Controller Synthesis For Timed Automata Authors : Eugene Asarin, Oded Maler, Amir Pnueli and Joseph Sifakis Yean-Ru Chen Embedded System Laboratory of Computer Science and Information Engineering at National Chung Cheng University

Outline Introduction Un-timed Systems Timed Systems Discussion

Introduction In this work, we tackle the following problem: given a timed automaton, restrict its transition relation in a systematic way so that all the remaining behaviors satisfy certain properties. This is an extension of the problem of controller synthesis for discrete event dynamical systems, where in addition to choosing among actions, the controller have the option of doing nothing and let the time pass.

Introduction (Cont.) - Game Here we are going to give a short tutorial to the game-theoretic formulation of the synthesis problem :

Introduction (Cont.) - Game F = { 1, 4 } When controller chooses a1, the adversary (i.e. environment) chooses b2  controller LOSE!! When controller chooses a2, the adversary (i.e. environment) chooses b1  controller still LOSE!! So, the controller has no winning strategy at state 0 !! This means that state 0 is not a winning position !! {0} π({1,4})

Introduction (Cont.) - Game F = { 1, 2} We consider a game with the same transition structure (i.e. start at state 0) There is a winning strategy as the controller can, by making a1, “ FORCE ” the environment into F. This means controller must WIN the game!! {0} π({1,2})

Introduction (Cont.) - Game The mathematical formulation of this notion for a game with a state-space Q is via an operator assigning for every F Q. π(F) denoting its controllable predecessors. That is, the set of states from which the controller can force its adversary into F.

Un-timed Systems Game Automata Definition 1 : Game Automata Definition 2 : Steps and Runs Safety Games Definition 3 : Controller Synthesis for -Game Definition 4 : Controllable Predecessor Algorithm 1 : Winning Strategy for - Games

Game Automata Def. 1 (Game Automata) A game automata (GA) is a tuple A = { Q, A, B, T A, T B, δ} T A Q×A and TB Q×B : enabling conditions for the two types of actions. transition function δ : Q×A×B → Q indicates which state is reached when performing a joint action. EX(Fig.1): δ(0,a1,b1) indicates state 1 is reached. And (0,a1) T A, (0,b1) T B.

Game Automata (Cont.) Def. 2 (Steps and Runs) A joint step of A is q q ’, we can take q ’ as a destination state from q via choosing (a,b) action. That is q ’ = δ(q,a,b) A run of A is a sequence ( finite or infinite) of joint steps of the form: ζ= q 0 q 1 q 2 … We denote by L(A,P) the set of all runs starting from some q P Q. The set of states reachable by a run ζ is denoted by Reach (ζ). The set of states reachable from P by some run in L(A,P) is denoted by Reach (A,P)

Game Automata (Cont.) An automaton is non-blocking if for every q Q, there are a A and b B such that (q,a) T A and (q,b) T B. In a non-blocking automaton every finite run can be extended to an infinite one. Given some T A Q × A, we denote by S(T A ) the set of states on which T A is defined. The restriction of T A to some Q ’ Q is denoted by T A |Q ’ = T A ∩ {(q,a) : q Q ’ } A strategy for A is a restriction of T A such that all the remaining runs are accepting.

Safety Games In a safety game, the goal of player A is to keep the game inside a subset G of Q. The winning states of the game are thus the states from which A can, by properly choosing its actions, prevent the game from going outside G.

Safety Games (Cont.) Def. 3 (Controller Synthesis for □ - Games) Given a GA A = (Q,A,B,T A,T B, δ) and a set G Q, the controller synthesis problem Synth (A,G, □ ) is : find the maximum subset Q*, Q* G Q, and the maximum T A * T A |G T A, such that the automaton A * = (Q *,A,B,T A *,T B |Q, δ), is non-blocking and Reach (A*,Q*) G.

Safety Games (Cont.) Def. 4 (Controllable Predecessor) Let A be a GA. Operator π: 2 Q 2 Q×A

Safety Games (Cont.)

Timed System Real – Time Games Timed Game Automata Definition 7 : Timed Game Automaton Definition 8 : Steps and Runs Timed Safety Games Definition 9 : Controllers for Timed □ - Games Definition 10: Timed Controllable Predecessor Definition 11: Until Operator Definition 12: Timed □ -Predecessors Algorithm 2 : Strategy for Timed □ -Games

Timed System (Cont.) Closure of Zone under π □ Claim 16 : Properties of zones Definition 17 Lemma 18 Lemma 19 Corollary 20: Termination Theorem 21 : Main Result

Real – Time Games In real-time games the outcome of the players actions depend also on their timing because performing the same action now or later might have completely different consequences.

Timed Game Automata Q : a finite set of states X = IR d for some integer d be the clock space x : the element of X. We denote x = (x 1, …,x d ) 0 : zero vector x + t : means x + (t,t, …,t) Configurations : elements of Q×X Zone Q×X Reset function ρ: X → X if it sets some coordinates of its argument to 0 and leaves the others intact. F (X) : the set of all the reset functions. ε : empty action A ε = A ∪ {ε}, B ε = B ∪ {ε}

Timed Game Automata (Cont.) Def. 7 (Timed Game Automaton) TGA is a tuple A = (Z,A,B,T A,T B, δ, ρ) Z : zone T A Q × X × A ε, similarly to T B : timing constrains for the two types of actions δ: Q × A ε × B ε → Q ρ: Q × A ε × B ε → F (X) δ(q, ε, ε) = q ρ(q, ε, ε) is the identity function

We require that the automaton is strongly non-Zero that is in every cycle in the transition graph of the automaton, there is at least one transition which resets a clock variable x i to zero and at least one transition which can be taken only if x i ≧ 1. Timed Game Automata (Cont.)

Def. 8 ( Steps and Runs) A joint step of a TGA A is (q,x) → (q ’,x ’ ) which is either : (1) a time step (of duration t) : (2) a discrete step: (a,b) ≠ (ε, ε)

Timed Safety Games Def. 9 (Controllers for Timed □ - Games) Given a TGA A and a zone G, the controller synthesis problem Synth(A,G, □ ) is : find the max subset Z *, Z * G Z, and the max T A *, T A * T A |G T A such that the automaton A * = (Z *,A,B,T A *,T B |Z, δ, ρ) is non-blocking and Reach (A *,Z * ) G.

Timed Safety Games (Cont.) Def. 10 ( Timed Controllable Predecessor) A is a TGA. There are two operators : (1) π δ active predecessors (2) π t passive predecessors They are defined as follows :

Timed Safety Games (Cont.)

Def. 11 (Until Operator)

Timed Safety Games (Cont.) Def. 12 (Timed □ -Predecessors)

Closure of Zones under π □ Claim 16. (Properties of zones)

Def. 17 : We call a function piecewise trivial if it can be represented in the form: