Presentation is loading. Please wait.

Presentation is loading. Please wait.

Graz University of Technology Professor Horst Cerjak, 19.12.2005 1 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Barbara Jobstmann.

Published byDana Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Graz University of Technology Professor Horst Cerjak, 19.12.2005 1 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Barbara Jobstmann."— Presentation transcript:

1 Graz University of Technology Professor Horst Cerjak, 19.12.2005 1 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006

2 Graz University of Technology Professor Horst Cerjak, 19.12.2005 2 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Motivation ● Synthesis from specification ● Correct by construction - no verification ● You say what, it says how ● Theory well established ● Long history: Church (early 60’s) ● Theory: Rabin, Ramadge/Woham, Pnueli/Rosner ● What has changed since then?

3 Graz University of Technology Professor Horst Cerjak, 19.12.2005 3 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Outline ● Introduction ● Approaches and optimizations for LTL synthesis ● Lily ● Conclusion

4 Graz University of Technology Professor Horst Cerjak, 19.12.2005 4 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis LTL Synthesis ● Automatically build design from specification ● Input ● Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),… ● Partition of the atomic propositions (input/output signals) Reactive systems: Some signals controlled by system others not ● Output ● Automatically created functionally correct finite-state machine (Moore) ● Proposed for LTL by Pnueli, Rosner (POPL'89) ● Difference between monitoring and synthesis ● Monitoring: build passive system (nondeterministic) ● Synthesis: build reactive system (deterministic)

5 Graz University of Technology Professor Horst Cerjak, 19.12.2005 5 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Key Observation ● Moore machine ● Input signal r, output signal a ● r=1,r=0....input alphabet ● a=1,a=0..output alphabet ● Tree (regular) ● r=1,r=0....directions D ● a=1,a=0..alphabet Σ (labeling) Σ-labeled D-tree

6 Graz University of Technology Professor Horst Cerjak, 19.12.2005 6 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Idea 1)Build a tree automaton ● Accepts all trees representing moore machines that fulfill spec φ ● Directions are input values (D=2 I, input signals I) ● Alphabet are output values (Σ=2 O, output signals O) ● Automaton accepts all Σ-labeled D-trees where all paths satisfy the given formula φ 2)Compute language emptiness 3)Build FSM from the witness (a Σ-labeled D-tree)

7 Graz University of Technology Professor Horst Cerjak, 19.12.2005 7 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Necessary Theory ● Infinite game theory ● Automata theory ● Branching mode (Deterministic, Nondeterministic, Universal, Alternating) ● Acceptance condition (Büchi, Co-Büchi, Weak,..) ● Input element (Word,Tree) ● Use of KV's abbreviation (e.g.,NBW,UCT,...)

8 Graz University of Technology Professor Horst Cerjak, 19.12.2005 8 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Alternating Word Automata ● N+U branching (edges we can follow and edges we must follow) ● Notation: ● Circles represent states ● Boxes represent universal edges ● Edges are labeled with sets of labels

9 Graz University of Technology Professor Horst Cerjak, 19.12.2005 9 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis

10 Graz University of Technology Professor Horst Cerjak, 19.12.2005 10 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Tree Automata Universal edges: Foreach direction, follow only the matching edges

11 Graz University of Technology Professor Horst Cerjak, 19.12.2005 11 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Universal and tree branching

12 Graz University of Technology Professor Horst Cerjak, 19.12.2005 12 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Safraful Approach [PR89] 1)Build an NBW for φ 2)Convert to DRW ● Safra's determinizations algorithm 3)Split alphabet into I/O  DRT 4)Check Language Emptiness ● Build transducer (fsm) φ NBW Build NBW DRW +i/o Build DRW DRT Build DRT FSM Lang. Emp.

13 Graz University of Technology Professor Horst Cerjak, 19.12.2005 13 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Issues ● 2EXP worst case complexity ● Safra's determinization construction φ NBW Build NBW DRW +i/o Build DRW DRT Build DRT FSM Lang. Emp. exp blow-up exp blow-up

14 Graz University of Technology Professor Horst Cerjak, 19.12.2005 14 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Solutions ● Concentrate on subsets of LTL ● Alur, Madhusudan, Nam (BMC'03, STTT'05) ● Wallmeier, Hütter, Thomas (CIAA'03) ● Harding, Ryan, Schobbens (TACAS'05) ● Piterman, Pnueli, Sa'ar (VMCAI'06) ● Full LTL (Safraless approach) ● Kupferman, Vardi (FOCS'05) ● Kupferman, Piterman, Vardi (CAV'06)

15 Graz University of Technology Professor Horst Cerjak, 19.12.2005 15 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Safraless Approach [KV05] 1)Build a UCT ● Negate φ ● Build an NBW for ¬φ ● Invert NBW → UCT 2)Convert to AWT 3)Convert to NBT 4)Check Language Emptiness φ+i/o UCT Build UCT AWT Build AWT NBT Build NBT FSM Lang. Emp. L(UCT) = L tree (φ) L(AWT)  L T (φ) L T (φ)   L(AWT)  L(NBT)  L T (φ) L T (φ)   L(NBT) 

16 Graz University of Technology Professor Horst Cerjak, 19.12.2005 16 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis List of Optimizations 1)Game-based Heuristic language emptiness 2)Simulation-based cf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98) cf. Fritz, Wilke (FSTTCS’02) 3)Simplify KV-constructions Build AWT, Build NBT cf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) 4)Process steps incremental Combine steps φ+i/o UCT Build UCT AWT Build AWT NBT Build NBT FSM Lang. Emp.

17 Graz University of Technology Professor Horst Cerjak, 19.12.2005 17 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Game-based Optimization ● Heuristic language emptiness ● Alternating Tree Automaton ● Idea ● Find states with empty language (accept no tree) ● Runs with non-accepting path are rejected ● Environment can force a non-accepting path ● Sufficient (but not necessary) for language emptiness φ+i/o UCT Build UCT AWT Build AWT NBT Build NBT FSM Lang. Emp.

18 Graz University of Technology Professor Horst Cerjak, 19.12.2005 18 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Game-based Optimization ● Game ● System picks the label and the nondeterminism ● Environment picks direction and universality ● State s is winning for environment → L T (s) empty

19 Graz University of Technology Professor Horst Cerjak, 19.12.2005 19 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Example (1) ● φ=GF timer → G(light → light U timer) ● UCT with co-Büchi state (n3)

20 Graz University of Technology Professor Horst Cerjak, 19.12.2005 20 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Example (2) ● Game: ● Systems aims to avoid infinitely many visits to n3 ● Environment aims to force those visits ● Co-Büchi game weak automaton φ=GF timer → G(light → light U timer)

21 Graz University of Technology Professor Horst Cerjak, 19.12.2005 21 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis List of Optimizations 1)Game-based Heuristic language emptiness 2)Simulation-based cf. Alur, Henzinger, Kupferman, Vardi (CONCUR’98) cf. Fritz, Wilke (FSTTCS’02) 3)Simplify KV-constructions Build AWT, Build NBT cf. Gurumurthy, Kupferman, Somenzi, Vardi (CHARME’05) 4)Process steps incremental Combine steps φ+i/o UCT Build UCT AWT Build AWT NBT Build NBT FSM Lang. Emp.

22 Graz University of Technology Professor Horst Cerjak, 19.12.2005 22 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Lily - Linear Logic sYnthesizer ● First tool to offer synthesis for full LTL ● Based on Fabio Somenzi's Wring ● Implements KV05 and all mentioned optimizations ● http://www.ist.tugraz.at/staff/jobstmann/lily/

23 Graz University of Technology Professor Horst Cerjak, 19.12.2005 23 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis LTL Specification: Traffic Light G(F(timer=1)) -> ( G(fl=1 -> (fl=1 U timer=1)) G(hl=1 -> (hl=1 U timer=1)) G(car=1 -> F(fl=1)) G(F(hl=1)) G(!(hl=1 * fl=1))).inputs timer car.outputs fl hl hl fl sensor(ec)

24 Graz University of Technology Professor Horst Cerjak, 19.12.2005 24 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Generated System: Traffic Light module traffic(hl,fl,clk,car,timer); input clk,car,timer; output fl,hl; wire clk,fl,hl,car,timer; reg state; assign hl = (state == 0); assign fl = (state == 1); initial state=0; always @(posedge clk) begin case(state) 0: begin if (timer==0) state = 0; if (timer==1 && car==1) state = 1; if (car==0) state=0; end 1: begin if (timer==1) state = 0; if (timer==0) state = 1; end endcase end endmodule //traffic

25 Graz University of Technology Professor Horst Cerjak, 19.12.2005 25 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Conclusion ● First implementation of synthesis for full LTL ● Optimizations are enabling factor ● Our examples are small but useful for property debugging (or learning LTL) ● Future

26 Graz University of Technology Professor Horst Cerjak, 19.12.2005 26 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Thank you for your attention!

Download ppt "Graz University of Technology Professor Horst Cerjak, 19.12.2005 1 Barbara Jobstmann San Jose, Nov 15Optimizations for LTL Synthesis Barbara Jobstmann."

Similar presentations

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.

Model Checking Lecture 3. Specification Automata Syntax, given a set A of atomic observations: Sfinite set of states S 0 Sset of initial states S S transition.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.

Avoiding Determinization Orna Kupferman Hebrew University Joint work with Moshe Vardi.
Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)

Black Box Checking Book: Chapter 9 Model Checking Finite state description of a system B. LTL formula. Translate into an automaton P. Check whether L(B)
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
4b Lexical analysis Finite Automata

4b Lexical analysis Finite Automata
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
Table 7.1 Verilog Operators.

Table 7.1 Verilog Operators.
Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University.

Synthesis of Reactive systems Orna Kupferman Hebrew University Moshe Vardi Rice University.
Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.

Equivalence of Extended Symbolic Finite Transducers Presented By: Loris D’Antoni Joint work with: Margus Veanes.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
FSM Revisit Synchronous sequential circuit can be drawn like below  These are called FSMs  Super-important in digital circuit design FSM is composed.

FSM Revisit Synchronous sequential circuit can be drawn like below  These are called FSMs  Super-important in digital circuit design FSM is composed.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
Determinization of Büchi Automata

Determinization of Büchi Automata
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.

Nir Piterman Department of Computer Science TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAA Bypassing Complexity.
Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,

Krishnendu Chatterjee1 Partial-information Games with Reachability Objectives Krishnendu Chatterjee Formal Methods for Robotics and Automation July 15,
Presenter: PCLee – 2011.03.02. This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.

Presenter: PCLee – This paper outlines the MBAC tool for the generation of assertion checkers in hardware. We begin with a high-level presentation.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Similar presentations

Ads by Google