260 likes | 286 Views
Explore approaches and optimizations for LTL synthesis, including Lily, a linear logic synthesizer. Learn how to build a design from specifications without the need for verification.
E N D
Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006 Optimizations for LTL Synthesis
Motivation • Synthesis from specification • Correct by construction - no verification • You say what, it says how • Theory well established • Long history: Church (early 60’s) • Theory: Rabin, Ramadge/Woham, Pnueli/Rosner • What has changed since then?
Outline • Introduction • Approaches and optimizations for LTL synthesis • Lily • Conclusion
LTL Synthesis • Automatically build design from specification • Input • Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),… • Partition of the atomic propositions (input/output signals)Reactive systems: Some signals controlled by system others not • Output • Automatically created functionally correct finite-state machine (Moore) • Proposed for LTL by Pnueli, Rosner (POPL'89) • Difference between monitoring and synthesis • Monitoring: build passive system (nondeterministic) • Synthesis: build reactive system (deterministic)
Tree (regular) r=1,r=0 .... directions D a=1,a=0 .. alphabet Σ (labeling) Key Observation • Moore machine • Input signal r, output signal a • r=1,r=0 .... input alphabet • a=1,a=0 .. output alphabet Σ-labeled D-tree
Idea • Build a tree automaton • Accepts all trees representing moore machines that fulfill spec φ • Directions are input values (D=2I, input signals I) • Alphabet are output values (Σ=2O, output signals O) • Automaton accepts all Σ-labeled D-trees where all paths satisfy the given formula φ • Compute language emptiness • Build FSM from the witness (a Σ-labeled D-tree)
Necessary Theory • Infinite game theory • Automata theory • Branching mode (Deterministic, Nondeterministic, Universal, Alternating) • Acceptance condition (Büchi, Co-Büchi, Weak, ..) • Input element (Word,Tree) • Use of KV's abbreviation (e.g.,NBW,UCT,...)
Alternating Word Automata • N+U branching (edges we can follow and edges we must follow) • Notation: • Circles represent states • Boxes represent universal edges • Edges are labeled with sets of labels
Tree Automata Universal edges: Foreach direction, follow only the matching edges
φ Build NBW NBW Build DRW DRW +i/o Build DRT DRT Lang. Emp. FSM Safraful Approach [PR89] • Build an NBW for φ • Convert to DRW • Safra's determinizations algorithm • Split alphabet into I/O DRT • Check Language Emptiness • Build transducer (fsm)
φ Build NBW NBW Build DRW DRW +i/o Build DRT DRT Lang. Emp. FSM Issues exp blow-up • 2EXP worst case complexity • Safra's determinization construction exp blow-up
Solutions • Concentrate on subsets of LTL • Alur, Madhusudan, Nam (BMC'03, STTT'05) • Wallmeier, Hütter, Thomas (CIAA'03) • Harding, Ryan, Schobbens (TACAS'05) • Piterman, Pnueli, Sa'ar (VMCAI'06) • Full LTL (Safraless approach) • Kupferman, Vardi (FOCS'05) • Kupferman, Piterman, Vardi (CAV'06)
φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM Safraless Approach [KV05] • Build a UCT • Negate φ • Build an NBW for ¬φ • Invert NBW → UCT • Convert to AWT • Convert to NBT • Check Language Emptiness L(UCT) = Ltree(φ) L(AWT) LT(φ) LT(φ) L(AWT) L(NBT) LT(φ) LT(φ) L(NBT)
φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM List of Optimizations • Game-based Heuristic language emptiness • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02) • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) • Process steps incrementalCombine steps
φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM Game-based Optimization • Heuristic language emptiness • Alternating Tree Automaton • Idea • Find states with empty language (accept no tree) • Runs with non-accepting path are rejected • Environment can force a non-accepting path • Sufficient (but not necessary) for language emptiness
Game-based Optimization • Game • System picks the label and the nondeterminism • Environment picks direction and universality • State s is winning for environment → LT(s) empty
Example (1) • φ=GF timer → G(light → light U timer) • UCT with co-Büchi state (n3)
Example (2) • Game: • Systems aims to avoid infinitely many visits to n3 • Environment aims to force those visits • Co-Büchi game φ=GF timer → G(light → light U timer) weak automaton
φ+i/o Build UCT UCT Build AWT AWT Build NBT NBT Lang. Emp. FSM List of Optimizations • Game-based Heuristic language emptiness • Simulation-basedcf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98)cf. Fritz, Wilke (FSTTCS’02) • Simplify KV-constructionsBuild AWT, Build NBTcf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) • Process steps incrementalCombine steps
Lily - Linear Logic sYnthesizer • First tool to offer synthesis for full LTL • Based on Fabio Somenzi's Wring • Implements KV05 and all mentioned optimizations • http://www.ist.tugraz.at/staff/jobstmann/lily/
hl fl hl sensor(ec) LTL Specification: Traffic Light .inputs timer car .outputs fl hl G(F(timer=1)) -> ( G(fl=1 -> (fl=1 U timer=1)) G(hl=1 -> (hl=1 U timer=1)) G(car=1 -> F(fl=1)) G(F(hl=1)) G(!(hl=1 * fl=1)))
Generated System: Traffic Light module traffic(hl,fl,clk,car,timer); input clk,car,timer; outputfl,hl; wire clk,fl,hl,car,timer; reg state; assignhl = (state == 0); assignfl = (state == 1); initial state=0; always @(posedge clk) begin case(state) 0: begin if (timer==0) state = 0; if (timer==1 && car==1) state = 1; if (car==0) state=0; end 1: begin if (timer==1) state = 0; if (timer==0) state = 1; end endcase end endmodule //traffic
Conclusion • First implementation of synthesis for full LTL • Optimizations are enabling factor • Our examples are small but useful for property debugging (or learning LTL) • Future