Synthesis from Quantitative Specifications

Similar documents
CS415 Compilers. Lexical Analysis and. These slides are based on slides copyrighted by Keith Cooper, Ken Kennedy & Linda Torczon at Rice University

CS 275 Automata and Formal Language Theory

Math 4310 Solutions to homework 1 Due 9/1/16

Chapter 0. What is the Lebesgue integral about?

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

DATA Search I 魏忠钰. 复旦大学大数据学院 School of Data Science, Fudan University. March 7 th, 2018

More on automata. Michael George. March 24 April 7, 2014

UNIFORM CONVERGENCE. Contents 1. Uniform Convergence 1 2. Properties of uniform convergence 3

Farey Fractions. Rickard Fernström. U.U.D.M. Project Report 2017:24. Department of Mathematics Uppsala University

p-adic Egyptian Fractions

KNOWLEDGE-BASED AGENTS INFERENCE

Intermediate Math Circles Wednesday, November 14, 2018 Finite Automata II. Nickolas Rollick a b b. a b 4

Problem Set 7: Monopoly and Game Theory

CS 330 Formal Methods and Models

CS 188: Artificial Intelligence Spring 2007

5. (±±) Λ = fw j w is string of even lengthg [ 00 = f11,00g 7. (11 [ 00)± Λ = fw j w egins with either 11 or 00g 8. (0 [ ffl)1 Λ = 01 Λ [ 1 Λ 9.

Chapter 14. Matrix Representations of Linear Transformations

1 Nondeterministic Finite Automata

CS 330 Formal Methods and Models Dana Richards, George Mason University, Spring 2016 Quiz Solutions

Lecture 3: Equivalence Relations

fractions Let s Learn to

Uninformed Search Lecture 4

4. GREEDY ALGORITHMS I

CS 275 Automata and Formal Language Theory

Reinforcement Learning

Chapters 4 & 5 Integrals & Applications

Assignment 1 Automata, Languages, and Computability. 1 Finite State Automata and Regular Languages

Riemann is the Mann! (But Lebesgue may besgue to differ.)

p(t) dt + i 1 re it ireit dt =

Fault Modeling. EE5375 ADD II Prof. MacDonald

First Midterm Examination

The graphs of Rational Functions

COMPUTER SCIENCE TRIPOS

expression simply by forming an OR of the ANDs of all input variables for which the output is

QUADRATIC RESIDUES MATH 372. FALL INSTRUCTOR: PROFESSOR AITKEN

Algebra Readiness PLACEMENT 1 Fraction Basics 2 Percent Basics 3. Algebra Basics 9. CRS Algebra 1

MATH 101A: ALGEBRA I PART B: RINGS AND MODULES 35

The Regulated and Riemann Integrals

State space systems analysis (continued) Stability. A. Definitions A system is said to be Asymptotically Stable (AS) when it satisfies

Lecture Notes PH 411/511 ECE 598 A. La Rosa Portland State University INTRODUCTION TO QUANTUM MECHANICS

dt. However, we might also be curious about dy

Geometric Sequences. Geometric Sequence a sequence whose consecutive terms have a common ratio.

W. We shall do so one by one, starting with I 1, and we shall do it greedily, trying

Extended nonlocal games from quantum-classical games

Lecture 1: Introduction to integration theory and bounded variation

CS S-12 Turing Machine Modifications 1. When we added a stack to NFA to get a PDA, we increased computational power

Chapter 4 State-Space Planning

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2016

Theoretical foundations of Gaussian quadrature

Strong Bisimulation. Overview. References. Actions Labeled transition system Transition semantics Simulation Bisimulation

From LTL to Symbolically Represented Deterministic Automata

Solution for Assignment 1 : Intro to Probability and Statistics, PAC learning

EECS 141 Due 04/19/02, 5pm, in 558 Cory

CS 301. Lecture 04 Regular Expressions. Stephen Checkoway. January 29, 2018

A recursive construction of efficiently decodable list-disjunct matrices

Temporal logic CTL : syntax. Communication and Concurrency Lecture 6. Φ ::= tt ff Φ 1 Φ 2 Φ 1 Φ 2 [K]Φ K Φ AG Φ EF Φ AF Φ EG Φ A formula can be

Linear Inequalities. Work Sheet 1

Notes on specifying systems in EST

We will see what is meant by standard form very shortly

Math 8 Winter 2015 Applications of Integration

Section 6: Area, Volume, and Average Value

Reinforcement learning II

Chapter Five: Nondeterministic Finite Automata. Formal Language, chapter 5, slide 1

Global Session Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems

Harvard University Computer Science 121 Midterm October 23, 2012

Minimal DFA. minimal DFA for L starting from any other

#6A&B Magnetic Field Mapping

Individual Contest. English Version. Time limit: 90 minutes. Instructions:

Math 6455 Oct 10, Differential Geometry I Fall 2006, Georgia Tech

Formal Methods in Software Engineering

Quantum Nonlocality Pt. 2: No-Signaling and Local Hidden Variables May 1, / 16

Bases for Vector Spaces

Exam 2, Mathematics 4701, Section ETY6 6:05 pm 7:40 pm, March 31, 2016, IH-1105 Instructor: Attila Máté 1

Part 5 out of 5. Automata & languages. A primer on the Theory of Computation. Last week was all about. a superset of Regular Languages

NUMERICAL INTEGRATION

Riemann Sums and Riemann Integrals

Reversals of Signal-Posterior Monotonicity for Any Bounded Prior

1.4 Nonregular Languages

10. AREAS BETWEEN CURVES

STRUCTURE OF CONCURRENCY Ryszard Janicki. Department of Computing and Software McMaster University Hamilton, ON, L8S 4K1 Canada

Exercises with (Some) Solutions

Quadratic Forms. Quadratic Forms

set is not closed under matrix [ multiplication, ] and does not form a group.

Nondeterminism and Nodeterministic Automata

Properties of Integrals, Indefinite Integrals. Goals: Definition of the Definite Integral Integral Calculations using Antiderivatives

Reliable Optimal Production Control with Cobb-Douglas Model

Riemann Sums and Riemann Integrals

Generalized Fano and non-fano networks

LCM AND HCF. Type - I. Type - III. Type - II

Homework Assignment 9 Solution Set

List all of the possible rational roots of each equation. Then find all solutions (both real and imaginary) of the equation. 1.

Math 1B, lecture 4: Error bounds for numerical methods

CS 188 Introduction to Artificial Intelligence Fall 2018 Note 7

1 Probability Density Functions

Relating logic to formal languages

Math 120 Answers for Homework 13

Preparation for A Level Wadebridge School

Advanced Calculus: MATH 410 Uniform Convergence of Functions Professor David Levermore 11 December 2015

JDEP 384H: Numerical Methods in Business

7.1 Integral as Net Change and 7.2 Areas in the Plane Calculus

Transcription:

This reserch ws supported in prt by the Europen Reserch Council (ERC) Advnced Investigtor Grnt QUAREM nd by the Austrin Science Fund (FWF) project S11402-N23. Synthesis from Quntittive Specifictions Arjun Rdhkrishn Institute of Science nd Technology, Austri Mrch 11, 2012 Joint work with Pvol Černý, Thoms A. Henzinger, Sivknth Gopi, nd Nishnth Totl

Boolen Specifictions vs. Quntittive Specifictions Boolen Specifictions Bd Good

Boolen Specifictions vs. Quntittive Specifictions Boolen Specifictions Quntittive Specifictions Bd Good Preference

Boolen Specifictions vs. Quntittive Specifictions Boolen Specifictions Quntittive Specifictions Bd Good Preference Yes/No vs. Preference Order

Boolen Specifictions vs. Quntittive Specifictions Boolen Specifictions Quntittive Specifictions Bd Good Yes/No vs. Preference Order Preference Mny formlisms: Weighted Automt, Quntittive logics, Cost-Register Automt, Softwre Metrics, etc

Boolen Specifictions vs. Quntittive Specifictions Boolen Specifictions Quntittive Specifictions Bd Good Yes/No vs. Preference Order Preference Mny formlisms: Weighted Automt, Quntittive logics, Cost-Register Automt, Softwre Metrics, etc In this tlk: Rective systems + Behviourl metrics

Our formlism: Simultion distnces Specifiction: Idel boolen specifiction 1 [R. Milner. 1971]

Our formlism: Simultion distnces Specifiction: Idel boolen specifiction + Error Model 1 [R. Milner. 1971]

Our formlism: Simultion distnces Specifiction: Idel boolen specifiction + Error Model Extend the clssicl Simultion reltion 1 to Simultion distnces 1 [R. Milner. 1971]

Our formlism: Simultion distnces Specifiction: Idel boolen specifiction + Error Model Extend the clssicl Simultion reltion 1 to Simultion distnces Written s d E (I, S) if d E (I 1, S) < d E (I 2, S), then I 1 is preferred over I 2 1 [R. Milner. 1971]

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 Implementtion Specifiction Error Penlty b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3 Implementtion Specifiction Error Penlty b

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 Implementtion b Specifiction b Error Penlty 0 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3 Implementtion b b Specifiction b b Error Penlty 0 0

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3 Implementtion b b b Specifiction b b Error Penlty 0 0 1

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3 Implementtion b b b Specifiction b b Error Penlty 0 0 1 0

Our formlism: Simultion distnces Idel Specifiction b b 0 1 2 b (1) Error Model (0) 0 b b (0) b (1) Implementtion b b b 0 1 2 3 Implementtion b b b... Specifiction b b... Error Penlty 0 0 1 0... Limit-Averge Simultion Distnce = 1 / 4 = 0.25

Error Models nd Properties Boolen Error Model (0) b ( ) 0 b b (0) b ( )

Error Models nd Properties Delyed Grnt Model penlizes dely in grnt g/g(0) g/ g(0) g/g(1) g/ (0) g/ (1)

Error Models nd Properties Grnt Efficiency Error Model penlizes spurious grnts g g (1) g (0) 0 g g (0)

Why use quntittive specifictions? Exmple Every request req to be eventully grnted with gr. Φ = G(req = Fgr). 2 Tken from [I. Pill, S. Semprini, R. Cvd, M. Roveri, R. Bloem, nd A. Cimtti. FMCAD 2009] Arjun Rdhkrishn (IST Austri) Synthesis from Quntittive Specifictions Mrch 2014 6 / 13

Why use quntittive specifictions? Exmple Every request req to be eventully grnted with gr. Φ = G(req = Fgr). Additionl desire D 1 : We wnt to minimize spurious grnts 2. D 1 = gr W req G(gr = X( gr W req)). Simple requirement, but complicted to specify. 2 Tken from [I. Pill, S. Semprini, R. Cvd, M. Roveri, R. Bloem, nd A. Cimtti. FMCAD 2009] Arjun Rdhkrishn (IST Austri) Synthesis from Quntittive Specifictions Mrch 2014 6 / 13

Why use quntittive specifictions? Exmple Every request req to be eventully grnted with gr. Φ = G(req = Fgr). Additionl desire D 1 : We wnt to minimize spurious grnts 2. D 1 = gr W req G(gr = X( gr W req)). Simple requirement, but complicted to specify. Chnging requirement Φ to Φ GF (gr) full rewriting of D 1. 2 Tken from [I. Pill, S. Semprini, R. Cvd, M. Roveri, R. Bloem, nd A. Cimtti. FMCAD 2009] Arjun Rdhkrishn (IST Austri) Synthesis from Quntittive Specifictions Mrch 2014 6 / 13

Why use quntittive specifictions? Exmple Every request req to be eventully grnted with gr. Φ = G(req = Fgr). Additionl desire D 1 : We wnt to minimize spurious grnts 2. D 1 = gr W req G(gr = X( gr W req)). Simple requirement, but complicted to specify. Chnging requirement Φ to Φ GF (gr) full rewriting of D 1. Quntittive cse: dd one idel specifiction sying no grnts, nd error model penlizing ech grnt. No chnge is Φ chnges Specifying Wht insted of How 2 Tken from [I. Pill, S. Semprini, R. Cvd, M. Roveri, R. Bloem, nd A. Cimtti. FMCAD 2009] Arjun Rdhkrishn (IST Austri) Synthesis from Quntittive Specifictions Mrch 2014 6 / 13

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized.

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized. µ 1 = µ 2 S 2 µ 2 I µ 1 S 1

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized. µ 1 < µ 2 S 2 µ 2 I µ 1 S 1

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized. µ 1 > µ 2 µ 2 S 2 I µ 1 S 1

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized. S 2 µ 2 µ 1 S 1 I µ 3 S 3

Composing Requirements Synthesis on the Preto Curve Given specifiction-error model pirs (S i, E i ) nd weights µ i (0, 1), find (ɛ-)optiml implementtion I such tht mx i {µ i d Ei (I, S i )} is minimized. S 2 µ 2 µ 1 S 1 I µ 3 S 3 Solution: I is the (ɛ-)optiml finite memory strtegy in multi-dimensionl men-pyoff gme [K. Chtterjee. 30 minutes go.]

Protocol Trde-offs: Forwrd Error Correcting Codes FECs re protocols for error control in noisy chnnels. Our problem Send 3 bit integers over network Sy one bit-flip during trnsmission. Additionl complexity: Error in the MSB is worse thn n error in LSB.

Protocol Trde-offs: Forwrd Error Correcting Codes FECs re protocols for error control in noisy chnnels. Our problem Send 3 bit integers over network Sy one bit-flip during trnsmission. Additionl complexity: Error in the MSB is worse thn n error in LSB. Two conflicting quntittive requirements: Efficiency: Use lest bndwidth. Idel Specifiction: Only 3 bits trnsferred. Error model: Penlty 1 per dditionl bit.

Protocol Trde-offs: Forwrd Error Correcting Codes FECs re protocols for error control in noisy chnnels. Our problem Send 3 bit integers over network Sy one bit-flip during trnsmission. Additionl complexity: Error in the MSB is worse thn n error in LSB. Two conflicting quntittive requirements: Efficiency: Use lest bndwidth. Idel Specifiction: Only 3 bits trnsferred. Error model: Penlty 1 per dditionl bit. Robustness: Decode the integer right. Idel Specifiction: All bits re decoded properly Error model: Penlty of 4, 2 nd 1 for getting first, second nd third bits wrong.

Protocol Trde-offs: Forwrd Error Correcting Codes FECs re protocols for error control in noisy chnnels. Our problem Send 3 bit integers over network Sy one bit-flip during trnsmission. Additionl complexity: Error in the MSB is worse thn n error in LSB. Two conflicting quntittive requirements: Efficiency: Use lest bndwidth. Idel Specifiction: Only 3 bits trnsferred. Error model: Penlty 1 per dditionl bit. Robustness: Decode the integer right. Idel Specifiction: All bits re decoded properly Error model: Penlty of 4, 2 nd 1 for getting first, second nd third bits wrong. Additionl boolen specifictions for ensuring soundness

Synthesis of FECs: Results Vrying efficiency weight µ eff nd robustness weight µ rob.

Synthesis of FECs: Results Vrying efficiency weight µ eff nd robustness weight µ rob. Cse µrob >>> µ eff. Inefficient, but fully robust.

Synthesis of FECs: Results Vrying efficiency weight µ eff nd robustness weight µ rob. Cse µrob >>> µ eff. Inefficient, but fully robust. Cse µeff >>> µ rob. Fully efficient, but non-robust.

Synthesis of FECs: Results Vrying efficiency weight µ eff nd robustness weight µ rob. Cse µrob >>> µ eff. Inefficient, but fully robust. Cse µeff >>> µ rob. Fully efficient, but non-robust. Cse µ eff µ rob. In-between efficiency, nd gets MSB correct. Domin Generted protocol Correctness gurntee Overhed µ rob >> µ eff Hmming code full error correction 4 bits µ rob << µ eff Plin no error correction 0 bits µ rob µ eff TMR for MSB MSB is correct 2 bits Completely different protocols just by vrying weights. Key properties: Requirements re kept seprte. Bsic functionlity specified exctly. Advnced functionlity through preferences.

Incomptible Specifictions Specifictions rrely monolithic. Designer reconciles multiple requirements. Writes more detiled specifictions resolving corner cses nd contrdictions whole field of requirements engineering nd trcbility

Incomptible Specifictions... Continued Every request req 1 must be immeditely grnted with gr 1. Every request req 2 must be immeditely grnted with gr 2. Grnts gr 1 nd gr 2 cnnot occur t the sme time.

Incomptible Specifictions... Continued Every request req 1 must be immeditely grnted with gr 1. Every request req 2 must be immeditely grnted with gr 2. Grnts gr 1 nd gr 2 cnnot occur t the sme time. Designer resolution = (sy) by lternting between requests. G(r 1 r 2 = (g 1 g 2 )) G(r 1 r 2 g 1 = ( r 1 r 2 g 1 W r 1 r 2 g 2 )) G(r1 r 2 g 2 = ( r 1 r 2 g 2 W r 1 r 2 g 1 )).

Incomptible Specifictions... Continued Every request req 1 must be immeditely grnted with gr 1. Every request req 2 must be immeditely grnted with gr 2. Grnts gr 1 nd gr 2 cnnot occur t the sme time. Designer resolution = (sy) by lternting between requests. G(r 1 r 2 = (g 1 g 2 )) G(r 1 r 2 g 1 = ( r 1 r 2 g 1 W r 1 r 2 g 2 )) G(r1 r 2 g 2 = ( r 1 r 2 g 2 W r 1 r 2 g 1 )). How insted of Wht

Continued... Requirements now entngled. Chnging G(req 1 = gr 1 ) to G(req 1 = (gr 1 Xgr 1 )) Lots of rewriting.

Continued... Requirements now entngled. Chnging G(req 1 = gr 1 ) to G(req 1 = (gr 1 Xgr 1 )) Lots of rewriting. In quntittive cse, dd error models with equl penlties. Cn chnge one independently without chnging nything else.

Continued... Requirements now entngled. Chnging G(req 1 = gr 1 ) to G(req 1 = (gr 1 Xgr 1 )) Lots of rewriting. In quntittive cse, dd error models with equl penlties. Cn chnge one independently without chnging nything else. Chnging request priorities = vry specifiction weights

Conclusion Quntittive specifiction formlism Simultion Distnces Cn led to more compct specifictions specifying functionlity through preferences Synthesis from multiple quntittive specifictions Trde-offs in protocol synthesis Resolving corner-cse incomptibilities

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback