1 / 23

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis. Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG). On Temporal Reasoning. Allen temporal algebra/logic (ATL) : Allen’84

jed
Download Presentation

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Allen Linear Temporal LogicTranslation to LTL andMonitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)

  2. On Temporal Reasoning • Allen temporal algebra/logic (ATL): Allen’84 • One of the “best established formalism for temporal reasoning” (in AI) – Krokhin et al.’03 (J. of ACM) • Linear temporal logic (LTL): Pnueli’77 • One of the best-established formalisms in verification • Between the two, so far … • No rigorous connection • No attempt to “systematically reuse” good features of one in the context of the other (visual representation, formal verification, monitoring, etc.)

  3. Overview • Recall Allen temporal algebra/logic and LTL • Define Allen linear temporal logic (ALTL) • Translate ALTL into LTL • NP completeness of ALTL satisfiability • Monitor ALTL • Conclusion • Future work

  4. Allen Temporal Algebra/Logic (ATL) • Framework dealing with incomplete relative temporal information • Event A is before or overlaps event B • Very used in AI planning • Interval taken as primitive temporal quantity • 13 basic binary relations on intervals • ATL formula (aka compatibility) • boolean (finite) combination of such relations • ATL models are (dense) total orders • Intervals interpreted as convex subsets

  5. ATL: Basic Interval Relations (I) • Equals(i,j) • Before(i,j) or After(j,i) • Meets(i,j) or MetBy(j,i) Exactly the same timepoints i j There are some timepoints between i and j j i There are no timepoints between i and j j i

  6. ATL: Basic Interval Relations (II) • Overlaps(i,j) or OverlappedBy(j,i) • Contains(i,j) or During(j,i) • Starts(i,j) or StartedBy(j,i) • Ends(i,j) or EndedBy(j,i) j i j i i j i j

  7. ATL Models • Total orders (T,<), dense or discrete • Intervals interpreted as convex subsets •  : Intervals → Convex(T) • C  Convex(T) iff (x,y)  C when x <y in C • Model (T,<, )satisfiesOverlaps(i,j) iff (i) ∩ (j) ≠and x (j), y (i), x < (i), (j) < y (j) (i) y x

  8. ATL in Practice • Extensively used in AI planning to reason about concurrency and temporal extent; very visual • Intervals can express both action instances and states of attributes (state variables); aka tokens • Example: McCarthy’s Monkey/Banana

  9. NASA Ames GROMIT Model Exploration rover

  10. DDL: A Formal ATL Language • Domain-Description Language (DDL) in AI planning • NASA Remote Agent, EUROPA; used for plan synthesis • GROMIT model has >1500 DDL lines of ATL spec:

  11. ATL: Known Results and Evidence • Allen introduced it in ’84; no theorems • NP-complete satisfiability (Vilain,Kautz,Beek’89) • Not hard, but intricate • Much research in tractable fragments • 18 tractable subalgebras (Krokhin,Jeavons,Jonsson’03 – J.ACM) • Evidence • Visual and intuitive formalism • Easy to comprehend and explain • Large specifications relatively manageable

  12. Linear Temporal Logic (LTL) • Pnueli introduced it in ’77 • Sistla, Clarke ’85 • PSPACE-complete satisfiability • LTL□ is NP-complete • Extensively used in verification, temp. DB • Calvanese, De Giacomo, Vardi ’02 • Propose LTL as a formalism for AI planning • Yet, no formal connection between ATL and LTL has been investigated • we could use LTL verification tools and techniques in AI planning, a domain lacking but in need of them …

  13. From ATL to LTL (I) Step 1 • Relate models: • Define Allen Linear Temporal Logic (ALTL), whose models are -sequences, like in LTL • Theory: • Same complexity as the dense variant • Practice: • Care needed to generate at least one timepoint in each non-empty interval fragment

  14. From ATL to LTL (II) Step 2 • Encode membership to intervals: • Add an atomic predicate ifor each interval i Step 3 • Enforce “interval behavior” (no “gaps”) • Non-emptiness: ifor each interval i • Convexity:  ( (i  (i i ))) j j j j

  15. From ATL to LTL (III) Step 4 • Encode interval relations; e.g.: Overlaps(i,j)  (j i (j i  (j  i ))) j i j  i j  i j i

  16. From ATL to LTL:Theoretical Aspects • Recent works in ATL, including the DDL language, work with an extended ATL • Add predicates and new relations • Holds(p,i) and Occurs(p,i) • New satisfiability is obviously still NP-hard • Extends propositional calculus • Holds and Occurs can also be translated in LTL • Holds(p,i) is □(i  p) • Occurs(p,i) is  (p  i ) • Four steps above give us • A reduction from ATL to LTL□, the latter NP-complete • Therefore, the extended ATL is NP-complete

  17. From ATL to LTL:Practical Aspects • Implemented the four transformation steps above as a term rewrite system, in Maude • [go to example in technical report] • Unfortunately, resulting LTL formulae are large and hard to understand … • But, at least in principle, one can now • Use formal verification techniques in domains, e.g., AI planning, whose requirements use ATL • Use ATL to specify system requirements and then formally verify them

  18. Monitoring ATL (I) • Importance of monitoring in autonomous systems cannot be overestimated: • Even if a plan is proved to satisfy its spec, many factors can lead to violations of reqs: terrain, power, hardware • We know how to monitor LTL “efficiently” • Monitors based on (non-deterministic) Buchi automata • Can we use our ATL-to-LTL translation and then use LTL monitors to monitor ATL? • Buchi automata generation appears to be a bottle-neck • ATL-to-LTL-to-Buchi applied on the Monkey formula yields several thousand nodes and ~ 60,000 edges (Oddoux&Gastin LTL2Buchi)

  19. Specialized Monitoring Algorithm for ATL • Idea: divide-and-conquer • Monitor each temporal relation “individually” • Combine the results within the “big-picture” • Check for satisfiability “from time to time” Algorithm: Suppose ATL formula (r1, r2, …, rn) •  is a boolean formula … where • r1, r2, …, rn regarded as “dynamic” variables; they may become true/false during monitoring • At each event, recalculate the “truth status” of variables • Maintain a “little” monitor for each • At critical timepoints, check satisfiability of

  20. Monitors for Interval Relations j i Overlaps(j,i) There are also “little monitors” ensuring that intervals are non-empty and contiguous …

  21. GROMIT Experiment • Applied the ATL monitor synthesis algorithm above on NASA Ames’ GROMIT specification • ATL formula has more than 100 interval relations • We did not have access to the execution platform, but were provided 100 execution traces, each containing several hundred events • Both monitor synthesis and checking took negligible time • However, for each trace, we checked for satisfiability only once, at the end

  22. Conclusion • Defined Allen linear temporal logic (ALTL) • Translated ALTL into LTL • NP completeness of (extended) ALTL satisfiability • Allows using LTL tools and techniques in domains that prefer (or cannot avoid) ATL specifications • Explored monitoring problem for ATL • Showed that “blind use” of LTL monitors can be inefficient • Presented efficient, specialized ATL monitoring algorithm

  23. Future Work, Questions … • ATL is a “sugared fragment” of LTL • Monitoring ATL directly is more effective … • Can ATL (instead of general LTL) be used in certain particular system verification efforts? Visual, easy! • Formal verification techniques for ATL? • Theorem proving, model checking • Extend ATL with repetition? Monitor it? • There are many other interval logics (e.g., ITL, MTL) • Monitor synthesis for these?

More Related