Results 1  10
of
38
Synthesis of reactive(1) designs
 In Proc. Verification, Model Checking, and Abstract Interpretation (VMCAI’06
, 2006
"... Abstract. We consider the problem of synthesizing digital designs from their LTL specification. In spite of the theoretical double exponential lower bound for the general case, we show that for many expressive specifications of hardware designs the problem can be solved in time N 3, where N is the s ..."
Abstract

Cited by 124 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We consider the problem of synthesizing digital designs from their LTL specification. In spite of the theoretical double exponential lower bound for the general case, we show that for many expressive specifications of hardware designs the problem can be solved in time N 3, where N is the size of the state space of the design. We describe the context of the problem, as part of the Prosyd European Project which aims to provide a propertybased development flow for hardware designs. Within this project, synthesis plays an important role, first in order to check whether a given specification is realizable, and then for synthesizing part of the developed system. The class of LTL formulas considered is that of Generalized Reactivity(1) (generalized Streett(1)) formulas, i.e., formulas of the form: ( p1 ∧ · · · ∧ pm) → ( q1 ∧ · · · ∧ qn) where each pi, qi is a boolean combination of atomic propositions. We also consider the more general case in which each pi, qi is an arbitrary past LTL formula over atomic propositions. For this class of formulas, we present an N 3time algorithm which checks whether such a formula is realizable, i.e., there exists a circuit which satisfies the formula under any set of inputs provided by the environment. In the case that the specification is realizable, the algorithm proceeds to construct an automaton which represents one of the possible implementing circuits. The automaton is computed and presented symbolically. 1
Program repair as a game
 In 17th Conference on Computer Aided Verification (CAV’05
, 2005
"... Abstract. We present a conservative method to automatically fix faults in a finite state program by considering the repair problem as a game. The game consists of the product of a modified version of the program and an automaton representing the LTL specification. Every winning finite state strategy ..."
Abstract

Cited by 62 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a conservative method to automatically fix faults in a finite state program by considering the repair problem as a game. The game consists of the product of a modified version of the program and an automaton representing the LTL specification. Every winning finite state strategy for the game corresponds to a repair. The opposite does not hold, but we show conditions under which the existence of a winning strategy is guaranteed. A finite state strategy corresponds to a repair that adds variables to the program, which we argue is undesirable. To avoid extra state, we need a memoryless strategy. We show that the problem of finding a memoryless strategy is NPcomplete and present a heuristic. We have implemented the approach symbolically and present initial evidence of its usefulness. 1
Finding and fixing faults
 Paul (Eds.), 13th Conference on Correct Hardware Design and Verification Methods (CHARME ’05
, 2005
"... Knowing that a program has a bug is good, knowing its location is better, but a fix is best. We present a method to automatically locate and correct faults in a finite state system, either at the gate level or at the source level. We assume that the specification is given in Linear Temporal Logic, a ..."
Abstract

Cited by 44 (7 self)
 Add to MetaCart
(Show Context)
Knowing that a program has a bug is good, knowing its location is better, but a fix is best. We present a method to automatically locate and correct faults in a finite state system, either at the gate level or at the source level. We assume that the specification is given in Linear Temporal Logic, and state the correction problem as a game, in which the protagonist selects a faulty component and suggests alternative behavior. The basic approach is complete but as complex as synthesis. It also suffers from problems of readability: the correction may add state and logic to the system. We present two heuristics. The first avoids the doubly exponential blowup associated with synthesis by using nondeterministic automata. The second heuristic finds a memoryless strategy, which we show is an NPcomplete problem. A memoryless strategy corresponds to a simple, local correction that does not add any state. The drawback of the two heuristics is that they are not complete unless the specification is an invariant. Our approach is general: the user can define what constitutes a component, and the suggested correction can be an arbitrary combinational function of the current state and the inputs. We show experimental results supporting the applicability of our approach.
Dealing with nondeterminism in symbolic control
 in Hybrid Systems: Computation and Control: 11th International Workshop, ser. Lecture Notes in Computer Science, M. Egerstedt and
, 2008
"... Abstract. Abstractions (also called symbolic models) are simple descriptions of continuous and hybrid systems that can be used in analysis and control. They are usually constructed in the form of transition systems with finitely many states. Such abstractions offer a very attractive approach to deal ..."
Abstract

Cited by 19 (12 self)
 Add to MetaCart
(Show Context)
Abstract. Abstractions (also called symbolic models) are simple descriptions of continuous and hybrid systems that can be used in analysis and control. They are usually constructed in the form of transition systems with finitely many states. Such abstractions offer a very attractive approach to deal with complexity, while at the same time allowing for rich specification languages. Recent results show that, through the abstraction process, the resulting transition systems can be nondeterministic (i.e., if an input is applied in a state, several next states are possible). However, the problem of controlling a nondeterministic transition system from a rich specification such as a temporal logic formula is not well understood. In this paper, we develop a control strategy for a nondeterministic transition system from a specification given as a Linear Temporal Logic formula with a deterministic Büchi generator. Our algorithm is inspired from (infinite) LTL games on graphs, is complete, and scales polynomially with the size of the Büchi automaton. An example of controlling a linear system from a specification given as a temporal logic formula over the regions of its triangulated state space is included for illustration. 1
A New Algorithm for Strategy Synthesis in LTL Games
 In Proc. 11th Intl. Conf. on Tools and Alg. for the Construction and Analysis of Systems (TACAS’05), LNCS
, 2005
"... Abstract. The automatic synthesis of programs from their specifications has been a dream of many researchers for decades. If we restrict to open finitestate reactive systems, the specification is often presented as an ATL or LTL formula interpreted over a finitestate game. The required program is ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The automatic synthesis of programs from their specifications has been a dream of many researchers for decades. If we restrict to open finitestate reactive systems, the specification is often presented as an ATL or LTL formula interpreted over a finitestate game. The required program is then a strategy for winning this game. A theoretically optimal solution to this problem was proposed by Pnueli and Rosner, but has never given good results in practice. This is due to the 2EXPTIMEcomplete complexity of the problem, and the intricate nature of Pnueli and Rosner’s solution. A key difficulty in their procedure is the determinisation of Büchi automata. In this paper we look at an alternative approach which avoids determinisation, using instead a procedure that is amenable to symbolic methods. Using an implementation based on the BDD package CuDD, we demonstrate its scalability in a number of examples. Furthermore, we show a class of problems for which our algorithm is singly exponential. Our solution, however, is not complete; we prove a condition which guarantees completeness and argue by empirical evidence that examples for which it is not complete are rare enough to make our solution a useful tool. 1
Translating temporal logic to controller specifications
 in Proc. 45th IEEE Conf. Decision Control
, 2006
"... Abstract — The problem of designing hybrid controllers in order to satisfy safety or liveness specifications has received much attention in the past decade. Much more recently, there is an increased interest in designing hybrid controllers in order to achieve more sophisticated discrete specificatio ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
(Show Context)
Abstract — The problem of designing hybrid controllers in order to satisfy safety or liveness specifications has received much attention in the past decade. Much more recently, there is an increased interest in designing hybrid controllers in order to achieve more sophisticated discrete specifications, such as those expressible in temporal logics. A great challenge is how to compose safety and liveness controllers in order to achieve more complex specifications. Existing approaches are predominantly bottomup, in the sense that the overall control and composition (or switching) logic requires verification of the integrated closedloop hybrid system. In this paper, we advocate and develop a topdown approach for this problem by synthesizing controllers which satisfy the specification by construction. Given a flat linear temporal logic specification as an input, we develop an algorithm that translates the temporal logic specification into a hybrid automaton where in each discrete mode we impose controller specifications for the continuous dynamics. In addition to achieving the desired specification by construction, our methodology provides a very natural interface between high level logic design and low level control design. I.
Automatatheoretic Decision of Timed Games
, 2013
"... The solution of games is a key decision problem in the context of verification of open systems and program synthesis. Given a game graph and a specification, we wish to determine if there exists a strategy of the protagonist that allows to select only behaviors fulfilling the specification. In this ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
The solution of games is a key decision problem in the context of verification of open systems and program synthesis. Given a game graph and a specification, we wish to determine if there exists a strategy of the protagonist that allows to select only behaviors fulfilling the specification. In this paper, we consider timed games, where the game graph is a timed automaton and the specification is given by formulas of the temporal logics Ltl and Ctl. We present an automatatheoretic approach to solve the addressed games, extending to the timed framework a successful approach to solve discrete games. The main idea of this approach is to translate the timed automaton A, modeling the game graph, into a tree automaton AT accepting all trees that correspond to a strategy of the protagonist. Then, given an automaton corresponding to the specification, we intersect it with the tree automaton AT and check for the nonemptiness of the resulting automaton. Our approach yields a decision algorithm running in exponential time for Ctl and in double exponential time for Ltl. The obtained algorithms are optimal in the sense that their computational complexity matches the known lower bounds.
Recent Challenges and Ideas in Temporal Synthesis
"... Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification against all environments. While modelchecking theory has led to industrial development and use of formalverification tools, the integration of synthesis in the industry is sl ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In automated synthesis, we transform a specification into a system that is guaranteed to satisfy the specification against all environments. While modelchecking theory has led to industrial development and use of formalverification tools, the integration of synthesis in the industry is slow. This has to do with theoretical limitations, like the complexity of the problem, algorithmic limitations, like the need to determinize automata on infinite words and solve parity games, methodological reasons, like the lack of satisfactory compositional synthesis algorithms, and practical reasons: current algorithms produce systems that satisfy the specification, but may do so in a peculiar way and may be larger or less wellstructured than systems constructed manually. The research community has managed to suggest some solutions to these limitations, and bring synthesis algorithms closer to practice. Significant barriers, however, remain. Moreover, the integration of synthesis in real applications has taught us that the traditional setting of synthesis is too simplified and has brought with it new algorithmic challenges. This paper introduces the synthesis problem, algorithms for solving it, and recent promising ideas in making temporalsynthesis useful in practice. 1
Symbolic Strategy Synthesis For Games With LTL Winning Conditions
, 2005
"... Gametheoretic methods provide a natural way to verify and synthesise reactive systems. When there are nondeterministic choices on both the inside and the outside of a reactive system, it is useful to characterise them as being taken by players on opposing sides of a game. The internal choices can ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Gametheoretic methods provide a natural way to verify and synthesise reactive systems. When there are nondeterministic choices on both the inside and the outside of a reactive system, it is useful to characterise them as being taken by players on opposing sides of a game. The internal choices can be assumed to be played in the best possible way by the protagonist in the game, and the external choices can be assumed to be played in the worst possible way by the antagonist. This allows for more accurate analysis of systems than can be achieved using the conventional approaches which treat all nondeterminism uniformly. The cost of using gametheoretic techniques to solve games with LTL winning conditions is high. Without game semantics, the complexity of model checking LTL is PSPACEcomplete [SC85], but with game semantics the model checking problem becomes 2EXPTIMEcomplete [PR89, Ros92]. This complexity result and the difficulty of the solution offered by [PR89, Ros92] has prevented the development of a tool for solving such games. In this thesis we provide a novel algorithm to solve games with LTL winning conditions which avoids the determinisation of Büchi automata – the step which has so
Efficient reactive controller synthesis for a fragment of linear temporal logic
 in IEEE International Conference on Robotics and Automation (ICRA
, 2013
"... Abstract — Motivated by robotic motion planning, we develop a framework for control policy synthesis for both nondeterministic transition systems and Markov decision processes that are subject to temporal logic task specifications. We introduce a fragment of linear temporal logic that can be used ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Abstract — Motivated by robotic motion planning, we develop a framework for control policy synthesis for both nondeterministic transition systems and Markov decision processes that are subject to temporal logic task specifications. We introduce a fragment of linear temporal logic that can be used to specify common motion planning tasks such as safe navigation, response to the environment, persistent coverage, and surveillance. This fragment is computationally efficient; the complexity of control policy synthesis is a doublyexponential improvement over standard linear temporal logic for both nondeterministic transition systems and Markov decision processes. This improvement is possible because we compute directly on the original system, as opposed to the automatabased approach commonly used. We give simulation results for representative motion planning tasks and compare to generalized reactivity(1). I.