End-to-End Verification of Initial and Transition Properties of GR(1) Designs in SPARK

Humphrey, Laura R.; Hamil, James; Huguet, Joffrey

doi:10.1007/978-3-030-58768-0_4

Laura R. Humphrey¹⁰,
James Hamil¹¹ &
Joffrey Huguet¹²

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12310))

Included in the following conference series:

International Conference on Software Engineering and Formal Methods

523 Accesses
1 Citations

Abstract

Manually designing control logic for reactive systems is time-consuming and error-prone. An alternative is to automatically generate controllers using “correct-by-construction” synthesis approaches. Recently, there has been interest in synthesis from Generalized Reactivity(1) or GR(1) specifications, since the required computational complexity is relatively low, and several tools exist for synthesis from GR(1) specifications. However, while these tools implement synthesis approaches that are theoretically “correct-by-construction,” errors in tool implementation can still lead to errors in synthesized controllers. We are therefore interested in “end-to-end” verification of synthesized controllers with respect to their original GR(1) specifications. Toward this end, we have modified Salty – a tool that produces executable software implementations of controllers from GR(1) specifications in a variety of programming languages – to produce implementations in SPARK. SPARK is both a programming language and associated set of verification tools, so it has the potential to enable the “end-to-end” verification we desire. In this paper, we discuss our experience to date using SPARK to implement controllers and verify them against a subset of properties comprising GR(1) specifications, namely system initial and system transition properties. We also discuss lessons learned about how to best encode controllers synthesized from GR(1) specifications in SPARK for verification, examples in which verification found unexpected controller behaviors, and caveats related to the interpretation of GR(1) specifications.

Supported by AFRL contract FA8650-16-C-2642 and AFOSR grant RQCOR20–35. Distribution Statement A. Approved for public release: distribution unlimited. Case #88ABW-2020-0649.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 44.99; Price excludes VAT (USA)

Softcover Book: USD 59.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
https://github.com/GaloisInc/salty/.
2.
https://github.com/afrl-rq/OpenAMASE.
3.
https://github.com/afrl-rq/OpenUxAS.
4.
Salty’s vip_orig.salt and Anzu’s arbiter.salt.

References

Alur, R., Moarref, S., Topcu, U.: Compositional synthesis of reactive controllers for multi-agent systems. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 251–269. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_14
Chapter Google Scholar
Apker, T.B., Johnson, B., Humphrey, L.R.: LTL templates for play-calling supervisory control. In: AIAA Infotech@Aerospace. AIAA (2016)
Google Scholar
Bloem, R., Jobstmann, B., Piterman, N., Pnueli, A., Yaniv, S.: Synthesis of reactive(1) designs. J. Comput. Syst. Sci. 78(3), 911–938 (2012)
Article MathSciNet Google Scholar
Bloem, R., et al.: RATSY – a new requirements analysis tool with synthesis. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 425–429. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_37
Chapter Google Scholar
Ehlers, R., Könighofer, R., Hofferek, G.: Symbolically synthesizing small circuits. In: IEEE Formal Methods in Computer-Aided Design (FMCAD), pp. 91–100. IEEE (2012)
Google Scholar
Ehlers, R., Raman, V.: Slugs: extensible GR(1) synthesis. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 333–339. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_18
Chapter Google Scholar
Elliott, T., Alshiekh, M., Humphrey, L.R., Pike, L., Topcu, U.: Salty-a domain specific language for GR(1) specifications and designs. In: 2019 International Conference Robotics and Automation (ICRA), pp. 4545–4551. IEEE (2019)
Google Scholar
Fainekos, G.E., Girard, A., Kress-Gazit, H., Pappas, G.J.: Temporal logic motion planning for dynamic robots. Automatica 45(2), 343–352 (2009)
Article MathSciNet Google Scholar
Finucane, C., Jing, G., Kress-Gazit, H.: LTLMoP: experimenting with language, temporal logic and robot control. In: IEEE/RSJ International Conference Intelligent Robots and Systems (IROS), pp. 1988–1993. IEEE (2010)
Google Scholar
Guo, M., Tumova, J., Dimarogonas, D.V.: Cooperative decentralized multi-agent control under local LTL tasks and connectivity constraints. In: IEEE Conference Decision and Control (CDC), pp. 75–80. IEEE (2014)
Google Scholar
Hoang, D., Moy, Y., Wallenburg, A., Chapman, R.: SPARK 2014 and GNATprove. Int. J. Softw. Tools Technol. Transfer 17(6), 695–707 (2015)
Google Scholar
Jobstmann, B., Galler, S., Weiglhofer, M., Bloem, R.: Anzu: a tool for property synthesis. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 258–262. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_29
Chapter Google Scholar
Kress-Gazit, H., Fainekos, G.E., Pappas, G.J.: Where’s Waldo? sensor-based temporal logic motion planning. In: IEEE International Conference Robotics and Automation (ICRA), pp. 3116–3121. IEEE (2007)
Google Scholar
Kupermann, O., Vardi, M.: Synthesizing distributed systems. In: IEEE Symposium Logic in Computer Science, pp. 389–398. IEEE (2001)
Google Scholar
Moy, Y.: Climbing the software assurance ladder-practical formal verification for reliable software. Electron. Commun. EASST 76 (2019)
Google Scholar
Wang, A., Moarref, S., Loo, B.T., Topcu, U., Scedrov, A.: Automated synthesis of reactive controllers for software-defined networks. In: IEEE Int. Conf. Network Protocols (ICNP). pp. 1–6. IEEE (2013)
Google Scholar
Wongpiromsarn, T., Topcu, U., Ozay, N., Xu, H., Murray, R.M.: TuLiP: a software toolbox for receding horizon temporal logic planning. In: International Conference Hybrid Systems: Computation and Control, pp. 313–314. HSCC 2011, ACM (2011)
Google Scholar
Xu, H., Topcu, U., Murray, R.M.: A case study on reactive protocols for aircraft electric power distribution. In: IEEE Conference Decision and Control (CDC), pp. 1124–1129. IEEE (2012)
Google Scholar

Download references

Author information

Authors and Affiliations

Air Force Research Laboratory, Wright-Patterson Air Force Base, OH, 45433, USA
Laura R. Humphrey
LinQuest Corp., Beavercreek, OH, 45431, USA
James Hamil
AdaCore, 75009, Paris, France
Joffrey Huguet

Authors

Laura R. Humphrey
View author publications
You can also search for this author in PubMed Google Scholar
James Hamil
View author publications
You can also search for this author in PubMed Google Scholar
Joffrey Huguet
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Laura R. Humphrey .

Editor information

Editors and Affiliations

Informatica, Centrum voor Wiskunde en Informatica (CWI), Amsterdam, The Netherlands
Frank de Boer
Department of Computer Science, Nazarbayev University, Astana, Kazakhstan
Antonio Cerone

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Humphrey, L.R., Hamil, J., Huguet, J. (2020). End-to-End Verification of Initial and Transition Properties of GR(1) Designs in SPARK. In: de Boer, F., Cerone, A. (eds) Software Engineering and Formal Methods. SEFM 2020. Lecture Notes in Computer Science(), vol 12310. Springer, Cham. https://doi.org/10.1007/978-3-030-58768-0_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-58768-0_4
Published: 08 September 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58767-3
Online ISBN: 978-3-030-58768-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics