Barbara jobstmann roderick bloem graz university of technology austria 15 november 2006
Sponsored Links
This presentation is the property of its rightful owner.
1 / 26

Optimizations for LTL Synthesis PowerPoint PPT Presentation


  • 171 Views
  • Uploaded on
  • Presentation posted in: General

Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006. Optimizations for LTL Synthesis. Motivation. Synthesis from specification Correct by construction - no verification You say what, it says how Theory well established

Download Presentation

Optimizations for LTL Synthesis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Barbara Jobstmann

Roderick Bloem

Graz University of Technology, Austria

15 November 2006

Optimizations for LTL Synthesis


Motivation

  • Synthesis from specification

  • Correct by construction - no verification

  • You say what, it says how

  • Theory well established

    • Long history: Church (early 60’s)

    • Theory: Rabin, Ramadge/Woham, Pnueli/Rosner

  • What has changed since then?


Outline

  • Introduction

  • Approaches and optimizations for LTL synthesis

  • Lily

  • Conclusion


LTL Synthesis

  • Automatically build design from specification

  • Input

    • Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),…

    • Partition of the atomic propositions (input/output signals)Reactive systems: Some signals controlled by system others not

  • Output

    • Automatically created functionally correct finite-state machine (Moore)

  • Proposed for LTL by Pnueli, Rosner (POPL'89)

  • Difference between monitoring and synthesis

    • Monitoring: build passive system (nondeterministic)

    • Synthesis: build reactive system (deterministic)


Tree (regular)

r=1,r=0 ....directions D

a=1,a=0 ..alphabet Σ (labeling)

Key Observation

  • Moore machine

    • Input signal r, output signal a

    • r=1,r=0 ....input alphabet

    • a=1,a=0 ..output alphabet

Σ-labeled D-tree


Idea

  • Build a tree automaton

    • Accepts all trees representing moore machines that fulfill spec φ

    • Directions are input values (D=2I, input signals I)

    • Alphabet are output values (Σ=2O, output signals O)

    • Automaton accepts all Σ-labeled D-trees where all paths satisfy the given formula φ

  • Compute language emptiness

  • Build FSM from the witness (a Σ-labeled D-tree)


Necessary Theory

  • Infinite game theory

  • Automata theory

    • Branching mode (Deterministic, Nondeterministic, Universal, Alternating)

    • Acceptance condition (Büchi, Co-Büchi, Weak, ..)

    • Input element (Word,Tree)

    • Use of KV's abbreviation (e.g.,NBW,UCT,...)


Alternating Word Automata

  • N+U branching (edges we can follow and edges we must follow)

  • Notation:

    • Circles represent states

    • Boxes represent universal edges

    • Edges are labeled with sets of labels


Tree Automata

Universal edges:

Foreach direction,

follow only

the matching edges


Universal and tree branching


φ

Build NBW

NBW

Build DRW

DRW

+i/o

Build DRT

DRT

Lang. Emp.

FSM

Safraful Approach [PR89]

  • Build an NBW for φ

  • Convert to DRW

    • Safra's determinizations algorithm

  • Split alphabet into I/O DRT

  • Check Language Emptiness

    • Build transducer (fsm)


φ

Build NBW

NBW

Build DRW

DRW

+i/o

Build DRT

DRT

Lang. Emp.

FSM

Issues

exp

blow-up

  • 2EXP worst case complexity

  • Safra's determinization construction

exp

blow-up


Solutions

  • Concentrate on subsets of LTL

    • Alur, Madhusudan, Nam (BMC'03, STTT'05)

    • Wallmeier, Hütter, Thomas (CIAA'03)

    • Harding, Ryan, Schobbens (TACAS'05)

    • Piterman, Pnueli, Sa'ar (VMCAI'06)

  • Full LTL (Safraless approach)

    • Kupferman, Vardi (FOCS'05)

    • Kupferman, Piterman, Vardi (CAV'06)


φ+i/o

Build UCT

UCT

Build AWT

AWT

Build NBT

NBT

Lang. Emp.

FSM

Safraless Approach [KV05]

  • Build a UCT

    • Negate φ

    • Build an NBW for ¬φ

    • Invert NBW → UCT

  • Convert to AWT

  • Convert to NBT

  • Check Language Emptiness

L(UCT) = Ltree(φ)

L(AWT)  LT(φ)

LT(φ)   L(AWT)  

L(NBT)  LT(φ)

LT(φ)   L(NBT)  


φ+i/o

Build UCT

UCT

Build AWT

AWT

Build NBT

NBT

Lang. Emp.

FSM

List of Optimizations

  • Game-based Heuristic language emptiness

  • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02)

  • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05)

  • Process steps incrementalCombine steps


φ+i/o

Build UCT

UCT

Build AWT

AWT

Build NBT

NBT

Lang. Emp.

FSM

Game-based Optimization

  • Heuristic language emptiness

  • Alternating Tree Automaton

  • Idea

    • Find states with empty language (accept no tree)

    • Runs with non-accepting path are rejected

    • Environment can force a non-accepting path

    • Sufficient (but not necessary) for language emptiness


Game-based Optimization

  • Game

    • System picks the label and the nondeterminism

    • Environment picks direction and universality

  • State s is winning for environment → LT(s) empty


Example (1)

  • φ=GF timer → G(light → light U timer)

  • UCT with co-Büchi state (n3)


Example (2)

  • Game:

    • Systems aims to avoid infinitely many visits to n3

    • Environment aims to force those visits

    • Co-Büchi game

φ=GF timer → G(light → light U timer)

weak automaton


φ+i/o

Build UCT

UCT

Build AWT

AWT

Build NBT

NBT

Lang. Emp.

FSM

List of Optimizations

  • Game-based Heuristic language emptiness

  • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02)

  • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05)

  • Process steps incrementalCombine steps


Lily - Linear Logic sYnthesizer

  • First tool to offer synthesis for full LTL

  • Based on Fabio Somenzi's Wring

  • Implements KV05 and all mentioned optimizations

  • http://www.ist.tugraz.at/staff/jobstmann/lily/


hl

fl

hl

sensor(ec)

LTL Specification: Traffic Light

.inputs timer car

.outputs fl hl

G(F(timer=1)) -> (

G(fl=1 -> (fl=1 U timer=1))

G(hl=1 -> (hl=1 U timer=1))

G(car=1 -> F(fl=1))

G(F(hl=1))

G(!(hl=1 * fl=1)))


Generated System: Traffic Light

module traffic(hl,fl,clk,car,timer);

input clk,car,timer;

outputfl,hl;

wire clk,fl,hl,car,timer;

reg state;

assignhl = (state == 0);

assignfl = (state == 1);

initial state=0;

always @(posedge clk) begin

case(state)

0: begin

if (timer==0) state = 0;

if (timer==1 && car==1) state = 1;

if (car==0) state=0;

end

1: begin

if (timer==1) state = 0;

if (timer==0) state = 1;

end

endcase

end

endmodule //traffic


Conclusion

  • First implementation of synthesis for full LTL

  • Optimizations are enabling factor

  • Our examples are small but useful for property debugging (or learning LTL)

  • Future


Thank you for your attention!


  • Login