Mechanized Algorithm Design in KIDS, Specware , and Planware

Mechanized Algorithm Design in KIDS, Specware, and Planware Douglas R. Smith Kestrel Technology LLC Palo Alto, California www.kestreltechnology.com Kestrel Institute Palo Alto, California www.kestrel.edu

Key Features of KIDS • • Property-oriented logical specifications • Integration of several synthesis paradigms • Deductive synthesis • Program transformation • Knowledge-based programming • (libraries of abstract algorithms and data structures) • tight integration of synthesis and deduction • algorithm theories and automated design tactics

Specification of a Transportation Scheduling Problem type Resource, Task, Time type Reservation = Resource Task  Time type Schedule = set (Reservation) op scheduler : set(Task) set(Resource) Schedule axiom scheduler(tasks, resources) = sched  consistent-POE(sched)  consistent-POD(sched)  consistent-release-times (sched)  consistent-due-times (sched)  consistent-cargo-capacity (sched)  consistent-pax-capacity (sched)  consistent-trip-separation (sched)  consistent-resource-usage (resources, sched)  all-tasks-scheduled (tasks, sched) def consistent-due-times (sched) = (flight, task) ( flight  sched  task  manifest(flight)  arrival(flight)  due-date(task))

Deductive Synthesis • late 60’s – Green, Waldinger, Constable • prove that a given problem is solvable • then • extract a program from the proof forallx : input exists z : output legal-input(x)  legal-result(x,z)

Program Transformations • 70’s – Burstall & Darlington, Bauer, Gerhart, … • idea: refine a simple high-level specification • into a complex but efficient program • via correctness-preserving transformations S0  S1  S2  …  Sn source pattern + enabling condition • transformation rule:  target pattern

Knowledge-Based Programming • 1. Algorithm theory = program scheme + axioms on free operators • Models correspond to correct instances of the scheme • Main theorem: algorithm theory implies correctness wrt problem spec • Deductive synthesis used to derive operators • 2. Datatype theories/refinements: interpretation between datatype theories • 3. Representations of design knowledge applied by a pushout construction

Key Features of Specware • • specifications: higher-order logic + functional programming constructs • morphisms: refine one specification to another • category SPEC = specs + morphisms • colimits in SPEC used to compose specifications and generate refinements

Software Development by Refinement CAT semantics: SPECop category of models for Spec0 denotes Spec0 Spec1 models for Spec1 refinement in SPEC models for Spec2 Spec2 … … Specn models for Specn  code generation a model for Specn  Code

E ↦ Int le ↦ axioms ↦ thms Specification morphism: a language translation that preserves provability Specifications and Morphisms spec Partial-Order is type E op le: EE  Boolean axiom reflx is le(x,x) axiom trans is le(x,y)  le(y,z)  le(x,z) axiom antis is le(x,y)  le(y,x)  x = y end-spec spec Integer is type Int op : IntInt Boolean op 0 : Int op _+_ : IntIntInt … end-spec

spec REFLEXIVE-RELATION is type E op _rr_ : E, E Boolean axiom reflexivity is a rr a end-spec spec BINARY-RELATION is type E op _br_ : E, E Boolean end-spec spec TRANSITIVE -RELATION is type E op _tr_ : E, E Boolean axiom transitivity is a trb  btrc  atrc end-spec spec PREORDER-RELATION is type E op  : E, E Boolean axiom reflexivity is a  a axiom transitivity is a  b  b  c  a  c end-spec Composing Specs by Pushout

REFLEXIVE-RELATION BINARY-RELATION E rr axiom x rr x E br po E tr axiom x tr y  y tr z  x tr z {E,E,E}rename E {br, rr, tr}rename  axiom x  x axiom x  y  y  z  x  z TRANSITIVE-RELATION PREORDER-RELATION Calculating a Pushout in SPEC Collect equivalence classes of types and ops from all specs in the diagram.

Structure of a Specification for Scheduling Time, Quantity Resource Task po Reservation = ResourceTaskTime Triv po Schedule = Set(Reservation) Set Scheduler

Structuring a Spec via Colimits Triv Spec LINEAR ORDER type L op : L,L  Boolean ... LINEAR ORDER GROUP po LINEAR ORDER + GROUP {LTime,   time-le} extend Spec TIME type Time op time-le ... LINEARLY ORDERED GROUP rename QUANTITY coproduct TIME + QUANTITY

TIME + QUANTITY Spec TASK type Task ... Spec RESOURCE type Resource ... Triv Triv po po SET-of-TASK SET SET SET-of-RESOURCE po TASK-RESOURCE Spec RESERVATION type Reservation = Time, Task, Resource ... Triv po SET-OF-RESERVATION SET colimit Spec SCHEDULER op Scheduler : Set-of-Task, Set-of-Resource  Set-of-Reservation ...

| | | | Datatype Refinement as a Morphism d SEQ BAG-as-SEQ BAG Seq Seq/perm? Bag empty-bag def empty-bag = q([]) empty-seq empty-bag concat def concat(q(S1), q(S2)) = q(S1 ++ S2) ++  in-bag? in-bag? in-seq?

Specification of a Scheduling Problem types set(Task), set(Resource), Reservation, set(Reservation) type Schedule = set(Reservation) op scheduler : set(Task), set(Resource) set(Reservation) axiom scheduler(tasks, resources) = sched  consistent-POE(sched)  consistent-POD(sched)  consistent-release-times (sched)  consistent-due-times (sched)  consistent-cargo-capacity (sched)  consistent-pax-capacity (sched)  consistent-trip-separation (sched)  consistent-resource-usage (resources, sched)  all-tasks-scheduled (tasks, sched) def consistent-due-times (sched) = (flight, task) (flight  sched  task  manifest(flight)  arrival(flight)  due-date(task))

1. Library of Refinements Global Search Global Search Resource Set po Global Search Schema Scheduling1 Set Transportation Resource Global Search Schema Sequence po Scheduling2 Sequence 2. Library of Refinement Generators Context-dependent Simplification • Context-dependent Simplification • Finite Differencing • Case Analysis • Partial Evaluation Scheduling3 Scheduling4 Automated Refinement Process Scheduling0 Finite Differencing

Ablation Study of a SAT Solver Derivation after simplifications raw algorithm after finite differencing after datatype refinement after finite differencing

Key Features of KIDS • • Property-oriented logical specifications • Integration of several synthesis paradigms • Deductive synthesis • Program transformation • Knowledge-based programming • (libraries of abstract algorithms and data structures) • tight integration of synthesis and deduction • algorithm theories and automated design tactics

Taxonomy of Algorithm Design Theories Problem Theory (D|I  R|O) generate-and-test Constraint Satisfaction (R = set of maps) Global Structure (R = set + recursive partition) global search binary Search backtrack branch-and-bound Local Structure (R = set + relation) genetic algorithms Problem Reduction Structure Linear Programming simplex method interior point primal dual Local Structure (R = set + relation) local search hill climbing simulated annealing tabu search Divide-and-Conquer divide-and-conquer Complement Reduction sieves Integer Linear Programming 0-1 methods GS-CSP (R = recursively partitioned set of maps) Problem Reduction Generators dynamic programming branch-and-bound game tree search Network Flow specialized simplex Ford-Fulkerson Local Poset Structure (R = set + partial order) GS-Horn-CSP (Horn-like Constraints) constraint propagation Monotone Deflationary Function fixed point iteration Local Semilattice Structure (R = semilattice) Transportation NW algorithm Assignment Problem Hungarian method

Problem Theory Spec DRO is types D, R op O : D, R Boolean end-spec Basic Problem Theory given x:D such that I(x) find z:R such that O(x,z) Spec DROf is import DRO op f : DR ax (x:D) O(x, f(x)) end-spec Basic Problem-Solver: find one feasible solution

Problem Solving Structure Basic Problem Structure: enumerable R and decidable O supports generate-and-test * feasible solution R D • • • • • • O • • • • • • • • • • • • • • • * • • • • • • • • • • • • • • • • input domain output domain

Problem Solving Structure Problem Reduction Structure: a decomposition relation ODon D and a composition relation OC on R s.t.OD (x0 , x1, x2) O(x1, z1) O(x2 , z2) OC (z0 , z1 , z2) O(x0 , z0) supports problem reduction, divide-and-conquer, dynamic programming, greedy R D * feasible solution • • • • O • • • • • • • • • • • • • * • • • • OD OC • • * • • • • • • • O O input domain output domain

Problem Solving Structure Local Structure: a binary “neighborhood” relation on R supports local search, hillclimbing, steepest ascent, simulated annealing, tabu search a ternary or higher-order relation on R supports genetic algorithms R D * feasible solution • • • • O • • • • • • • • • • • • • * • • • • • • * • • • • • • • input domain output domain

Problem Solving Structure Global Structure: recursive covering of R supports global search, backtrack, branch-and-bound, binary search R D * feasible solution • • • • O • • • • • • • • • • • • • * • • • • • • * • • • • • • • input domain output domain

Taxonomy of Algorithm Theories Problem Theory (D|I  R|O) generate-and-test Constraint Satisfaction (R = set of maps) Global Structure (R = set + recursive partition) global search binary Search backtrack branch-and-bound Local Structure (R = set + relation) genetic algorithms Problem Reduction Structure Linear Programming simplex method interior point primal dual Local Structure (R = set + relation) local search hill climbing simulated annealing tabu search Divide-and-Conquer divide-and-conquer Complement Reduction sieves Integer Linear Programming 0-1 methods GS-CSP (R = recursively partitioned set of maps) Problem Reduction Generators dynamic programming branch-and-bound game tree search Network Flow specialized simplex Ford-Fulkerson Local Poset Structure (R = set + partial order) GS-Horn-CSP (Horn-like Constraints) constraint propagation Monotone Deflationary Function fixed point iteration Local Semilattice Structure (R = semilattice) Transportation NW algorithm Assignment Problem Hungarian method

Problem Solving Structure Global Structure: recursive covering of R supports global search, backtrack, branch-and-bound, binary search R D * feasible solution • • • • O • • • • • • • • • • • • • * • • • • • • * • • • • • • • input domain output domain

 (S) derived pruning test – if false then S contains no feasible solutions Deriving Pruning Constraints S f e a s i b l e s o l u t i o n s Let S be a set of candidate solutions (sol) solS  feasible(sol) ideal pruning test – decides if S contains feasible solutions

Deriving Cutting Constraints S f e a s i b l e s o l u t i o n s c u t t i n g c o n s t r a i n t l e t S b e a s e t o f c a n d i d a t e s o l u t i o n s s o l   S  f e a s i b l e ( s o l )       ( s o l , S ) i d e a l c u t t i n g c o n s t r a i n t i n f e r r e d c u t t i n g c o n s t r a i n t e l i m i n a t e s a l l i n f e a s i b l e s o l u t i o n s

candidate solutions prune off subspace (contains no feasible solutions) split cut feasible solutions cut iterated cutting = constraint propagation . . . cut fixpoint of the cutting process Cutting constraints split Global Search Problem Solving

Global Search Theory spec DRO is types D, input domain R output domain op O: D, R  Boolean input/output condition end-spec spec GLOBAL-SEARCH is import DRO type R-set subspace descriptors ops Î: D, R-set  Boolean subspace descriptors condition satisfies: R, R-set  Boolean denotation of descriptors split: D, R-set, R-set  Boolean splitting constraint extract: R, R-set  Boolean extractor of solution from spaces rs0: D  R-set initial space axiom GS0 isThe initial space is legal Î(x, rs0(x)) axiom GS1 isLegal spaces are split into legal spaces Î(x, rs) split(x, rs, ss) Î(x, ss) axiom GS2 isAll feasible solutions are in the initial space O(x, z) satisfies(z, rs0(x)) axiom GS3 isAll solutions in a space are extractable Î(x, rs)  (satisfies(z,rs)  (extract(z,rs) (ss: R-set) (split(x, rs, ss) satisfies(z, ss)))) end-spec spec GLOBAL-SEARCH-WITH-PRUNING is import GLOBAL-SEARCH op : D, R-set  Boolean pruning test axiom GS4 isspecification of pruning test O(x, z) satisfies(z, rs) (x, rs) end-spec

| | | | | | | | Constructing an Interpretation fromGlobal Search to Scheduling DRO Scheduling Global Search Scheduling+ Scheduling++ Global Search with pruning Seq-of-Task, Seq-of-Resource Schedule (tasks, resources, sched) ...  consistent-due-dates(sched) D R O | as above p-schedule (sched,psched) sched extends psched ... D,R,O R-set Satisfies Split, rs0, Extract | | | as above as above ... ? D,R,O R-set, Satisfies Split, rs0 , Extract  (x:D) (rs:R-set) (z:R) Satisfies(z,rs) O(x,z)(x,rs) unskolemize   tasks, resources: Seq...  Seq... (psched : p-schedule) ( :Boolean) (sched :schedule) (sched extends psched  … consistent-due-dates(sched)  ) (x:D) (rs : R-set) ( :Boolean) (z :R) Satisfies(z,rs) O(x,z)

Program Optimizations

context analysis determines that a=0 so we can safely replace a*e by 0 Program Optimization Techniques Context-Dependent Simplification Idea: simplify an expression with respect to its context while a0 do ….. if a>0 then ….. else F( a*e, …..) ….. end • Equational Rewriting • Context-Dependent Simplification • Finite Differencing • Loop Fusion • Deforestation • Partial Evaluation • Common Subexpression Elimination • Dead Code Removal • Tabulation • Tupling

. . . f’(Nil, length(Nil)) . . . def f’(x, c | c=length(x)) = . . . length(x) . . . f’(Cons(a,x), length(Cons(a,x)))) . . . 0 abstract on length(x) then simplify c distribute length over Cons 1+length(x) 1 + c Finite Differencing . . . f (Nil) . . . def f (x:List(Nat))= . . . length(x) . . . f (Cons(a,x)) . . .

U’ abstract on E(x) c then simplify distribute E over g g’(E(x)) g’(c) Finite Differencing . . . f (U) . . . def f (x)= . . . E(x) . . . f (g(x)) . . . . . . f’(U, E(U)) . . . def f’(x, c | c=E(x)) = . . . E(x) . . . f’(g(x), E(g(x))) . . .

abstract on tasks \ range(ps) Finite Differencing Schedule (ps | (ps)) = {ps | empty(tasks\ range(ps))}  reduce(, { SWD(append(ps, a)) | a tasks \ range(ps)  size({j | j tasks \ range(ps)\{a}  … }) = 0}) SWD (ps, unscheduled-tasks : set(TASK) | (ps) unscheduled-tasks = tasks\range(ps) ) = {ps | empty(tasks \ range(ps)) }  reduce(, {SWD(append(ps, a), tasks\range(append(ps, a))) | a tasks \ range(ps)  size({j| j tasks \ range(ps) \{a}  …}) = 0}) …SWD( [], tasks \ range([]) ) … external call

Results of Finite Differencing SWD2(tasks, precedes, deadline) = SWD2-aux([], tasks) SWD2_aux(ps, unscheduled-tasks : set(TASK) | (ps) & unscheduled-tasks = tasks \ range(ps)) ={ps | empty(unscheduled-tasks)}  reduce(, {SWD2_aux(append(ps, a), unscheduled-tasks \ {a}) | a unscheduled-tasks (j) (j  unscheduled-tasks \ {a}  <j, a>  precedes)})

Resources Aircraft capacity Aircraft fuel Crew Routes Parking at ports Fuel at ports Takeoff positions at ports CAMPS Mission Planning SystemStatistics – Synthesis Phase Scheduling Spec Modeling Operations ~ 30 Refine ~ 4600 LOC synthesize Scheduling Algorithm Modeling Operations ~ 7000 LOC Refine ~ 4600 LOC compile Scheduler CommonLisp ~ 20,000 LOC

Model Construction Tool Library of resource and task models TPFDD Strategic Airlift Aircrews Fuel tracking MOG 250 lines Model of Scheduling Problem Planware Scheduler Generator 6560 loc, 632 defs Customized Scheduler (in MetaSlang) Optimization and Code Generation C0 C2 C4 C6 C8 19088 loc, 1784 defs Customized Scheduler (in CommonLisp) Customized Scheduler TPFDD data, Resource data schedule Planware: Synthesis of High Performance Schedulers

Key Idea: model resources as state machines The (possibly infinite set of) behaviors of a resource can be expressed finitely by a state machine! Prep Fly Offload The modes of the state machine model the activities of the resource; The transitions model the restrictions on the sequence of activities e.g. prep  fly  offload  prep  fly fly offload prep … or prep  fly  fly offload  prep  fly fly offload prep …

Modeling resources as state machines:constraints Constraints on the modes and transitions constrain the evolution of the mode variables ft st’ locpod  ft + 135  st’ ft st’ loc = pod  ft  st’ Prep Fly Offload fuel(poe,pod) fuel-amt weight(mani)  max-cap The start time of the new activity is no earlier than the finish time of the previous activity When flying, the resource must have adequate fuel and the weight of the manifest must not exceed capacity cf. in KIDS: (ac:Aircraft, flt: Flight) (ac  sched  flt  ac.flights  weight(flt.mani)  max-cap)

Modeling resources as state machines:services Each mode may offer services (to accomplish a certain kind of task) and each mode may require services of other resources ft st’ locpod  ft + 135  st’ ft st’ loc=pod  ft  st’ Fly Offload fuel(poe, pod) fuel-amt weight(mani)  max-cap offers transportation requires crew

Hierarchy of Required Services MovementRequirement Moving AtPOD AtPOE Aircraft Idle Flying Maintenance Refueling/Load Crew Idle Preparation Flying Resting FuelTanker Idle Refueling TankerRefueling CargoLoader CargoLoader Idle Loading/ Unloading Idle Loading/ Unloading

Code Generation Statistics MetaSlang LOC Model LOC CommonLisp LOC Problem

Planware Code Generation

Mechanized Algorithm Design Challenges • Can domain-specific generators be built from reusable generic parts? • fine-grain tuning of algorithm and data structuring decisions based on target HW • Extend the taxonomy of algorithm theories • Deepen existing theories: e.g. lift conflict-directed learning to Global Search Theory • Support user sketches of design knowledge

Extras

Mechanized Algorithm Design in KIDS, Specware , and Planware

Mechanized Algorithm Design in KIDS, Specware , and Planware

Presentation Transcript

Mechanized

Algorithm Design and Analysis

Algorithm Design and Analysis

Algorithm Design and Analysis

Algorithm Design and Analysis

Algorithm Design and Analysis

Algorithm Design and Analysis

Mechanized Equipment

Algorithm Design and Analysis

Algorithm Design

Program Optimizations in Specware/Designware

Algorithm Design and Analysis

Algorithm Design

Algorithm Design and Analysis

Algorithm Design and Analysis

Algorithm Design

Algorithm Design

Algorithm Design and Analysis

Algorithm Design

Program Optimizations in Specware/Designware

Algorithm Design and Analysis