Synthesis - AVACS · Octob er 2 nd, 2015. A Mo dest Goal obtain rrect co systems. . . A Mo dest Goal obtain rrect co systems. . .. . . without doing anything. Sp eci cation Implementation

Synthesis

Sven S hewe

University of Liverpool

AVACS Autumn S hool, O tober 2

nd

, 2015

A Modest Goal

obtain orre t systems . . .

A Modest Goal

obtain orre t systems . . .

. . . without doing anything.

Spe i� ation

Implementation

Veri� ation

orre t

in orre t

Spe i� ation Synthesis

implementation

unrealisable

Appli ations

Dete tion of in onsistent spe i� ations

Partial design veri� ation

(Early error dete tion)

Error lo alisation

Automated prototyping

Synthesis

Spe i� ation Spe i� ation

& Ar hite ture

ATL, ATL*, CL + CTL, LTL, CTL*

alternating-time �- al ulus + �- al ulus

Requirement: The s ientist an get as mu h o�ee as she likes.

ATL*: hhs ientistii get

o�ee

Synthesis


& Ar hite ture



environment

ontroller

brewing group

sensorgrinder

want

o�ee

get

o�ee

brew!

grind!

b info

g info

d

o

n

e


LTL: (want

o�ee

! get

o�ee

)

CTL: 8 (want

o�ee

! 8 get

o�ee

)

Synthesis


& Partial Design



environment

ontroller

brewing group

sensorgrinder

want

o�ee

get

o�ee

brew!

grind!

b info

g info

d

o

n

e


LTL: (want

o�ee

! get

o�ee

)

CTL: 8 (want

o�ee

! 8 get

o�ee

)

Synthesis


& Partial Design



environment

ontroller

brewing group

sensorgrinder

want

o�ee

get

o�ee

brew!

grind!

b info

g info

d

o

n

e

| {z }

Automata-Theory

| {z }

Constru tive Non-Emptiness Games

The birth of the synthesis problem

Alonzo Chur h Summer Institute of Symboli Logi

Cornell University 1957

Given a requirement whi h a ir uit is to satisfy, we may suppose

the requirement expressed in some suitable logisti system whi h is

an extension of restri ted re ursive arithmeti . The synthesis

problem is then to �nd re ursion equivalen es representing a ir uit

that satis�es the given requirement (or alternatively, to determine

that there is no su h ir uit).

Chur h's Solvability Problem

Env Pro

Input

Variables

Output

Variables

Chur h's Solvability Problem 1963

Given: an interfa e spe i� ation

(identi� ation of input and output variables)

and a behavioural spe i� ation '

Sought: an implementation (Input

�

! Output), satisfying '

Input

j= '


Env Pro

Input

Variables

Output

Variables






�


Env k Pro j= '


Env Pro

Input

Variables

Output

Variables






�


9Pro 8Env. Env k Pro j= '

Part I

But how? History and Simpli ity of Synthesis

Synthesis through the ages

1963 Chur h's solvability problem

1969 B�u hi and Landweber, �nite games of in�nte duration

1969 Rabin's solution based on deterministing !-automata

Algorithms LTL

1989 Pnueli and Rosner

2005 Kupferman and Vardi \Safraless"

2007 S and Finkbeiner \B�u hiless"

Tools LTL

2009 Filiot, Jin, and Raskin (Anti hain)

2010 Ehlers (BDD)

. . .

Algorithms

in the vi inity of synthesis

Tree Automata

1

Proje tion simple

2

Narrowing / information hiding simple

Word Automata

1

determinisation diÆ ult

Algorithms

in the vi inity of synthesis

Tree Automata

1

Proje tion simple

2

Narrowing / information hiding simple

Word Automata

1

determinisation diÆ ult

But why is it diÆ ult?

Finite and B�u hi Automata

1 2

a; b

a; b

b

Finite Automata

interpreted over �nite words here: over � = fa; bg

run: start at some initial state

stepwise: read an input letter, and

traverse the automaton respe tively

a epting: is in a �nal state after pro essing the omplete word

language: words with a epting runs

here: �

�

r f"g

Finite and B�u hi Automata

1 2

a; b

a; b

b

B�u hi Automata

interpreted over in�nite words here: over � = fa; bg

run: start at some initial state

stepwise: read an input letter, and

traverse the automaton respe tively

a epting: is in�nitely often in a �nal state while pro essing

the omplete !-word

language: words with a epting runs

here: !-words with �nitely many a's

Determinisation of Finite Automata

1 2

a; b

a; b

b

1

1; 2

a; b

a; b

Determinisation of B�u hi Automata

1 2

a; b

a; b

b

Deterministi B�u hi Automata . . .

. . . are less expressive than nondeterministi B�u hi automata.

Example Language: All words with �nitely many a's

Constru t an input word by repeatedly

hoosing b's until a �nal state is rea hed

hoosing an a on e.

) determinisation requires more involved a eptan e

ondition


1 2

a; b

a; b

b

�

�

b

a

a b

Muller Automata

Table of a eptable in�nity sets.

�nitely many a's:

�

f�g


�

�

b

a

a b

Muller Automata normal forms

Rabin: list of pairs (A

i

;R

i

) of a epting and reje ting

states

for some pair, some a epting and no reje ting

state o urs in�nitely often

Streett: list of pairs (A

i

;R

i


states (dual ase)

for all pairs, some a epting or no reje ting


Parity: priority fun tion states! N

lowest priority o urring in�nitely often is even

Rabin hain or Streett double hain ondition


�

�

b

a

a b



i

;R

i


states




i

;R

i


states (dual ase)







�

�

b

a

a b



i

;R

i


states




i

;R

i


states (dual ase)






Algorithms

determinising !-automata

1969 Rabin's solution based on deterministing !-automata

1988 Safra n

O(n)

1988 Mi hel n

�(n)

2006 Piterman O(n!

2

) (bound by [S08℄)

2008 S O

�

( n)

n

�

with � 1:65 Rabin

2008 Col ombet and Zdanowski �

�

( n)

n

�

Rabin

2012 S and Varghese determinising GBA

2014 S and Varghese �(n!

2

) parity and Streett

Part II

Warm-Up: LTL { Automata & Simple Cases

Automata & Games

LTL

LTL ) alternating word automata (AA)

AA ) a eptan e game for tra es

AA 6) existen e game for tra es

NBA ) existen e game for tra es

NBA and model he king

Linear-Time Temporal Logi s

{ as a word language {

LTL formulas

' ::= true j p j :' j ' ^ ' j ' _ ' j ' j ' j' j 'U '

p: p

': '

':'

': ' ' ' ' ' ' ' ' ' '

'U : ' ' ' ' ' ' ' '

Linear-Time Temporal Logi s

{ a ba kwards aproa h {

p _:p

a harmless tautology

p: p p p p p p p : : :

p:

p p p p p p p p

:p:p p

p _:p:p p p p p p p p p p

p _:p:p p p p p p p p p p

p _:p:p p p p p p p p p

A eptan e Game

p _:p AA

1 p _:p ! p _:p ^ p _:p

2 p _:p ! p _:p _ p _:p

3 p _:p ! p _:p

4 p ! p

5 :p ! :p

p: p p p p p p p : : :

Emptiness Game

p _:p AA

1 p _:p ! p _:p ^ p _:p

2 p _:p ! p _:p _ p _:p

3 p _:p ! p _:p

4 p ! p

5 :p ! :p

Emptiness Game

p ^:p AA

1 p ^:p ! p ^:p ^ p ^:p

2 p ^:p ! p ^:p _ p ^:p

3 p ^:p ! p ^:p

4 p ! p

5 :p ! :p

the a eptan e player an heat

by using previous hoi es of the reje tion player when

onstru ting a \model"

Emptiness Game

p ^:p AA

1 p ^:p ! p ^:p ^ p ^:p

2 p ^:p ! p ^:p _ p ^:p

3 p ^:p ! p ^:p

4 p ! p

5 :p ! :p

the a eptan e player an heat

by using previous hoi es of the reje tion player when

onstru ting a \model"

A eptan e Game

{ non-deterministi automata {

p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

p: p p p p p p p : : :

GBA: 3 2 1 1 3 2 1 1 1 1

Emptiness Game


p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Model Che king Game


p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Input

j= '

Model Che king Game


p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Input

6j= '

Model Che king Game


p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Input

6j= :'

Model Che king Game


p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Input

6j= '

Model Che king Game

{ universal automata {

: p _:p UCA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg

Input

j= '

Model Che king Game

{ universal automata {

p _:p UCA

NBA for :p ^ p

1

f g

2

f ; ; p;:pg

(blo ks as NBA, a epts immediately as UCA)

Input

j= '

Part III

Automata & Solvability


Env Pro

Input

Variables

Output

Variables

Chur h's Solvability Problem { 1963





�


Input

j= '

Automata & Games for Synthesis

Implementation

�

Computation Tree

Automata-theoreti approa h

Spe i� ation ' � Automaton A

'

Models of ' � Language of A

'

Realisability of ' � Language Non-Emptiness of A

'


{ on the running example {

Env Pro

;

p

as before { AA won't do

how about NA?



Env Pro

;

p

as before { AA won't do

how about NA?



Env Pro

p

;

p _:p GBA

1

f ; ; p _:p; p; pg

2

f ; ; p _:p; p;:pg

3

f ; ; p _:p;:p; pg

4

f ; ; p _:p;:p;:pg

5

f ; ; pg

6

f ; ;:pg



Env Pro

p

;

p _:p UCA

NBA for :p ^ p

1

f g

2

f ; ; p;:pg

(blo ks as NBA, a epts immediately as UCA)


{ in omplete information {

Env Pro

Input

Variables

Output

Variables

AA ) UA / NA ) DA (expensive)

Input

j= '

Extension: In omplete Information

Env Pro

Input

Variables

Output

Variables

Hidden

Variables

UA / NA ) DA (expensive)

\narrowing operation" AA ) AA, UA ) UA, NA 6) NA

if dir

1

and dir

2

are indistinguishable and

you'd send s

1

to dir

1

and s

2

to dir

2

; send s

1

and s

2

to dir

12

Extension: In omplete Information

Env Pro

Input

Variables

Output

Variables

Hidden

Variables

UA / NA ) DA (expensive)

\narrowing operation" AA ) AA, UA ) UA, NA 6) NA

if dir

1

and dir

2

are indistinguishable and

you'd send s

1

to dir

1

and s

2

to dir

2

; send s

1

and s

2

to dir

12

knowledge information fork synthesis li� hanger

Part IV

Distributed Strategies


Distributed Synthesis

{ lassi results {

De idable Ar hite tures

Pipelines [Pnueli+Rosner 90℄

Two-Way Chains [Kupferman+Vardi 01℄

One-Way Rings [Kupferman+Vardi 01℄

Unde idable Ar hite ture

a

b d

[Pnueli+Rosner 90℄


What does a Pro ess Know?

Env b1 b2 b3 b4

a b d

pro ess b2 knows its input

pro ess b2 knows its output

) pro ess b2 knows the input to pro ess b3

) pro ess b2 knows the output of pro ess b3

: : : least �xed point ) knowledge of b2



Env b1 b2 b3 b4

a b d








Env b1 b2 b3 b4

a b d








Env b1 b2 b3 b4

a b d








Env b1 b2 b3 b4

a b d







Super-Pro esses

Env b1 b2 b3 b4

a b d

b2 is better informed than b3 and b4 (b2 � b3, b4)

b2 an simulate b3 and b4

) b2 an be used as a super-pro ess


De idability of Ar hite tures

{ parti ularities {

� is an order

pro esses in omparable by �

a

b d


Information Fork

Envw1

b2

b3

b4

b5

b2 ' b5 � b3, b4

Unde idable

a

b

b

b

d

d

e

e

f

f


Information Fork

Env b1

w2

b3

b4

b5

b1 � b5 � b3, b4

Unde idable

a

b

b

b

d

d

e

e

f

f


No Information Fork

Env b1

b2

w3

b4

b5

b1 � b2 ' b5 � b4

De idable

a

b

b

b

d

d

e

e

f

f


De ision Pro edure

{ ordered ar hite ture {

Env b1 b2

a; b

a

A

'

a epts strategies for super-pro ess

Automata transformation: A

'

� B

'

B

'

a epts a strategy for pro ess b2 i�

there is a strategy for pro ess b1 su h that

their omposition is a epted by A

'

test non-emptiness of B

'

A

0

'

{ a epts proper strategies for b1

test non-emptiness of A

0

'


De ision Pro edure


Env b1 b2

a; b

a

A

'



'

� B

'

B

'




'


'

A

0

'



0

'


De ision Pro edure


Env b1s2

a; b

a

A

'



'

� B

'

B

'




'


'

A

0

'



0

'


De ision Pro edure


Env b1s2

a; b

a

A

'



'

� B

'

B

'




'


'

A

0

'



0

'


De ision Pro edure


Envs1 s2

a; b

a

A

'



'

� B

'

B

'




'


'

A

0

'



0

'


De ision Pro edure


Env b1 b2

a; b

a

LTL, UWA / UT A, DWA / DT A

proje tion (NT A), narrowing (AT A),

non-determinisation NT A

\annotate" strategy { UT A

determinise { DT A

proje t strategy { NT A

test non-emptiness of NT A { TS / DTA

interse t

test non-emptiness


De ision Pro edure


Env b1 b2

a; b

a





determinise { DT A



interse t

test non-emptiness


De ision Pro edure


Env b1 b2

a; b

a





determinise { DT A



interse t

test non-emptiness


De ision Pro edure


Env b1s2

a; b

a





determinise { DT A



interse t

test non-emptiness


De ision Pro edure


Env b1s2

a; b

a





determinise { DT A



interse t

test non-emptiness


De ision Pro edure


Envs1 s2

a; b

a





determinise { DT A



interse t

test non-emptiness


De ision Pro edure

Env b1

b2

w3

b4

b5

a

b

b

b

d

d

e

e

f

f

Ar hite ture transformation 3 linear on bla k-box pro esses

merge equivalent pro esses

atta h white-box pro esses to better informed pro ess

remove feedba k


De ision Pro edure

Env b1

b2,b5

w3

b4

a

bb

b

; f

d

d

e

e

f




remove feedba k


De ision Pro edure

Env b1

b2,b5

w3

b4

a

b

b

; f

d

d

e

e

f




remove feedba k


De ision Pro edure

Env b1

b2,b5,w3

b4

a

b

b

; f

e

d ; f




remove feedba k


De ision Pro edure

Env b1

b2,b5,w3

b4

a

b

d ; f

Ordered Ar hite ture

de ision pro edure

adds one exponent / level of knowledge

hardness result


Perfe t { But Something 's Wrong

Interfa es { friend or foe?

theory: restri ted information an be abused

pra ti e: then it is a spe i� ation error

Infeasible omplexity non-elementary, unde idable

theory: ompleteness result

maximal size of minimal model

pra ti e: no small model ) spe i� ation error

Rede�ne realisability

there is a feasible model

prede�ned bounds on the implementation

) Bounded Synthesis













) Bounded Synthesis













) Bounded Synthesis

bounded example safety emptiness game implementation ompleteness bounded synthesis

Part V

Two Steps Towards Pra ti e


Overview

Spe i� ation '

Universal Co-B�u hi Automaton

Deterministi

Parity Automaton

Parity

Emptiness Game

Parameterised Deterministi

Safety Automaton

Parameterised Safety

Emptiness Game

SMT Problem

SMT Solving

t

r

a

d

i

t

i

o

n

a

l

bounded

Complete Information

Distributed

Sequen e of Automata Transformations

Safra-Constru tions { Exponential

Lo ality Constraints

Small { Usually Cheap


Overview

Spe i� ation '


Deterministi

Parity Automaton

Parity

Emptiness Game


Safety Automaton


Emptiness Game

SMT Problem

SMT Solving

t

r

a

d

i

t

i

o

n

a

l

bounded


Distributed






Overview

Spe i� ation '


Deterministi

Parity Automaton

Parity

Emptiness Game


Safety Automaton


Emptiness Game

SMT Problem

SMT Solving

t

r

a

d

i

t

i

o

n

a

l

bounded


Distributed






Example { Simpli�ed Arbiter

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

Synthesis with Complete Information

env

p

1

p

2

r

1

; r

2

r

1

; r

2

g

1

g

2

env

p

1

r

1

; r

2

g

1

; g

2


From Co-B�u hi to Safety

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

Realisable spe i� ation

�nite implementation { size s

bound b on the number of reje ting states { b � s � jF j

safety ondition

s an be bounded by the size of the resp. deterministi automaton


Parameterised Emptiness Game

env

p

1

Input

r

1

; r

2

Output

g

1

; g

2

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

(0; ; )

(0; 0; ) (0; 0; 0) (0; ; 0)

(0; 1; )

(0; 1; 1)

(0; ; 1)

(0; 1; 0) (0; 0; 1)

g

1

g

2

g

1

g

2

g

1

g

2



env

p

1

Input

r

1

; r

2

Output

g

1

; g

2

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

(0; 1; )

Semanti s of a Game Positon

olle ts the paths of the run tree

i-th position in the annotation:

: no path ends in automaton-state i

n 2 N: a path may end in automaton-state i

ea h su h path has � n previous visits to reje ting states



env

p

1

Input

r

1

; r

2

Output

g

1

; g

2

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

(0; ; )

(0; 0; ) (0; 0; 0) (0; ; 0)

(0; 1; )

(0; 1; 1)

(0; ; 1)

(0; 1; 0) (0; 0; 1)

g

1

g

2

g

1

g

2

g

1

g

2



env

p

1

Input

r

1

; r

2

Output

g

1

; g

2

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

(0; ; )

(0; 0; ) (0; 0; 0) (0; ; 0)

(0; 1; )

(0; 1; 1)

(0; ; 1)

(0; 1; 0) (0; 0; 1)

g

1

g

2

g

1

g

2

g

1

g

2


Completeness

(0; 1; 0; r

1

r

2

; g

1

g

2

) (0; 1; 0; r

1

r

2

; g

1

g

2

) (0; 1; 0; r

1

r

2

; g

1

g

2

) (0; 1; 0; r

1

r

2

; g

1

g

2

)

(0; 0; 1; r

1

r

2

; g

1

g

2

) (0; 0; 1; r

1

r

2

; g

1

g

2

) (0; 0; 1; r

1

r

2

; g

1

g

2

) (0; 0; 1; r

1

r

2

; g

1

g

2

)

Theorem { Completeness

An (input preserving) transition system is a epted by a UCB

, it has a valid annotation.

Proof idea

Cy le with reje ting state rea hable in the run graph

, no valid annotation.


Progress Constraints { Automaton Transitions

output omplexity: NP- omplete

1

2 3?

�

g

1

g

2

r

1

r

2

g

1

g

2

8t: �

B

1

(t)! �

B

1

(�

r

1

r

2

(t)) ^ �

#

1

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

1

(�

r

1

r

2

(t)) ^ �

#

1

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

1

(�

r

1

r

2

(t)) ^ �

#

1

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

1

(�

r

1

r

2

(t)) ^ �

#

1

(�

r

1

r

2

(t)) � �

#

1

(t)

8t: �

B

1

(t)! :g

1

(t) _ :g

2

(t)

8t: �

B

1

(t) ^ r

1

(t)! �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) � �

#

1

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) � �

#

1

(t)

8t: �

B

2

(t) ^ :g

1

(t)! �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) > �

#

2

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) > �

#

2

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) > �

#

2

(t)

^ �

B

2

(�

r

1

r

2

(t)) ^ �

#

2

(�

r

1

r

2

(t)) > �

#

2

(t)

Expli it Synthesis

Env Pro

Input

Variables

Output

Variables

Chur h's Solvability Problem { 1963




Sought: a ir uit s.t. (Input

�

! Output) satis�es '

TS j= '

CTL: EXPTIME- omplete, exponential transition system

LTL: 2EXPTIME- omplete, doubly exponential TS

Expli it vs. Su in t

ounter:

^

1<i�n

8 (p

i

= 8 p

i

)$

^

j<i

p

j

^ (p

i

= 9 p

i

)$

^

j<i

p

j

expli it su in t

ir uit

transition system program

Kripke stru ture online Turing ma hine

2

n

states tape size n

Su in t Synthesis

min-output PSPACE- omplete

Env Pro

Input

Variables

Output

Variables

Is there always a small oTM? CTL

if and

only if

PSPACE = EXPTIME

Is there always a small & fast ir uit? CTL

if and

only if

EXPTIME � P/poly

LTL: dito for intermediate automata

Su in t Synthesis


Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME


if and

only if

EXPTIME � P/poly


Su in t Synthesis


Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME


if and

only if

EXPTIME � P/poly


Su in t Synthesis

Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME

only if: guess & verify EXPTIME- omplete

hen e: PSPACE in the minimal su in t solution

if: mu h harder

uses the DSA from bounded synthesis

Su in t Synthesis

Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME



if: mu h harder


Su in t Synthesis

Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME



if: mu h harder


PSPACE=EXPTIME ) Small Model

env

p

1

Input

r

1

; r

2

Output

g

1

; g

2

1

2 3

?

�

g

1

g

2

r

1

r

2

g

1

g

2

(0; ; )

(0; 0; ) (0; 0; 0) (0; ; 0)

(0; 1; )

(0; 1; 1)

(0; ; 1)

(0; 1; 0) (0; 0; 1)

g

1

g

2

g

1

g

2

g

1

g

2

Su in t & Fast Synthesis

Env Pro

Input

Variables

Output

Variables


if and

only if

EXPTIME � P/poly

if: as before

only if: onstru tion not enough

en ode universal spa e bounded ATM

environment provides initial tape

immediate answer to the halting problem


Env Pro

Input

Variables

Output

Variables


if and

only if

EXPTIME � P/poly

if: as before






Env Pro

Input

Variables

Output

Variables


if and

only if

EXPTIME � P/poly

if: as before





Implementations

General Sear h: Geneti Progamming & Co

Gal Katz, Doron Peled: MCGP: A Software Synthesis Tool

Based on Model Che king and Geneti Programming. ATVA

2010: 359-364

Gal Katz, Doron Peled: Code Mutation in Veri� ation and

Automati Code Corre tion. TACAS 2010: 435-450

Gal Katz, Doron Peled: Model Che king-Based Geneti

Programming with an Appli ation to Mutual Ex lusion.

TACAS 2008: 141-156

Colin G. Johnson: Geneti Programming with Fitness Based

on Model Che king. EuroGP 2007: 114-124

Sneak Preview

Sear h mutex leader ele tion

Te hnique 2 shared bits 3 shared bits 3 nodes 4 nodes

simulated

annealing

exe ution time 20 23 84 145

su ess rate 19 23 19 17

overall time 105.26 100 442.1 852.94

hybrid

exe ution time 113 171 418 536

su ess rate 31 17 15 11

overall time 364.51 1,005.88 2,786.66 4,872.72

geneti

programming

exe ution time 583 615 1120 1311

su ess rate 7 7 3 3

overall time 8,328.57 8,785.71 37,333.33 43,700.00

pure bounded su in t summary

Part VII

summary


Automata Theoreti Approa h

pro: simple

narrowing

proje tion

determinisation (word)

pro: lean

introdu tion of Partial Designs

hara terisation of the lass of de idable

ar hite tures �

uniform synthesis algorithm

on: beyond pri e

on: does not bene�t from small solutions


Bounded Synthesis

Bounded Synthesis

guess implementation & verify

NP omplete in minimal transition system & A

'

pro: omplexity loser to model he king

pro: appli able to distributed systems

on: transition system vs. program / ir uit


Su in t Synthesis

| is good news |

Env Pro

Input

Variables

Output

Variables


if and

only if

PSPACE = EXPTIME


if and

only if

EXPTIME � P/poly


Synthesis vs. Model Che king

Bounded Synthesis of Su in t Systems

onstru t a orre t program / ir uit

PSPACE omplete in minimal program / ir uit & '

pro: omplexity equal to model he king

pro: appli able to distributed systems


Summary

Distributed Synthesis

de idability

omplexity

Bounded Synthesis

de idability

omplexity

Su in t Synthesis

de idability

omplexity

Documents

Synthesis - AVACS · Octob er 2 nd, 2015. A Mo dest Goal obtain rrect co systems. . . A Mo dest Goal obtain rrect co systems. . .. . . without doing anything. Sp eci cation Implementation