Developing a Practical Reactive Synthesis Tool: Experience and Lessons Learned

We summarise our experience developing and using Termite, the first reactive synthesis tool intended for use by software development practitioners. We identify the main barriers to making reactive synthesis accessible to software developers and describe the key features of Termite designed to overcome these barriers, including an imperative C-like specification language, an interactive source-level debugger, and a user-guided code generator. Based on our experience applying Termite to synthesising real-world reactive software, we identify several caveats of the practical use of the reactive synthesis technology. We hope that these findings will help define the agenda for future research on practical reactive synthesis.

[1]  Radha Jagadeesan,et al.  Three-valued abstractions of games: uncertainty, but with precision , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[2]  Mingsong Chen,et al.  Towards RTL test generation from SystemC TLM specifications , 2007, 2007 IEEE International High Level Design Validation and Test Workshop.

[3]  Viktor Schuppan,et al.  RATSY - A New Requirements Analysis Tool with Synthesis , 2010, CAV.

[4]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[5]  Wolfgang Thomas,et al.  On the Synthesis of Strategies in Infinite Games , 1995, STACS.

[6]  Thomas A. Henzinger,et al.  Counterexample-Guided Control , 2003, ICALP.

[7]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[8]  Martina Seidl,et al.  SAT-Based Synthesis Methods for Safety Specs , 2014, VMCAI.

[9]  Richard Rudell Dynamic variable ordering for ordered binary decision diagrams , 1993, ICCAD.

[10]  Swen Jacobs Extended AIGER Format for Synthesis , 2014, ArXiv.

[11]  Daniel Kroening,et al.  Predicate Abstraction of ANSI-C Programs Using SAT , 2004, Formal Methods Syst. Des..

[12]  George C. Necula,et al.  SafeDrive: safe and recoverable extensions using language-based techniques , 2006, OSDI '06.

[13]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[14]  Amir Pnueli,et al.  Synthesis of Reactive(1) Designs , 2006, VMCAI.

[15]  Bernhard Steffen,et al.  Loose Programming with PROPHETS , 2012, FASE.

[16]  Leonid Ryzhyk,et al.  Improved device driver reliability through hardware verification reuse , 2011, ASPLOS XVI.

[17]  Galen C. Hunt,et al.  Solving the starting problem: device drivers as self-describing artifacts , 2006, EuroSys '06.

[18]  Leonid Ryzhyk,et al.  Regression-free Synthesis for Concurrency , 2014, CAV.

[19]  Leonid Ryzhyk,et al.  Efficient Synthesis for Concurrency by Semantics-Preserving Transformations , 2013, CAV.

[20]  Michael M. Swift,et al.  Decaf: Moving Device Drivers to a Modern Language , 2009, USENIX Annual Technical Conference.

[21]  Leonid Ryzhyk,et al.  Solving Games without Controllable Predecessor , 2014, CAV.

[22]  Rüdiger Ehlers Symbolic Bounded Synthesis , 2010, CAV.

[23]  Leonid Ryzhyk,et al.  Predicate abstraction for reactive synthesis , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[24]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[25]  Stefan Götz,et al.  Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines , 2004, OSDI.

[26]  Roderick Bloem,et al.  Optimizations for LTL Synthesis , 2006, 2006 Formal Methods in Computer Aided Design.

[27]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[28]  Damien Zufferey,et al.  P: safe asynchronous event-driven programming , 2013, PLDI.

[29]  Luca de Alfaro,et al.  Solving Games Via Three-Valued Abstraction Refinement , 2007, CONCUR.

[30]  Junfeng Yang,et al.  An empirical study of operating systems errors , 2001, SOSP.

[31]  Christophe Calvès,et al.  Faults in linux: ten years later , 2011, ASPLOS XVI.

[32]  Krishnendu Chatterjee,et al.  Algorithms for Omega-Regular Games with Imperfect Information , 2006, Log. Methods Comput. Sci..

[33]  Sidney Amani,et al.  Automatic verification of active device drivers , 2014, OPSR.

[34]  Helmut Veith,et al.  25 Years of Model Checking - History, Achievements, Perspectives , 2008, 25 Years of Model Checking.

[35]  Kim G. Larsen,et al.  Efficient On-the-Fly Algorithms for the Analysis of Timed Games , 2005, CONCUR.

[36]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State Space Exploration , 1997, CAV.

[37]  Florian Lonsing,et al.  SAT-based methods for circuit synthesis , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[38]  Roderick Bloem,et al.  Anzu: A Tool for Property Synthesis , 2007, CAV.

[39]  Leonid Ryzhyk,et al.  Automatic device driver synthesis with termite , 2009, SOSP '09.

[40]  Gernot Heiser,et al.  User-Level Device Drivers: Achieved Performance , 2005, Journal of Computer Science and Technology.

[41]  Laurent Réveillère,et al.  Devil: an IDL for hardware programming , 2000, OSDI.

[42]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[43]  Bernd Finkbeiner,et al.  Abstraction Refinement for Games with Incomplete Information , 2008, FSTTCS.

[44]  Rüdiger Ehlers,et al.  Symbolically synthesizing small circuits , 2012, 2012 Formal Methods in Computer-Aided Design (FMCAD).

[45]  Archana Ganapathi,et al.  Windows XP Kernel Crash Analysis , 2006, LISA.

[46]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[47]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[48]  Alois Knoll,et al.  GAVS+: An Open Platform for the Research of Algorithmic Game Solving , 2011, TACAS.

[49]  Viktor Kuncak,et al.  On Integrating Deductive Synthesis and Verification Systems , 2013, ArXiv.

[50]  Asim Kadav,et al.  Tolerating hardware device failures in software , 2009, SOSP '09.

[51]  George Candea,et al.  The S2E Platform: Design, Implementation, and Applications , 2012, TOCS.

[52]  L Michael,et al.  Inductively Finding a Reachable State Space Over-Approximation , 2006 .

[53]  Krishnendu Chatterjee,et al.  Strategy synthesis for multi-dimensional quantitative objectives , 2012, Acta Informatica.

[54]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[55]  Leonid Ryzhyk,et al.  User-Guided Device Driver Synthesis , 2014, OSDI.

[56]  C. Papadimitriou,et al.  Introduction to the Theory of Computation , 2018 .

[57]  Axel Jantsch,et al.  Grammar based modelling and synthesis of device drivers and bus interfaces , 1998, Proceedings. 24th EUROMICRO Conference (Cat. No.98EX204).

[58]  Orna Kupfermant,et al.  Synthesis with Incomplete Informatio , 2000 .

[59]  Bernd Finkbeiner,et al.  Counterexample-Guided Synthesis of Observation Predicates , 2012, FORMATS.

[60]  Véronique Bruyère,et al.  Acacia+, a Tool for LTL Synthesis , 2012, CAV.

[61]  Daniel Gajski,et al.  Transaction level modeling: an overview , 2003, First IEEE/ACM/IFIP International Conference on Hardware/ Software Codesign and Systems Synthesis (IEEE Cat. No.03TH8721).

[62]  Klaus Schneider,et al.  Solving Games Using Incremental Induction , 2013, IFM.

[63]  Armando Solar-Lezama,et al.  Programming by sketching for bit-streaming programs , 2005, PLDI '05.

[64]  Roderick Bloem,et al.  Debugging formal specifications: a practical approach using model-based diagnosis and counterstrategies , 2011, International Journal on Software Tools for Technology Transfer.

[65]  Roderick Bloem,et al.  Debugging formal specifications using simple counterstrategies , 2009, 2009 Formal Methods in Computer-Aided Design.