Graz University of Technology Professor Horst Cerjak, 19.12.2005 1 Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis Optimizations for LTL Synthesis Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006
Barbara Jobstmann Roderick Bloem Graz University of Technology, Austria 15 November 2006. Optimizations for LTL Synthesis. Motivation. Synthesis from specification Correct by construction - no verification You say what, it says how Theory well established - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Graz University of Technology
Professor Horst Cerjak, 19.12.20051
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Optimizations for LTL Synthesis
Barbara JobstmannRoderick Bloem
Graz University of Technology, Austria
15 November 2006
Graz University of Technology
Professor Horst Cerjak, 19.12.20052
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Motivation
● Synthesis from specification● Correct by construction - no verification● You say what, it says how● Theory well established
● Long history: Church (early 60’s)● Theory: Rabin, Ramadge/Woham, Pnueli/Rosner
● What has changed since then?
Graz University of Technology
Professor Horst Cerjak, 19.12.20053
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Outline
● Introduction
● Approaches and optimizations for LTL synthesis
● Lily
● Conclusion
Graz University of Technology
Professor Horst Cerjak, 19.12.20054
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
LTL Synthesis
● Automatically build design from specification● Input
● Set of LTL formulae, e.g. G(s1→ ¬s2), (s1 U s2),…● Partition of the atomic propositions (input/output signals)
Reactive systems: Some signals controlled by system others not● Output
● Automatically created functionally correct finite-state machine (Moore)
● Proposed for LTL by Pnueli, Rosner (POPL'89)
● Difference between monitoring and synthesis● Monitoring: build passive system (nondeterministic)● Synthesis: build reactive system (deterministic)
Graz University of Technology
Professor Horst Cerjak, 19.12.20055
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Key Observation
● Moore machine● Input signal r, output signal a● r=1,r=0 .... input
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Idea
1) Build a tree automaton
● Accepts all trees representing moore machines that fulfill spec φ● Directions are input values (D=2I, input signals I)● Alphabet are output values (Σ=2O, output signals O)● Automaton accepts all Σ-labeled D-trees where all paths satisfy the
given formula φ
2) Compute language emptiness
3) Build FSM from the witness (a Σ-labeled D-tree)
Graz University of Technology
Professor Horst Cerjak, 19.12.20057
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Game-based Optimization
● Heuristic language emptiness● Alternating Tree Automaton● Idea
● Find states with empty language (accept no tree)● Runs with non-accepting path are rejected● Environment can force a non-accepting path● Sufficient (but not necessary) for language emptiness
φ+i/o
UCT
Build UCT
AWT
Build AWT
NBT
Build NBT
FSM
Lang. Emp.
Graz University of Technology
Professor Horst Cerjak, 19.12.200518
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Game-based Optimization
● Game● System picks the label and the nondeterminism● Environment picks direction and universality
● State s is winning for environment → LT(s) empty
Graz University of Technology
Professor Horst Cerjak, 19.12.200519
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Example (1)
● φ=GF timer → G(light → light U timer) ● UCT with co-Büchi state (n3)
Graz University of Technology
Professor Horst Cerjak, 19.12.200520
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Example (2)
● Game:● Systems aims to avoid infinitely many visits to n3● Environment aims to force those visits● Co-Büchi game
weak automaton
φ=GF timer → G(light → light U timer)
Graz University of Technology
Professor Horst Cerjak, 19.12.200521
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
LTL Specification: Traffic Light
G(F(timer=1)) -> (G(fl=1 -> (fl=1 U timer=1))G(hl=1 -> (hl=1 U timer=1))G(car=1 -> F(fl=1))G(F(hl=1))G(!(hl=1 * fl=1)))
.inputs timer car
.outputs fl hl
hl
hl
fl
sensor(ec)
Graz University of Technology
Professor Horst Cerjak, 19.12.200524
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Generated System: Traffic Lightmodule traffic(hl,fl,clk,car,timer); input clk,car,timer; output fl,hl; wire clk,fl,hl,car,timer; reg state; assign hl = (state == 0); assign fl = (state == 1); initial state=0; always @(posedge clk) begin case(state) 0: begin if (timer==0) state = 0; if (timer==1 && car==1) state = 1; if (car==0) state=0; end 1: begin if (timer==1) state = 0; if (timer==0) state = 1; end endcase endendmodule //traffic
Graz University of Technology
Professor Horst Cerjak, 19.12.200525
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis
Conclusion
● First implementation of synthesis for full LTL● Optimizations are enabling factor● Our examples are small but useful for property
debugging (or learning LTL)● Future
Graz University of Technology
Professor Horst Cerjak, 19.12.200526
Barbara Jobstmann San Jose, Nov 15 Optimizations for LTL Synthesis