIS Positive Witness ORACLE LEARNER x   , if one exists, else  Equivalence: Is f =  ? Yes / No + x   f Subsumption: Is f ⊆  ? Yes / No + x  f \  • Finite memory vs • Type of counter- Infinite memory example given Concept class: Any set of recursive languages – 24 –

  23. Learning -1  x  1 /\ -1  y  1 Learning -1  x  1 /\ -1  y  1 ( C = Boxes around origin) ( C = Boxes around origin) Arbitrary Counterexamples may not work for Arbitrary Learners (0,0) – 25 –

  24. Learning -1  x,y  1 from Minimum Learning -1  x,y  1 from Minimum Counterexamples (dist from origin) Counterexamples (dist from origin) - - - (0,0) - – 26 –

  25. Types of Counterexamples Types of Counterexamples Assume there is a function size: D  N – Maps each example x to a natural number – Imposes total order amongst examples  CEGIS: Arbitrary counterexamples – Any element of f    MinCEGIS: Minimal counterexamples – A least element of f   according to size – Motivated by debugging methods that seek to find small counterexamples to explain errors & repair – 27 –

  26. Types of Counterexamples Types of Counterexamples Assume there is a function size: D  N  CBCEGIS: Constant-bounded counterexamples (bound B) – An element x of f   s.t. size(x) < B – Motivation: Bounded Model Checking, Input Bounding, Context bounded testing, etc.  PBCEGIS: Positive-bounded counterexamples – An element x of f   s.t. size (x) is no larger than that of any positive example seen so far – Motivation: bug-finding methods that mutate a correct execution in order to find buggy behaviors – 28 –

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R. Badonnel, A. Lahmadi Inria &amp; LORIA, Nancy, France IFIP Working Group 2.2 Vienna, September 2019 Stephan Merz Verification and Synthesis of Security

863 views • 22 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A) Quick introduction to HDLs, digital design flows, ... B) Verilog HDL Synthesis with Yosys 1. OSS iCE40 FPGA Synthesis flow 2. Xilinx

671 views • 55 slides
Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open Synthesis Suite) is an open source project aiming at creating a fully-featured HDL synthesis tool, and more. Lately a lot of features related to

302 views • 28 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir aebnenas@mtu.edu Department of Computer Science College of Computing Michigan Technological University Houghton MI 49931 http://asd.cs.mtu.edu/

584 views • 56 slides
Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW MSR Intentionet UW One of the first paper was Understanding BGP misconfiguration (2002) Ryan Beckett Princeton MSR

834 views • 23 slides
Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program P Specification S Verifier Proof of correctness or Witness of a bug 2 Classical Program Synthesis Specification S High Level WHAT

1.28k views • 59 slides
KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

ACM FMCAD, San Jose, USA KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca Piccolboni, Giuseppe Di Guglielmo, and Luca P. Carloni Columbia University, NY, USA High-Level Synthesis (HLS)

838 views • 52 slides
Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis Analysis and Analysis and Synthesis Synthesis of Embedd f E E b dd d S b dded Sys ystems t ems Kim G. Larsen Kim G. Larsen Aalborg

1.44k views • 116 slides
SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3,

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3,

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3, 2017 Acknowledgements Thanks to past and present members of development team of CVC4: Cesare Tinelli, Clark Barrett, Tim King, Morgan Deters,

720 views • 24 slides
On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis

On Maximal Permissiveness in Partially-Observed Discrete Event Systems: Verification and Synthesis Xiang Yin and Stphane Lafortune EECS Department, University of Michigan 13th WODES, May 30-June 1, 2016 , Xian, China 0/14 X.Yin &amp;

760 views • 55 slides
Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and Verification Synthesis Basic synthesis flow i h i fl ASIC Synthesis DesignCompiler Synthesis script Deepak Dasalukunte &amp; Joachim

457 views • 9 slides
Leonardo de Moura Quantified SMT formulas. Applications: synthesis, software verification, ...

Leonardo de Moura Quantified SMT formulas. Applications: synthesis, software verification, ...

Leonardo de Moura Quantified SMT formulas. Applications: synthesis, software verification, ... forall x. f(x, x) &gt;= x+a, f(a, b) &lt; a, a &gt; 0 Models as functional programs. f (x1, x2) = if (x1 = 1 and x2 = 2) then 0 else x1 + 1 Online

469 views • 26 slides
Linear algebra and differential equations (Math 54): Lecture 1 Vivek Shende January 22, 2019

Linear algebra and differential equations (Math 54): Lecture 1 Vivek Shende January 22, 2019

Linear algebra and differential equations (Math 54): Lecture 1 Vivek Shende January 22, 2019 Hello and welcome to class! I am Vivek Shende I will be teaching you this semester. My office hours 2-4 pm on Friday, 873 Evans hall. Come ask

1.57k views • 155 slides
Rewriting with extensionality Roberto Di Cosmo LIENS (CNRS) - DMI Ecole Normale Sup erieure

Rewriting with extensionality Roberto Di Cosmo LIENS (CNRS) - DMI Ecole Normale Sup erieure

Rewriting with extensionality Roberto Di Cosmo LIENS (CNRS) - DMI Ecole Normale Sup erieure 45, Rue dUlm 75005 Paris - France E-mail: dicosmo@dmi.ens.fr WWW: http://www.ens.fr/ dicosmo April 10, 1999 A brief survey of rewriting in

429 views • 21 slides
Semantic normalisation proofs Ulrich Berger Swansea 1 Basic idea Interpret -terms with

Semantic normalisation proofs Ulrich Berger Swansea 1 Basic idea Interpret -terms with

Types 2006 Nottingham Semantic normalisation proofs Ulrich Berger Swansea 1 Basic idea Interpret -terms with recursively defined constants in a domain model such that [ M ] = implies SN( M ) 2 Running example G odels

306 views • 11 slides
On the reduction of the type-free computational -calculus Ugo deLiguoro,Riccardo Treglia

On the reduction of the type-free computational -calculus Ugo deLiguoro,Riccardo Treglia

Introduction On the reduction of the type-free computational -calculus Ugo deLiguoro,Riccardo Treglia University of Turin IWC 2020 30/06/2020 Ugo deLiguoro,Riccardo Treglia (University of Turin) On the reduction of Comp. -Calc.

751 views • 29 slides
Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail:

Formal Specification and Verification Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de Some of the slides are based on or inspired by material by Wolfgang Ahrendt, Bernhard Beckert, Reiner H ahnle, Andreas Podelski 1 Motivation

1.11k views • 55 slides
Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens 21st June 2018 Outline 2. Design process of seL4 3. Formal methods of the correctness proof 4. Layers of the correctness proof 5. Conclusion 1 1.

754 views • 64 slides
Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 2 Abstract Agent

Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 2 Abstract Agent

Agent-Based Systems Agent-Based Systems Michael Rovatsos mrovatso@inf.ed.ac.uk Lecture 2 Abstract Agent Architectures 1 / 16 Agent-Based Systems Where are we? Last time . . . Introduced basic and advanced aspects of agency

461 views • 16 slides
Muhammad Taimoor Khan and Wolfgang Schreiner Doktoratskolleg and Research Institute for Symbolic

Muhammad Taimoor Khan and Wolfgang Schreiner Doktoratskolleg and Research Institute for Symbolic

Towards the Formal Specification and Verification of Maple Programs Muhammad Taimoor Khan and Wolfgang Schreiner Doktoratskolleg and Research Institute for Symbolic Computation Austria July 13, 2012 Towards the Formal Specification and

204 views • 16 slides

More recommend