Gal Katz

Model checking-based genetic programming with an application to mutual exclusion

Two approaches for achieving correctness of code are verification and synthesis from specification. Evidently, it is easier to check a given program for correctness (although not a trivial task by itself) than to generate algorithmically correct-by-construction code. However, formal verification may give quite limited information about how to correct the code. Genetic programming repeatedly generates mutations of code, and then selects the mutations that remain for the next stage based on a fitness function, which assists in converging into a correct program. We use a model checking procedure to provide the fitness value in every stage. As an example, we generate algorithms for mutual exclusion, using this combination of genetic programming and model checking. The main challenge is to select a fitness function that will allow constructing correct solutions with minimal effort. We present our considerations behind the selection of a fitness function based not only on the classical outcome of model checking, i.e., the existence of an error trace, but on the complete graph constructed during the model checking process.

Genetic Programming and Model Checking: Synthesizing New Mutual Exclusion Algorithms

Recently, genetic programming and model checking were combined for synthesizing algorithms that satisfy a given specification [7,6]. In particular, we demonstrated this approach by developing a tool that was able to rediscover the classical mutual exclusion algorithms [7] with two or three global bits. In this paper we extend the capabilities of the model checking-based genetic programming and the tool built to experiment with this approach. In particular, we add qualitative requirements involving locality of variables and checks, which are typical of realistic mutual exclusion algorithms. The genetic process mimics the actual development of mutual exclusion algorithms, by starting with an existing correct solution, which does not satisfy some performance requirements, and converging into a solution that satisfies these requirements. We demonstrate this by presenting some nontrivial new mutual exclusion algorithms, discovered with our tool.

Code mutation in verification and automatic code correction

Model checking can be applied to finite state systems in order to find counterexamples showing that they do not satisfy their specification. This was generalized to handle parametric systems under some given constraints, usually using some inductive argument. However, even in the restricted cases where these parametric methods apply, the assumption is usually of a simple fixed architecture, e.g., a ring. We consider the case of nontrivial architectures for communication protocols, for example, achieving a multiparty interaction between arbitrary subsets of processes. In this case, an error may manifest itself only under some particular architectures and interactions, and under some specific values of parameters. We apply here our model checking based genetic programming approach for achieving a dual task: finding an instance of a protocol which is suspicious of being bogus, and automatically correcting the error. The synthesis tool we constructed is capable of generating various mutations of the code. Moving between them is guided by model checking analysis. In the case of searching for errors, we mutate only the architecture and related parameters, and in the case of fixing the error, we mutate the code further in order to search for a corrected version. As a running example, we use a realistic nontrivial protocol for multiparty interaction. This protocol, published in a conference and a journal, is used as a building block for various systems. Our analysis shows this protocol to be, as we suspected, erroneous; specifically, the protocol can reach a livelock situation, where some processes do not progress towards achieving their interactions. As a side effect of our experiment, we provide a correction for this important protocol obtained through our genetic process.

Synthesis of distributed control through knowledge accumulation

In distributed systems, local controllers often need to impose global guarantees. A solution that will not impose additional synchronization may not be feasible due to the lack of ability of one process to know the current situation at another. On the other hand, a completely centralized solution will eliminate all concurrency. A good solution is usually a compromise between these extremes, where synchronization is allowed for in principle, but avoided whenever possible. In a quest for practicable solutions to the distributed control problem, one can constrain the executions of a system based on the pre-calculation of knowledge properties and allow for temporary interprocess synchronization in order to combine the knowledge needed to control the system. This type of control, however, may incur a heavy communication overhead. We introduce the use of simple supervisor processes that accumulate information about processes until sufficient knowledge is collected to allow for safe progression. We combine the knowledge approach with a game theoretic search that prevents progressing to states from which there is no way to guarantee the imposed constraints.

MCGP: a software synthesis tool based on model checking and genetic programming

We present MCGP - a tool for generating and correcting code, based on our synthesis approach combining deep Model Checking and Genetic Programming. Given an LTL specification, genetic programming is used for generating new candidate solutions, while deep model checking is used for calculating to what extent (i.e., not only whether) a candidate solution program satisfies a property. The main challenge is to construct from the result of the deep model checking a fitness function that has a good correlation with the distance of the candidate program from a correct solution. The tool allows the user to control various parameters, such as the syntactic building blocks, the structure of the programs, and the fitness function, and to follow their effect on the convergence of the synthesis process.

Synthesizing, Correcting and Improving Code, Using Model Checking-Based Genetic Programming

The use of genetic programming, in combination of model checking and testing, provides a powerful way to synthesize programs. Whereas classical algorithmic synthesis provides alarming high complexity and undecidability results, the genetic approach provides a surprisingly successful heuristics. We describe several versions of a method for synthesizing sequential and concurrent systems. To cope with the constraints of model checking and of theorem proving, we combine such exhaustive verification methods with testing. We show several examples where we used our approach to synthesize, improve and correct code.

Synthesis of Parametric Programs using Genetic Programming and Model Checking

Formal methods apply algorithms based on mathematical principles to enhance the reliability of systems. It would only be natural to try to progress from verification, model checking or testing a system against its formal specification into constructing it automatically. Classical algorithmic synthesis theory provides interesting algorithms but also alarming high complexity and undecidability results. The use of genetic programming, in combination with model checking and testing, provides a powerful heuristic to synthesize programs. The method is not completely automatic, as it is fine tuned by a user that sets up the specification and parameters. It also does not guarantee to always succeed and converge towards a solution that satisfies all the required properties. However, we applied it successfully on quite nontrivial examples and managed to find solutions to hard programming challenges, as well as to improve and to correct code. We describe here several versions of our method for synthesizing sequential and concurrent systems.

The buck stops here: order, chance, and coordination in distributed control

Distributed control for enforcing a global invariant can be achieved based on calculating the knowledge of processes. When the local knowledge of individual processes is insufficient, processes can temporarily join their knowledge by means of synchronization. While synchronization can be used to guarantee progress, it is computationally expensive and should be used sparsely. In this paper, we introduce several solutions for minimizing the synchronization overhead. One possibility is to calculate the knowledge of a process of whether or not the system can progress without it. This knowledge can be used by the process to avoid unnecessary synchronization. Because of the distributed nature of the system, mutual passing of responsibility, based on such knowledge may result in deadlocks. We discuss three independent solutions to this problem. Our first solution breaks the symmetry between processes in order to avoid such situations, while our second solution is based on chance (coin tossing). Finally, we use automatically constructed stable properties to increase the joint knowledge of processes in order to minimize the number of processes that need to interact.

Model Checking Driven Heuristic Search for Correct Programs

Genetic programming and model checking were combined recently to generate correct-by-construction programs. Unlike other synthesis methods, this approach is based on a search in the state space of syntactically-restricted programs. This search can be seen as a probabilistic and heuristic search. In this paper we discuss the connection between program synthesis and heuristic search.

Synthesizing, correcting and improving code, using model checking-based genetic programming

We show here how the use of genetic programming in combination of model checking provides a powerful way to synthesize programs. Whereas classical algorithmic synthesis provides alarming high complexity and undecidability results, the genetic approach provides a surprisingly successful heuristics. We describe several versions of a method for synthesizing sequential and concurrent systems. We show several examples where we used our approach to synthesize, improve and correct code.