Coherent Extension, Composition, and Merging Operators in Contract Models for System Design

Romeo, Íñigo Íncer; Sangiovanni‐Vincentelli, Alberto

doi:10.1145/3358216

Cited by 11 publications

(5 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to strong merge, contract theory defines other operators over a pair of contracts such as composition and conjunction [5,21]. Among all these operators, strong merge is the only operator that requires assumptions from both unit contracts (and as a result, unit test specifications) to hold true.…”

Section: Merging Test Specificationsmentioning

confidence: 99%

“…Assume-Guarantee Contracts Contract-based design was first developed as a formal modular design methodology for analysis of component-based software systems [19,7,18], and later applied for the design and analysis of complex autonomous systems [20,10]. In this work, we adopt the mathematical framework of assumeguarantee contracts presented in [5,21].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards Better Test Coverage: Merging Unit Tests for Autonomous Systems$$^{\dagger }$$

Graebener

Badithela

Murray

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present a framework for merging unit tests for autonomous systems. Typically, it is intractable to test an autonomous system for every scenario in its operating environment. The question of whether it is possible to design a single test for multiple requirements of the system motivates this work. First, we formally define three attributes of a test: a test specification that characterizes behaviors observed in a test execution, a test environment, and a test policy. Using the merge operator from contract-based design theory, we provide a formalism to construct a merged test specification from two unit test specifications. Temporal constraints on the merged test specification guarantee that non-trivial satisfaction of both unit test specifications is necessary for a successful merged test execution. We assume that the test environment remains the same across the unit tests and the merged test. Given a test specification and a test environment, we synthesize a test policy filter using a receding horizon approach, and use the test policy filter to guide a search procedure (e.g. Monte-Carlo Tree Search) to find a test policy that is guaranteed to satisfy the test specification. This search procedure finds a test policy that maximizes a pre-defined robustness metric for the test while the filter guarantees a test policy for satisfying the test specification. We prove that our algorithm is sound. Furthermore, the receding horizon approach to synthesizing the filter ensures that our algorithm is scalable. Finally, we show that merging unit tests is impactful for designing efficient test campaigns to achieve similar levels of coverage in fewer test executions. We illustrate our framework on two self-driving examples in a discrete-state setting.

show abstract

Section: Merging Test Specificationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards Better Test Coverage: Merging Unit Tests for Autonomous Systems$$^{\dagger }$$

Graebener

Badithela

Murray

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We say that a component is an environment for the contract if it meets the constraints a; we say a component is an implementation for a contract if it meets the guarantees g provided it operates in an environment for the contract, i.e., if it meets the constraint a → g, where the arrow is logical implication (i.e., a → b = a ∨ ¬b). For a treatment of assume-guarantee contracts and their algebraic aspects, see [16]- [18]. We assume that constraints come from a Boolean algebra, i.e., there are well-defined notions of conjunction, disjunction, and negation for constraints.…”

Section: A Formal Aspects Of Assume-guarantee Contractsmentioning

confidence: 99%

From Specification to Implementation: Assume-Guarantee Contracts for Synthetic Biology

Pandey

Incer

Sangiovanni‐Vincentelli

et al. 2022

Preprint

View full text Add to dashboard Cite

We provide a new perspective on using formal methods to model specifications and synthesize implementations for the design of biological circuits. In synthetic biology, design objectives are rarely described formally. We present an assume-guarantee contract framework to describe biological circuit design objectives as formal specifications. In our approach, these formal specifications are implemented by circuits modeled by ordinary differential equations, yielding a design framework that can be used to design complex synthetic biological circuits at scale. We describe our approach using the design of a biological AND gate as a motivating, running example.

show abstract

“…Also by Theorem 2.2, the left adjoint of merging by a fixed contract C ′ is the operation µ(C, γC ′ ) = µ ((A, G), (G ′ , A ′ )) = (A ∩ G ′ ∪ ¬(G ∩ A ′ ), G ∩ A ′ ). This operation was recently introduced under the name of separation in [34].…”

Section: Ag Contractsmentioning

confidence: 99%

“…One of the main objectives of the theory of assume-guarantee contracts is to deal with multiple viewpoints, i.e., a multiplicity of design concerns, each having a contract representing the specification for that concern (e.g., functionality, timing, etc.). In [34], it is argued that the operation of merging is used to bring multiple viewpoint specifications into a single contract object.…”

Section: Ag Contractsmentioning

confidence: 99%

The Quotient in Preorder Theories

Romeo

Mangeruca

Villa

et al. 2020

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Seeking the largest solution to an expression of the form Ax ≤ B is a common task in several domains of engineering and computer science. This largest solution is commonly called quotient. Across domains, the meanings of the binary operation and the preorder are quite different, yet the syntax for computing the largest solution is remarkably similar. This paper is about finding a common framework to reason about quotients. We only assume we operate on a preorder endowed with an abstract monotonic multiplication and an involution. We provide a condition, called admissibility, which guarantees the existence of the quotient, and which yields its closed form. We call preordered heaps those structures satisfying the admissibility condition. We show that many existing theories in computer science are preordered heaps, and we are thus able to derive a quotient for them, subsuming existing solutions when available in the literature. We introduce the concept of sieved heaps to deal with structures which are given over multiple domains of definition. We show that sieved heaps also have well-defined quotients.

show abstract

Coherent Extension, Composition, and Merging Operators in Contract Models for System Design

Cited by 11 publications

References 28 publications

Towards Better Test Coverage: Merging Unit Tests for Autonomous Systems$$^{\dagger }$$

Towards Better Test Coverage: Merging Unit Tests for Autonomous Systems$$^{\dagger }$$

From Specification to Implementation: Assume-Guarantee Contracts for Synthetic Biology

The Quotient in Preorder Theories

Contact Info

Product

Resources

About