an evidential tool bus
play

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI - PowerPoint PPT Presentation

Mar 27, 2024 •34 likes •504 views

An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I ICFEM05 An Evidential Tool Bus1 Formal Methods Integration No one notation, method, tool, or technology

  1. An Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I ICFEM’05 An Evidential Tool Bus–1

  2. Formal Methods Integration • No one notation, method, tool, or technology solves all problems • Sometimes we need to make a selection • And sometimes we need to use several in combination • How to make multiple state of the art tools work together? ◦ Want an architecture for tool integration that can be deployed today ◦ But that will work with tools of 10, 15 years hence • Note, I’m focused on tools and analysis • I’ll describe past and present, and a proposal for the future John Rushby, SR I ICFEM’05 An Evidential Tool Bus–2

  3. Prehistory: No mechanized Tools • Can use ad-hoc combinations of notations and methods • Integration is informal, and best kept that way • Little point in worrying about the fine details of semantic compatibility John Rushby, SR I ICFEM’05 An Evidential Tool Bus–3

  4. Industrialization: Independent Tools • Prehistorical notations and methods become supported by tools • Typecheckers, static analyzers, theorem provers, model checkers • Can continue to use • Integration is still informal ad-hoc combinations: e.g., model check before • Managed by the human you prove user • And more integrated ones: e.g., prove an abstraction that can be model checked John Rushby, SR I ICFEM’05 An Evidential Tool Bus–4

  5. 20th Century: Tools That Integrate Many Components • A front end ◦ Typically an interactive theorem prover • Manages several backends ◦ Decision procedures ◦ Model checkers John Rushby, SR I ICFEM’05 An Evidential Tool Bus–5

  6. Simple Backend Architecture John Rushby, SR I ICFEM’05 An Evidential Tool Bus–6

  7. Two Kinds of Backends Endgame Integrated John Rushby, SR I ICFEM’05 An Evidential Tool Bus–7

  8. The Simple Case: Endgame Verifiers • A higher level proof manager calls components (typically, decision procedures) to discharge subgoals • Components return only verified or unverified ◦ Embellishments: proof objects and counterexamples • But the information returned on failure does not guide the higher-level proof search ◦ Other than to cause it to try something else ◦ Hence endgame verifiers John Rushby, SR I ICFEM’05 An Evidential Tool Bus–8

  9. Endgame Verifier Examples 1979: Stanford Pascal Verifier and STP used decision procedures for combinations of theories including arithmetic (STP gave rise to Ehdm, then PVS) 1995: PVS used a BDD-based symbolic model checker 1999: PVS used a predicate abstractor 2000: PVS used Mona for WS1S Not only did theorem provers use model checkers as backends, some model checkers grew a front-end theorem prover 1998: Cadence SMV had a proof assistant that generated model checking subproblems by abstraction and composition And some other systems used an entire interactive theorem prover for the endgame 1999: VSDITLU: used PVS backend to check side conditions on Symbolic Definite Integral Table Look-Up in Maple John Rushby, SR I ICFEM’05 An Evidential Tool Bus–9

  10. Integrating Endgame Verifiers It’s pretty simple • Provide higher level proof strategies that decompose proof goals into subgoals that can be steered towards the competence of the endgame verifier(s) • Provide a recognizer for proof goals within the competence of an endgame verifier • Provide glue code to translate suitable proof goals into the input of an endgame verifier and to interpret its output Many classes of endgame verifiers are being honed through competition • Improves performance (be careful) • Standardizes interfaces • FO provers, BDD packages, SAT solvers, SMT solvers John Rushby, SR I ICFEM’05 An Evidential Tool Bus–10

  11. When Endgame Is Not Enough • When you need interaction across multiple backends • Or when you need massive interaction between front and back ends • Example: fault-tolerant real-time systems Fault tolerance: case explosion; Needs BDDs or SAT Real time: continuous time; needs real arithmetic or timed automata Need tight interaction between these: loose combination will not do it John Rushby, SR I ICFEM’05 An Evidential Tool Bus–11

  12. Recap: Two Kinds of Backends Endgame Integrated John Rushby, SR I ICFEM’05 An Evidential Tool Bus–12

  13. A Difficult Case: Tightly Integrated Backends • Endgame verifiers are easy to integrate because they do not interact with higher level proof search (nor with each other) • In fact, they are barely integrated • Tight integration is much harder • Classic Boyer-Moore 1986 paper describes tight integration of linear arithmetic decision procedure with Nqthm ◦ Two pages of code for endgame decision procedure ◦ Became 60 for integrated version • PVS takes an intermediate path ◦ Decision procedures are integrated with the rewriter ◦ And used in simplification • A tractable case is the integration of decision procedures with each other . . . John Rushby, SR I ICFEM’05 An Evidential Tool Bus–13

  14. The Present Day Three trends: • Evolved (internally integrated) backends • Scriptable components • Customized integrations John Rushby, SR I ICFEM’05 An Evidential Tool Bus–14

  15. Evolution of Endgame Verifiers John Rushby, SR I ICFEM’05 An Evidential Tool Bus–15

  16. Inside an Evolved Endgame Verifier ARITH EQUALITY SAT ARRAYS SMT Solver John Rushby, SR I ICFEM’05 An Evidential Tool Bus–16

  17. Inside an Evolved Endgame Verifier • Individual decision procedures decide conjunctions of formulas in their decided theories • Combinations of decision procedures (using, e.g., Nelson-Oppen or Shostak methods) decide conjunctions over the combined theories • What if we have richer propositional structure ◦ E.g., ( x ≤ y ∨ y = 5) ∧ ( x < 0 ∨ y ≤ x ) ∧ x � = y . . . possibly continued for 1000s of terms • Should exploit search strategies of modern SAT solvers • So replace the terms by propositional variables ◦ ( A ∨ B ) ∧ ( C ∨ D ) ∧ E • Get a solution from a SAT solver (if none, we are done) ◦ E.g., A, D, E John Rushby, SR I ICFEM’05 An Evidential Tool Bus–17

  18. Inside an Evolved Endgame Verifier (ctd) • Restore the interpretation of variables and send the conjunction to the core decision procedure ◦ E.g., x ≤ y ∧ y ≤ x ∧ x � = y • If satisfiable, we are done • If not, ask SAT solver for a new assignment—but isn’t it expensive to keep doing this? • Yes, so first, do a little bit of work to find fragments that explain the unsatisfiability, and send these back to the SAT solver as additional constraints (i.e., lemmas) ◦ A ∧ D ⊃ ¬ E • Iterate to termination • We call this “lemmas on demand” or “lazy theorem proving” • it works really well • Yields satisfiability modulo theories (SMT) solvers—e.g., ICS John Rushby, SR I ICFEM’05 An Evidential Tool Bus–18

  19. Evolution of Endgame Verifiers (ctd.) • One path grows the endgame verifier and specializes and shrinks the higher-level proof manager • Example: ◦ SAL language has a type system similar to PVS, but is specialized for specification of state machines (as transition relations) ◦ The SAL infinite-state bounded model checker uses an SMT solver (ICS), so handles specifications over reals and integers, uninterpreted functions ◦ Often used as a model checker (i.e., for refutation) ◦ But can perform verification with a single higher level proof rule: k -induction (with lemmas) ◦ Note that counterexamples help debug invariant John Rushby, SR I ICFEM’05 An Evidential Tool Bus–19

  20. Bounded Model Checking • Given a system specified by initiality predicate I and transition relation T on states S , finding a counterexample of length k for P (or test case for ¬ P ) requires a sequence of states s 0 , . . . , s k such that I ( s 0 ) ∧ T ( s 0 , s 1 ) ∧ T ( s 1 , s 2 ) ∧ · · · ∧ T ( s k − 1 , s k ) ∧ ¬ P ( s k ) • Given a Boolean encoding of I and P (i.e., a circuit), this is a propositional satisfiability (SAT) problem • If T and P are defined over infinite types such as reals, integers, datatypes, or use symbolic functions or constants, then need to solve the BMC SAT problem over these theories • That’s what an SMT solver does John Rushby, SR I ICFEM’05 An Evidential Tool Bus–20

  21. k -Induction • Ordinary inductive invariance (for P ): Basis: I ( s 0 ) ⊃ P ( s 0 ) Step: P ( r 0 ) ∧ T ( r 0 , r 1 ) ⊃ P ( r 1 ) • Extend to induction of depth k : Basis: No counterexample of length k or less Step: P ( r 0 ) ∧ T ( r 0 , r 1 ) ∧ P ( r 1 ) ∧· · ·∧ P ( r k − 1 ) ∧ T ( r k − 1 , r k ) ⊃ P ( r k ) These are close relatives of the BMC formulas • Induction for k = 2 , 3 , 4 . . . may succeed where k = 1 does not • Is complete for some problems (e.g., timed automata) • Fast, too, e.g., Fischer with 43 processes John Rushby, SR I ICFEM’05 An Evidential Tool Bus–21

Recommend

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning , (observations to a theory) followed by causal reasoning (theory to predictions). Diagnosis Given symptoms, evidential reasoning leads to hypotheses about

243 views • 8 slides
Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science

Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science

Integrating Verification Components: The Evidential Tool Bus John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I VSTTE: Integrating Verification Components1 Integrating (Deductive)

554 views • 30 slides
Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University

Evidential and Legal Reasoning in AI the role of argumentation Floris Bex Utrecht University Tilburg University Lecture overview 14 April: a logical model of stories and arguments in evidential reasoning 15 April: the strength of

1.05k views • 76 slides
Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de

Evidential Clustering: a Review of Some New Developments Thierry Denux Universit de Technologie de Compigne HEUDIASYC (UMR CNRS 6599) https://www.hds.utc.fr/tdenoeux 4th International Conference on Belief Functions Prague, CZ

814 views • 80 slides
An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine

An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine

URSW2011 An Evidential Approach for Modeling and Reasoning on Uncertainty in Semantic Applications Amandine Bellenger 1,2 , Sylvain Gatepaille 1 Habib Abdulrab 2 , Jean-Philippe Kotowicz 2 1 Information Processing, Control &amp; Cognition

454 views • 17 slides
False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of

False-Positives, p-Hacking, Statistical Power, and Evidential Value Leif D. Nelson University of California, Berkeley Haas School of Business Summer Institute June 2014 Who am I? Experimental psychologist who studies judgment and

1.25k views • 88 slides
Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches

Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches

Making Set-valued Predictions in Evidential Classification: A Comparison of Different Approaches Liyao Ma &amp; Thierry Denux ISIPTA 2019 - 5th July 1 Introduction Classification : label predictions = { 1 , , n }

387 views • 13 slides
EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors

EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors

EVIDENTIAL STATISTICS Reforming the Introductory Course in Applied Statistics for Non-Majors Milo Schield Augsburg College schield@augsburg.edu JSM-98 Section on Statistical Education August 12, 1998 Dallas, Texas JSM-98final 1 Schield

436 views • 19 slides
May the Force Be With You: The Role of Evidential Force in Empirical Software Engineering Shari

May the Force Be With You: The Role of Evidential Force in Empirical Software Engineering Shari

May the Force Be With You: The Role of Evidential Force in Empirical Software Engineering Shari Lawrence Pfleeger Senior Information Scientist RAND Pfleeger@rand.org R Overview From the part to the whole: examining the body of

807 views • 62 slides
detection in LIDAR rings, and model-free evidential road grid mapping Edouard CAPEL ELLIER - Fra

detection in LIDAR rings, and model-free evidential road grid mapping Edouard CAPEL ELLIER - Fra

Transformation-adversarial network for road detection in LIDAR rings, and model-free evidential road grid mapping Edouard CAPEL ELLIER - Fra ranck DAVOINE Vroniq ique CHER ERFAOUI You LI November 4th th 2019, , PPNIV IV IR

354 views • 23 slides
Sequential Extensions of Causal and Evidential Decision Theory Tom Everitt, Jan Leike, and Marcus

Sequential Extensions of Causal and Evidential Decision Theory Tom Everitt, Jan Leike, and Marcus

Sequential Extensions of Causal and Evidential Decision Theory Tom Everitt, Jan Leike, and Marcus Hutter http://jan.leike.name/ ADT15 29 September 2015 Outline Agent Models Decision Theory Sequential Decision Making Conclusion

1.21k views • 46 slides
SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An

SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An

SynAthina Onli line Tools 1. . A mapping tool 2. A Community Tool 3. An Archive Tool 3. An Archive Tool 4. A Booking Tool 5. A Connecting Tool 5. A Connecting Tool 6. A Crowdsourcing Tool 7. A Data Collection Tool 7. A Data Collection

313 views • 14 slides
Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool allows 10 signatures to be captured within a single workflow request Example How Can I Use This Tool ? Create a workflow, and in the definition

247 views • 8 slides
January 2018 April 2018 . This would include using the NPMRT to review minimum evidential

January 2018 April 2018 . This would include using the NPMRT to review minimum evidential

1. Are you using the National Perinatal Mortality Review Tool (NPMRT) to review perinatal deaths? Ability to demonstrate use of the NPMRT to review perinatal deaths between Required standard and January 2018 April 2018 . This would include

369 views • 15 slides
Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool

Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool

Com m ission (CRC) Feedback on Com m unity of Interest (COI) Tool Name for the tool Questions to explain the Communities of Interest in tool Requested user information Desired language translation options SWDB Reporting and

204 views • 5 slides
HACMS kickoff meeting: TA4 Technical Area 4: Integration John Rushby Computer Science Laboratory

HACMS kickoff meeting: TA4 Technical Area 4: Integration John Rushby Computer Science Laboratory

HACMS kickoff meeting: TA4 Technical Area 4: Integration John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Evidential Tool Bus 1 Overview There are several parts to our effort under TA4 Bob

433 views • 17 slides
Using the Tool Information Requirements To complete this tool, you will need to have access to the

Using the Tool Information Requirements To complete this tool, you will need to have access to the

Using the Tool Information Requirements To complete this tool, you will need to have access to the following information: Your proposed output measure - the unit costing tool is available for 'hours' and 'places' measures. Refer to the

324 views • 13 slides
General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture

General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture

General Tool Maintenance Oiling is the most important step in tool maintenance Blow out moisture in air line BEFORE connecting the tool Examine tool for loose bolts, nuts, handles, side-rods, retainers Check air connections / fittings for

553 views • 8 slides
Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same

Toshis Approach to Runtime Analysis Black Box Scanning Tool + White Box Testing Tool Toshis Black Box Scanning Tool Same approach as: Cenzic SPI Dynamics Watchfire Toshis tool is unique because: Built on Microsoft Visual Studio

583 views • 18 slides
EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT

EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT

EX-ANTE CARBON BALANCE TOOL PRESENTATION OF THE TOOL AND SOME APPLICATIONS JUNE 2020 EX-ACT FAO Regional Office for Africa Team LOUIS BOCKEL PADMINI GOPAL OUTLINE Presentation of the tool Role of the tool Why using EX-ACT?

974 views • 51 slides
Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future

Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future

Similix Sketch Tool The Similix Sketch Tool is A tool for making easy sketches of future installations in the utility network Enabling project managers, engineers, and designers to express initial design considerations and requirements

537 views • 8 slides
Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will

Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will

Workflow Plus URL Hyperlinks Tool for Synergy Enterprise What is This Tool ? This tool will allow the use of URL Hyperlinks in: 15 standard Free Text fields 50 Additional Free Text fields bundled with this tool Uneditable

279 views • 8 slides
EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely

EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely

EU Taxonomy Technical Expert Group on Sustainable Finance The taxonomy is a tool, an extremely useful TOOL A dictionary - style tool A measuring tool A transition tool Provides clarity on what is an environmentally Measures the degree

775 views • 11 slides
UNEP Training Tool Kit Presenta2on of the tool and

UNEP Training Tool Kit Presenta2on of the tool and

UNEP Training Tool Kit Presenta2on of the tool and challenges Farid.yaker@unep.org 20 May 2014 SPLC Annual Mee&lt;ng Washington DC Capacity Building

498 views • 14 slides

More recommend