Towards Efficient Parameterized Synthesis Ayrat Khalimov Swen Jacobs

Towards Efficient Parameterized Synthesis Ayrat Khalimov Swen Jacobs Roderick Bloem

A reactive system is a system that responds to external events Reactive System 2

Parameterized Reactive System 3

Synthesis time of AMBA arbiter 4

Outline 1. Preliminaries § Parameterized specifications and systems § Parameterized synthesis problem § Method to solve parameterized synthesis problem 2. Motivation for the current work 3. The main part 4. Conclusion 5

Parameterized Specification § 6

Parameterized Systems § The concrete system An, scheduler, (P 1, …, Pn) § The parameterized system is a ‘mapping’ from parameter n to a concrete system with n processes: n -> An, scheduler , (P 1, …, Pn) 7

Parameterized Token Rings § set of isomorphic processes (P 1 = … = Pn) § scheduler: asynchronous § architecture: token rings . . . 8

Parameterized Synthesis Problem Given parameterized specification φ, find a process implementation P /and parameterized architecture A/: A n, P ⊨ φ n for any number n of processes Undecidable /even for token rings/ => semi-decision procedures 9

Parameterized Synthesis Method [JB 12] LTL Reduce to Token Ring of cutoff size § Cutoff reductions from verification community [EN 95] Synthesize Token Ring of cutoff size Process model § Bounded synthesis approach [SF 07] 10

Cutoffs in Token Rings Reasoning about Rings, E. A. Emerson, K. S. Namjoshi, 1995 Given a token ring architecture isomorphic processes specifications LTLX of a special form synthesize: then enough to verify: • • • ∧φ(i) ∧φ(i, i+1) ∧φ(i, j) 11

Synthesis of Parameterized Arbiter § r g 12

Adaption of Bounded Synthesis to Parameterized Synthesis [JB 12, SF 07] transition function Encoder spec automaton SMT Solver output functions architecture specific output functions + constraints to specify token rings architecture 13

The Problems 1. Language Cannot handle an “arbiter without spurious grants” in assume-guarantee specification 2. Slow on non-trivial examples an “arbiter without spurious grants” cannot be synthesized in 2 hours 3. Limited architectures (future work) only token rings are supported 14

Outline 1. Preliminaries 2. Motivation for the current work 3. Language 4. Optimizations 5. Conclusion 15

Language: more indices § [EN 95] does not handle ∧ a -> ∧ g § Verification by Network Decomposition [CTTV 4]: § general token passing networks § any number of indices in specifications § cutoff result depends on the architecture We refined [CTTV 4]: Th. For k-indexed specifications in token rings the cutoff is 2 k. 16

Outline 1. Preliminaries 2. Motivation for the current work 3. Language 4. Optimizations § Optimizations of encoding § General optimizations 5. Conclusion 17

Optimizations of Encoding Original ‘Top-Down’ Approach [JB 12] Proposed ‘Bottom-Up’ Approach Use constraints to specify the system of components Compose the system from the components Global: state (s 1, s 2, s 3) transition (tau, tau) Global: state t transition tatau projection functions Local s 1 out Local s 2 Local s 3 Local s 1 Local s 2 Local s 3 out tau 18

Evaluation of Bottom-Up Encoding Why it works? Decreases # of unknowns – no projection functions. Domain of transition function tau also decreased. 19

Outline 1. Preliminaries 2. Motivation for the current work 3. Language 4. Optimizations § Optimizations of encoding § General optimizations § Strengthening of specifications § Modular synthesis § Environment abstraction 5. Conclusion 20

Strengthening of Specifications Sound rewriting of the specification to make it easier for synthesis procedure. 21

Idea of Strengthening § Strengthenings are sound, but incomplete 22

Localizing: in depth localization step 23

Evaluation of Strengthening Why it works? It reduces the size of specification automaton (for pnueli 4 - from 1700 to 30 nodes, cutoff 6 -> 4) 24

Outline 1. Preliminaries 2. Motivation for the current work 3. Language 4. Optimizations § Optimizations of encoding § General optimizations § Strengthening of specifications § Modular Synthesis of properties § Environment abstraction 5. Conclusion 25

Non-Modular Synthesis § synthesize 26

Modular Synthesis § encode C 2 encode C 4 27

Evaluation of Modular Synthesis Why it works? Parts of the specification are synthesized in smaller rings => smaller queries § full 4: 6 MB 0. 6 MB § pnueli 4: 21 MB 4 MB 28

Outline 1. Preliminaries 2. Motivation for the current work 3. Language 4. Optimizations § Optimizations of encoding § General optimizations § Strengthening of specifications § Modular synthesis § Environment abstraction 5. Conclusion 29

Environment Abstraction § 30

Environment Abstraction (cont. ) § prev sends § async hub – normal setting § sync hub – the process is always scheduled 31

Evaluation of Environment Abstraction § 32

General Optimizations: sum up S S S § C § C § Strengthening of specifications Modular synthesis of properties async hub abstraction 33

Prototype Implementation Architecture ILTL Optimizer LTL 3 BA Encoder Z 3 - + Mealy/Moore model increase bound § available at http: //github. com/5 nizza/Party 34

Conclusion Current work: § Extends language of parameterized synthesis method § Introduces optimizations leading to 103 speedup Future directions: § Optimize bounded synthesis approach – LTL to automaton conversion is a bottleneck § Utilize lazy synthesis approach [FJ 12] § Extend the prototype tool to a distributed synthesis 35

Thank you 36