research-article

Inherent vacuity for GR(1) specifications

Authors:
Shahar Maoz

Tel Aviv University, Israel

Tel Aviv University, Israel

0000-0002-4022-5349
View Profile

,
Rafi Shalom

Tel Aviv University, Israel

Tel Aviv University, Israel
View Profile

ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringNovember 2020Pages 99–110https://doi.org/10.1145/3368089.3409669

Published:08 November 2020Publication History

ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Pages 99–110

ABSTRACT

Vacuity is a well-known quality issue in formal specifications, studied mostly in the context of model checking. Inherent vacuity is a type of vacuity that applies to specifications, without the context of a model. GR(1) is an expressive assume-guarantee fragment of LTL, which enables efficient symbolic synthesis.

In this work we investigate inherent vacuity for GR(1) specifications. We define several general types of inherent vacuity for GR(1), including specification element vacuity and domain value vacuity. We detect vacuities using a reduction to LTL satisfiability, specialized for the context of GR(1). We further extend vacuity detection to handle GR(1) specifications that are enriched with past LTL, monitors, and patterns. Finally, we define a novel notion of vacuity core, which provides means to localize the cause of vacuity.

We implemented our work and evaluated it on benchmarks from the literature. The evaluation shows that vacuities are indeed common in GR(1) specifications, and that we are able to efficiently detect them and effectively localize their causes. Moreover, our evaluation shows that removal of vacuous specification elements may significantly reduce synthesis time.

Supplemental Material

fse20main-p12-p-teaser.mp4

mp4

24.9 MB

Download

fse20main-p12-p-video.mp4

mp4

366.3 MB

Download

References

[n.d.]. Supporting materials website. http://smlab.cs.tau.ac.il/syntech/vacuity/.Google Scholar
Rajeev Alur, Salar Moarref, and Ufuk Topcu. 2013. Counter-strategy guided refinement of GR(1) temporal logic specifications. In FMCAD. IEEE, 26-33. http://dx.doi.org/10.1109/FMCAD. 2013.6679387 Google ScholarCross Ref
Gal Amram, Shahar Maoz, and Or Pistiner. 2019. GR(1)*: GR(1) Specifications Extended with Existential Guarantees. In Formal Methods (FM) (LNCS), Vol. 11800. Springer, 83-100. https://doi.org/10.1007/978-3-030-30942-8_7 Google ScholarCross Ref
Roy Armoni, Limor Fix, Alon Flaisher, Orna Grumberg, Nir Piterman, Andreas Tiemeyer, and Moshe Y. Vardi. 2003. Enhanced Vacuity Detection in Linear Temporal Logic. In CAV (LNCS), Vol. 2725. Springer, 368-380. https://doi.org/10. 1007/978-3-540-45069-6_35 Google ScholarCross Ref
Ilan Beer, Shoham Ben-David, Cindy Eisner, and Yoav Rodeh. 2001. Eficient Detection of Vacuity in Temporal Model Checking. Formal Methods in System Design 18, 2 ( 2001 ), 141-163. https://doi.org/10.1023/A:1008779610539 Google ScholarDigital Library
Roderick Bloem, Hana Chockler, Masoud Ebrahimi, and Ofer Strichman. 2017. Synthesizing Non-Vacuous Systems. In Verification, Model Checking, and Abstract Interpretation-18th International Conference, VMCAI 2017, Paris, France, January 15-17, 2017, Proceedings (Lecture Notes in Computer Science), Ahmed Bouajjani and David Monniaux (Eds.), Vol. 10145. Springer, 55-72. https://doi.org/10.1007/978-3-319-52234-0_4 Google ScholarCross Ref
Roderick Bloem, Alessandro Cimatti, Karin Greimel, Georg Hoferek, Robert Könighofer, Marco Roveri, Viktor Schuppan, and Richard Seeber. 2010. RATSY-A New Requirements Analysis Tool with Synthesis. In CAV (LNCS), Vol. 6174. Springer, 425-429. https://doi.org/10.1007/978-3-642-14295-6_37 Google ScholarDigital Library
Roderick Bloem, Stefan J. Galler, Barbara Jobstmann, Nir Piterman, Amir Pnueli, and Martin Weiglhofer. 2007. Interactive presentation: Automatic hardware synthesis from specifications: a case study. In 2007 Design, Automation and Test in Europe Conference and Exposition, DATE 2007, Nice, France, April 16-20, 2007, Rudy Lauwereins and Jan Madsen (Eds.). EDA Consortium, San Jose, CA, USA, 1188-1193. https://dl.acm.org/citation.cfm?id= 1266622Google Scholar
Roderick Bloem, Stefan J. Galler, Barbara Jobstmann, Nir Piterman, Amir Pnueli, and Martin Weiglhofer. 2007. Specify, Compile, Run: Hardware from PSL. Electr. Notes Theor. Comput. Sci. 190, 4 ( 2007 ), 3-16. https://doi.org/10.1016/j.entcs. 2007. 09.004 Google ScholarDigital Library
Roderick Bloem, Barbara Jobstmann, Nir Piterman, Amir Pnueli, and Yaniv Sa'ar. 2012. Synthesis of Reactive(1) Designs. J. Comput. Syst. Sci. 78, 3 ( 2012 ), 911-938. https://doi.org/10.1016/j.jcss. 2011. 08.007 Google ScholarDigital Library
Davide G. Cavezza and Dalal Alrajeh. 2017. Interpolation-Based GR(1) Assumptions Refinement. In TACAS (LNCS), Vol. 10205. 281-297. https://doi.org/10.1007/ 978-3-662-54577-5_16 Google ScholarCross Ref
Davide Giacomo Cavezza, Dalal Alrajeh, and András György. 2018. A Weakness Measure for GR(1) Formulae. In FM (LNCS), Vol. 10951. Springer, 110-128. https: //doi.org/10.1007/978-3-319-95582-7_7 Google ScholarCross Ref
Hana Chockler, Arie Gurfinkel, and Ofer Strichman. 2013. Beyond vacuity: towards the strongest passing formula. Formal Methods in System Design 43, 3 ( 2013 ), 552-571. https://doi.org/10.1007/s10703-013-0192-6 Google ScholarDigital Library
Hana Chockler and Ofer Strichman. 2007. Easier and More Informative Vacuity Checks. In MEMOCODE 2007. 189-198. https://doi.org/10.1109/MEMCOD. 2007. 371225 Google ScholarDigital Library
Alessandro Cimatti, Marco Roveri, Viktor Schuppan, and Andrei Tchaltsev. 2008. Diagnostic Information for Realizability. In VMCAI (LNCS), Vol. 4905. Springer, 52-67. https://doi.org/10.1007/978-3-540-78163-9_9 Google ScholarCross Ref
Matthew B. Dwyer, George S. Avrunin, and James C. Corbett. 1999. Patterns in Property Specifications for Finite-State Verification. In ICSE. ACM, 411-420.Google Scholar
Rüdiger Ehlers and Vasumathi Raman. 2014. Low-Efort Specification Debugging and Analysis. In Proceedings 3rd Workshop on Synthesis, SYNT 2014, Vienna, Austria, July 23-24, 2014. (EPTCS), Krishnendu Chatterjee, Rüdiger Ehlers, and Susmit Jha (Eds.), Vol. 157. 117-133. https://doi.org/10.4204/EPTCS.157.12 Google ScholarCross Ref
Rüdiger Ehlers and Vasumathi Raman. 2016. Slugs: Extensible GR(1) Synthesis. In CAV (LNCS), Vol. 9780. Springer, 333-339. https://doi.org/10.1007/978-3-319-41540-6_18 Google ScholarCross Ref
Elizabeth Firman, Shahar Maoz, and Jan Oliver Ringert. 2020. Performance heuristics for GR(1) synthesis and related algorithms. Acta Inf. 57, 1-2 ( 2020 ), 37-79. https://doi.org/10.1007/s00236-019-00351-9 Google ScholarCross Ref
Dana Fisman, Orna Kupferman, Sarai Sheinvald-Faragy, and Moshe Y. Vardi. 2008. A Framework for Inherent Vacuity. In Hardware and Software: Verification and Testing, 4th International Haifa Verification Conference, HVC 2008, Haifa, Israel, October 27-30, 2008. Proceedings (Lecture Notes in Computer Science), Hana Chockler and Alan J. Hu (Eds.), Vol. 5394. Springer, 7-22. https://doi.org/10. 1007/978-3-642-01702-5_7 Google ScholarDigital Library
Erich Grädel, Wolfgang Thomas, and Thomas Wilke (Eds.). 2002. Automata, Logics, and Infinite Games: A Guide to Current Research [outcome of a Dagstuhl seminar, February 2001]. Lecture Notes in Computer Science, Vol. 2500. Springer. https://doi.org/10.1007/3-540-36387-4 Google ScholarCross Ref
Karin Greimel, Roderick Bloem, Barbara Jobstmann, and Moshe Y. Vardi. 2008. Open Implication. In ICALP (LNCS), Vol. 5126. Springer, 361-372. https://doi. org/10.1007/978-3-540-70583-3_30 Google ScholarDigital Library
Arie Gurfinkel and Marsha Chechik. 2004. Extending Extended Vacuity. In Formal Methods in Computer-Aided Design, 5th International Conference, FMCAD 2004, Austin, Texas, USA, November 15-17, 2004, Proceedings (Lecture Notes in Computer Science), Alan J. Hu and Andrew K. Martin (Eds.), Vol. 3312. Springer, 306-321. https://doi.org/10.1007/978-3-540-30494-4_22 Google ScholarCross Ref
Arie Gurfinkel and Marsha Chechik. 2012. Robust Vacuity for Branching Temporal Logic. ACM Trans. Comput. Log. 13, 1 ( 2012 ), 1 : 1-1 : 32. https: //doi.org/10.1145/2071368.2071369 Google ScholarDigital Library
Robert Könighofer, Georg Hoferek, and Roderick Bloem. 2013. Debugging formal specifications: a practical approach using model-based diagnosis and counterstrategies. STTT 15, 5-6 ( 2013 ), 563-583. https://doi.org/10.1007/s10009-011-0221-y Google ScholarDigital Library
Dexter Kozen. 1983. Results on the Propositional mu-Calculus. Theor. Comput. Sci. 27 ( 1983 ), 333-354. https://doi.org/10.1016/ 0304-3975 ( 82 ) 90125-6 Google ScholarCross Ref
Hadas Kress-Gazit, Georgios E. Fainekos, and George J. Pappas. 2009. TemporalLogic-Based Reactive Mission and Motion Planning. IEEE Trans. Robotics 25, 6 ( 2009 ), 1370-1381. https://doi.org/10.1109/TRO. 2009.2030225 Google ScholarDigital Library
Orna Kupferman and Moshe Y. Vardi. 2003. Vacuity detection in temporal model checking. STTT 4, 2 ( 2003 ), 224-233. https://doi.org/10.1007/s100090100062 Google ScholarCross Ref
Aviv Kuvent, Shahar Maoz, and Jan Oliver Ringert. 2017. A symbolic justice violations transition system for unrealizable GR(1) specifications. In ESEC/FSE. 362-372. https://doi.org/10.1145/3106237.3106240 Google ScholarDigital Library
Shahar Maoz and Jan Oliver Ringert. 2015. GR(1) synthesis for LTL specification patterns. In ESEC/FSE. ACM, 96-106. https://doi.org/10.1145/2786805.2786824 Google ScholarDigital Library
Shahar Maoz and Jan Oliver Ringert. 2015. Synthesizing a Lego Forklift Controller in GR(1): A Case Study. In Proc. 4th Workshop on Synthesis, SYNT 2015 colocated with CAV 2015 (EPTCS), Vol. 202. 58-72. https://doi.org/10.4204/EPTCS.202.5 Google ScholarCross Ref
Shahar Maoz and Jan Oliver Ringert. 2016. On well-separation of GR(1) specifications. In FSE. ACM, 362-372. https://doi.org/10.1145/2950290.2950300 Google ScholarDigital Library
Shahar Maoz and Jan Oliver Ringert. 2019. Spectra: A Specification Language for Reactive Systems. CoRR abs/ 1904.06668 ( 2019 ). arXiv: 1904.06668 http://arxiv.org/abs/ 1904.06668Google Scholar
Shahar Maoz, Jan Oliver Ringert, and Rafi Shalom. 2019. Symbolic repairs for GR(1) specifications. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019, Joanne M. Atlee, Tevfik Bultan, and Jon Whittle (Eds.). IEEE / ACM, 1016-1026. https://dl.acm. org/citation.cfm?id= 3339632Google ScholarDigital Library
Shahar Maoz and Yaniv Sa'ar. 2013. Counter play-out: executing unrealizable scenario-based specifications. In ICSE. IEEE, 242-251. http://dl.acm.org/citation. cfm?id= 2486821Google Scholar
Necmiye Ozay, Ufuk Topcu, and Richard M. Murray. 2011. Distributed power allocation for vehicle management systems. In Proceedings of the 50th IEEE Conference on Decision and Control and European Control Conference, CDCECC 2011, Orlando, FL, USA, December 12-15, 2011. IEEE, 4841-4848. https: //doi.org/10.1109/CDC. 2011.6161470 Google ScholarCross Ref
Necmiye Ozay, Ufuk Topcu, Richard M. Murray, and Tichakorn Wongpiromsarn. 2011. Distributed Synthesis of Control Protocols for Smart Camera Networks. In 2011 IEEE/ACM International Conference on Cyber-Physical Systems, ICCPS 2011, Chicago, Illinois, USA, 12-14 April, 2011. IEEE Computer Society, 45-54. https://doi.org/10.1109/ICCPS. 2011.22 Google ScholarDigital Library
Nir Piterman, Amir Pnueli, and Yaniv Sa'ar. 2006. Synthesis of Reactive(1) Designs. In VMCAI (LNCS), Vol. 3855. Springer, 364-380. https://doi.org/10.1007/ 11609773_24 Google ScholarDigital Library
Leonid Ryzhyk and Adam Walker. 2016. Developing a Practical Reactive Synthesis Tool: Experience and Lessons Learned. In Proceedings Fifth Workshop on Synthesis, SYNT@CAV 2016, Toronto, Canada, July 17-18, 2016. 84-99. https://doi.org/10. 4204/EPTCS.229.8 Google ScholarCross Ref
Jocelyn Simmonds, Jessica Davies, Arie Gurfinkel, and Marsha Chechik. 2010. Exploiting resolution proofs to speed up LTL vacuity detection for BMC. STTT 12, 5 ( 2010 ), 319-335. https://doi.org/10.1007/s10009-009-0134-1 Google ScholarCross Ref
Fabio Somenzi. [n.d.]. CUDD: BDD package, University of Colorado, Boulder. http://vlsi.colorado.edu/~fabio/CUDD/cudd.pdf.Google Scholar
Spectra [n.d.]. Spectra Website. http://smlab.cs.tau.ac.il/syntech/spectra/.Google Scholar
Tichakorn Wongpiromsarn, Ufuk Topcu, Necmiye Ozay, Huan Xu, and Richard M. Murray. 2011. TuLiP: A Software Toolbox for Receding Horizon Temporal Logic Planning. In Proceedings of the 14th International Conference on Hybrid Systems: Computation and Control (HSCC '11). ACM, New York, NY, USA, 313-314. https: //doi.org/10.1145/1967701.1967747 Google ScholarDigital Library
Andreas Zeller and Ralf Hildebrandt. 2002. Simplifying and Isolating FailureInducing Input. IEEE Trans. Software Eng. 28, 2 ( 2002 ), 183-200. https://doi.org/ 10.1109/32.988498 Google ScholarDigital Library

Index Terms

Inherent vacuity for GR(1) specifications
1. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods

Recommendations

Before and after vacuity

In formal verification, we verify that a system is correct with respect to a specification. Cases like antecedent failure can make a successful pass of the verification procedure meaningless. Vacuity detection can signal such "meaningless" passes of the ...
Read More
GR(1)*: GR(1) specifications extended with existential guarantees
Abstract
Reactive synthesis is an automated procedure to obtain a correct-by-construction reactive system from its temporal logic specification. GR(1) is an expressive assume-guarantee fragment of LTL that enables efficient synthesis and has been recently ...
Read More
Finite-trace and generalized-reactivity specifications in temporal synthesis
Abstract
Linear Temporal Logic (LTL) synthesis aims at automatically synthesizing a program that complies with desired properties expressed in LTL. Unfortunately it has been proved to be too difficult computationally to perform full LTL synthesis. There ... $_{}$ $_{}$
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
November 2020
1703 pages
ISBN:9781450370431
DOI:10.1145/3368089
General Chair:
Prem Devanbu
University of California at Davis, USA
,
Program Chairs:
Myra Cohen
Iowa State University, USA
,
Thomas Zimmermann
Microsoft Research, USA
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 November 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
GR(1)
reactive synthesis
vacuity
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate112of543submissions,21%
Upcoming Conference
FSE '24

Sponsor:

sigsoft

32nd ACM International Conference on the Foundations of Software Engineering

July 15 - 19, 2024

Ipojuca (Pernambuco) , Brazil
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 9
  Total Citations
  View Citations
- 213
  Total Downloads
- Downloads (Last 12 months)28
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Inherent vacuity for GR(1) specifications

ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Before and after vacuity

GR(1)*: GR(1) specifications extended with existential guarantees

Finite-trace and generalized-reactivity specifications in temporal synthesis