Filters








78 Hits in 1.0 sec

Environment Assumptions for Synthesis [article]

Krishnendu Chatterjee, Thomas A. Henzinger, Barbara Jobstmann
2008 arXiv   pre-print
The synthesis problem asks to construct a reactive finite-state system from an ω-regular specification. Initial specifications are often unrealizable, which means that there is no system that implements the specification. A common reason for unrealizability is that assumptions on the environment of the system are incomplete. We study the problem of correcting an unrealizable specification ϕ by computing an environment assumption ψ such that the new specification ψ→ϕ is realizable. Our aim is to
more » ... construct an assumption ψ that constrains only the environment and is as weak as possible. We present a two-step algorithm for computing assumptions. The algorithm operates on the game graph that is used to answer the realizability question. First, we compute a safety assumption that removes a minimal set of environment edges from the graph. Second, we compute a liveness assumption that puts fairness conditions on some of the remaining environment edges. We show that the problem of finding a minimal set of fair edges is computationally hard, and we use probabilistic games to compute a locally minimal fairness assumption.
arXiv:0805.4167v1 fatcat:ihtnqw3p6neg5cr2pbh7fc65li

GIST: A Solver for Probabilistic Games [article]

Krishnendu Chatterjee, Thomas A. Henzinger, Barbara Jobstmann, Arjun Radhakrishna
2010 arXiv   pre-print
Gist is a tool that (a) solves the qualitative analysis problem of turn-based probabilistic games with ω-regular objectives; and (b) synthesizes reasonable environment assumptions for synthesis of unrealizable specifications. Our tool provides the first and efficient implementations of several reduction-based techniques to solve turn-based probabilistic games, and uses the analysis of turn-based probabilistic games for synthesizing environment assumptions for unrealizable specifications.
arXiv:1004.2367v1 fatcat:2typwnm52fairfz7v2qmn5zhgq

Finding and Fixing Faults [chapter]

Stefan Staber, Barbara Jobstmann, Roderick Bloem
2005 Lecture Notes in Computer Science  
Knowing that a program has a bug is good, knowing its location is better, but a fix is best. We present a method to automatically locate and correct faults in a finite state system, either at the gate level or at the source level. We assume that the specification is given in Linear Temporal Logic, and state the correction problem as a game, in which the protagonist selects a faulty component and suggests alternative behavior. The basic approach is complete but as complex as synthesis. It also
more » ... ffers from problems of readability: the correction may add state and logic to the system. We present two heuristics. The first avoids the doubly exponential blowup associated with synthesis by using nondeterministic automata. The second heuristic finds a memoryless strategy, which we show is an NP-complete problem. A memoryless strategy corresponds to a simple, local correction that does not add any state. The drawback of the two heuristics is that they are not complete unless the specification is an invariant. Our approach is general: the user can define what constitutes a component, and the suggested correction can be an arbitrary combinational function of the current state and the inputs. We show experimental results supporting the applicability of our approach.
doi:10.1007/11560548_6 fatcat:xq2iutykkvffxdrhmx37fcwzxy

Program Repair without Regret [chapter]

Christian von Essen, Barbara Jobstmann
2013 Lecture Notes in Computer Science  
We present a new and flexible approach to repair reactive programs with respect to a specification. The specification is given in linear-temporal logic. Like in previous approaches, we aim for a repaired program that satisfies the specification and is syntactically close to the faulty program. The novelty of our approach is that it produces a program that is also semantically close to the original program by enforcing that a subset of the original traces is preserved. Intuitively, the faulty
more » ... gram is considered to be a part of the specification, which enables us to synthesize meaningful repairs, even for incomplete specifications. Our approach is based on synthesizing a program with a set of behaviors that stay within a lower and an upper bound. We provide an algorithm to decide if a program is repairable with respect to our new notion, and synthesize a repair if one exists. We analyze several ways to choose the set of traces to leave intact and show the boundaries they impose on repairability. We also discuss alternative notions based on reward models to obtain repair systems that behave similar to the original system. We have evaluated the approach on several examples.
doi:10.1007/978-3-642-39799-8_64 fatcat:ypv2ijzxbvfq7deeixvq6j5oxe

Model checking transactional memories

Rachid Guerraoui, Thomas A. Henzinger, Barbara Jobstmann, Vasu Singh
2008 SIGPLAN notices  
Model checking software transactional memories (STMs) is difficult because of the unbounded number, length, and delay of concurrent transactions and the unbounded size of the memory. We show that, under certain conditions, the verification problem can be reduced to a finite-state problem and we illustrate the use of the method by proving the correctness of several STMs, including two-phase locking, DSTM, TL2, and optimistic concurrency control. The safety properties we consider include strict
more » ... rializability and abort consistency; the liveness properties include obstruction freedom, livelock freedom, and wait freedom. Our main contribution lies in the structure of the proofs, which are largely automated and not restricted to the STMs mentioned above. In a first step we show that every STM that enjoys certain symmetry properties either violates a safety or liveness requirement on some program with 2 threads and 2 shared variables, or satisfies the requirement on all programs. In the second step we use a model checker to prove the requirement for the STM applied to a most general program with 2 threads and 2 variables. In the safety case, the model checker constructs a simulation relation between two carefully constructed finite-state transition systems, one representing the given STM applied to a most general program, and the other representing a most liberal STM applied to the same program. In the liveness case, the model checker analyzes fairness conditions on the given STM transition system.
doi:10.1145/1379022.1375626 fatcat:eop7rmko3jgv7dw6xpqwibo6lm

Optimizations for LTL Synthesis

Barbara Jobstmann, Roderick Bloem
2006 2006 Formal Methods in Computer Aided Design  
s 72.78 s 483.38 s 39.26 s 755(83106) 242(3834) 124(444) 20 8,6,2 strong 7(14) 3.21 s 2.98 s 1.24 s 1.13 s 0.82 s 0.73 s 112(1187) 5(10) 2(3) http://www.ist.tugraz.at/staff/jobstmann  ... 
doi:10.1109/fmcad.2006.22 dblp:conf/fmcad/JobstmannB06 fatcat:v2hswya5wracvjc7t3o5hb6mlu

Environment Assumptions for Synthesis [chapter]

Krishnendu Chatterjee, Thomas A. Henzinger, Barbara Jobstmann
2008 Lecture Notes in Computer Science  
The synthesis problem asks to construct a reactive finite-state system from an ω-regular specification. Initial specifications are often unrealizable, which means that there is no system that implements the specification. A common reason for unrealizability is that assumptions on the environment of the system are incomplete. We study the problem of correcting an unrealizable specification ϕ by computing an environment assumption ψ such that the new specification ψ → ϕ is realizable. Our aim is
more » ... o construct an assumption ψ that constrains only the environment and is as weak as possible. We present a two-step algorithm for computing assumptions. The algorithm operates on the game graph that is used to answer the realizability question. First, we compute a safety assumption that removes a minimal set of environment edges from the graph. Second, we compute a liveness assumption that puts fairness conditions on some of the remaining environment edges. We show that the problem of finding a minimal set of fair edges is computationally hard, and we use probabilistic games to compute a locally minimal fairness assumption.
doi:10.1007/978-3-540-85361-9_14 fatcat:wshathssiban3bttmlpsrp3zcy

Program Repair as a Game [chapter]

Barbara Jobstmann, Andreas Griesmayer, Roderick Bloem
2005 Lecture Notes in Computer Science  
We present a conservative method to automatically fix faults in a finite state program by considering the repair problem as a game. The game consists of the product of a modified version of the program and an automaton representing the LTL specification. Every winning finite state strategy for the game corresponds to a repair. The opposite does not hold, but we show conditions under which the existence of a winning strategy is guaranteed. A finite state strategy corresponds to a repair that
more » ... variables to the program, which we argue is undesirable. To avoid extra state, we need a memoryless strategy. We show that the problem of finding a memoryless strategy is NP-complete and present a heuristic. We have implemented the approach symbolically and present initial evidence of its usefulness.
doi:10.1007/11513988_23 fatcat:zt2o3jwjungxtc4hv2zszu6m2u

Program repair without regret

Christian von Essen, Barbara Jobstmann
2015 Formal methods in system design  
We present a new and flexible approach to repair reactive programs with respect to a specification. The specification is given in linear-temporal logic. Like in previous approaches, we aim for a repaired program that satisfies the specification and is syntactically close to the faulty program. The novelty of our approach is that it produces a program that is also semantically close to the original program by enforcing that a subset of the original traces is preserved. Intuitively, the faulty
more » ... gram is considered to be a part of the specification, which enables us to synthesize meaningful repairs, even for incomplete specifications. Our approach is based on synthesizing a program with a set of behaviors that stay within a lower and an upper bound. We provide an algorithm to decide if a program is repairable with respect to our new notion, and synthesize a repair if one exists. We analyze several ways to choose the set of traces to leave intact and show the boundaries they impose on repairability. We have evaluated the approach on several examples.
doi:10.1007/s10703-015-0223-6 fatcat:2osbgjsctjb7lal5b2do3ezqfm

QUASY: Quantitative Synthesis Tool [chapter]

Krishnendu Chatterjee, Thomas A. Henzinger, Barbara Jobstmann, Rohit Singh
2011 Lecture Notes in Computer Science  
We present the tool QUASY, a quantitative synthesis tool. QUASY takes qualitative and quantitative specifications and automatically constructs a system that satisfies the qualitative specification and optimizes the quantitative specification, if such a system exists. The user can choose between a system that satisfies and optimizes the specifications (a) under all possible environment behaviors or (b) under the most-likely environment behaviors given as a probability distribution on the
more » ... input sequences. QUASY solves these two quantitative synthesis problems by reduction to instances of 2-player games and Markov Decision Processes (MDPs) with quantitative winning objectives. QUASY can also be seen as a game solver for quantitative games. Most notable, it can solve lexicographic mean-payoff games with 2 players, MDPs with mean-payoff objectives, and ergodic MDPs with mean-payoff parity objectives.
doi:10.1007/978-3-642-19835-9_24 fatcat:d2povpqdevgmdbp7lh2r4n2byq

Synthesizing efficient systems in probabilistic environments

Christian von Essen, Barbara Jobstmann, David Parker, Rahul Varshneya
2015 Acta Informatica  
doi:10.1007/s00236-015-0237-y fatcat:rtkifoucajhevhtj62d2afo46a

Formalisms for Specifying Markovian Population Models [chapter]

Thomas A. Henzinger, Barbara Jobstmann, Verena Wolf
2009 Lecture Notes in Computer Science  
We compare several languages for specifying Markovian population models such as queuing networks and chemical reaction networks. These languages -matrix descriptions, stochastic Petri nets, stochastic process algebras, stoichiometric equations, and guarded command models-all describe continuous-time Markov chains, but they differ according to important properties, such as compositionality, expressiveness and succinctness, executability, ease of use, and the support they provide for checking the
more » ... well-formedness of a model and for analyzing a model.
doi:10.1007/978-3-642-04420-5_2 fatcat:gwahkrsonjenfg7l2htzy2elma

Synthesizing robust systems

Roderick Bloem, Krishnendu Chatterjee, Karin Greimel, Thomas A. Henzinger, Georg Hofferek, Barbara Jobstmann, Bettina Könighofer, Robert Könighofer
2013 Acta Informatica  
Many specifications include assumptions on the environment. If the environment satisfies the assumptions then a correct system reacts as intended. However, when the environment deviates from its expected behavior, a correct system can behave arbitrarily. We want to synthesize robust systems that degrade gracefully, i.e., a small number of environment failures should induce a small number of system failures. We define ratio games and show that an optimal robust system corresponds to the winning
more » ... trategy of a ratio game, where the system minimizes the ratio of system errors to environment errors. We show that ratio games can be solved in pseudopolynomial time.
doi:10.1007/s00236-013-0191-5 fatcat:u67qma3mmzfexl2qiwcs2zzdpi

Interface theories with component reuse

Laurent Doyen, Thomas A. Henzinger, Barbara Jobstmann, Tatjana Petrov
2008 Proceedings of the 7th ACM international conference on Embedded software - EMSOFT '08  
Interface theories have been proposed to support incremental design and independent implementability. Incremental design means that the compatibility checking of interfaces can proceed for partial system descriptions, without knowing the interfaces of all components. Independent implementability means that compatible interfaces can be refined separately, maintaining compatibility. We show that these interface theories provide no formal support for component reuse, meaning that the same
more » ... cannot be used to implement several different interfaces in a design. We add a new operation to interface theories in order to support such reuse. For example, different interfaces for the same component may refer to different aspects such as functionality, timing, and power consumption. We give both stateless and stateful examples for interface theories with component reuse. To illustrate component reuse in interface-based design, we show how the stateful theory provides a natural framework for specifying and refining PCI bus clients.
doi:10.1145/1450058.1450070 dblp:conf/emsoft/DoyenHJP08 fatcat:gwn7gsvj2vdbjmbkwvu3nxhp2e

Synthesizing robust systems

Roderick Bloem, Karin Greimel, Thomas A. Henzinger, Barbara Jobstmann
2009 2009 Formal Methods in Computer-Aided Design  
doi:10.1109/fmcad.2009.5351139 dblp:conf/fmcad/BloemGHJ09 fatcat:gbri5s7jtzg2bj2y77whaghq54
« Previous Showing results 1 — 15 out of 78 results