Juliano Iyoda

Automatic Formal Synthesis of Hardware from Higher Order Logic

A compiler that automatically translates recursive function definitions in higher order logic to clocked synchronous hardware is described. Compilation is by mechanised proof in the HOL4 system, and generates a correctness theorem for each function that is compiled. Logic formulas representing circuits are synthesised in a form suitable for direct translation to Verilog HDL for simulation and input to standard design automation tools. The compilation scripts are open and can be safely modified: synthesised circuits are correct-by-construction. The synthesisable subset of higher order logic can be extended using additional proof-based tools that transform definitions into the subset.

Proof producing synthesis of arithmetic and cryptographic hardware

A compiler from a synthesisable subset of higher order logic to clocked synchronous hardware is described. It is being used to create coprocessors for cryptographic and arithmetic applications. The compiler automatically translates a function f defined in higher order logic (typically using recursion) into a device that computes f via a four-phase handshake circuit. Compilation is by fully automatic proof in the HOL4 system, and generates a correctness theorem for each compiled function. Synthesised circuits can be directly translated to Verilog, and then input to design automation tools. A fully-expansive ‘LCF methodology’ allows users to safely modify and extend the compiler’s theorem proving scripts to add optimisations or to enlarge the synthesisable subset of higher order logic.

Randomized constraint solvers: a comparative study

The complexity of constraints is a major obstacle for constraint-based software verification. Automatic constraint solvers are fundamentally incomplete: input constraints often build on some undecidable theory or some theory the solver does not support. This paper proposes and evaluates several randomized solvers to address this issue. We compared the effectiveness of a symbolic solver (CVC3), a random solver, two heuristic search solvers, and seven hybrid solvers (i.e. mix of random, symbolic, and heuristic solvers). We evaluated the solvers on a benchmark generated with a concolic execution of 9 subjects. The performance of each solver was measured by its precision, which is the fraction of constraints that the solver can find solution out of the total number of constraints that some solver can find solution. As expected, symbolic solving subsumes the other approaches for the 4 subjects that only generate decidable constraints. For the remaining 5 subjects, which contain undecidable constraints, the hybrid solvers achieved the highest precision (fraction of constraints that a solver can find a solution out of the total number of satisfiable constraints). We also observed that the solvers were complementary, which suggests that one should alternate their use in iterations of a concolic execution driver.

Test case prioritization based on data reuse an experimental study

The order in which tests are executed can significantly impact the total test execution time. In this paper, we evaluate two test prioritization techniques (manual and automatic) in the context of mobile phone testing. The manual technique produces test sequences created by test experts, while the automatic one generates sequences mechanically based on the permutation of the tests. Both techniques take into account a data reuse: the more the data is reused among tests, the faster the sequence is executed. In order to evaluate the benefits of these two techniques, we carried out an experiment with 8 testers and 2 test suites arranged in a 2×2 Latin square design replicated four times. The automatic technique reduced approximately 25% of the data generation time and 13.5% of the execution time. The automatic technique is clearly better than the manual one with respect to the generation of sequences. Our experiment showed that the automatic technique also generates sequences whose execution is faster than those created manually by test experts.

Program synthesis by model finding

Program synthesis aims to automate the task of programming. In this paper, we present a clear and elegant formulation of program synthesis as an Alloy* specification by applying its model finder to search for a program that satisfies a contract in terms of pre and post-conditions. Our proposal embeds in Alloy* both the syntax and the denotational semantics of Winskels IMP(erative) language. We illustrate our approach by synthesising Euclids greatest common divisor algorithm. Our experiments show that our synthesis time is competitive. In addition, Alloy* provides us a great platform for the development of a synthesiser: an elegant synthesiser based on the denotational semantics of a language that can be implemented very quickly. Embedding of the syntax and denotational semantics of a subset of IMP in Alloy*.Program synthesiser with and without sketches.Program synthesis for expressions and commands, including loops.Case study synthesising the Euclids algorithm (the greatest common divisor).Experiments illustrating the performance of the synthesiser.

A formal semantics for Sequence Diagrams and a strategy for system analysis

We propose a semantics for Sequence Diagrams based on the COMPASS Modelling Language (CML): a formal specification language to model systems of systems. A distinguishing feature of our semantics is that it is defined as part of a larger effort to define the semantics of several diagrams of SysML, a UML profile for systems engineering. We have defined a fairly comprehensive semantics for Sequence Diagrams, which comprises sequential and parallel constructors, loops, breaks, alternatives, synchronous and asynchronous messages. We illustrate our semantics with a scenario of a case study of a system of systems. We also discuss an analysis strategy which involves an integrated view of several diagrams.

An Algebraic Approach to Combining Processes in a Hardware/Software Partitioning Environment

In this paper we present a strategy for combining processes belonging to the same hardware or software component (cluster), in the context of hardware/software partitioning of a system. The strategy takes as input an occam description of a system. This description is the parallel composition of the system components in a predefined form, together with annotations that indicate how the processes, in each cluster, must be combined: by serialisation or by parallelisation. The description given as input can be seen as a binary tree. The strategy to combine processes is based on the reduction of possible configurations in that tree, by using transformation rules which are provable from an algebraic semantics of occam.

Automatic Generation of Test Cases and Test Purposes from Natural Language

Use cases are widely used for requirements description in the software engineering practice. As a use case event flow is often written in natural language, it lacks tools for automatic analysis or processing. In this paper, we extend previous work that proposes an automatic strategy for generating test cases from use cases written in a Controlled Natural Language (CNL), which is a subset of English that can be processed and translated into a formal representation. Here we propose a state-based CNL for describing use cases. We translate state-based use case descriptions into CSP processes from which test cases can be automatically generated. In addition, we show how a similar notation can be used to specify test selection via the definition of state-based test purposes, which are also translated into CSP processes. Test generation and selection are mechanised by running refinement checking verifications using the CSP processes for use cases and test purposes. All the steps of the strategy are integrated into a tool that provides a GUI for authoring use cases and test purposes described in the proposed CNL, so the formal CSP notation is totally hidden from the test designer. We illustrate our tool and techniques with a running example.

Behavioural preservation in fault tolerant patterns

In the development of critical systems it is common practice to make use of redundancy in order to achieve higher levels of reliability. There are well established design patterns that introduce redundancy and that are widely documented and adopted by the industry. However there have been few attempts to formally verify some of them. In this work we modelled three fault tolerant patterns (homogeneous redundancy, heterogeneous redundancy and triple modular redundancy) using the HOL4 theorem prover in order to prove that the application of these patterns preserves the behaviour of the original system. Our model takes into account that the original system (without redundancy) computes a certain function with some delay and is amenable to random failure. We illustrate our approach with a case study that verifies in HOL4 that a fault tolerant design applied to a simplified avionic elevator system does not introduce functional errors. This work has been done in collaboration with the Brazilian aircraft manufacturer Embraer.

Correct hardware synthesis: An algebraic approach

This paper presents an algebraic compilation approach to the correct synthesis (compilation into hardware) of a synchronous language with shared variables and parallelism. The synthesis process generates a hardware component that implements the source program by means of gradually reducing it into a highly parallel state-machine. The correctness of the compiler follows by construction from the correctness of the transformations involved in the synthesis process. Each transformation is proved sound from more basic algebraic laws of the source language; the laws are themselves formally derived from a denotational semantics expressed in the Unified Theories of Programming. The proposed approach is based on previous efforts that handle both software and hardware compilation, in a pure algebraic style, but the complexity of our source language demanded significant adaptations and extensions to the existing approaches.