View
6
Download
0
Category
Preview:
Citation preview
Synthesis
Sven S hewe
University of Liverpool
AVACS Autumn S hool, O tober 2
nd
, 2015
A Modest Goal
obtain orre t systems . . .
A Modest Goal
obtain orre t systems . . .
. . . without doing anything.
Spe i� ation
Implementation
Veri� ation
orre t
in orre t
Spe i� ation Synthesis
implementation
unrealisable
Appli ations
Dete tion of in onsistent spe i� ations
Partial design veri� ation
(Early error dete tion)
Error lo alisation
Automated prototyping
Synthesis
Spe i� ation Spe i� ation
& Ar hite ture
ATL, ATL*, CL + CTL, LTL, CTL*
alternating-time �- al ulus + �- al ulus
Requirement: The s ientist an get as mu h o�ee as she likes.
ATL*: hhs ientistii get
o�ee
Synthesis
Spe i� ation Spe i� ation
& Ar hite ture
ATL, ATL*, CL + CTL, LTL, CTL*
alternating-time �- al ulus + �- al ulus
environment
ontroller
brewing group
sensorgrinder
want
o�ee
get
o�ee
brew!
grind!
b info
g info
d
o
n
e
Requirement: The s ientist an get as mu h o�ee as she likes.
LTL: (want
o�ee
! get
o�ee
)
CTL: 8 (want
o�ee
! 8 get
o�ee
)
Synthesis
Spe i� ation Spe i� ation
& Partial Design
ATL, ATL*, CL + CTL, LTL, CTL*
alternating-time �- al ulus + �- al ulus
environment
ontroller
brewing group
sensorgrinder
want
o�ee
get
o�ee
brew!
grind!
b info
g info
d
o
n
e
Requirement: The s ientist an get as mu h o�ee as she likes.
LTL: (want
o�ee
! get
o�ee
)
CTL: 8 (want
o�ee
! 8 get
o�ee
)
Synthesis
Spe i� ation Spe i� ation
& Partial Design
ATL, ATL*, CL + CTL, LTL, CTL*
alternating-time �- al ulus + �- al ulus
environment
ontroller
brewing group
sensorgrinder
want
o�ee
get
o�ee
brew!
grind!
b info
g info
d
o
n
e
| {z }
Automata-Theory
| {z }
Constru tive Non-Emptiness Games
The birth of the synthesis problem
Alonzo Chur h Summer Institute of Symboli Logi
Cornell University 1957
Given a requirement whi h a ir uit is to satisfy, we may suppose
the requirement expressed in some suitable logisti system whi h is
an extension of restri ted re ursive arithmeti . The synthesis
problem is then to �nd re ursion equivalen es representing a ir uit
that satis�es the given requirement (or alternatively, to determine
that there is no su h ir uit).
Chur h's Solvability Problem
Env Pro
Input
Variables
Output
Variables
Chur h's Solvability Problem 1963
Given: an interfa e spe i� ation
(identi� ation of input and output variables)
and a behavioural spe i� ation '
Sought: an implementation (Input
�
! Output), satisfying '
Input
j= '
Chur h's Solvability Problem
Env Pro
Input
Variables
Output
Variables
Chur h's Solvability Problem 1963
Given: an interfa e spe i� ation
(identi� ation of input and output variables)
and a behavioural spe i� ation '
Sought: an implementation (Input
�
! Output), satisfying '
Env k Pro j= '
Chur h's Solvability Problem
Env Pro
Input
Variables
Output
Variables
Chur h's Solvability Problem 1963
Given: an interfa e spe i� ation
(identi� ation of input and output variables)
and a behavioural spe i� ation '
Sought: an implementation (Input
�
! Output), satisfying '
9Pro 8Env. Env k Pro j= '
Part I
But how? History and Simpli ity of Synthesis
Synthesis through the ages
1963 Chur h's solvability problem
1969 B�u hi and Landweber, �nite games of in�nte duration
1969 Rabin's solution based on deterministing !-automata
Algorithms LTL
1989 Pnueli and Rosner
2005 Kupferman and Vardi \Safraless"
2007 S and Finkbeiner \B�u hiless"
Tools LTL
2009 Filiot, Jin, and Raskin (Anti hain)
2010 Ehlers (BDD)
. . .
Algorithms
in the vi inity of synthesis
Tree Automata
1
Proje tion simple
2
Narrowing / information hiding simple
Word Automata
1
determinisation diÆ ult
Algorithms
in the vi inity of synthesis
Tree Automata
1
Proje tion simple
2
Narrowing / information hiding simple
Word Automata
1
determinisation diÆ ult
But why is it diÆ ult?
Finite and B�u hi Automata
1 2
a; b
a; b
b
Finite Automata
interpreted over �nite words here: over � = fa; bg
run: start at some initial state
stepwise: read an input letter, and
traverse the automaton respe tively
a epting: is in a �nal state after pro essing the omplete word
language: words with a epting runs
here: �
�
r f"g
Finite and B�u hi Automata
1 2
a; b
a; b
b
B�u hi Automata
interpreted over in�nite words here: over � = fa; bg
run: start at some initial state
stepwise: read an input letter, and
traverse the automaton respe tively
a epting: is in�nitely often in a �nal state while pro essing
the omplete !-word
language: words with a epting runs
here: !-words with �nitely many a's
Determinisation of Finite Automata
1 2
a; b
a; b
b
1
1; 2
a; b
a; b
Determinisation of B�u hi Automata
1 2
a; b
a; b
b
Deterministi B�u hi Automata . . .
. . . are less expressive than nondeterministi B�u hi automata.
Example Language: All words with �nitely many a's
Constru t an input word by repeatedly
hoosing b's until a �nal state is rea hed
hoosing an a on e.
) determinisation requires more involved a eptan e
ondition
Determinisation of B�u hi Automata
1 2
a; b
a; b
b
�
�
b
a
a b
Muller Automata
Table of a eptable in�nity sets.
�nitely many a's:
�
f�g
Determinisation of B�u hi Automata
�
�
b
a
a b
Muller Automata normal forms
Rabin: list of pairs (A
i
;R
i
) of a epting and reje ting
states
for some pair, some a epting and no reje ting
state o urs in�nitely often
Streett: list of pairs (A
i
;R
i
) of a epting and reje ting
states (dual ase)
for all pairs, some a epting or no reje ting
state o urs in�nitely often
Parity: priority fun tion states! N
lowest priority o urring in�nitely often is even
Rabin hain or Streett double hain ondition
Determinisation of B�u hi Automata
�
�
b
a
a b
Muller Automata normal forms
Rabin: list of pairs (A
i
;R
i
) of a epting and reje ting
states
for some pair, some a epting and no reje ting
state o urs in�nitely often
Streett: list of pairs (A
i
;R
i
) of a epting and reje ting
states (dual ase)
for all pairs, some a epting or no reje ting
state o urs in�nitely often
Parity: priority fun tion states! N
lowest priority o urring in�nitely often is even
Rabin hain or Streett double hain ondition
Determinisation of B�u hi Automata
�
�
b
a
a b
Muller Automata normal forms
Rabin: list of pairs (A
i
;R
i
) of a epting and reje ting
states
for some pair, some a epting and no reje ting
state o urs in�nitely often
Streett: list of pairs (A
i
;R
i
) of a epting and reje ting
states (dual ase)
for all pairs, some a epting or no reje ting
state o urs in�nitely often
Parity: priority fun tion states! N
lowest priority o urring in�nitely often is even
Rabin hain or Streett double hain ondition
Algorithms
determinising !-automata
1969 Rabin's solution based on deterministing !-automata
1988 Safra n
O(n)
1988 Mi hel n
�(n)
2006 Piterman O(n!
2
) (bound by [S08℄)
2008 S O
�
( n)
n
�
with � 1:65 Rabin
2008 Col ombet and Zdanowski �
�
( n)
n
�
Rabin
2012 S and Varghese determinising GBA
2014 S and Varghese �(n!
2
) parity and Streett
Part II
Warm-Up: LTL { Automata & Simple Cases
Automata & Games
LTL
LTL ) alternating word automata (AA)
AA ) a eptan e game for tra es
AA 6) existen e game for tra es
NBA ) existen e game for tra es
NBA and model he king
Linear-Time Temporal Logi s
{ as a word language {
LTL formulas
' ::= true j p j :' j ' ^ ' j ' _ ' j ' j ' j' j 'U '
p: p
': '
':'
': ' ' ' ' ' ' ' ' ' '
'U : ' ' ' ' ' ' ' '
Linear-Time Temporal Logi s
{ a ba kwards aproa h {
p _:p
a harmless tautology
p: p p p p p p p : : :
p:
p p p p p p p p
:p:p p
p _:p:p p p p p p p p p p
p _:p:p p p p p p p p p p
p _:p:p p p p p p p p p
A eptan e Game
p _:p AA
1 p _:p ! p _:p ^ p _:p
2 p _:p ! p _:p _ p _:p
3 p _:p ! p _:p
4 p ! p
5 :p ! :p
p: p p p p p p p : : :
Emptiness Game
p _:p AA
1 p _:p ! p _:p ^ p _:p
2 p _:p ! p _:p _ p _:p
3 p _:p ! p _:p
4 p ! p
5 :p ! :p
Emptiness Game
p ^:p AA
1 p ^:p ! p ^:p ^ p ^:p
2 p ^:p ! p ^:p _ p ^:p
3 p ^:p ! p ^:p
4 p ! p
5 :p ! :p
the a eptan e player an heat
by using previous hoi es of the reje tion player when
onstru ting a \model"
Emptiness Game
p ^:p AA
1 p ^:p ! p ^:p ^ p ^:p
2 p ^:p ! p ^:p _ p ^:p
3 p ^:p ! p ^:p
4 p ! p
5 :p ! :p
the a eptan e player an heat
by using previous hoi es of the reje tion player when
onstru ting a \model"
A eptan e Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
p: p p p p p p p : : :
GBA: 3 2 1 1 3 2 1 1 1 1
Emptiness Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Model Che king Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Input
j= '
Model Che king Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Input
6j= '
Model Che king Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Input
6j= :'
Model Che king Game
{ non-deterministi automata {
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Input
6j= '
Model Che king Game
{ universal automata {
: p _:p UCA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Input
j= '
Model Che king Game
{ universal automata {
p _:p UCA
NBA for :p ^ p
1
f g
2
f ; ; p;:pg
(blo ks as NBA, a epts immediately as UCA)
Input
j= '
Part III
Automata & Solvability
Chur h's Solvability Problem
Env Pro
Input
Variables
Output
Variables
Chur h's Solvability Problem { 1963
Given: an interfa e spe i� ation
(identi� ation of input and output variables)
and a behavioural spe i� ation '
Sought: an implementation (Input
�
! Output), satisfying '
Input
j= '
Automata & Games for Synthesis
Implementation
�
Computation Tree
Automata-theoreti approa h
Spe i� ation ' � Automaton A
'
Models of ' � Language of A
'
Realisability of ' � Language Non-Emptiness of A
'
Chur h's Solvability Problem
{ on the running example {
Env Pro
;
p
as before { AA won't do
how about NA?
Chur h's Solvability Problem
{ on the running example {
Env Pro
;
p
as before { AA won't do
how about NA?
Chur h's Solvability Problem
{ on the running example {
Env Pro
p
;
p _:p GBA
1
f ; ; p _:p; p; pg
2
f ; ; p _:p; p;:pg
3
f ; ; p _:p;:p; pg
4
f ; ; p _:p;:p;:pg
5
f ; ; pg
6
f ; ;:pg
Chur h's Solvability Problem
{ on the running example {
Env Pro
p
;
p _:p UCA
NBA for :p ^ p
1
f g
2
f ; ; p;:pg
(blo ks as NBA, a epts immediately as UCA)
Chur h's Solvability Problem
{ in omplete information {
Env Pro
Input
Variables
Output
Variables
AA ) UA / NA ) DA (expensive)
Input
j= '
Extension: In omplete Information
Env Pro
Input
Variables
Output
Variables
Hidden
Variables
UA / NA ) DA (expensive)
\narrowing operation" AA ) AA, UA ) UA, NA 6) NA
if dir
1
and dir
2
are indistinguishable and
you'd send s
1
to dir
1
and s
2
to dir
2
; send s
1
and s
2
to dir
12
Extension: In omplete Information
Env Pro
Input
Variables
Output
Variables
Hidden
Variables
UA / NA ) DA (expensive)
\narrowing operation" AA ) AA, UA ) UA, NA 6) NA
if dir
1
and dir
2
are indistinguishable and
you'd send s
1
to dir
1
and s
2
to dir
2
; send s
1
and s
2
to dir
12
knowledge information fork synthesis li� hanger
Part IV
Distributed Strategies
knowledge information fork synthesis li� hanger
Distributed Synthesis
{ lassi results {
De idable Ar hite tures
Pipelines [Pnueli+Rosner 90℄
Two-Way Chains [Kupferman+Vardi 01℄
One-Way Rings [Kupferman+Vardi 01℄
Unde idable Ar hite ture
a
b d
[Pnueli+Rosner 90℄
knowledge information fork synthesis li� hanger
What does a Pro ess Know?
Env b1 b2 b3 b4
a b d
pro ess b2 knows its input
pro ess b2 knows its output
) pro ess b2 knows the input to pro ess b3
) pro ess b2 knows the output of pro ess b3
: : : least �xed point ) knowledge of b2
knowledge information fork synthesis li� hanger
What does a Pro ess Know?
Env b1 b2 b3 b4
a b d
pro ess b2 knows its input
pro ess b2 knows its output
) pro ess b2 knows the input to pro ess b3
) pro ess b2 knows the output of pro ess b3
: : : least �xed point ) knowledge of b2
knowledge information fork synthesis li� hanger
What does a Pro ess Know?
Env b1 b2 b3 b4
a b d
pro ess b2 knows its input
pro ess b2 knows its output
) pro ess b2 knows the input to pro ess b3
) pro ess b2 knows the output of pro ess b3
: : : least �xed point ) knowledge of b2
knowledge information fork synthesis li� hanger
What does a Pro ess Know?
Env b1 b2 b3 b4
a b d
pro ess b2 knows its input
pro ess b2 knows its output
) pro ess b2 knows the input to pro ess b3
) pro ess b2 knows the output of pro ess b3
: : : least �xed point ) knowledge of b2
knowledge information fork synthesis li� hanger
What does a Pro ess Know?
Env b1 b2 b3 b4
a b d
pro ess b2 knows its input
pro ess b2 knows its output
) pro ess b2 knows the input to pro ess b3
) pro ess b2 knows the output of pro ess b3
: : : least �xed point ) knowledge of b2
knowledge information fork synthesis li� hanger
Super-Pro esses
Env b1 b2 b3 b4
a b d
b2 is better informed than b3 and b4 (b2 � b3, b4)
b2 an simulate b3 and b4
) b2 an be used as a super-pro ess
knowledge information fork synthesis li� hanger
De idability of Ar hite tures
{ parti ularities {
� is an order
pro esses in omparable by �
a
b d
knowledge information fork synthesis li� hanger
Information Fork
Envw1
b2
b3
b4
b5
b2 ' b5 � b3, b4
Unde idable
a
b
b
b
d
d
e
e
f
f
knowledge information fork synthesis li� hanger
Information Fork
Env b1
w2
b3
b4
b5
b1 � b5 � b3, b4
Unde idable
a
b
b
b
d
d
e
e
f
f
knowledge information fork synthesis li� hanger
No Information Fork
Env b1
b2
w3
b4
b5
b1 � b2 ' b5 � b4
De idable
a
b
b
b
d
d
e
e
f
f
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1 b2
a; b
a
A
'
a epts strategies for super-pro ess
Automata transformation: A
'
� B
'
B
'
a epts a strategy for pro ess b2 i�
there is a strategy for pro ess b1 su h that
their omposition is a epted by A
'
test non-emptiness of B
'
A
0
'
{ a epts proper strategies for b1
test non-emptiness of A
0
'
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1 b2
a; b
a
A
'
a epts strategies for super-pro ess
Automata transformation: A
'
� B
'
B
'
a epts a strategy for pro ess b2 i�
there is a strategy for pro ess b1 su h that
their omposition is a epted by A
'
test non-emptiness of B
'
A
0
'
{ a epts proper strategies for b1
test non-emptiness of A
0
'
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1s2
a; b
a
A
'
a epts strategies for super-pro ess
Automata transformation: A
'
� B
'
B
'
a epts a strategy for pro ess b2 i�
there is a strategy for pro ess b1 su h that
their omposition is a epted by A
'
test non-emptiness of B
'
A
0
'
{ a epts proper strategies for b1
test non-emptiness of A
0
'
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1s2
a; b
a
A
'
a epts strategies for super-pro ess
Automata transformation: A
'
� B
'
B
'
a epts a strategy for pro ess b2 i�
there is a strategy for pro ess b1 su h that
their omposition is a epted by A
'
test non-emptiness of B
'
A
0
'
{ a epts proper strategies for b1
test non-emptiness of A
0
'
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Envs1 s2
a; b
a
A
'
a epts strategies for super-pro ess
Automata transformation: A
'
� B
'
B
'
a epts a strategy for pro ess b2 i�
there is a strategy for pro ess b1 su h that
their omposition is a epted by A
'
test non-emptiness of B
'
A
0
'
{ a epts proper strategies for b1
test non-emptiness of A
0
'
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1 b2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1 b2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1 b2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1s2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Env b1s2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
{ ordered ar hite ture {
Envs1 s2
a; b
a
LTL, UWA / UT A, DWA / DT A
proje tion (NT A), narrowing (AT A),
non-determinisation NT A
\annotate" strategy { UT A
determinise { DT A
proje t strategy { NT A
test non-emptiness of NT A { TS / DTA
interse t
test non-emptiness
knowledge information fork synthesis li� hanger
De ision Pro edure
Env b1
b2
w3
b4
b5
a
b
b
b
d
d
e
e
f
f
Ar hite ture transformation 3 linear on bla k-box pro esses
merge equivalent pro esses
atta h white-box pro esses to better informed pro ess
remove feedba k
knowledge information fork synthesis li� hanger
De ision Pro edure
Env b1
b2,b5
w3
b4
a
bb
b
; f
d
d
e
e
f
Ar hite ture transformation 3 linear on bla k-box pro esses
merge equivalent pro esses
atta h white-box pro esses to better informed pro ess
remove feedba k
knowledge information fork synthesis li� hanger
De ision Pro edure
Env b1
b2,b5
w3
b4
a
b
b
; f
d
d
e
e
f
Ar hite ture transformation 3 linear on bla k-box pro esses
merge equivalent pro esses
atta h white-box pro esses to better informed pro ess
remove feedba k
knowledge information fork synthesis li� hanger
De ision Pro edure
Env b1
b2,b5,w3
b4
a
b
b
; f
e
d ; f
Ar hite ture transformation 3 linear on bla k-box pro esses
merge equivalent pro esses
atta h white-box pro esses to better informed pro ess
remove feedba k
knowledge information fork synthesis li� hanger
De ision Pro edure
Env b1
b2,b5,w3
b4
a
b
d ; f
Ordered Ar hite ture
de ision pro edure
adds one exponent / level of knowledge
hardness result
knowledge information fork synthesis li� hanger
Perfe t { But Something 's Wrong
Interfa es { friend or foe?
theory: restri ted information an be abused
pra ti e: then it is a spe i� ation error
Infeasible omplexity non-elementary, unde idable
theory: ompleteness result
maximal size of minimal model
pra ti e: no small model ) spe i� ation error
Rede�ne realisability
there is a feasible model
prede�ned bounds on the implementation
) Bounded Synthesis
knowledge information fork synthesis li� hanger
Perfe t { But Something 's Wrong
Interfa es { friend or foe?
theory: restri ted information an be abused
pra ti e: then it is a spe i� ation error
Infeasible omplexity non-elementary, unde idable
theory: ompleteness result
maximal size of minimal model
pra ti e: no small model ) spe i� ation error
Rede�ne realisability
there is a feasible model
prede�ned bounds on the implementation
) Bounded Synthesis
knowledge information fork synthesis li� hanger
Perfe t { But Something 's Wrong
Interfa es { friend or foe?
theory: restri ted information an be abused
pra ti e: then it is a spe i� ation error
Infeasible omplexity non-elementary, unde idable
theory: ompleteness result
maximal size of minimal model
pra ti e: no small model ) spe i� ation error
Rede�ne realisability
there is a feasible model
prede�ned bounds on the implementation
) Bounded Synthesis
bounded example safety emptiness game implementation ompleteness bounded synthesis
Part V
Two Steps Towards Pra ti e
bounded example safety emptiness game implementation ompleteness bounded synthesis
Overview
Spe i� ation '
Universal Co-B�u hi Automaton
Deterministi
Parity Automaton
Parity
Emptiness Game
Parameterised Deterministi
Safety Automaton
Parameterised Safety
Emptiness Game
SMT Problem
SMT Solving
t
r
a
d
i
t
i
o
n
a
l
bounded
Complete Information
Distributed
Sequen e of Automata Transformations
Safra-Constru tions { Exponential
Lo ality Constraints
Small { Usually Cheap
bounded example safety emptiness game implementation ompleteness bounded synthesis
Overview
Spe i� ation '
Universal Co-B�u hi Automaton
Deterministi
Parity Automaton
Parity
Emptiness Game
Parameterised Deterministi
Safety Automaton
Parameterised Safety
Emptiness Game
SMT Problem
SMT Solving
t
r
a
d
i
t
i
o
n
a
l
bounded
Complete Information
Distributed
Sequen e of Automata Transformations
Safra-Constru tions { Exponential
Lo ality Constraints
Small { Usually Cheap
bounded example safety emptiness game implementation ompleteness bounded synthesis
Overview
Spe i� ation '
Universal Co-B�u hi Automaton
Deterministi
Parity Automaton
Parity
Emptiness Game
Parameterised Deterministi
Safety Automaton
Parameterised Safety
Emptiness Game
SMT Problem
SMT Solving
t
r
a
d
i
t
i
o
n
a
l
bounded
Complete Information
Distributed
Sequen e of Automata Transformations
Safra-Constru tions { Exponential
Lo ality Constraints
Small { Usually Cheap
bounded example safety emptiness game implementation ompleteness bounded synthesis
Example { Simpli�ed Arbiter
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
Synthesis with Complete Information
env
p
1
p
2
r
1
; r
2
r
1
; r
2
g
1
g
2
env
p
1
r
1
; r
2
g
1
; g
2
bounded example safety emptiness game implementation ompleteness bounded synthesis
From Co-B�u hi to Safety
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
Realisable spe i� ation
�nite implementation { size s
bound b on the number of reje ting states { b � s � jF j
safety ondition
s an be bounded by the size of the resp. deterministi automaton
bounded example safety emptiness game implementation ompleteness bounded synthesis
Parameterised Emptiness Game
env
p
1
Input
r
1
; r
2
Output
g
1
; g
2
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
(0; ; )
(0; 0; ) (0; 0; 0) (0; ; 0)
(0; 1; )
(0; 1; 1)
(0; ; 1)
(0; 1; 0) (0; 0; 1)
g
1
g
2
g
1
g
2
g
1
g
2
bounded example safety emptiness game implementation ompleteness bounded synthesis
Parameterised Emptiness Game
env
p
1
Input
r
1
; r
2
Output
g
1
; g
2
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
(0; 1; )
Semanti s of a Game Positon
olle ts the paths of the run tree
i-th position in the annotation:
: no path ends in automaton-state i
n 2 N: a path may end in automaton-state i
ea h su h path has � n previous visits to reje ting states
bounded example safety emptiness game implementation ompleteness bounded synthesis
Parameterised Emptiness Game
env
p
1
Input
r
1
; r
2
Output
g
1
; g
2
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
(0; ; )
(0; 0; ) (0; 0; 0) (0; ; 0)
(0; 1; )
(0; 1; 1)
(0; ; 1)
(0; 1; 0) (0; 0; 1)
g
1
g
2
g
1
g
2
g
1
g
2
bounded example safety emptiness game implementation ompleteness bounded synthesis
Parameterised Emptiness Game
env
p
1
Input
r
1
; r
2
Output
g
1
; g
2
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
(0; ; )
(0; 0; ) (0; 0; 0) (0; ; 0)
(0; 1; )
(0; 1; 1)
(0; ; 1)
(0; 1; 0) (0; 0; 1)
g
1
g
2
g
1
g
2
g
1
g
2
bounded example safety emptiness game implementation ompleteness bounded synthesis
Completeness
(0; 1; 0; r
1
r
2
; g
1
g
2
) (0; 1; 0; r
1
r
2
; g
1
g
2
) (0; 1; 0; r
1
r
2
; g
1
g
2
) (0; 1; 0; r
1
r
2
; g
1
g
2
)
(0; 0; 1; r
1
r
2
; g
1
g
2
) (0; 0; 1; r
1
r
2
; g
1
g
2
) (0; 0; 1; r
1
r
2
; g
1
g
2
) (0; 0; 1; r
1
r
2
; g
1
g
2
)
Theorem { Completeness
An (input preserving) transition system is a epted by a UCB
, it has a valid annotation.
Proof idea
Cy le with reje ting state rea hable in the run graph
, no valid annotation.
bounded example safety emptiness game implementation ompleteness bounded synthesis
Progress Constraints { Automaton Transitions
output omplexity: NP- omplete
1
2 3?
�
g
1
g
2
r
1
r
2
g
1
g
2
8t: �
B
1
(t)! �
B
1
(�
r
1
r
2
(t)) ^ �
#
1
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
1
(�
r
1
r
2
(t)) ^ �
#
1
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
1
(�
r
1
r
2
(t)) ^ �
#
1
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
1
(�
r
1
r
2
(t)) ^ �
#
1
(�
r
1
r
2
(t)) � �
#
1
(t)
8t: �
B
1
(t)! :g
1
(t) _ :g
2
(t)
8t: �
B
1
(t) ^ r
1
(t)! �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) � �
#
1
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) � �
#
1
(t)
8t: �
B
2
(t) ^ :g
1
(t)! �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) > �
#
2
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) > �
#
2
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) > �
#
2
(t)
^ �
B
2
(�
r
1
r
2
(t)) ^ �
#
2
(�
r
1
r
2
(t)) > �
#
2
(t)
Expli it Synthesis
Env Pro
Input
Variables
Output
Variables
Chur h's Solvability Problem { 1963
Given: an interfa e spe i� ation
(identi� ation of input and output variables)
and a behavioural spe i� ation '
Sought: a ir uit s.t. (Input
�
! Output) satis�es '
TS j= '
CTL: EXPTIME- omplete, exponential transition system
LTL: 2EXPTIME- omplete, doubly exponential TS
Expli it vs. Su in t
ounter:
^
1<i�n
8 (p
i
= 8 p
i
)$
^
j<i
p
j
^ (p
i
= 9 p
i
)$
^
j<i
p
j
expli it su in t
ir uit
transition system program
Kripke stru ture online Turing ma hine
2
n
states tape size n
Su in t Synthesis
min-output PSPACE- omplete
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
LTL: dito for intermediate automata
Su in t Synthesis
min-output PSPACE- omplete
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
LTL: dito for intermediate automata
Su in t Synthesis
min-output PSPACE- omplete
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
LTL: dito for intermediate automata
Su in t Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
only if: guess & verify EXPTIME- omplete
hen e: PSPACE in the minimal su in t solution
if: mu h harder
uses the DSA from bounded synthesis
Su in t Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
only if: guess & verify EXPTIME- omplete
hen e: PSPACE in the minimal su in t solution
if: mu h harder
uses the DSA from bounded synthesis
Su in t Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
only if: guess & verify EXPTIME- omplete
hen e: PSPACE in the minimal su in t solution
if: mu h harder
uses the DSA from bounded synthesis
PSPACE=EXPTIME ) Small Model
env
p
1
Input
r
1
; r
2
Output
g
1
; g
2
1
2 3
?
�
g
1
g
2
r
1
r
2
g
1
g
2
(0; ; )
(0; 0; ) (0; 0; 0) (0; ; 0)
(0; 1; )
(0; 1; 1)
(0; ; 1)
(0; 1; 0) (0; 0; 1)
g
1
g
2
g
1
g
2
g
1
g
2
Su in t & Fast Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
if: as before
only if: onstru tion not enough
en ode universal spa e bounded ATM
environment provides initial tape
immediate answer to the halting problem
Su in t & Fast Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
if: as before
only if: onstru tion not enough
en ode universal spa e bounded ATM
environment provides initial tape
immediate answer to the halting problem
Su in t & Fast Synthesis
Env Pro
Input
Variables
Output
Variables
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
if: as before
only if: onstru tion not enough
en ode universal spa e bounded ATM
environment provides initial tape
immediate answer to the halting problem
Implementations
General Sear h: Geneti Progamming & Co
Gal Katz, Doron Peled: MCGP: A Software Synthesis Tool
Based on Model Che king and Geneti Programming. ATVA
2010: 359-364
Gal Katz, Doron Peled: Code Mutation in Veri� ation and
Automati Code Corre tion. TACAS 2010: 435-450
Gal Katz, Doron Peled: Model Che king-Based Geneti
Programming with an Appli ation to Mutual Ex lusion.
TACAS 2008: 141-156
Colin G. Johnson: Geneti Programming with Fitness Based
on Model Che king. EuroGP 2007: 114-124
Sneak Preview
Sear h mutex leader ele tion
Te hnique 2 shared bits 3 shared bits 3 nodes 4 nodes
simulated
annealing
exe ution time 20 23 84 145
su ess rate 19 23 19 17
overall time 105.26 100 442.1 852.94
hybrid
exe ution time 113 171 418 536
su ess rate 31 17 15 11
overall time 364.51 1,005.88 2,786.66 4,872.72
geneti
programming
exe ution time 583 615 1120 1311
su ess rate 7 7 3 3
overall time 8,328.57 8,785.71 37,333.33 43,700.00
pure bounded su in t summary
Part VII
summary
pure bounded su in t summary
Automata Theoreti Approa h
pro: simple
narrowing
proje tion
determinisation (word)
pro: lean
introdu tion of Partial Designs
hara terisation of the lass of de idable
ar hite tures �
uniform synthesis algorithm
on: beyond pri e
on: does not bene�t from small solutions
pure bounded su in t summary
Bounded Synthesis
Bounded Synthesis
guess implementation & verify
NP omplete in minimal transition system & A
'
pro: omplexity loser to model he king
pro: appli able to distributed systems
on: transition system vs. program / ir uit
pure bounded su in t summary
Su in t Synthesis
| is good news |
Env Pro
Input
Variables
Output
Variables
Is there always a small oTM? CTL
if and
only if
PSPACE = EXPTIME
Is there always a small & fast ir uit? CTL
if and
only if
EXPTIME � P/poly
pure bounded su in t summary
Synthesis vs. Model Che king
Bounded Synthesis of Su in t Systems
onstru t a orre t program / ir uit
PSPACE omplete in minimal program / ir uit & '
pro: omplexity equal to model he king
pro: appli able to distributed systems
pure bounded su in t summary
Summary
Distributed Synthesis
de idability
omplexity
Bounded Synthesis
de idability
omplexity
Su in t Synthesis
de idability
omplexity
Recommended