optimizations for ltl synthesis
DESCRIPTION
Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006. Optimizations for LTL Synthesis. Motivation. Synthesis from specification Correct by construction - no verification You say what, it says how Theory well established - PowerPoint PPT PresentationTRANSCRIPT
Graz University of Technology
Professor Horst Cerjak, 19.12.20051
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Optimizations for LTL Synthesis
Barbara JobstmannRoderick Bloem
Graz University of Technology, Austria
15 November 2006
Graz University of Technology
Professor Horst Cerjak, 19.12.20052
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Motivation
● Synthesis from specification● Correct by construction - no verification● You say what, it says how● Theory well established
● Long history: Church (early 60’s)● Theory: Rabin, Ramadge/Woham, Pnueli/Rosner
● What has changed since then?
Graz University of Technology
Professor Horst Cerjak, 19.12.20053
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Outline
● Introduction
● Approaches and optimizations for LTL synthesis
● Lily
● Conclusion
Graz University of Technology
Professor Horst Cerjak, 19.12.20054
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
LTL Synthesis
● Automatically build design from specification● Input
● Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),…● Partition of the atomic propositions (input/output signals)
Reactive systems: Some signals controlled by system others not● Output
● Automatically created functionally correct finite-state machine (Moore)
● Proposed for LTL by Pnueli, Rosner (POPL'89)
● Difference between monitoring and synthesis● Monitoring: build passive system (nondeterministic)● Synthesis: build reactive system (deterministic)
Graz University of Technology
Professor Horst Cerjak, 19.12.20055
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Key Observation
● Moore machine● Input signal r, output signal a● r=1,r=0 .... input
alphabet● a=1,a=0 .. output
alphabet
● Tree (regular)● r=1,r=0 .... directions D● a=1,a=0 .. alphabet Σ
(labeling)
Σ-labeled D-tree
Graz University of Technology
Professor Horst Cerjak, 19.12.20056
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Idea
1) Build a tree automaton
● Accepts all trees representing moore machines that fulfill spec φ● Directions are input values (D=2I, input signals I)● Alphabet are output values (Σ=2O, output signals O)● Automaton accepts all Σ-labeled D-trees where all paths satisfy the
given formula φ
2) Compute language emptiness
3) Build FSM from the witness (a Σ-labeled D-tree)
Graz University of Technology
Professor Horst Cerjak, 19.12.20057
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Necessary Theory
● Infinite game theory● Automata theory
● Branching mode (Deterministic, Nondeterministic, Universal, Alternating)
● Acceptance condition (Büchi, Co-Büchi, Weak, ..)● Input element (Word,Tree)● Use of KV's abbreviation (e.g.,NBW,UCT,...)
Graz University of Technology
Professor Horst Cerjak, 19.12.20058
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Alternating Word Automata
● N+U branching (edges we can follow and edges we must follow)
● Notation:● Circles represent states● Boxes represent universal
edges● Edges are labeled with sets
of labels
Graz University of Technology
Professor Horst Cerjak, 19.12.20059
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Graz University of Technology
Professor Horst Cerjak, 19.12.200510
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Tree Automata
Universal edges:Foreach direction, follow onlythe matching edges
Graz University of Technology
Professor Horst Cerjak, 19.12.200511
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Universal and tree branching
Graz University of Technology
Professor Horst Cerjak, 19.12.200512
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Safraful Approach [PR89]
1) Build an NBW for φ
2) Convert to DRW● Safra's determinizations algorithm
3) Split alphabet into I/O DRT
4) Check Language Emptiness● Build transducer (fsm)
φ
NBW
Build NBW
DRW+i/o
Build DRW
DRT
Build DRT
FSM
Lang. Emp.
Graz University of Technology
Professor Horst Cerjak, 19.12.200513
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Issues
● 2EXP worst case complexity● Safra's determinization construction
φ
NBW
Build NBW
DRW+i/o
Build DRW
DRT
Build DRT
FSM
Lang. Emp.
expblow-up
expblow-up
Graz University of Technology
Professor Horst Cerjak, 19.12.200514
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Solutions
● Concentrate on subsets of LTL● Alur, Madhusudan, Nam (BMC'03, STTT'05)● Wallmeier, Hütter, Thomas (CIAA'03)● Harding, Ryan, Schobbens (TACAS'05)● Piterman, Pnueli, Sa'ar (VMCAI'06)
● Full LTL (Safraless approach)● Kupferman, Vardi (FOCS'05)● Kupferman, Piterman, Vardi (CAV'06)
Graz University of Technology
Professor Horst Cerjak, 19.12.200515
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Safraless Approach [KV05]
1) Build a UCT ● Negate φ● Build an NBW for ¬φ● Invert NBW → UCT
2) Convert to AWT
3) Convert to NBT
4) Check Language Emptiness
φ+i/o
UCT
Build UCT
AWT
Build AWT
NBT
Build NBT
FSM
Lang. Emp.
L(UCT) = Ltree(φ)
L(AWT) LT(φ)LT(φ) L(AWT)
L(NBT) LT(φ)LT(φ) L(NBT)
Graz University of Technology
Professor Horst Cerjak, 19.12.200516
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
List of Optimizations
1) Game-based Heuristic language emptiness
2) Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02)
3) Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05)
4) Process steps incrementalCombine steps
φ+i/o
UCT
Build UCT
AWT
Build AWT
NBT
Build NBT
FSM
Lang. Emp.
Graz University of Technology
Professor Horst Cerjak, 19.12.200517
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Game-based Optimization
● Heuristic language emptiness● Alternating Tree Automaton● Idea
● Find states with empty language (accept no tree)● Runs with non-accepting path are rejected● Environment can force a non-accepting path● Sufficient (but not necessary) for language emptiness
φ+i/o
UCT
Build UCT
AWT
Build AWT
NBT
Build NBT
FSM
Lang. Emp.
Graz University of Technology
Professor Horst Cerjak, 19.12.200518
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Game-based Optimization
● Game● System picks the label and the nondeterminism● Environment picks direction and universality
● State s is winning for environment → LT(s) empty
Graz University of Technology
Professor Horst Cerjak, 19.12.200519
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Example (1)
● φ=GF timer → G(light → light U timer) ● UCT with co-Büchi state (n3)
Graz University of Technology
Professor Horst Cerjak, 19.12.200520
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Example (2)
● Game:● Systems aims to avoid infinitely many visits to n3● Environment aims to force those visits● Co-Büchi game
weak automaton
φ=GF timer → G(light → light U timer)
Graz University of Technology
Professor Horst Cerjak, 19.12.200521
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
List of Optimizations
1) Game-based Heuristic language emptiness
2) Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02)
3) Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05)
4) Process steps incrementalCombine steps
φ+i/o
UCT
Build UCT
AWT
Build AWT
NBT
Build NBT
FSM
Lang. Emp.
Graz University of Technology
Professor Horst Cerjak, 19.12.200522
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Lily - Linear Logic sYnthesizer
● First tool to offer synthesis for full LTL● Based on Fabio Somenzi's Wring ● Implements KV05 and all mentioned
optimizations● http://www.ist.tugraz.at/staff/jobstmann/lily/
Graz University of Technology
Professor Horst Cerjak, 19.12.200523
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
LTL Specification: Traffic Light
G(F(timer=1)) -> (G(fl=1 -> (fl=1 U timer=1))G(hl=1 -> (hl=1 U timer=1))G(car=1 -> F(fl=1))G(F(hl=1))G(!(hl=1 * fl=1)))
.inputs timer car
.outputs fl hl
hl
hl
fl
sensor(ec)
Graz University of Technology
Professor Horst Cerjak, 19.12.200524
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Generated System: Traffic Lightmodule traffic(hl,fl,clk,car,timer); input clk,car,timer; output fl,hl; wire clk,fl,hl,car,timer; reg state; assign hl = (state == 0); assign fl = (state == 1); initial state=0; always @(posedge clk) begin case(state) 0: begin if (timer==0) state = 0; if (timer==1 && car==1) state = 1; if (car==0) state=0; end 1: begin if (timer==1) state = 0; if (timer==0) state = 1; end endcase endendmodule //traffic
Graz University of Technology
Professor Horst Cerjak, 19.12.200525
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Conclusion
● First implementation of synthesis for full LTL● Optimizations are enabling factor● Our examples are small but useful for property
debugging (or learning LTL)● Future
Graz University of Technology
Professor Horst Cerjak, 19.12.200526
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Thank you for your attention!