1 / 26

Optimizations for LTL Synthesis

Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006. Optimizations for LTL Synthesis. Motivation. Synthesis from specification Correct by construction - no verification You say what, it says how Theory well established

rafe
Télécharger la présentation

Optimizations for LTL Synthesis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006 Optimizations for LTL Synthesis

  2. Motivation • Synthesis from specification • Correct by construction - no verification • You say what, it says how • Theory well established • Long history: Church (early 60’s) • Theory: Rabin, Ramadge/Woham, Pnueli/Rosner • What has changed since then?

  3. Outline • Introduction • Approaches and optimizations for LTL synthesis • Lily • Conclusion

  4. LTL Synthesis • Automatically build design from specification • Input • Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),… • Partition of the atomic propositions (input/output signals)Reactive systems: Some signals controlled by system others not • Output • Automatically created functionally correct finite-state machine (Moore) • Proposed for LTL by Pnueli, Rosner (POPL'89) • Difference between monitoring and synthesis • Monitoring: build passive system (nondeterministic) • Synthesis: build reactive system (deterministic)

  5. Tree (regular) r=1,r=0 .... directions D a=1,a=0 .. alphabet Σ (labeling) Key Observation • Moore machine • Input signal r, output signal a • r=1,r=0 .... input alphabet • a=1,a=0 .. output alphabet Σ-labeled D-tree

  6. Idea • Build a tree automaton • Accepts all trees representing moore machines that fulfill spec φ • Directions are input values (D=2I, input signals I) • Alphabet are output values (Σ=2O, output signals O) • Automaton accepts all Σ-labeled D-trees where all paths satisfy the given formula φ • Compute language emptiness • Build FSM from the witness (a Σ-labeled D-tree)

  7. Necessary Theory • Infinite game theory • Automata theory • Branching mode (Deterministic, Nondeterministic, Universal, Alternating) • Acceptance condition (Büchi, Co-Büchi, Weak, ..) • Input element (Word,Tree) • Use of KV's abbreviation (e.g.,NBW,UCT,...)

  8. Alternating Word Automata • N+U branching (edges we can follow and edges we must follow) • Notation: • Circles represent states • Boxes represent universal edges • Edges are labeled with sets of labels

  9. Tree Automata Universal edges: Foreach direction, follow only the matching edges

  10. Universal and tree branching

  11. φ Build NBW NBW Build DRW DRW +i/o Build DRT DRT Lang. Emp. FSM Safraful Approach [PR89] • Build an NBW for φ • Convert to DRW • Safra's determinizations algorithm • Split alphabet into I/O DRT • Check Language Emptiness • Build transducer (fsm)

  12. φ Build NBW NBW Build DRW DRW +i/o Build DRT DRT Lang. Emp. FSM Issues exp blow-up • 2EXP worst case complexity • Safra's determinization construction exp blow-up

  13. Solutions • Concentrate on subsets of LTL • Alur, Madhusudan, Nam (BMC'03, STTT'05) • Wallmeier, Hütter, Thomas (CIAA'03) • Harding, Ryan, Schobbens (TACAS'05) • Piterman, Pnueli, Sa'ar (VMCAI'06) • Full LTL (Safraless approach) • Kupferman, Vardi (FOCS'05) • Kupferman, Piterman, Vardi (CAV'06)

  14. φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM Safraless Approach [KV05] • Build a UCT • Negate φ • Build an NBW for ¬φ • Invert NBW → UCT • Convert to AWT • Convert to NBT • Check Language Emptiness L(UCT) = Ltree(φ) L(AWT)  LT(φ) LT(φ)   L(AWT)   L(NBT)  LT(φ) LT(φ)   L(NBT)  

  15. φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM List of Optimizations • Game-based Heuristic language emptiness • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02) • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) • Process steps incrementalCombine steps

  16. φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM Game-based Optimization • Heuristic language emptiness • Alternating Tree Automaton • Idea • Find states with empty language (accept no tree) • Runs with non-accepting path are rejected • Environment can force a non-accepting path • Sufficient (but not necessary) for language emptiness

  17. Game-based Optimization • Game • System picks the label and the nondeterminism • Environment picks direction and universality • State s is winning for environment → LT(s) empty

  18. Example (1) • φ=GF timer → G(light → light U timer) • UCT with co-Büchi state (n3)

  19. Example (2) • Game: • Systems aims to avoid infinitely many visits to n3 • Environment aims to force those visits • Co-Büchi game φ=GF timer → G(light → light U timer) weak automaton

  20. φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM List of Optimizations • Game-based Heuristic language emptiness • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02) • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) • Process steps incrementalCombine steps

  21. Lily - Linear Logic sYnthesizer • First tool to offer synthesis for full LTL • Based on Fabio Somenzi's Wring • Implements KV05 and all mentioned optimizations • http://www.ist.tugraz.at/staff/jobstmann/lily/

  22. hl fl hl sensor(ec) LTL Specification: Traffic Light .inputs timer car .outputs fl hl G(F(timer=1)) -> ( G(fl=1 -> (fl=1 U timer=1)) G(hl=1 -> (hl=1 U timer=1)) G(car=1 -> F(fl=1)) G(F(hl=1)) G(!(hl=1 * fl=1)))

  23. Generated System: Traffic Light module traffic(hl,fl,clk,car,timer); input clk,car,timer; outputfl,hl; wire clk,fl,hl,car,timer; reg state; assignhl = (state == 0); assignfl = (state == 1); initial state=0; always @(posedge clk) begin case(state) 0: begin if (timer==0) state = 0; if (timer==1 && car==1) state = 1; if (car==0) state=0; end 1: begin if (timer==1) state = 0; if (timer==0) state = 1; end endcase end endmodule //traffic

  24. Conclusion • First implementation of synthesis for full LTL • Optimizations are enabling factor • Our examples are small but useful for property debugging (or learning LTL) • Future

  25. Thank you for your attention!

More Related