verification and synthesis using real quantifier
play

Verification and Synthesis Using Real Quantifier Elimination Thomas - PowerPoint PPT Presentation

Sep 28, 2023 •21 likes •271 views

Verification and Synthesis Using Real Quantifier Elimination Thomas Sturm Ashish Tiwari Max-Planck-Institute for Informatik SRI International Saarbrucken, Germany Menlo Park, USA sturm@mpi-inf.mpg.de tiwari@csl.sri.com

  1. ✬ ✩ Verification and Synthesis Using Real Quantifier Elimination Thomas Sturm Ashish Tiwari Max-Planck-Institute for Informatik SRI International Saarbrucken, Germany Menlo Park, USA sturm@mpi-inf.mpg.de tiwari@csl.sri.com ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 1

  2. ✬ ✩ Formal Methods Model and analyze systems formally Two aspects: • Formal model of dynamical system M • Formal property specification φ Example: { dx dt = y, dy M := dt = − x } φ := ( x = 1 ∧ y = 0 ⇒ G ( x ≤ 1)) Verification Problem: Prove M | = φ ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 2

  3. ✬ ✩ Certificate-Based Verification A certificate for M | = φ is Φ such that 1. | = Φ ⇒ φ 2. M | = Φ is locally checkable M | = Φ reduces to a formula in the (underlying FO) logic Examples: Property φ Certificate Φ safety inductive invariant stability Lyapunov function termination ranking function controlled safety controlled inductive invariant ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 3

  4. ✬ ✩ Certificate-Based Verification Certificate-based verification reduces the verification problem to an ∃∀ formula. M | = φ ⇑ ∃ Φ : (( M | = Φ) ∧ (Φ ⇒ φ )) ⇑ ∃ Φ : ∀ � x : quantifier-free FO formula ⇑ ∃ � a : ∀ � x : quantifier-free FO formula The last step performed by choosing a template for Φ ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 4

  5. ✬ ✩ Example: Certificate-Based Safety dx 1 dx 2 dt = x 2 dt = − x 1 Example: Problem: If x 1 = 1 and x 2 = 0 initially, prove G ( x 1 ≤ 1) Let us find a certificate of the form p ≤ 0 where p := ax 2 1 + bx 2 2 + c We need to solve ( p = 0 ⇒ dp ∃ a, b, c : ∀ x 1 , x 2 : dt ≤ 0) ∧ ( x 1 = 1 ∧ x 2 = 0 ⇒ p ≤ 0) ∧ ( p ≤ 0 ⇒ x 1 ≤ 1) ✫ ✪ We get p := x 2 1 + x 2 2 − 1 . Proved. Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 5

  6. ✬ ✩ Certificate-Based Verification: Observations A generic approach for verification based on symbolic constraint solving • Observation 1: Verification = searching for right witness • Observation 2: Bounded search for witnesses of a specific form • Net result: Verification problem �→ ∃∀ problem ∃∀ formula depends on the property φ and certificate Φ Can also handle uncontrollable inputs/noise ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 6

  7. ✬ ✩ Example: Certificate-based Verification Consider the system M : dx 1 = − x 1 − x 2 dt dx 2 = x 1 − x 2 + x d dt Initially: x 1 = 0 , x 2 = 1 Property: | x 1 | ≤ 1 always Guess • Template for witness Φ := W ≤ 0 , where W := ax 2 1 + bx 2 2 + c • Template for assumption A := | x d | < d ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 7

  8. ✬ ✩ Example Continued Verification Condition: ∃ a, b, c, d : ∀ x 1 , x 2 , x d : x 1 = 0 ∧ x 2 = 1 ⇒ W ≤ 0 dW A ∧ W = 0 ⇒ dt < 0 W ≤ 0 ⇒ | x 1 | ≤ 1 Ask contraint solver for satisfiability of above formula Solver says: a = 1 , b = 1 , c = − 1 , d = 1 x 2 1 + x 2 x 1 = 0 ∧ x 2 = 1 ⇒ 2 − 1 ≤ 0 | x d | < 1 ∧ x 2 1 + x 2 2 − 1 = 0 ⇒ 2 x 1 ( − x 1 − x 2 ) + 2 x 2 ( x 1 − x 2 + x d ) < 0 x 2 1 + x 2 2 − 1 ≤ 0 ⇒ | x 1 | ≤ 1 ✫ ✪ This proves that | x 1 | ≤ 1 always. Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 8

  9. ✬ ✩ Solving ∃∀ Formulas Two symbolic approaches: • Virtual Substitution: scalable, but limited applicability • Cylindrical Algebraic Decomposition: general, but unscalable ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 9

  10. ✬ ✩ Combination Approach for QE Solve quantified formula φ : • φ 1 := apply virtual substitution ( redlog ) on φ as long as possible • φ 2 := apply simplifier ( slfq ) to simplify φ 1 x : � • if φ 2 is ∃ � i φ 2 i φ 3 := � i qepcad ( φ 2 i ) // Can be limited to a subset of i ’s else φ 3 := qepcad ( φ 2 ) • return φ 3 The tool qepcad used with Singular All components interfaced via Reduce ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 10

  11. ✬ ✩ Overall Approach Verification/ Certificate−based Exists−Forall Synthesis Approach Formula Problem substitute−and−simplify QE slfq Methods qepcad Yes/No/ Synthesized System Key Observation: Need sufficient formula ψ on � a s.t. ψ ( � a ) ⇒ ∀ x : Ψ( � a, � x ) ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 11

  12. ✬ ✩ Examples Benchmark examples: • Adaptive cruise control: verify that cars do not collide • Robot motion: synthesize safe switching logic • Adaptive flight control: verify stability • Inverted pendulum: synthesize stable switching controller Other examples: • Navigation benchmarks: Safety verification of hybrid systems • PID controllers: Stability verification of open controllers • Train gate controller synthesis • Others: LCR circuit, thermostat, insulin infusion pump controller ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 12

  13. ✬ ✩ Adaptive Cruise Control Consider a cruise control: v ˙ = a ˙ = − v + v f gap v f ˙ = a f a ˙ = − 4 v + 3 v f − 3 a + gap Controller where v, a is velocity and acceleration of this car, v f , a f is the same for car in front, and gap is the distance between the two cars. Physical limits puts constraints on v, v f , a, a f . ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 13

  14. ✬ ✩ Adaptive Cruise Control Goal: Find initial states such that, if ACC mode is initiated in those states, then cars will not collide. Solution: Pick a linear template for the initial states Init ( � a ) and for the inductive invariant Inv ( � b ) and solve the resulting ∃∀ formula. a and � The formula states that there exists � b such that a ) are also in Inv ( � (1) all initial states in Init ( � b ) , and (2) all states in Inv ( � b ) are in Safe , and (3) the system dynamics cannot force the system to go out of the set Inv ( � b ) Formulas encoding (1),(2),(3) are ∀ formulas ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 14

  15. ✬ ✩ Adaptive Cruise Control: Analysis Complexity of the generated ∃ � a : ∀ � x : φ formula: • | � a | = 4 • | � x | = 5 • degree ( φ ) = 2 Results: • Virtual substitution eliminates all but one variable • Returns a disjunction of 584 subformulas containing 33365 atomic formulas (nested to depth 13 ) • Simplifier slfq fails • But succeeds on part of the formula • That is sufficient to give a useful answer ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 15

  16. ✬ ✩ Switching Logic Synthesis Do not verify, synthesize correct systems ??? MODE 1 MODE 2 dx/dt = f1(x,y) dx/dt = f2(x,y) dy/dt = g2(x,y) dy/dt = g1(x,y) ??? Problem: Under what conditions to switch between the components so that final system is safe. Solution: Find a set of states ( Φ ) within which the two modes can keep the system ✫ ✪ Examples: robot motion, thermostat, inverted pendulum Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 16

  17. ✬ ✩ Adaptive Flight Control: Model Goal: Verify an adaptive flight controller Flight controller: Keeps the plane stable in flight Adaptive: Learn and compensate for damages, aging and so on The dynamics of the aircraft are given by ˙ � x = A� x + B� u + G� z + f ( � x, � u, � z ) (1) where � x : 3 × 1 vector of roll, pitch, and yaw rates of the aircraft � u : 3 × 1 vector of aileron, elevator, and rudder inputs � z : 3 × 1 trim state vector of angle of attack, angle of sideslip, and engine throttle A, B, G are known matrices in ℜ 3 × 3 ✫ ✪ f represent the unknown term (uncertainty or damage) Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 17

  18. ✬ ✩ Adaptive Flight Control: Modeling We built a continuous dynamical system model State space: x m , intx e , x, L, β, f x m ˙ = A m ( x m − r ) ˙ intx e = x m − x A m ( x m − r ) + K p ( x m − x ) + K i intx e − L ′ β + f x ˙ = + ( x m − x ) T K − 1 ˙ − Γ β ( intx T e K − 1 p ( I + K − 1 L = )) i i ˙ β = . . . ˙ f = . . . Γ , K p , K i , A m , Constants : r , f , ˙ f Unknown/Symbolic Parameters : ✫ ✪ Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 18

  19. ✬ ✩ Adaptive Flight Control: Analysis Goal: Show that the error eventually falls below a certain threshold Assume boundedness of certain expression The ∃ � a : ∀ � x : φ formula says that there exists a Lyapunov function (of a given form) • | � a | = 5 • | � x | = 5 • degree = 4 Output of virtual substitution not simplified by slfq If certain ∃ variables are instantiated, then slfq succesfully simplifies output of virtual substution (48 subformulas, depth 10, 1081 atomic formulas) in 27s ✫ ✪ using 1897 qepcad calls to the required answer Ashish Tiwari, SRI Intl. Verif. and Synth. Using Real QE: 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Budapest Workshop, Oct. 2015 / 38 Quantifier Polarity and Verification Goal To gain

1 Budapest Workshop, Oct. 2015 / 38 Quantifier Polarity and Verification Goal To gain

Quantifier Polarity and Verification Quantifier Polarity, Numerosity, and Verification Procedures: Experimental Explorations Yosef Grodzinsky Safra Brain Research Center, Language, Logic and Cogni;on

236 views • 22 slides
Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May 4, 2015 Overview SMT

Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May 4, 2015 Overview SMT

Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May 4, 2015 Overview SMT solvers : how they work Synthesis Problem : f. x. P( f, x ) There exists a function f such that for all x, P( f, x ) New approaches for

587 views • 54 slides
(Mostly Real) Quantifier Elimination Thomas Sturm AVACS Autumn School, Oldenburg, Germany,

(Mostly Real) Quantifier Elimination Thomas Sturm AVACS Autumn School, Oldenburg, Germany,

(Mostly Real) Quantifier Elimination Thomas Sturm AVACS Autumn School, Oldenburg, Germany, October 1, 2015 http://www.mpi-inf.mpg.de/~sturm/ Overview Introduction Definitions Virtual Substitution Variants of Quantifier Elimination Software

1.16k views • 114 slides
Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R.

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R. Badonnel, A. Lahmadi Inria &amp; LORIA, Nancy, France IFIP Working Group 2.2 Vienna, September 2019 Stephan Merz Verification and Synthesis of Security

863 views • 22 slides
Real Quantifier Elimination by Computation of Comprehensive Gr obner Systems Ryoya Fukasaku 1

Real Quantifier Elimination by Computation of Comprehensive Gr obner Systems Ryoya Fukasaku 1

Real Quantifier Elimination by Computation of Comprehensive Gr obner Systems Ryoya Fukasaku 1 Hidenao Iwane 2 Yosuke Sato 1 1 Tokyo University of Science 2 National Institute of Informatics / Fujitsu Laboratories Ltd Tuesday 7th July 2015 1 /

623 views • 35 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Parameter synthesis for probabilistic real-time systems Marta Kwiatkowska Department of Computer

Parameter synthesis for probabilistic real-time systems Marta Kwiatkowska Department of Computer

Parameter synthesis for probabilistic real-time systems Marta Kwiatkowska Department of Computer Science, University of Oxford SynCoP 2015, London Quantitative (probabilistic) verification Result Probabilistic model System e.g. Markov chain

890 views • 59 slides
Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A) Quick introduction to HDLs, digital design flows, ... B) Verilog HDL Synthesis with Yosys 1. OSS iCE40 FPGA Synthesis flow 2. Xilinx

671 views • 55 slides
Real Quantifier Elimination in the RegularChains Library Changbo Chen 1 and Marc Moreno Maza 2 1

Real Quantifier Elimination in the RegularChains Library Changbo Chen 1 and Marc Moreno Maza 2 1

Real Quantifier Elimination in the RegularChains Library Changbo Chen 1 and Marc Moreno Maza 2 1 Chongqing Institute of Green and Intelligent Technology, Chinese Academy of Sciences 2 ORCCA, University of Western Ontario August 9, 2014 ICMS 2014,

564 views • 38 slides
Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open Synthesis Suite) is an open source project aiming at creating a fully-featured HDL synthesis tool, and more. Lately a lot of features related to

302 views • 28 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
The Calculus of Computation: Decision Procedures with 9. Quantifier-free Equality and Data

The Calculus of Computation: Decision Procedures with 9. Quantifier-free Equality and Data

The Calculus of Computation: Decision Procedures with 9. Quantifier-free Equality and Data Structures Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 9- 1 9- 2 The Theory of Equality T E Axioms of T E 1. x . x =

350 views • 14 slides
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir aebnenas@mtu.edu Department of Computer Science College of Computing Michigan Technological University Houghton MI 49931 http://asd.cs.mtu.edu/

584 views • 56 slides
Controlling mixed human and autonomous traffic Raphael Stern Assistant Professor, University of

Controlling mixed human and autonomous traffic Raphael Stern Assistant Professor, University of

10/29/19 Controlling mixed human and autonomous traffic Raphael Stern Assistant Professor, University of Minnesota October 27, 2019 Joint work with: George Gunter, Maria Laura Delle Monache, Benedetto Piccoli, Benjamin Seibold, Jonathan

402 views • 21 slides
Driver Performance in the Presence of Adaptive Cruise Control Related Failures WORCS13, June 24,

Driver Performance in the Presence of Adaptive Cruise Control Related Failures WORCS13, June 24,

Driver Performance in the Presence of Adaptive Cruise Control Related Failures WORCS13, June 24, 2013 Josef Nilsson (1), Niklas Strand (2), Paolo Falcone (3), Jonny Vinter (1) (1) SP Technical Research Institute of Sweden (2) VTI Swedish

491 views • 21 slides
Intelligent Cars Improving traffic flow and vehicle safety Niels Rohweder Universit at

Intelligent Cars Improving traffic flow and vehicle safety Niels Rohweder Universit at

MIN-Fakult at Fachbereich Informatik Universit at Hamburg IntelligentCars Intelligent Cars Improving traffic flow and vehicle safety Niels Rohweder Universit at Hamburg Fakult at f ur Mathematik, Informatik und

751 views • 55 slides
Maryland Department of Transportation Maryland Department of Transportations Motor Vehicle

Maryland Department of Transportation Maryland Department of Transportations Motor Vehicle

Maryland Department of Transportation Maryland Department of Transportations Motor Vehicle Administration Autonomous Vehicles and the Future of Transportation MACo Conference, August 2016 Maryland Department of Transportations Motor Vehicle

336 views • 16 slides
Accelerating Deployment of Innovative Technology in Surface Transportation AASHTO International

Accelerating Deployment of Innovative Technology in Surface Transportation AASHTO International

Accelerating Deployment of Innovative Technology in Surface Transportation AASHTO International Day 2017 AASHTO International Day 2017 10/29/2017 Automation Offers Transformative Safety Benefits for Transportation 2 Can Automation

586 views • 16 slides
Accelerating ADAS with Open Source Introduction Mikko Hurskainen -

Accelerating ADAS with Open Source Introduction Mikko Hurskainen -

Accelerating ADAS with Open Source Introduction Mikko Hurskainen - Technical leadership positions in Nokia, Notava, Nomovok, Suunto, Link Motion Now Technologist in Link Motion. Looking on

609 views • 18 slides
Electrical system 1927 1997 Electrical system 1927-1997 Virtual differentiation between variants

Electrical system 1927 1997 Electrical system 1927-1997 Virtual differentiation between variants

Roger Johansson/ 2010 Roger Johansson/ 2010 A premium passenger car is controlled and A premium passenger car is controlled and Time triggered real time communication Ti t i d l ti i ti managed by 80+ Embedded Systems Presentation

333 views • 8 slides
Predicting the Future of Model Predictive Control Manfred Morari In Honor of Professor David

Predicting the Future of Model Predictive Control Manfred Morari In Honor of Professor David

Predicting the Future of Model Predictive Control Manfred Morari In Honor of Professor David Clarke Oxford, January 9, 2009 Automatic Control Laboratory, ETH Zrich www.control.ethz.ch Model Predictive Control past future Predicted

768 views • 50 slides

More recommend