Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th.

Published byAmberlynn Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th."— Presentation transcript:

1 Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th 2007

2 2 System Development Cycle Requirements Design Testing Implementation Requirements

3 3 Requirements Elaboration Operationalization Techniques Goals:BookRequestSatisfied Operations: checkOut,issueReminder,.. Agents:System, borrower,.. Objects: book(found,borrowed, … ) Operation: checkOut Operation: IssueReminder Precondition: Book Available Trigger condition:has been borrowed for at least 2wks and there hasn’t been a reminder within the last week

4 4 Drawbacks Patterns become too complex Restricted to pattern catalog Size of specification becomes too large (some may be irrelevant) Lacks automated support

5 5 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

6 6 Mine Pump Controller

7 7 Linear Temporal Logic A propositional logic for modeling event- based systems over a linear temporal structure The language is composed of –Boolean Propositions (P) –Boolean operators( , , ,  ) –Temporal Operators ( , , , U,W) *Propositions divided into two disjoint sets (event propositions and fluent propositions). P f ={pumpOn, criticalMethane, highWater} P e ={switchPumpOn, switchPumpOff, signalCriticalMethane, signalNoCriticalMethane, signalHighWater, signalNoHighWater}

8 8 LTL Model s0s0 s1s1 s3s3 s2s2 signalNoHighWater switchPumpOn switchPumpOff signalNoHighWater signalHighWater  Composed of a Labeled Transition System and a valuation function. labels Initial state states Transition Relation  ={(s 0,signalHighWater.s 1 ),(s 1, switchPumpOn,s 2 ),…}

9 9 LTL Model -2 The truth value of an event fluent at state s i depends on the i th transition label. The truth value of a fluent proposition depends on the path and position in a path of a labeled transition system. LTL formulae are interpreted over paths of a Labeled Transition System LTS  HighWater U signalNotHighWater s0s0 s1s1 s3s3 s2s2 signalNoHighWater switchPumpOn switchPumpOff signalNoHighWater signalHighWater HighWater HighWater PumpOn HighWater

10 10 Partial System Specification-1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Partial System Specification Initial state  (0  i  n) f i  (0  j  m)  f j Effect Axioms:  (e  f )  (e  f ) Persistence Axioms:  (f  f W E T )  (  f   f W E I )

11 11 Partial System Specification- 2 Mine Pump Partial System Specification Initial state: e.g.  pumpOn   criticalMethane  highWater Effect Axioms: e.g.  (switchPumpOn  pumpOn )  (switchPumpOff  pumpOn ) Persistence Axioms: e.g.  (pumpOn  pumpOn W switchPumpOn)  (  pumpOn   pumpOn W switchPumpOff)

12 12 Scenario Properties -1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Scenario Properties Universal scenario Property: satisfied by all possible system behavior.  (  i<n)  i e i   n (  )e n Existential scenario Property: satisfied by at least one.  (1  j<m)  j e j   m (  )e m

13 13 Scenario Properties-2 Mine Pump Scenario Properties Universal scenario Property: –  signalCriticalMethane   2 signalHighWater   3  switchPumpOn Existential scenario Property: –  signalHighWater   2 switchPumpOn –   switchPumpOn

14 14 A Model of the Mine Pump switchPumpOn u 1 =  signalCriticalMethane   2 signalHighWater   3  switchPumpOn e 1 =  signalHighWater   2 switchPumpOn e 2 =   switchPumpOn

15 15 Operational Requirements -1 Partial System Specification (LTL) Scenarios (LTL) System Requirements(LTL) Using Abduction & Induction Precondition Axioms:  (  (1  j  n) (  )f j    e ) Trigger-Condition Axioms:  (  (1  k  m) (  )f k   e)

16 16 Opertational Requirements -2 Mine Pump Operational Requirements: Precondition Axioms:  (criticalMethane    switchPumpOn ) Trigger-Condition Axioms:  ((highWater  ¬ criticalMethene)   switchPumpOn)

17 17 The Task Given Partial System Specification Spec and a set of Universal and existential scenario properties SP u and Sp e, find a set of pre- and trigger conditions (Pre U Trig) such that: Spec U (Pre U Trig) |= sp u Spec U (Pre U Trig) |=/= ¬sp e *Pre U Trig are called a correct extension of Spec

18 18 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

19 19 Event Calculus Logic Program Domain dependent axioms –Initial State: initially(F,S) –Effect Axioms: initiates(E,F,T,S), terminates(E,F,T,S), –Event Axioms: impossible(E,T,S):-(not) holdsAt(F 1,T,S),.. triggered(E,T,S):- (not) holdsAt(F 1,T,S),.. Narrative: –attempt(E,T,S). Domain independent axioms –holdsAt(F,T2,S):- initially(F,S), not clipped(0,F,T2,S) –holdsAt(F,T2,S):- happens(E,T1,S), initiates(E,F,S,T1),T1<T2, not clipped(T1,F,T2,S). –clipped(T1,F,T2,S):- happens(E,T,S), terminates(E,F,T,S), T1<T, T < T2. –happens(E,T,S):- attempt(E,T,S), not impossible(E,T,S) –happens(E,T,S):- attempt(E,T,S), triggered(E,T,S). –:- triggered(E,T,S), impossible(E,T,S).

20 20 Learning Event Calculus Programs Given Partial Set of Domain dependant axioms Domain Independent axioms Narrative Event facts Find Additional Domain Dependant Axioms that explain the event facts. B E H B U H |= E

21 21 Sound Translation For any fluent f and position i , i |= f For any event e and position i , i |= e Obtaining program  composed of –  (Spec) –Nar ={ attempt(e i,i-1,s)| e i is the i th label in  } Given –System Specification Spec –A finite path  =e 1,e 2,…  |= holdsAt(f,i,  )  |= happens(e,i-1,  )

22 22 Step 1: Transform Specification into Logic Program -1 LTL Initial State Axioms Initial state facts  pumpOn   criticalMethane  highWater not initially(pumpOn,S). not initially(criticalMethane,S). not initially(highWater,S).

23 23 Step 1: Transform Specification into Logic Program -2 LTL Effect Axioms EC effect Axioms  (switchPumpOn  pumpOn )  (switchPumpOff  pumpOn ) initiates(switchPumpOn,pumpOn,T,S). terminates(switchPumpOff,pumpOn,T,S).

24 24 Step 1: Transform Specification into Logic Program -3 Scenario Properties  signalCriticalMethane   2 signalHighWater   3  switchPumpOn Narrative attempt(signalCriticalMethane,0,u1). attempt(signalHighWater,1,u1). attempt(switchPumpOn,2,u1). Event facts happens(signalCriticalMethane,0,u1). happens(signalHighWater,1,u1). not happens(switchPumpOn,2,u1).

25 25 Step 1: Transform Specification into Logic Program -4 Universal Scenario Prporties  signalHighWater   switchPumpumpOn Narrative attempt(signalHighWater,0,e1). attempt(switchPumpOn,1,e1). Action facts happens(signalHighWater,0,e1). happens(switchPumpOn,1,e1).

26 26 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

27 27 XHAIL: Extended Hybrid Abductive Inductive Learning Three phases –Abductive: Produce a set of ground atoms  such that B U  |= E –Deductive: Produce a set of ground clauses K ={k =  :- b } –Inductive: Produces a hypothesis H subsumes K

28 28 Step 2: Using XHAIL modeh(*,impossible(#event, +time,+scenario)) modeh(*,triggered(#event, +time, +scenario)) modeb(*,holdsAt(#fluent,+time,+scenario)) modeb(*,not holdsAt(#fluent, +time,+scenario)) % initiates(switchPumpOn,pumpOn,T,S). terminates(switchPumpOff,pumpOn,T,S). % attempt(signalCriticalMethane,0,u1). attempt(signalHighWater,1,u1). attempt(switchPumpOn,2,u1). % happens(signalCriticalMethane,0,u1). happens(signalHighWater,1,u1). not happens(switchPumpOn,2,u1). % initiates happens(E,T,S) :- attempts (E,T,S), not impossible (E,T,S) holdsAt(F,T2,S) :- initiates (E,F,T,S), happens (E,T,S), not clipped(T1,F,T2,S).  ={triggered(switchPumpOn, 1, e2), impossible(switchPumpOn, 2,u1), impossible(tswitchPumpOn, 0,e1)} K={triggered(switchPumpOn, 1, e2):- holdsAt(highWater,1,e2). not holdsAt(pumpOn,2,e2), not holdsAt(criticalMethane,2,e2). impossible(switchPumpOn, 2,u1):- holdsAt(highWater,2,u1). not holdsAt(pumpOn,2,u1), holdsAt(criticalMethane,2,u1). impossible(switchPumpOn, 0,e1) :- not holdsAt(highWater,0, e1), not holdsAt(pumpOn,0,e1), not holdsAt(criticalMethane,0, e1). H={triggered(switchPumpOn, X, Y):- holdsAt(highWater,X,Y). not holdsAt(criticalMethane,X,Y). impossible(switchPumpOn, X,Y):-holdsAt(criticalMethane,X,Y). impossible(switchPumpOn, X,Y) :- not holdsAt(highWater,X, Y)}

29 29 Approach Overview Partial System Specification (LTL) Scenarios (LTL) Operational Requirements(LTL) (1)Transform into a logic program (2) Run ILP system (3) Transform into Requirement Using Abduction & Induction

30 30 Step 3: Transform into Requirements Hypothesis LTL Operational requirements triggered(turnPumpOn, X, Y):- holdsAt(highWater,X,Y). not holdsAt(methane,X,Y).  ( (highWater  criticalMethane)   switchPumpOn) impossible(turnPumpOn, X,Y):-holdsAt(methane,X,Y).  ( criticalMethane    switchPumpOn)

31 31 A Correct Extension with respect to an Inductive solution Obtaining the corresponding: –Partial System Description –Set of Scenario properties Find: –A a correct extension with respect to Spec and SP u U SP e Given Partial Set of Domain dependant axioms Domain Independent axioms Narrative Event facts Find Additional Domain dependant Axioms that explain the event facts B U H |= E Spec U  -1 (H) |= sp u Spec U  -1 (H) |=\= sp e B E H

32 32 Extended Specification Model SpecSpec U Pre U Trig switchPumpOn

33 33 Conclusion Novel application of Abduction and Induction in the requirements elaboration process. The need for non-monotonic Learning systems. The Framework provides a back-end computational approach for the operationalization process.

34 34 Current and Future Work -1 Including Information about goals and agents in the partial specification Learning other types of requirements such as post-conditions. Learning requirements from discrete- time based models (goal driven models).

35 35 Current and Future Work -2 Handling incomplete scenarios Representing system Goals and assumptions as Integrity constraints. Integrating ILP and model checking techniques such that scenarios are generated automatically using model checking tools. Thorough comparison of results obtained from other non monotonic approaches.

36 36 Thank You

37 37 An LTS of the Mine Pump

38 38 Theorem 2 Given –a partial specification –set of consistent scenario properties –the EC theory (B,E)=Tr(Spec,SPu,SPe) –S be the set of EC event axioms. Then, –For any inductive generalisation H of E wrt. B and S, the corresponding set Tr(Pre U Trig)=(H) of LTL pre-condition and trigger-condition axioms is a correct extension of Spec with respect to SPu and SPe.

39 39

Download ppt "Using Abduction and Induction for Operational Requirements Elaboration Dalal Alrajeh Oliver Ray Alessandra RussoSebastian Uchitel AIAI 2007 Sept. 15 th."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Knowledge Engineering for Planning Domain Design Ron Simpson University of Huddersfield.

Knowledge Engineering for Planning Domain Design Ron Simpson University of Huddersfield.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.

François Fages MPRI Bio-info 2007 Formal Biology of the Cell Modeling, Computing and Reasoning with Constraints François Fages, Constraint Programming.
The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.

The Logic of Intelligence Pei Wang Department of Computer and Information Sciences Temple University.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
1 Inductive Equivalence of Logic Programs Chiaki Sakama Wakayama University Katsumi Inoue National Institute of Informatics ILP 2005. 8. 12.

1 Inductive Equivalence of Logic Programs Chiaki Sakama Wakayama University Katsumi Inoue National Institute of Informatics ILP
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Timed Automata.

Timed Automata.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Reasoning about Actions and Causality Θεωρίες Δράσης και Αιτιότητας Θοδωρής Πάτκος Αναπαράσταση και Επεξεργασία Γνώσης ΗΥ-467 2009.

Reasoning about Actions and Causality Θεωρίες Δράσης και Αιτιότητας Θοδωρής Πάτκος Αναπαράσταση και Επεξεργασία Γνώσης ΗΥ
Nonmonotonic Abductive – Inductive Learning Oliver Ray Department of Computer Science University of Bristol AIAI'07, September 15th, 2007 Aix-en-Provence.

Nonmonotonic Abductive – Inductive Learning Oliver Ray Department of Computer Science University of Bristol AIAI'07, September 15th, 2007 Aix-en-Provence.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Similar presentations

Ads by Google