Live sequence charts (LSCs) have been de ned recently as an extension of message sequence charts (MSCs � or their UML variant, sequence diagrams) for rich inter-object speci cation. One of the main additions is the notion of universal charts and hot, mandatory behavior, which, among other things, enables one to specify forbidden scenarios. LSCs are thus essentially as expressive as statecharts. This paper deals with synthesis, which is the problem of deciding, given an LSC speci cation, if there exists a satisfying object system and, if so, to synthesize one automatically. The synthesis problem is crucial in the development of complex systems, since sequence diagrams serve as the manifestation of use cases | whether used formally or informally | and if synthesizable they could lead directly to implementation. Synthesis is considerably harder for LSCs than for MSCs, and we tackle it by de ning consistency, showing that an entire LSC speci cation is consistent i it is satis able by a state-based object system, and then synthesizing a satisfying system as a collection of nite state machines or statecharts. 1

Recent research has addressed the problem of planning in non-deterministic domains. Classical planning has also been extended to the case of goals that can express temporal properties. However, the combination of these two aspects is not trivial. In non-deterministic domains, goals should take into account the fact that a plan may result in many possible different executions and that some requirements can be enforced on all the possible executions, while others may be enforced only on some executions. In this paper we address this problem.

We describe a methodology for executing scenario-based requirements of reactive systems, focusing on "playing-out" the behavior using formal verification techniques for driving the execution. The methodology is implemented in full in our play-engine tool . The approach appears to be useful in many stages in the development of reactive systems, and might also pave the way to systems that are constructed directly from their requirements, without the need for intra-object or intra-component modeling or coding.

Methods for mechanically synthesizing concurrent programs from temporal logic specifications obviate the need to manually construct a program and compose a proof of its correctness. A serious drawback of extant synthesis methods, however, is that they produce concurrent programs for models of computation that are often unrealistic. In particular, these methods assume completely fault-free operation, i.e., the programs they produce are fault-intolerant. In this paper, we show how to mechanically synthesize fault-tolerant concurrent programs for various fault classes. We illustrate our method by synthesizing fault-tolerant solutions to the mutual exclusion and barrier synchronization problems. Categories and Subject Descriptors: F.3.1 [Logics and Meanings of Programs]: Specifying and Verifying and Reasoning about Programs—logics of programs, mechanical verification, specification

Several realistic non-deterministic planning domains require plans that encode iterative trial-and-error strategies, e.g., "pick up a block until succeed". In such domains, a certain effect (e.g., action success) might never be guaranteed a priori of execution and, in principle, iterative plans might loop forever. Here, the planner should generate iterative plans whose executions always have a possibility of terminating and, when they do, they are guaranteed to achieve the goal. In this paper, we define the notion of strong cyclic plan, which formalizes in temporal logic the above informal requirements for iterative plans, define a planning algorithm based on model-checking techniques, and prove that the algorithm is guaranteed to return strong cyclic plans when they exist or to terminate with failure when they do not. We show how this approach can be extended to formalize plans that are guaranteed to achieve the goal and do not involve iterations (strong plans) and plans that have a possibility (but are not guaranteed) to achieve the goal (weak plans). The results presented in this paper constitute a formal account for "planning via model checking" in non-deterministic domains, which has never been provided before.

We consider the problem of synthesizing controllers for timed systems modeled using timed automata. The point of departure from earlier work is that we consider controllers that have only a partial observation of the system that it controls. In discrete event systems (where continuous time is not modeled), it is well known how to handle partial observability, and decidability issues do not differ from the complete information setting. We show however that timed control under partial observability is undecidable even for internal specifications (while the analogous problem under complete observability is decidable) and we identify a decidable subclass.

We consider the problem of synthesizing a fully controllable target behavior from a set of available partially controllable behaviors that are to execute within a shared partially predictable, but fully observable, environment. Behaviors are represented with a sort of nondeterministic transition systems, whose transitions are conditioned on the current state of the environment, also represented as a nondeterministic finite transition system. On the other hand, the target behavior is assumed to be fully deterministic and stands for the behavior that the system as a whole needs to guarantee. We formally define the problem within an abstract framework, characterize its computational complexity, and propose a solution by appealing to satisfiability in Propositional Dynamic Logic, which is indeed optimal with respect to computational complexity. We claim that this problem, while novel to the best of our knowledge, can be instantiated to multiple specific settings in different contexts and can thus be linked to different research areas of AI, including agent-oriented programming and cognitive robotics, control, multi-agent coordination, plan integration, and automatic web-service composition. 1

Abstract not found

this paper. 2 Basics of PLTL Let P be a set of propositional variables. The set of formulae of propositional linear time logic PLTL (over P) is inductively defined as follows: (i) ? is a formula of PLTL, (ii) every propositional variable of P is a formula of PLTL, (iii) if ' and / are formulae of PLTL, then :' and (' /) are formulae of PLTL, and (iv) if ' and / are formulae of PLTL, then #' (in the next moment of time ' is true), 3' (sometimes in the future ' is true), 2' (always in the future ' is true), (' U /) (' is true until / is true), and (' W /) (' is true unless / is true) are formulae of PLTL. Other Boolean connectives including ?, , !, and $ are defined using ?, :, and

Planning in nondeterministic domains with temporally extended goals under partial observability is one of the most challenging problems in planning. Simpler subsets of this problem have been already addressed in the literature, but the general combination of extended goals and partial observability is, to the best of our knowledge, still an open problem. In this paper we present a first attempt to solve the problem, namely, we define an algorithm that builds plans in the general setting of planning with extended goals and partial observability. The algorithm builds on the top of the techniques developed in the planning with model checking framework for the restricted problems of extended goals and of partial observability.