









| Compilers vs. Synthesizers (Gulwani) |                                                                 |                                                                     |
|--------------------------------------|-----------------------------------------------------------------|---------------------------------------------------------------------|
| Dimension                            | Compilers                                                       | Synthesizers                                                        |
| Concept<br>Language                  | Executable Program                                              | Variety of concepts: Program,<br>Automata, Query, Sequence          |
| User Intent                          | Structured language                                             | Variety/mixed form of constraints: logic, examples, traces          |
| Search<br>Technique                  | Syntax-directed<br>translation (No new<br>algorithmic insights) | Uses some kind of search<br>(Discovers new algorithmic<br>insights) |
|                                      |                                                                 |                                                                     |

# **MOTIVATING EXAMPLE**





Designing controllers can be tricky and time consuming

Example: EPS requirements (in English) - zooming in

A2) At least one power source is always "healthy" (i.e. it is operational and can be inserted into the network to deliver power);

G1) At start-up all the power source contactors are "open";

G3) No AC bus is powered by more than one power source at the same time, i.e. AC power sources can never be paralleled;

























# **CONTROLLER SYNTHESIS**







![](_page_13_Figure_0.jpeg)

![](_page_13_Figure_1.jpeg)

![](_page_14_Picture_0.jpeg)

![](_page_14_Picture_1.jpeg)

![](_page_15_Figure_0.jpeg)

![](_page_15_Figure_1.jpeg)

![](_page_16_Figure_0.jpeg)

![](_page_16_Figure_1.jpeg)

![](_page_17_Figure_0.jpeg)

![](_page_17_Figure_1.jpeg)

![](_page_18_Figure_0.jpeg)

![](_page_18_Figure_1.jpeg)

![](_page_19_Figure_0.jpeg)

![](_page_19_Figure_1.jpeg)

![](_page_20_Figure_0.jpeg)

![](_page_20_Figure_1.jpeg)

![](_page_21_Figure_0.jpeg)

![](_page_21_Figure_1.jpeg)

![](_page_22_Figure_0.jpeg)

![](_page_22_Figure_1.jpeg)

![](_page_23_Figure_0.jpeg)

![](_page_23_Figure_1.jpeg)

![](_page_24_Figure_0.jpeg)

Consider LTL formula:

 $\varphi = FGq$ 

Büchi automaton? (s.t. there exists an accepting run)

![](_page_24_Figure_4.jpeg)

Is there a deterministic Büchi automaton for this spec? No!

![](_page_24_Figure_7.jpeg)

![](_page_25_Figure_0.jpeg)

![](_page_25_Figure_1.jpeg)

![](_page_26_Figure_0.jpeg)

![](_page_26_Figure_1.jpeg)

![](_page_27_Figure_0.jpeg)

![](_page_27_Figure_1.jpeg)

![](_page_28_Figure_0.jpeg)

![](_page_28_Figure_1.jpeg)

![](_page_29_Figure_0.jpeg)

![](_page_29_Figure_1.jpeg)

![](_page_30_Figure_0.jpeg)

![](_page_30_Figure_1.jpeg)

![](_page_31_Figure_0.jpeg)

![](_page_31_Figure_1.jpeg)

#### References

- 1. Pnueli, A., Rosner R., *On the Synthesis of a Reactive Module*, POPL 1989.
- 2. Ehlers, R., *Symmetric and Efficient Synthesis*, PhD thesis, 2013.
- 3. Jobstmann, B., *Reachability and Buchi Games*, slides available online, 2010.
- 4. Ehlers et al, *Bridging the Gap between Supervisory Control and Reactive Synthesis: Case of Full Observation and Centralized Control*, WODES 2014.
- 5. Wang et al, *The Theory of Deadlock Avoidance via Discrete Control*, POPL 2009. ("Success story" of supervisor synthesis applied to deadlock removal in concurrent software.)

EECS 144/244, UC Berkeley: 65

# **PROGRAM SYNTHESIS**

![](_page_33_Figure_0.jpeg)

![](_page_33_Figure_1.jpeg)

![](_page_34_Figure_0.jpeg)

Using SAT and SMT solvers for synthesis  $\exists P: \forall x: pre(x) \rightarrow post(x, P(x))$ Example of pre(), post():  $pre(x1, x2): number(x1) \wedge number(x2)$   $post(x1, x2, y): x1 \leq y \wedge x2 \leq y \wedge (x1 = y \lor x2 = y)$ i.e., the spec for max(x1,x2).

![](_page_35_Figure_0.jpeg)

![](_page_35_Figure_1.jpeg)

### Hold on: are programs formulas?

What about real programs?

Loops, data structures, libraries, pointers, threads, ...

Translation to formulas much harder, but verification tools are available that do this, constantly making progress.

We will assume we have a formula *P*(*x*,*y*) representing the program P: "*y* is the output of *P* for input *x*".

![](_page_36_Figure_6.jpeg)

![](_page_37_Figure_0.jpeg)

![](_page_37_Figure_1.jpeg)

![](_page_38_Figure_0.jpeg)

![](_page_38_Figure_1.jpeg)

![](_page_39_Figure_0.jpeg)

![](_page_39_Figure_1.jpeg)

## Example-guided synthesis

In general, for n positive examples and k hole variables:

$$\bigwedge_{i=1}^{n} P(h_1, h_2, \dots, h_k, x_i, y_i)$$

We turned universal quantification into finite conjunction!

![](_page_40_Figure_5.jpeg)

### Example-guided synthesis

What if solver finds this formula satisfiable ?

$$\bigwedge_{i=1}^{n} P(h_1, h_2, \dots, h_k, x_i, y_i)$$

<u>Satisfiable</u> =>  $P(h_1, h_2, ..., h_k)$  is only a <u>candidate</u>. It still needs to be <u>verified</u> for **all** I/O pairs. We can again use the solver for that!

![](_page_41_Figure_5.jpeg)

![](_page_42_Figure_0.jpeg)

![](_page_42_Figure_2.jpeg)

### References

- 1. Solar-Lezama. *Program sketching*. STTT Vol 15, Issue 5-6, Oct 2013.
- 2. Alur, Bodik, et al. Syntax-Guided Synthesis. FMCAD 2013.
- 3. International Journal on Software Tools for Technology Transfer, Special Issue on Synthesis, Volume 15, Issue 5-6, October 2013.
- 4. Course by Ras Bodik and Emina Torlak. CS294 *Program Synthesis for Everyone*. <u>http://www.cs.berkeley.edu/~bodik/cs294fa12</u>